2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END============================================
20 * ===================================================================
24 package org.onap.clamp.clds.filter;
26 import com.att.eelf.configuration.EELFLogger;
27 import com.att.eelf.configuration.EELFManager;
29 import java.io.ByteArrayInputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.net.URLDecoder;
34 import java.nio.charset.StandardCharsets;
35 import java.nio.file.StandardCopyOption;
36 import java.security.cert.CertificateException;
37 import java.security.cert.CertificateFactory;
38 import java.security.cert.X509Certificate;
40 import javax.servlet.FilterChain;
41 import javax.servlet.FilterConfig;
42 import javax.servlet.ServletException;
43 import javax.servlet.ServletRequest;
44 import javax.servlet.ServletResponse;
45 import javax.servlet.http.HttpServletRequest;
47 import org.onap.aaf.cadi.config.Config;
48 import org.onap.aaf.cadi.filter.CadiFilter;
49 import org.springframework.beans.factory.annotation.Autowired;
50 import org.springframework.beans.factory.annotation.Value;
51 import org.springframework.context.ApplicationContext;
53 public class ClampCadiFilter extends CadiFilter {
54 private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class);
57 private ApplicationContext appContext;
59 @Value("${server.ssl.key-store:#{null}}")
60 private String keyStore;
62 @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}")
63 private String keyStorePass;
65 @Value("${server.ssl.trust-store:#{null}}")
66 private String trustStore;
68 @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}")
69 private String trustStorePass;
71 @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
74 @Value("${clamp.config.cadi.keyFile:#{null}}")
75 private String keyFile;
77 @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
78 private String cadiLoglevel;
80 @Value("${clamp.config.cadi.cadiLatitude:#{null}}")
81 private String cadiLatitude;
83 @Value("${clamp.config.cadi.cadiLongitude:#{null}}")
84 private String cadiLongitude;
86 @Value("${clamp.config.cadi.aafLocateUrl:#{null}}")
87 private String aafLocateUrl;
89 @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}")
90 private String oauthTokenUrl;
92 @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}")
93 private String oauthIntrospectUrl;
95 @Value("${clamp.config.cadi.aafEnv:#{null}}")
96 private String aafEnv;
98 @Value("${clamp.config.cadi.aafUrl:#{null}}")
99 private String aafUrl;
101 @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
102 private String cadiX509Issuers;
104 private void checkIfNullProperty(String key, String value) {
106 * When value is null, so not defined in application.properties set nothing in
111 * Ensure that any properties already defined in System.prop by JVM params won't
112 * be overwritten by Spring application.properties values
114 System.setProperty(key, System.getProperty(key, value));
119 public void init(FilterConfig filterConfig) throws ServletException {
120 // set some properties in System so that Cadi filter will find its config
121 // The JVM values set will always overwrite the Spring ones.
122 checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile));
123 checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
124 checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
125 checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
127 checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
128 checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl);
129 checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl);
131 checkIfNullProperty(Config.AAF_ENV, aafEnv);
132 checkIfNullProperty(Config.AAF_URL, aafUrl);
133 checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers);
134 checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore));
135 checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore));
136 checkIfNullProperty(Config.CADI_ALIAS, alias);
137 checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass);
138 checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass);
140 super.init(filterConfig);
144 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
145 throws IOException, ServletException {
147 String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
148 if (certHeader != null) {
149 CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
150 X509Certificate cert = (X509Certificate) certificateFactory
151 .generateCertificate(new ByteArrayInputStream(
152 URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes()));
153 X509Certificate[] certifArray = ((X509Certificate[]) request
154 .getAttribute("javax.servlet.request.X509Certificate"));
155 if (certifArray == null) {
156 certifArray = new X509Certificate[] { cert };
157 request.setAttribute("javax.servlet.request.X509Certificate", certifArray);
159 certifArray[0] = cert;
163 } catch (CertificateException e) {
164 logger.error("Unable to inject the X.509 certificate", e);
166 super.doFilter(request, response, chain);
169 private String convertSpringToPath(String fileName) {
170 try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
171 if (!fileName.contains("file:")) {
172 File targetFile = new File(appContext.getResource(fileName).getFilename());
173 java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
174 return targetFile.getPath();
176 return appContext.getResource(fileName).getFile().getPath();
178 } catch (IOException e) {
179 logger.error("Unable to open and copy the file: " + fileName, e);