optionally disable client auth

[aai/champ.git] / champ-service / src / main / java / org / onap / champ / ChampApplication.java

diff --git a/champ-service/src/main/java/org/onap/champ/ChampApplication.java b/champ-service/src/main/java/org/onap/champ/ChampApplication.java
index bc74469..da4f634 100644 (file)
--- a/champ-service/src/main/java/org/onap/champ/ChampApplication.java
+++ b/champ-service/src/main/java/org/onap/champ/ChampApplication.java
@@ -22,16 +22,22 @@ package org.onap.champ;
 
 import java.util.HashMap;
 import java.util.Map;
+import javax.annotation.PostConstruct;
 import org.eclipse.jetty.util.security.Password;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.ImportResource;
+import org.springframework.core.env.Environment;
 
 @SpringBootApplication
 @ImportResource({"file:${SERVICE_BEANS}/*.xml"})
 public class ChampApplication extends SpringBootServletInitializer {
 
+    @Autowired
+    private Environment env;
+
     public static void main(String[] args) {
         String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD");
         if (keyStorePassword == null || keyStorePassword.isEmpty()) {
@@ -39,8 +45,44 @@ public class ChampApplication extends SpringBootServletInitializer {
         }
 
         Map<String, Object> props = new HashMap<>();
-        props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
+        String deobfuscatedKeyStorePassword = keyStorePassword.startsWith("OBF:") ? Password.deobfuscate(keyStorePassword) : keyStorePassword;
+        props.put("server.ssl.key-store-password", deobfuscatedKeyStorePassword);
+
+        String trustStoreLocation = System.getProperty("TRUST_STORE_LOCATION");
+        String trustStorePassword = System.getProperty("TRUST_STORE_PASSWORD");
+        if (trustStoreLocation != null && trustStorePassword != null) {
+            trustStorePassword = trustStorePassword.startsWith("OBF:") ? Password.deobfuscate(trustStorePassword) : trustStorePassword;
+            props.put("server.ssl.trust-store", trustStoreLocation);
+            props.put("server.ssl.trust-store-password", trustStorePassword);
+        }
+
+        String requireClientAuth = System.getenv("REQUIRE_CLIENT_AUTH");
+        if (requireClientAuth == null || requireClientAuth.isEmpty()) {
+            props.put("server.ssl.client-auth", "need");
+        }else {
+            props.put("server.ssl.client-auth",requireClientAuth.equals("true")?"need":"want");
+        }       
+
+
         new ChampApplication().configure(new SpringApplicationBuilder(ChampApplication.class).properties(props))
                 .run(args);
     }
+
+    /**
+     * Set required trust store system properties using values from application.properties
+     */
+    @PostConstruct
+    public void setSystemProperties() {
+        String trustStorePath = env.getProperty("server.ssl.key-store");
+        if (trustStorePath != null) {
+            String trustStorePassword = env.getProperty("server.ssl.key-store-password");
+
+            if (trustStorePassword != null) {
+                System.setProperty("javax.net.ssl.trustStore", trustStorePath);
+                System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+            } else {
+                throw new IllegalArgumentException("Env property server.ssl.key-store-password not set");
+            }
+        }
+    }
 }