sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyApplication.java

   1 /**
   2  * ============LICENSE_START=======================================================
   3  * org.onap.aaf
   4  * ================================================================================
   5  * Copyright © 2018 European Software Marketing Ltd.
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *       http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END=========================================================
  19  */
  20 package org.onap.aaf.cadi.sidecar.rproxy;
  21
  22 import java.io.IOException;
  23 import java.security.GeneralSecurityException;
  24 import java.util.HashMap;
  25 import java.util.Properties;
  26 import javax.annotation.PostConstruct;
  27 import javax.annotation.Resource;
  28 import javax.net.ssl.SSLContext;
  29 import org.apache.http.conn.ssl.NoopHostnameVerifier;
  30 import org.apache.http.impl.client.HttpClientBuilder;
  31 import org.apache.http.impl.client.HttpClients;
  32 import org.apache.http.ssl.SSLContextBuilder;
  33 import org.eclipse.jetty.util.security.Password;
  34 import org.onap.aaf.cadi.filter.CadiFilter;
  35 import org.onap.aaf.cadi.sidecar.rproxy.config.ForwardProxyProperties;
  36 import org.onap.aaf.cadi.sidecar.rproxy.config.PrimaryServiceProperties;
  37 import org.onap.aaf.cadi.sidecar.rproxy.config.ReverseProxySSLProperties;
  38 import org.onap.aaf.cadi.sidecar.rproxy.mocks.ReverseProxyMockCadiFilter;
  39 import org.springframework.beans.factory.annotation.Autowired;
  40 import org.springframework.boot.autoconfigure.SpringBootApplication;
  41 import org.springframework.boot.builder.SpringApplicationBuilder;
  42 import org.springframework.boot.context.properties.EnableConfigurationProperties;
  43 import org.springframework.boot.web.client.RestTemplateBuilder;
  44 import org.springframework.boot.web.servlet.FilterRegistrationBean;
  45 import org.springframework.boot.web.servlet.RegistrationBean;
  46 import org.springframework.boot.web.servlet.ServletComponentScan;
  47 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
  48 import org.springframework.context.annotation.Bean;
  49 import org.springframework.context.annotation.Profile;
  50 import org.springframework.context.annotation.PropertySource;
  51 import org.springframework.core.env.Environment;
  52 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
  53 import org.springframework.util.ResourceUtils;
  54 import org.springframework.web.client.RestTemplate;
  55
  56 @SpringBootApplication
  57 @ServletComponentScan
  58 @EnableConfigurationProperties(ReverseProxySSLProperties.class)
  59 @PropertySource("file:${CONFIG_HOME}/reverse-proxy.properties")
  60 public class ReverseProxyApplication extends SpringBootServletInitializer {
  61
  62     private static final String CADI_TRUSTSTORE_PASS = "cadi_truststore_password";
  63
  64     @Autowired
  65     private Environment env;
  66
  67     /**
  68      * Spring Boot Initialisation.
  69      *
  70      * @param args main args
  71      */
  72     public static void main(String[] args) {
  73         String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD");
  74         if (keyStorePassword == null || keyStorePassword.isEmpty()) {
  75             throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set");
  76         }
  77         HashMap<String, Object> props = new HashMap<>();
  78         props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
  79         new ReverseProxyApplication()
  80                 .configure(new SpringApplicationBuilder(ReverseProxyApplication.class).properties(props)).run(args);
  81     }
  82
  83     /**
  84      * Set required trust store system properties using values from application.properties
  85      */
  86     @PostConstruct
  87     public void setSystemProperties() {
  88         String keyStorePath = env.getProperty("server.ssl.key-store");
  89         if (keyStorePath != null) {
  90             String keyStorePassword = env.getProperty("server.ssl.key-store-password");
  91
  92             if (keyStorePassword != null) {
  93                 System.setProperty("javax.net.ssl.keyStore", keyStorePath);
  94                 System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
  95                 System.setProperty("javax.net.ssl.trustStore", keyStorePath);
  96                 System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
  97             } else {
  98                 throw new IllegalArgumentException("Env property server.ssl.key-store-password not set");
  99             }
 100         }
 101     }
 102
 103     @Resource
 104     private ReverseProxySSLProperties reverseProxySSLProperties;
 105
 106     @Resource
 107     Properties cadiProps;
 108
 109     @Bean(name = "ForwardProxyProperties")
 110     public ForwardProxyProperties forwardProxyProperties() {
 111         return new ForwardProxyProperties();
 112     }
 113
 114     @Bean(name = "PrimaryServiceProperties")
 115     public PrimaryServiceProperties primaryServiceProperties() {
 116         return new PrimaryServiceProperties();
 117     }
 118
 119     @Profile("secure")
 120     @Bean
 121     public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
 122         return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build()));
 123     }
 124
 125     @Profile("noHostVerification")
 126     @Bean
 127     public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder)
 128             throws GeneralSecurityException, IOException {
 129         return new RestTemplate(new HttpComponentsClientHttpRequestFactory(
 130                 getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build()));
 131     }
 132
 133     private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
 134
 135         SSLContext sslContext = SSLContextBuilder.create()
 136                 .loadKeyMaterial(ResourceUtils.getFile(reverseProxySSLProperties.getClientcert()),
 137                         reverseProxySSLProperties.getKeystorePassword().toCharArray(),
 138                         reverseProxySSLProperties.getKeystorePassword().toCharArray())
 139                 .loadTrustMaterial(ResourceUtils.getFile(reverseProxySSLProperties.getKeystore()),
 140                         reverseProxySSLProperties.getKeystorePassword().toCharArray())
 141                 .build();
 142
 143         return HttpClients.custom().setSSLContext(sslContext);
 144     }
 145
 146     @Profile("cadi")
 147     @Bean
 148     public FilterRegistrationBean<CadiFilter> registerCADIFilter() {
 149
 150         FilterRegistrationBean<CadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
 151
 152         filterRegistrationBean.setFilter(new CadiFilter());
 153         filterRegistrationBean.addUrlPatterns("/*");
 154         filterRegistrationBean.setName("CADIFilter");
 155         filterRegistrationBean.setOrder(RegistrationBean.HIGHEST_PRECEDENCE);
 156
 157         // Deobfuscate truststore password
 158         String trustStorePassword = cadiProps.getProperty(CADI_TRUSTSTORE_PASS);
 159         if (trustStorePassword != null) {
 160             cadiProps.setProperty(CADI_TRUSTSTORE_PASS, Password.deobfuscate(trustStorePassword));
 161         }
 162
 163         // Add filter init params
 164         cadiProps.forEach((k, v) -> filterRegistrationBean.addInitParameter((String) k, (String) v));
 165
 166         return filterRegistrationBean;
 167     }
 168
 169     @Profile("mockCadi")
 170     @Bean
 171     public FilterRegistrationBean<ReverseProxyMockCadiFilter> registerMockCADIFilter() {
 172
 173         FilterRegistrationBean<ReverseProxyMockCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
 174
 175         filterRegistrationBean.setFilter(new ReverseProxyMockCadiFilter());
 176         filterRegistrationBean.addUrlPatterns("/*");
 177         filterRegistrationBean.setName("CADIFilter");
 178         filterRegistrationBean.setOrder(RegistrationBean.HIGHEST_PRECEDENCE);
 179
 180         return filterRegistrationBean;
 181     }
 182 }