From 75d642902350562a790cf034ea92568ba5d52168 Mon Sep 17 00:00:00 2001 From: ilanap Date: Mon, 18 Nov 2019 13:38:23 +0200 Subject: [PATCH] Changes for backend to support SSL Changes to support starting in https mode and changes to support making a secured call to the SDC backend (cherry picked from commit 820f4ec65a28ed822d4205b05ac6fbbd910a46cc) Issue-ID: SDC-2405 Change-Id: I0588484fdcb0903934814906672f4fc9a76eca2c Signed-off-by: ilanap --- workflow-designer-be/docker/Dockerfile | 17 ++ workflow-designer-be/docker/org.onap.sdc.p12 | Bin 0 -> 4459 bytes workflow-designer-be/docker/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes workflow-designer-be/docker/startup.sh | 28 +++ workflow-designer-be/pom.xml | 45 +++-- .../workflow/api/ArtifactAssociationService.java | 108 +++++++++-- .../src/main/resources/application.properties | 13 +- workflow-designer-ui/docker/Dockerfile | 6 +- workflow-designer-ui/docker/org.onap.sdc.p12 | Bin 0 -> 4459 bytes workflow-designer-ui/docker/org.onap.sdc.trust.jks | Bin 0 -> 1413 bytes workflow-designer-ui/docker/startup.sh | 30 +-- workflow-designer-ui/src/main/frontend/yarn.lock | 20 +- .../org/onap/workflow/web/SSLProxyServlet.java | 211 +++++++++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 7 +- 14 files changed, 422 insertions(+), 63 deletions(-) create mode 100644 workflow-designer-be/docker/Dockerfile create mode 100644 workflow-designer-be/docker/org.onap.sdc.p12 create mode 100644 workflow-designer-be/docker/org.onap.sdc.trust.jks create mode 100644 workflow-designer-be/docker/startup.sh create mode 100644 workflow-designer-ui/docker/org.onap.sdc.p12 create mode 100644 workflow-designer-ui/docker/org.onap.sdc.trust.jks create mode 100644 workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java diff --git a/workflow-designer-be/docker/Dockerfile b/workflow-designer-be/docker/Dockerfile new file mode 100644 index 00000000..ea20fa5c --- /dev/null +++ b/workflow-designer-be/docker/Dockerfile @@ -0,0 +1,17 @@ +FROM openjdk:8-jdk-alpine + +EXPOSE 8080 + +USER root + +ARG ARTIFACT + +ADD ${ARTIFACT} /app.jar + +COPY org.onap.sdc.p12 /keystore +COPY org.onap.sdc.trust.jks /truststore + +COPY startup.sh . +RUN chmod 744 startup.sh + +ENTRYPOINT [ "./startup.sh" ] \ No newline at end of file diff --git a/workflow-designer-be/docker/org.onap.sdc.p12 b/workflow-designer-be/docker/org.onap.sdc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d03ca1c91df02cdea125b3c0d5bb3852f95bcbe2 GIT binary patch literal 4459 zcmY+EWmFW7w#5e+28IR+r5Qq+8KhfExF?~eK>2M_1kBkj~g0DXoZS`1`Q;n1%X*Zr&MFx%*15J zsjBf(QDfojfJsM9z(0rEw1;H9WWPJ~XmF8)$^6{cmhGodWEkE=FxoQMVcJ*U;Aq}p zC){;VEDATuc$c!RL+<~)b&bgJ^!RqK0U=fDYVgZ?5qgxjs9ww5JH}R%qw;kjAl@*9 z^F4)pi(eZ}0i3;eeY~r5rYlFhz`nEpK=6(-B#WCn8P9o8u`OGLiD3#P?Z*{ezoZ&W z=hFWy9KJkGE3b#VMt_VT8zu^;ik>5QQ&$1^35E_Ex`-x}e_7bw){2lpSDSWqRZ`~5 z6;pYnz*7LLXL;G8QX4ddk(x5)YxUvUr>M`T`em=(UK|P$<5x^jdnL{p*lBYH9yBuX>_9ElBrVayGJd zgyS|qIc_5POHA^(5{6;^8-rCN{@U`%#A}^AeR<1*1#i~?mB8Y&+ba?=!B$r3g1PF` zJw^M3*NMs&lTPf4N z(8|XBikiGl)N-wFgAa##Eht{G7i@zjTgZ{~qbL_{JE7i3%NH-hh=1OteesF5Z7;pY zi~e`?;v$LuXgNzFm|iET5{C zJQKt_x__0JMQ5QAOwPZ3AqPjAUZ$U~&5Y%UuvErvJA8S?^USu7th>Y18%_?f#a`EP zP=7dVtrCe4Xm8$BPA`Xx7-!_a+<<|D%38kG1RJ6CdmT8n9CC!dqnG~;n6`nrT>Tj1NTx%P7rEvrd8E%j^DWpBO3derW*-XPYTxJ= zxp{89o4#ofH^i{Fi?!-cgx|gt@lO*5574pOtHp=M7o;rdGNYiRh`1fgr!ba=SBV-& zcz9K1bWITo=5qm6`1%TF>#@{3gO*!pUX4Ouq%Y>{T zse-Ob;)3Y%HjvpSR&NiW;261jl)()q`z(v{rxedIwD-es#q{dHr8KXcPYFxrdqIHg zP^nsuxh$Btmv-dvB&_6T0Q)I#8(T)>nZU2<9(9y3o+m-pxWq zCWb+%X#og;1;892@o(h>I0761rT{0vzcv?u6_oD30TLK7kVwng9!?A6Ahz2-$Qcy{@Q>L1*FpJztqb~B>*l%Bn{0C#Q%~xT{fHPvq=1BS zDgU>1{R6R~VNu7zi?UE!lKuy-tvOf3P_$CNYqi-le4oCSFUK_S0B4?~{f3s{@7_SI zuS3s9$(4zCZV=rEz#{{GnpWPi9lSTZ%C`ofFk_e2!?zwe+Khg4ApiMT;1-8LFenA5s9mg)WReFp-um2TM}5u+hit zci)jD9FSyo2hF@Wu!0@&x?`l~gwy$ig6OKwqH7kiCnox>&ze1&*xa~!yp-12>#2-q z^Urnau?DB^er7UEDWVZNDOP?A zCp8ls-BJ*^TPtwFuZ&Ug;K!W~>`+(!QBx4Rn^C5vjot@-$=H0ML6EaWy-Or~#uDj* zfDsZK;o6u4pPcx{a>#1|KvHyUkMh2k6X7#rVOjp(Bj~YwP+ckNuIbydSNE?PH(M1P z=)S+WOw06n_ib##@bxofnF?GlSpV;uMl;WH4D@!!6-$U0ZLyi-_Z7`xq2<@lgEq{rqxcu{H-g2RiEf3SGi`MnbR}r_;*FIkD2ueD38lRtb=!liZ zDPNxQQBePJtB-VTstIF}Z_yf`1^lkX?V*VoQo+~vHD%9S9eej&+>zlq^9+lD`yDt_ zIyvA16D|B|cJ0NKwQxX^J}NSlOCnvd?(sy<>bSJB1W4i4w;_%Z`sdy))lw0g|0CIf z(~+>1uoI6r3{Awdhp$#%#nsm6(-zC?uPTtC3FkQR5lf#}d2V;txk@@E^8TH=Su_vj z9z<6{NC_fX20<`a`y*qL{Qw-sV-~mhz0<@Jtu-OSZf0#}65tQD@S3N6u4xoxX!}0betQ-Zo-1qfBJJPC79RzCMaTEivMl9Dg9V z{aa#b($1ezNW9W$E`IZa!JX^l@{b=sh2fPXNHHYQ49+rohh8|540x?^j_o>_39KF$)Vw}8r zCG`PtQuHi(ctI8<^}P(ru2DsvzIds&5fWq5eEsSuCGTfMkp3zi9l!i2-91vrDl4gM zCRK8Lv>u^x<4|+q!;o<~p&o?~!awOIJ`K2?oTX&`XyI4ywM>Mr5WkfVbMxJVno69` zphwb_3!e)-7Fqo6VZ7`n8|R^H@7%xfp;{)q)Vfu4gv1{vL;9Qs zod!9W9Z<;#iLwNJc1bc4qUwhS`1Y|qP@Al0pE>TtcXKopYf!4pQoPM+O0L;Ek!_4k z9~of1@|aRwh&X(3$0+TyCc#?t)aQg7ymAS}Ge3UX#{tx#25!~czZ{h?vi_nrNesI; z{rQ`330O2^^qGw$6l!w!>FOz+`*n4~Gu%mA3S4L6e}REnKXoOJy8iCu7bJhrre3ke zWzzR&t)Y+jC9IK8&{8ur)zEI)+6?<)*;Bp@Iz<(@mXBn`wVlO_jui}vq7QTb(e4?D zf(@H*IE`tHU9b+H+6phdwX0Lrl9}mJ)%qe?6W5I1yjy=JQ@8P8 zP}y%7=Wc4|87DBK=y+9c9<^~!ft+CP$>pM0hczOT5ErcDHoJ67YG3L;R);C}3*J)< z8|*n@VRWIDEJAb+<@p!rw~$7LSsP6qSEmaifJ%b0t1)3sPc9M8_Xcfgk{W%Bo#uK@ zThQUOx`Kjr{X|C7Jho|GvnRo6-EfRwL&1aHJKthXU0qURiea`w$vJ8W+^@Ztw$mjwoKimqT9Sg^h9 zO9Au|Zy#gG-$mx?*zih7GQE#*oFs*G4~rD(e)|o_fwh;UQiCb`WvKq37{hyHWB8X} zk72LfDalh?{AKp&KQC+4DBe2n1^Tc`uBzjn_}IrML}}I63dn_Z*WJ1(IP1r5 z+uRkfBPh$PET6VOqaWb<+YJXfkhF9}(MG?K!ue&{EawbRp$T?L0EbuxT|{gjr|h<4 zO1rq;oPE0X-s^e!CbHOv0H>wH4Jcv-pzU)oiKZV39%>q|RvJVnN18M-D&GkGRNG4U zAnm<)^m56sDz~WF<9^rN3`|dAMwU@gA;q|85!M+yF1f)OaxZmexzkl$EK}h>U+rW! z^F~u)JTz0cs@b{677W?ezRs|oDnuF_?rbJ^H`S=g>u}%Q9#qn$)1?Z*Hap5BD1VHZ z(0o*vub@XI><$)#ib3h1U=TVR9vUh+IsiyamlR_KLVG=kxDz$N&d4sSh0dt}iJK4! bz7F$MHOl5|w4P~Y2A>1P$x+czLbCq{!E$K2 literal 0 HcmV?d00001 diff --git a/workflow-designer-be/docker/org.onap.sdc.trust.jks b/workflow-designer-be/docker/org.onap.sdc.trust.jks new file mode 100644 index 0000000000000000000000000000000000000000..d07ce1a66b1320df396c75a8dc20ccc75d666822 GIT binary patch literal 1413 zcmb7DYdF&j9NvEy9k-3tEG9(Ga;X2T)f9~tIW8g1gklv|ZmA>pXY90vCb!(mTswpn zi@D^!l-sPylTIFtqn?!G5?!Rsq33+)!})SP{GRuD-{1TEp5KS}mCwp&ArJ_3eSq(% zbe8TD6nd5($}a3vME^D%1|yfUb`K@~KhR5x(D zrYfEU?gfeXy?CM-$x~C6KmrK_{J->nUSmOb{P+%lfWTN#6a-{Jm7pvr0O>F4&<2Be(De~xLE7J4iW^YEpEE;B2?UW1Hj4RD) z%;n50_a@@bFPre@Ivsg!O-+n2^-*`nfdoU(2`2Gp-6xbM3arxb?ul=&cVX*I;fiYM zP?67||2fKOoVX#U_1fcUzf_qqCEqX0#6!yc)Gw9LdWR@)L7Z~?CIBr@w6(EU- zW>96qJx?aH?5KtPah7Lluih&)7(QnLioAtS`;rcSn@lcnO1Sy{Fw*FH3n)wb(^9HN zGS*7@P>nvo&q9q_V%qU)_lMf)QSM*j6yFSZ1>8BI4ut^_p!6(A2X)pXsDp%~;al9O zghhuLsjHwf@>VAfA2a`M_E%7MV{HJ(fav)DHlQ{P8UU~cM}V+(0FfI4YD0jp7liX; z4A)z+9zy^^*6m?bM;1EOkhKEn7Hy`-d%8DWklWS}#}h*g2zw+;xkIqr2!-GkbtN(~ zL%S$}>Co*X%Fv=E2j&Vg*_7R0+3j;HawGj_y%0w0968_R;?p6s#Y-QmyNYM~c@84~ zoR9axw7e+sR?$KOEqM_a!FAqM-~;9ElQq8#!LtHq++UG@RNBF z!bjVqlZ>eL)lIDqN5!G~!26zh+o2q!EF$R>@u3#H&hbv+wF?O2*qDO@X0f56TVJzHJ;&h)K|~1sP={N3nmH%CosTLrmd7*M*6v2XycaKrr}4MoLXz31gXhn% zv}9b}wY%jNXu@M<+!AgqM4C~y7Q{5y5~LGSwEH3&EpU2&m*gGQ5EAxG`OAFC7DvkN zROr(*2HOHCuNg%^#d6=&2)Vvv*B6OH(Myl)f`Q3>J29_yBF5 zXBC$B=|r4#^3sEHCvQV((vId^%c$Gk{K+wF_Kew2>2;K#BXSpV9{1Fo?ci>9|Y=h%zr9=_-;b_bi)LZnn*f+fSXD`lUHN!b0+y07W T18T+c&BKA?ly-jDYJS2$H3(y= literal 0 HcmV?d00001 diff --git a/workflow-designer-be/docker/startup.sh b/workflow-designer-be/docker/startup.sh new file mode 100644 index 00000000..bc1d6463 --- /dev/null +++ b/workflow-designer-be/docker/startup.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +HTTPS_ENABLED=${SERVER_SSL_ENABLED:-"false"} +if [ "$HTTPS_ENABLED" = "true" ] +then + KEYSTORE=${SERVER_SSL_KEYSTORE_PATH} + if [ -f "$KEYSTORE" ]; then + echo "$KEYSTORE exist" + else + echo "Copying default keystore" + KEYSTORE_DIR=${KEYSTORE%/*} + mkdir -p $KEYSTORE_DIR + cp /keystore $KEYSTORE_DIR + chmod 755 $KEYSTORE + fi + + TRUSTSTORE=${SERVER_SSL_TRUSTSTORE_PATH} + if [ -f "$TRUSTSTORE" ]; then + echo "$TRUSTSTORE exist" + else + echo "Copying default truststore" + TRUSTSTORE_DIR=${TRUSTSTORE%/*} + mkdir -p $TRUSTSTORE_DIR + cp /truststore $TRUSTSTORE_DIR + chmod 755 $TRUSTSTORE + fi +fi +java ${JAVA_OPTIONS} -jar /app.jar ${SPRING_BOOT_OPTIONS} \ No newline at end of file diff --git a/workflow-designer-be/pom.xml b/workflow-designer-be/pom.xml index 8cea7cb0..dd108a12 100644 --- a/workflow-designer-be/pom.xml +++ b/workflow-designer-be/pom.xml @@ -92,6 +92,10 @@ logback-classic runtime + + org.apache.httpcomponents + httpclient + org.mapstruct mapstruct @@ -132,12 +136,12 @@ org.onap.sdc.sdc-be-common session-lib - 1.5.2-SNAPSHOT + 1.5.2 org.onap.sdc.sdc-be-common versioning-lib - 1.5.2-SNAPSHOT + 1.5.2 org.springframework.boot @@ -148,7 +152,7 @@ org.onap.sdc.sdc-be-common zusammen-lib - 1.5.2-SNAPSHOT + 1.5.2 org.springframework.boot @@ -188,6 +192,28 @@ + + maven-resources-plugin + 2.6 + + + copy-resources-docker + install + + copy-resources + + + ${basedir}/docker + + + ${project.build.directory} + ${project.build.finalName}.jar + + + + + + io.fabric8 docker-maven-plugin @@ -199,15 +225,10 @@ ${project.version} - openjdk:8-jdk-alpine - root - - artifact - / - - - java ${JAVA_OPTIONS} -jar /${project.build.finalName}.jar - + ${project.basedir}/docker + + ${project.build.finalName}.jar + diff --git a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java index 621d1803..2b24577a 100644 --- a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java +++ b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/api/ArtifactAssociationService.java @@ -19,30 +19,47 @@ package org.onap.sdc.workflow.api; import static org.apache.commons.codec.digest.DigestUtils.md5Hex; import com.fasterxml.jackson.databind.ObjectMapper; + +import java.io.File; +import java.io.FileInputStream; import java.io.IOException; import java.nio.charset.Charset; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.Base64; import java.util.HashMap; import java.util.Map; import java.util.Optional; + +import org.apache.http.conn.ssl.TrustStrategy; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; + +import java.util.Base64; + import org.apache.commons.io.IOUtils; +import org.apache.http.HttpHost; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContexts; import org.onap.sdc.workflow.api.types.dto.ArtifactDeliveriesRequestDto; import org.onap.sdc.workflow.persistence.types.ArtifactEntity; -import org.openecomp.sdc.logging.api.Logger; -import org.openecomp.sdc.logging.api.LoggerFactory; + import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.client.RestTemplateBuilder; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; +import org.springframework.http.*; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; +import javax.net.ssl.SSLContext; + @Component("ArtifactAssociationHandler") public class ArtifactAssociationService { @@ -54,6 +71,8 @@ public class ArtifactAssociationService { private static final String X_ECOMP_INSTANCE_ID_HEADER = "X-ECOMP-InstanceID"; private static final String INIT_ERROR_MSG = "Failed while attaching workflow artifact to Operation in SDC. Parameters were not initialized: %s"; + private static final String INIT_CLIENT_MSG = + "Failed while creating the HTTP client to SDC. Following exception: %s"; private static final Logger LOGGER = LoggerFactory.getLogger(ArtifactAssociationService.class); @Value("${sdc.be.endpoint}") private String sdcBeEndpoint; @@ -66,12 +85,63 @@ public class ArtifactAssociationService { private RestTemplate restClient; + private KeyStore getKeyStore(String file, String password, String keyStoreType) throws IOException, GeneralSecurityException { + KeyStore keyStore = KeyStore.getInstance(keyStoreType); + File keyFile = new File(file); + try (FileInputStream inStr = new FileInputStream(keyFile)) { + keyStore.load(inStr, password.toCharArray()); + } + return keyStore; + + } + + @Autowired - public ArtifactAssociationService(RestTemplateBuilder builder) { - this.restClient = builder.build(); + public ArtifactAssociationService(RestTemplateBuilder builder, + @Value("${server.ssl.trust-store}") + String truststorePath, + @Value("${server.ssl.trust-store-password}") + String truststorePassword, + @Value("${server.ssl.trust-store-type}") + String truststoreType, + @Value("${server.ssl.key-store}") + String keystorePath, + @Value("${server.ssl.key-password}") + String keystorePassword, + @Value("${server.ssl.key-store-type}") + String keystoreType, + @Value("${sdc.be.protocol}") + String protocol) { + if (protocol != null && + !protocol.equalsIgnoreCase(HttpHost.DEFAULT_SCHEME_NAME)) { + try { + KeyStore trustStore = getKeyStore(truststorePath, truststorePassword, truststoreType); + KeyStore keyStore = getKeyStore(keystorePath, keystorePassword, keystoreType); + + SSLContext sslcontext = SSLContexts.custom() + .loadKeyMaterial(keyStore, keystorePassword.toCharArray()) + .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()) + .build(); + SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( + sslcontext, + new NoopHostnameVerifier() + ); + CloseableHttpClient httpClient = + HttpClients.custom() + .setSSLSocketFactory(sslsf) + .setSSLHostnameVerifier(new NoopHostnameVerifier()) + .build(); + HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); + this.restClient = new RestTemplate(factory); + } catch (Exception e) { + LOGGER.error(String.format(INIT_CLIENT_MSG, e.getMessage()), e); + } + } else { + this.restClient = builder.build(); + } } - void setRestClient(RestTemplate restClient) { + void setRestClient(RestTemplate restClient) { this.restClient = restClient; } @@ -80,12 +150,12 @@ public class ArtifactAssociationService { } ResponseEntity execute(String userId, ArtifactDeliveriesRequestDto deliveriesRequestDto, - ArtifactEntity artifactEntity) { + ArtifactEntity artifactEntity) { Optional initializationState = parametersInitializationState(); - if(initializationState.isPresent()) { - LOGGER.error(String.format(INIT_ERROR_MSG,initializationState.get())); - return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).body(String.format(INIT_ERROR_MSG,initializationState.get())); + if (initializationState.isPresent()) { + LOGGER.error(String.format(INIT_ERROR_MSG, initializationState.get())); + return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).body(String.format(INIT_ERROR_MSG, initializationState.get())); } String formattedArtifact; @@ -96,7 +166,7 @@ public class ArtifactAssociationService { return ResponseEntity.status(HttpStatus.EXPECTATION_FAILED).body(e.getMessage()); } - HttpEntity request = new HttpEntity<>(formattedArtifact, createHeaders(userId,formattedArtifact)); + HttpEntity request = new HttpEntity<>(formattedArtifact, createHeaders(userId, formattedArtifact)); return restClient.exchange(sdcBeProtocol + "://" + sdcBeEndpoint + "/" + deliveriesRequestDto.getEndpoint(), HttpMethod.valueOf(deliveriesRequestDto.getMethod()), request, String.class); @@ -117,7 +187,7 @@ public class ArtifactAssociationService { result.add("SDC_PASSWORD"); } - if (result.isEmpty()) { + if (result.isEmpty() || this.restClient == null) { return Optional.empty(); } else { return Optional.of(result.toString()); @@ -143,7 +213,7 @@ public class ArtifactAssociationService { private HttpHeaders createHeaders(String userId, String formattedArtifact) { HttpHeaders headers = new HttpHeaders(); headers.add(USER_ID_HEADER, userId); - headers.add(HttpHeaders.AUTHORIZATION, createAuthorizationsHeaderValue(sdcUser,sdcPassword)); + headers.add(HttpHeaders.AUTHORIZATION, createAuthorizationsHeaderValue(sdcUser, sdcPassword)); headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE); headers.add(MD5_HEADER, calculateMD5Base64EncodedByString(formattedArtifact)); headers.add(X_ECOMP_INSTANCE_ID_HEADER, "InstanceId"); diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties index 203e3853..1bcc1d6e 100644 --- a/workflow-designer-be/src/main/resources/application.properties +++ b/workflow-designer-be/src/main/resources/application.properties @@ -18,9 +18,16 @@ http.port=${HTTP_PORT:8080} server.port=${SERVER_PORT:8443} server.ssl.enabled=${SERVER_SSL_ENABLED:true} -server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:rTIS;B4kM]2GHcNK2c3B4&Ng} -server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:classpath:org.onap.sdc.p12} -server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:PKCS12} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:} +server.ssl.key-store-password=${SERVER_SSL_KEY_PASSWORD:} +server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:} +server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:} +server.ssl.trust-store-password=${SERVER_SSL_TRUST_PASSWORD:} +server.ssl.trust-store=${SERVER_SSL_TRUSTSTORE_PATH:} +server.ssl.trust-store-type=${SERVER_SSL_TRUSTSTORE_TYPE:} +#server.ssl.protocol=${SERVER_SSL_PROTOCOL:TLS} +#server.ssl.enabled-protocols=${SERVER_SSL_ENABLED_PROTOCOL:TLSv1.2} + sdc.be.protocol=${SDC_PROTOCOL:https} sdc.be.endpoint=${SDC_ENDPOINT:} diff --git a/workflow-designer-ui/docker/Dockerfile b/workflow-designer-ui/docker/Dockerfile index 83e8d5ac..52562374 100644 --- a/workflow-designer-ui/docker/Dockerfile +++ b/workflow-designer-ui/docker/Dockerfile @@ -7,10 +7,12 @@ USER root ARG ARTIFACT +COPY org.onap.sdc.p12 org.onap.sdc.trust.jks ${JETTY_BASE}/etc/ + ADD ${ARTIFACT} ${JETTY_BASE}/webapps/ -RUN chown -R jetty:jetty ${JETTY_BASE}/webapps +RUN chown -R jetty:jetty ${JETTY_BASE}/webapps ${JETTY_BASE}/etc/ COPY startup.sh . RUN chmod 744 startup.sh -ENTRYPOINT [ "./startup.sh" ] \ No newline at end of file +ENTRYPOINT [ "./startup.sh" ] diff --git a/workflow-designer-ui/docker/org.onap.sdc.p12 b/workflow-designer-ui/docker/org.onap.sdc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d03ca1c91df02cdea125b3c0d5bb3852f95bcbe2 GIT binary patch literal 4459 zcmY+EWmFW7w#5e+28IR+r5Qq+8KhfExF?~eK>2M_1kBkj~g0DXoZS`1`Q;n1%X*Zr&MFx%*15J zsjBf(QDfojfJsM9z(0rEw1;H9WWPJ~XmF8)$^6{cmhGodWEkE=FxoQMVcJ*U;Aq}p zC){;VEDATuc$c!RL+<~)b&bgJ^!RqK0U=fDYVgZ?5qgxjs9ww5JH}R%qw;kjAl@*9 z^F4)pi(eZ}0i3;eeY~r5rYlFhz`nEpK=6(-B#WCn8P9o8u`OGLiD3#P?Z*{ezoZ&W z=hFWy9KJkGE3b#VMt_VT8zu^;ik>5QQ&$1^35E_Ex`-x}e_7bw){2lpSDSWqRZ`~5 z6;pYnz*7LLXL;G8QX4ddk(x5)YxUvUr>M`T`em=(UK|P$<5x^jdnL{p*lBYH9yBuX>_9ElBrVayGJd zgyS|qIc_5POHA^(5{6;^8-rCN{@U`%#A}^AeR<1*1#i~?mB8Y&+ba?=!B$r3g1PF` zJw^M3*NMs&lTPf4N z(8|XBikiGl)N-wFgAa##Eht{G7i@zjTgZ{~qbL_{JE7i3%NH-hh=1OteesF5Z7;pY zi~e`?;v$LuXgNzFm|iET5{C zJQKt_x__0JMQ5QAOwPZ3AqPjAUZ$U~&5Y%UuvErvJA8S?^USu7th>Y18%_?f#a`EP zP=7dVtrCe4Xm8$BPA`Xx7-!_a+<<|D%38kG1RJ6CdmT8n9CC!dqnG~;n6`nrT>Tj1NTx%P7rEvrd8E%j^DWpBO3derW*-XPYTxJ= zxp{89o4#ofH^i{Fi?!-cgx|gt@lO*5574pOtHp=M7o;rdGNYiRh`1fgr!ba=SBV-& zcz9K1bWITo=5qm6`1%TF>#@{3gO*!pUX4Ouq%Y>{T zse-Ob;)3Y%HjvpSR&NiW;261jl)()q`z(v{rxedIwD-es#q{dHr8KXcPYFxrdqIHg zP^nsuxh$Btmv-dvB&_6T0Q)I#8(T)>nZU2<9(9y3o+m-pxWq zCWb+%X#og;1;892@o(h>I0761rT{0vzcv?u6_oD30TLK7kVwng9!?A6Ahz2-$Qcy{@Q>L1*FpJztqb~B>*l%Bn{0C#Q%~xT{fHPvq=1BS zDgU>1{R6R~VNu7zi?UE!lKuy-tvOf3P_$CNYqi-le4oCSFUK_S0B4?~{f3s{@7_SI zuS3s9$(4zCZV=rEz#{{GnpWPi9lSTZ%C`ofFk_e2!?zwe+Khg4ApiMT;1-8LFenA5s9mg)WReFp-um2TM}5u+hit zci)jD9FSyo2hF@Wu!0@&x?`l~gwy$ig6OKwqH7kiCnox>&ze1&*xa~!yp-12>#2-q z^Urnau?DB^er7UEDWVZNDOP?A zCp8ls-BJ*^TPtwFuZ&Ug;K!W~>`+(!QBx4Rn^C5vjot@-$=H0ML6EaWy-Or~#uDj* zfDsZK;o6u4pPcx{a>#1|KvHyUkMh2k6X7#rVOjp(Bj~YwP+ckNuIbydSNE?PH(M1P z=)S+WOw06n_ib##@bxofnF?GlSpV;uMl;WH4D@!!6-$U0ZLyi-_Z7`xq2<@lgEq{rqxcu{H-g2RiEf3SGi`MnbR}r_;*FIkD2ueD38lRtb=!liZ zDPNxQQBePJtB-VTstIF}Z_yf`1^lkX?V*VoQo+~vHD%9S9eej&+>zlq^9+lD`yDt_ zIyvA16D|B|cJ0NKwQxX^J}NSlOCnvd?(sy<>bSJB1W4i4w;_%Z`sdy))lw0g|0CIf z(~+>1uoI6r3{Awdhp$#%#nsm6(-zC?uPTtC3FkQR5lf#}d2V;txk@@E^8TH=Su_vj z9z<6{NC_fX20<`a`y*qL{Qw-sV-~mhz0<@Jtu-OSZf0#}65tQD@S3N6u4xoxX!}0betQ-Zo-1qfBJJPC79RzCMaTEivMl9Dg9V z{aa#b($1ezNW9W$E`IZa!JX^l@{b=sh2fPXNHHYQ49+rohh8|540x?^j_o>_39KF$)Vw}8r zCG`PtQuHi(ctI8<^}P(ru2DsvzIds&5fWq5eEsSuCGTfMkp3zi9l!i2-91vrDl4gM zCRK8Lv>u^x<4|+q!;o<~p&o?~!awOIJ`K2?oTX&`XyI4ywM>Mr5WkfVbMxJVno69` zphwb_3!e)-7Fqo6VZ7`n8|R^H@7%xfp;{)q)Vfu4gv1{vL;9Qs zod!9W9Z<;#iLwNJc1bc4qUwhS`1Y|qP@Al0pE>TtcXKopYf!4pQoPM+O0L;Ek!_4k z9~of1@|aRwh&X(3$0+TyCc#?t)aQg7ymAS}Ge3UX#{tx#25!~czZ{h?vi_nrNesI; z{rQ`330O2^^qGw$6l!w!>FOz+`*n4~Gu%mA3S4L6e}REnKXoOJy8iCu7bJhrre3ke zWzzR&t)Y+jC9IK8&{8ur)zEI)+6?<)*;Bp@Iz<(@mXBn`wVlO_jui}vq7QTb(e4?D zf(@H*IE`tHU9b+H+6phdwX0Lrl9}mJ)%qe?6W5I1yjy=JQ@8P8 zP}y%7=Wc4|87DBK=y+9c9<^~!ft+CP$>pM0hczOT5ErcDHoJ67YG3L;R);C}3*J)< z8|*n@VRWIDEJAb+<@p!rw~$7LSsP6qSEmaifJ%b0t1)3sPc9M8_Xcfgk{W%Bo#uK@ zThQUOx`Kjr{X|C7Jho|GvnRo6-EfRwL&1aHJKthXU0qURiea`w$vJ8W+^@Ztw$mjwoKimqT9Sg^h9 zO9Au|Zy#gG-$mx?*zih7GQE#*oFs*G4~rD(e)|o_fwh;UQiCb`WvKq37{hyHWB8X} zk72LfDalh?{AKp&KQC+4DBe2n1^Tc`uBzjn_}IrML}}I63dn_Z*WJ1(IP1r5 z+uRkfBPh$PET6VOqaWb<+YJXfkhF9}(MG?K!ue&{EawbRp$T?L0EbuxT|{gjr|h<4 zO1rq;oPE0X-s^e!CbHOv0H>wH4Jcv-pzU)oiKZV39%>q|RvJVnN18M-D&GkGRNG4U zAnm<)^m56sDz~WF<9^rN3`|dAMwU@gA;q|85!M+yF1f)OaxZmexzkl$EK}h>U+rW! z^F~u)JTz0cs@b{677W?ezRs|oDnuF_?rbJ^H`S=g>u}%Q9#qn$)1?Z*Hap5BD1VHZ z(0o*vub@XI><$)#ib3h1U=TVR9vUh+IsiyamlR_KLVG=kxDz$N&d4sSh0dt}iJK4! bz7F$MHOl5|w4P~Y2A>1P$x+czLbCq{!E$K2 literal 0 HcmV?d00001 diff --git a/workflow-designer-ui/docker/org.onap.sdc.trust.jks b/workflow-designer-ui/docker/org.onap.sdc.trust.jks new file mode 100644 index 0000000000000000000000000000000000000000..d07ce1a66b1320df396c75a8dc20ccc75d666822 GIT binary patch literal 1413 zcmb7DYdF&j9NvEy9k-3tEG9(Ga;X2T)f9~tIW8g1gklv|ZmA>pXY90vCb!(mTswpn zi@D^!l-sPylTIFtqn?!G5?!Rsq33+)!})SP{GRuD-{1TEp5KS}mCwp&ArJ_3eSq(% zbe8TD6nd5($}a3vME^D%1|yfUb`K@~KhR5x(D zrYfEU?gfeXy?CM-$x~C6KmrK_{J->nUSmOb{P+%lfWTN#6a-{Jm7pvr0O>F4&<2Be(De~xLE7J4iW^YEpEE;B2?UW1Hj4RD) z%;n50_a@@bFPre@Ivsg!O-+n2^-*`nfdoU(2`2Gp-6xbM3arxb?ul=&cVX*I;fiYM zP?67||2fKOoVX#U_1fcUzf_qqCEqX0#6!yc)Gw9LdWR@)L7Z~?CIBr@w6(EU- zW>96qJx?aH?5KtPah7Lluih&)7(QnLioAtS`;rcSn@lcnO1Sy{Fw*FH3n)wb(^9HN zGS*7@P>nvo&q9q_V%qU)_lMf)QSM*j6yFSZ1>8BI4ut^_p!6(A2X)pXsDp%~;al9O zghhuLsjHwf@>VAfA2a`M_E%7MV{HJ(fav)DHlQ{P8UU~cM}V+(0FfI4YD0jp7liX; z4A)z+9zy^^*6m?bM;1EOkhKEn7Hy`-d%8DWklWS}#}h*g2zw+;xkIqr2!-GkbtN(~ zL%S$}>Co*X%Fv=E2j&Vg*_7R0+3j;HawGj_y%0w0968_R;?p6s#Y-QmyNYM~c@84~ zoR9axw7e+sR?$KOEqM_a!FAqM-~;9ElQq8#!LtHq++UG@RNBF z!bjVqlZ>eL)lIDqN5!G~!26zh+o2q!EF$R>@u3#H&hbv+wF?O2*qDO@X0f56TVJzHJ;&h)K|~1sP={N3nmH%CosTLrmd7*M*6v2XycaKrr}4MoLXz31gXhn% zv}9b}wY%jNXu@M<+!AgqM4C~y7Q{5y5~LGSwEH3&EpU2&m*gGQ5EAxG`OAFC7DvkN zROr(*2HOHCuNg%^#d6=&2)Vvv*B6OH(Myl)f`Q3>J29_yBF5 zXBC$B=|r4#^3sEHCvQV((vId^%c$Gk{K+wF_Kew2>2;K#BXSpV9{1Fo?ci>9|Y=h%zr9=_-;b_bi)LZnn*f+fSXD`lUHN!b0+y07W T18T+c&BKA?ly-jDYJS2$H3(y= literal 0 HcmV?d00001 diff --git a/workflow-designer-ui/docker/startup.sh b/workflow-designer-ui/docker/startup.sh index 359e6aca..b2f2d516 100644 --- a/workflow-designer-ui/docker/startup.sh +++ b/workflow-designer-ui/docker/startup.sh @@ -2,24 +2,26 @@ # adding support for https HTTPS_ENABLED=${IS_HTTPS:-"false"} - +CLIENT_AUTH=${IS_CLIENT_AUTH:-"false"} if [ "$HTTPS_ENABLED" = "true" ] then echo "enable ssl" - if [ -z "$KEYSTORE_PATH" ]; then - java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl \ - jetty.sslContext.keyStorePath=$KEYSTORE_PATH \ - jetty.sslContext.keyStorePassword=$KEYSTORE_PASSWORD \ - jetty.sslContext.keyStoreType=$KEYSTORE_TYPE \ - jetty.sslContext.trustStorePath=$TRUSTSTORE_PATH \ - jetty.sslContext.trustStorePassword=$TRUSTSTORE_PASSWORD \ - jetty.sslContext.trustStoreType=$TRUSTSTORE_TYPE \ - else - echo "Using jetty default SSL" - java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl - fi + + java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl \ + jetty.sslContext.keyStorePath=$KEYSTORE_PATH \ + jetty.sslContext.keyStorePassword=$KEYSTORE_PASS \ + jetty.sslContext.keyManagerPassword=$KEYSTORE_PASS \ + jetty.sslContext.trustStorePath=$TRUSTSTORE_PATH \ + jetty.sslContext.trustStorePassword=$TRUSTSTORE_PASS + + echo "setting SSL environment variable" + + SSL_JAVA_OPTS=" -DkeystorePath=$JETTY_BASE/$KEYSTORE_PATH -DkeystorePassword=$KEYSTORE_PASS -DkeyManagerPassword=$KEYSTORE_PASS -DtruststorePath=$JETTY_BASE/$KEYSTORE_PATH -DtruststorePassword=$TRUSTSTORE_PASS -DsslTrustAll=$TRUST_ALL" + + echo $SSL_JAVA_OPTS + else echo "no ssl required" fi +java $JAVA_OPTIONS -DproxyTo=$BACKEND $SSL_JAVA_OPTS -jar $JETTY_HOME/start.jar -java -DproxyTo=$BACKEND $JAVA_OPTIONS -jar $JETTY_HOME/start.jar \ No newline at end of file diff --git a/workflow-designer-ui/src/main/frontend/yarn.lock b/workflow-designer-ui/src/main/frontend/yarn.lock index 9670e720..633f8b3a 100644 --- a/workflow-designer-ui/src/main/frontend/yarn.lock +++ b/workflow-designer-ui/src/main/frontend/yarn.lock @@ -8292,19 +8292,21 @@ on-headers@~1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.1.tgz#928f5d0f470d49342651ea6794b0857c100693f7" -onap-ui-common@1.0.100: - version "1.0.100" - resolved "https://registry.yarnpkg.com/onap-ui-common/-/onap-ui-common-1.0.100.tgz#c0dae1d3d1c3fd2b866340d27a1179ed10a3a860" - integrity sha512-d+eaYgVgrj9B8/3iVDlkxO2jiE7wXFrvMogxxHsyM8E0Fa7wXGEGwohA4JD5nGydT84dU2vPzwkby7SZNgGpKA== +onap-ui-common@1.0.101: + version "1.0.101" + resolved "https://registry.yarnpkg.com/onap-ui-common/-/onap-ui-common-1.0.101.tgz#c79b8fb903b7d2d3f959e3b5c27b561b563d961b" -onap-ui-react@^0.1.1: - version "0.1.1" - resolved "https://registry.yarnpkg.com/onap-ui-react/-/onap-ui-react-0.1.1.tgz#3640bdb9fb10f85104ad9dd57a9f320b0703abf3" - integrity sha512-hax7WzSMIPll9fHvKVjFbn2dIOh39fWuiy0VQKONq/ccU3f/y08Y6EzJo7rzWcwjt8bp2KDhqNZky0HwIquc6w== +onap-ui-common@^1.0.101: + version "1.0.106" + resolved "https://registry.yarnpkg.com/onap-ui-common/-/onap-ui-common-1.0.106.tgz#d7bf8e3eb1c422afcb87fc8f3eaaf5a996aa2947" + +onap-ui-react@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/onap-ui-react/-/onap-ui-react-1.0.2.tgz#e99dc5a924f84a991c71a3e9c05a44a915830168" dependencies: "@storybook/react" "^3.1.5" http-loader "0.0.1" - onap-ui-common "1.0.100" + onap-ui-common "1.0.101" prop-types "^15.6.0" react "15.6.2" react-dom "15.6.2" diff --git a/workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java b/workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java new file mode 100644 index 00000000..8c17a92d --- /dev/null +++ b/workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java @@ -0,0 +1,211 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.workflow.web; + + +import org.eclipse.jetty.client.HttpClient; +import org.eclipse.jetty.client.api.Request; +import org.eclipse.jetty.http.HttpHeader; +import org.eclipse.jetty.http.HttpScheme; +import org.eclipse.jetty.proxy.ProxyServlet; +import org.eclipse.jetty.util.URIUtil; +import org.eclipse.jetty.util.ssl.SslContextFactory; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Enumeration; + + +/*** + * Class that provides the proxy implementation for both secured and unsecured backend connections. + * + * The following nevironment value is mandatory: + * proxyTo - the full URL to the backend server (including protocol and context path if relevant) + * + * In case of a secured connection (proxyTo starting with https) the following may be set: + * sslTrustAll - set to true if all secure connection are accepted + * maxPoolConnections - number of connection in the pool, only when overriding the jetty default + * + * In case of SSL and nto trusting all certificates: + * keystorePath - path to the keystore + * keystoreType - type of the keystore + * keystorePassword - keystore password + * + * truststorePath - path to the truststore + * truststoreType - type of the truststore + * truststorePassword - truststore password + + */ + +public class SSLProxyServlet extends ProxyServlet { + + + public static final int TIMEOUT = 600000; + protected static final String PROXY_TO = "proxyTo"; + protected static final String TRUST_ALL = "sslTrustAll"; + protected static final String MAX_POOL_CONNECTIONS = "maxPoolConnections"; + protected static final String KEYSTORE_PATH = "keystorePath"; + protected static final String KEYSTORE_TYPE = "keystoreType"; + protected static final String KEYSTORE_P = "keystorePassword"; + protected static final String KEYMANAGER_P = "keyManagerPassword"; + protected static final String KEYSTORE_CYPHER = "keystoreCypher"; + protected static final String TRUSTSTORE_PATH = "truststorePath"; + protected static final String TRUSTSTORE_TYPE = "truststoreType"; + protected static final String TRUSTSTORE_P = "truststorePassword"; + protected static final String ENDPOINT_IDENTIFICATION_ALGORITHM = "endpointIdentificationAlgorithm"; + private static final long serialVersionUID = 1L; + private static URL proxyUrl = null; + + + private static void setProxyUrl(URL proxy) { + SSLProxyServlet.proxyUrl = proxy; + } + + private void initProxyUrl() throws ServletException, MalformedURLException { + + if (SSLProxyServlet.proxyUrl != null) + return; + String proxyUrlStr = System.getProperty(PROXY_TO); + if (proxyUrlStr == null) { + throw new ServletException("-D" + PROXY_TO + " must be specified"); + } + setProxyUrl(new URL(proxyUrlStr)); + } + + + @Override + public void init() throws ServletException { + super.init(); + try { + initProxyUrl(); + } catch (MalformedURLException e) { + throw new ServletException(e); + } + } + + + @Override + public void sendProxyRequest(HttpServletRequest request, HttpServletResponse response, Request proxyRequest) { + + @SuppressWarnings("unchecked") + Enumeration headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String headerName = headerNames.nextElement(); + if (!proxyRequest.getHeaders().containsKey(headerName)) { + String headerVal = request.getHeader(headerName); + proxyRequest.header(headerName, headerVal); + } + } + proxyRequest.getHeaders().remove(HttpHeader.HOST); + super.sendProxyRequest(request, response, proxyRequest); + + } + + @Override + protected HttpClient newHttpClient() { + // ioverride parent method to be able to create a secured client as well. + boolean isSecureClient = ( + proxyUrl.getProtocol() != null && + proxyUrl.getProtocol().equalsIgnoreCase(HttpScheme.HTTPS.toString())); + if ((isSecureClient)) { + String trustAll = System.getProperty(TRUST_ALL); + SslContextFactory sslContextFactory = null; + if (trustAll != null && Boolean.parseBoolean(trustAll) == Boolean.TRUE) { + sslContextFactory = new SslContextFactory.Client(true); + } else { + sslContextFactory = new SslContextFactory.Client(false); + // setting up truststore + sslContextFactory.setTrustStorePath(System.getProperty(TRUSTSTORE_PATH)); + sslContextFactory.setTrustStorePassword(System.getProperty(TRUSTSTORE_P)); + sslContextFactory.setTrustStoreType(System.getProperty(TRUSTSTORE_TYPE)); + // setting up keystore + sslContextFactory.setKeyStorePath(System.getProperty(KEYSTORE_PATH)); + sslContextFactory.setKeyStorePassword(System.getProperty(KEYSTORE_P)); + sslContextFactory.setKeyStoreType(System.getProperty(KEYSTORE_TYPE)); + sslContextFactory.setKeyManagerPassword(System.getProperty(KEYMANAGER_P)); + + if (System.getProperty(ENDPOINT_IDENTIFICATION_ALGORITHM) != null && + !System.getProperty(ENDPOINT_IDENTIFICATION_ALGORITHM).equals("")) { + sslContextFactory + .setEndpointIdentificationAlgorithm(System.getProperty(ENDPOINT_IDENTIFICATION_ALGORITHM)); + } + + if (System.getProperty(KEYSTORE_CYPHER) != null && + !System.getProperty(KEYSTORE_CYPHER).equals("")) { + sslContextFactory.setIncludeCipherSuites(System.getProperty(KEYSTORE_CYPHER)); + } + } + + return new HttpClient(sslContextFactory); + + } else { + return super.newHttpClient(); + } + + } + + @Override + protected HttpClient createHttpClient() throws ServletException { + + try { + initProxyUrl(); + } catch (MalformedURLException e) { + throw new ServletException(e); + } + // calling the parent and setting the configuration for our implementation + HttpClient client = super.createHttpClient(); + setTimeout(TIMEOUT); + client.setIdleTimeout(TIMEOUT); + client.setStopTimeout(TIMEOUT); + if (System.getProperty(MAX_POOL_CONNECTIONS) != null) { + client.setMaxConnectionsPerDestination( + Integer.valueOf(System.getProperty(MAX_POOL_CONNECTIONS))); + } + return client; + + } + + + + @Override + protected String rewriteTarget(HttpServletRequest request) { + + String path = proxyUrl.getPath(); + if (request.getServletPath() != null) { + path += request.getServletPath(); + } + if (request.getPathInfo() != null) { + path += request.getPathInfo(); + } + + return URIUtil.newURI( + proxyUrl.getProtocol(), + proxyUrl.getHost(), + proxyUrl.getPort(), + path, + request.getQueryString()); + } + +} diff --git a/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml b/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml index a58e1274..279b405e 100644 --- a/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml +++ b/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml @@ -5,14 +5,13 @@ version="4.0"> - Transparent Proxy - org.onap.workflow.web.TransparentProxy + Backend Proxy + org.onap.workflow.web.SSLProxyServlet 1 true - - Transparent Proxy + Backend Proxy /wf/* /v1.0/activity-spec/* -- 2.16.6