From 6c3031ea90d5b51ae44a599c0cd0d95c057cf633 Mon Sep 17 00:00:00 2001 From: Ravi Geda Date: Mon, 17 Sep 2018 12:57:44 +0100 Subject: [PATCH] Add forward proxy code Add a maven module called sidecar to cadi. Add forward proxy as a maven module to sidecar. Note that though sidecar is a module of cadi it does not inherit from cadi's pom. Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6 Issue-ID: AAI-1603 Signed-off-by: Ravi Geda --- pom.xml | 1 + sidecar/fproxy/License.txt | 17 ++ sidecar/fproxy/README.md | 41 ++++ sidecar/fproxy/config/auth/client-cert.p12 | Bin 0 -> 2556 bytes sidecar/fproxy/config/auth/tomcat_keystore | Bin 0 -> 2214 bytes sidecar/fproxy/config/fproxy.properties | 2 + sidecar/fproxy/config/logback-spring.xml | 48 +++++ sidecar/fproxy/config/readme.txt | 1 + sidecar/fproxy/pom.xml | 190 +++++++++++++++++++ sidecar/fproxy/src/main/bin/start.sh | 32 ++++ sidecar/fproxy/src/main/docker/Dockerfile | 35 ++++ .../org/onap/aaf/fproxy/CredentialCacheConfig.java | 37 ++++ .../org/onap/aaf/fproxy/FProxyApplication.java | 74 ++++++++ .../org/onap/aaf/fproxy/RestTemplateConfig.java | 70 +++++++ .../org/onap/aaf/fproxy/cache/CredentialCache.java | 37 ++++ .../aaf/fproxy/cache/InMemoryCredentialCache.java | 116 ++++++++++++ .../onap/aaf/fproxy/cache/utils/CacheUtils.java | 89 +++++++++ .../onap/aaf/fproxy/data/CredentialCacheData.java | 72 +++++++ .../aaf/fproxy/service/ForwardingProxyService.java | 100 ++++++++++ .../fproxy/util/RequestValidationException.java | 35 ++++ .../src/main/resources/application.properties | 14 ++ .../test/java/org/onap/aaf/fproxy/FProxyIT.java | 49 +++++ .../org/onap/aaf/fproxy/FProxyServiceTest.java | 208 +++++++++++++++++++++ sidecar/fproxy/version.properties | 13 ++ sidecar/pom.xml | 80 ++++++++ 25 files changed, 1361 insertions(+) create mode 100644 sidecar/fproxy/License.txt create mode 100644 sidecar/fproxy/README.md create mode 100644 sidecar/fproxy/config/auth/client-cert.p12 create mode 100644 sidecar/fproxy/config/auth/tomcat_keystore create mode 100644 sidecar/fproxy/config/fproxy.properties create mode 100644 sidecar/fproxy/config/logback-spring.xml create mode 100644 sidecar/fproxy/config/readme.txt create mode 100644 sidecar/fproxy/pom.xml create mode 100644 sidecar/fproxy/src/main/bin/start.sh create mode 100644 sidecar/fproxy/src/main/docker/Dockerfile create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java create mode 100644 sidecar/fproxy/src/main/resources/application.properties create mode 100644 sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java create mode 100644 sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java create mode 100644 sidecar/fproxy/version.properties create mode 100644 sidecar/pom.xml diff --git a/pom.xml b/pom.xml index 78d6633..a4ffa90 100644 --- a/pom.xml +++ b/pom.xml @@ -131,6 +131,7 @@ shiro shiro-osgi-bundle + sidecar diff --git a/sidecar/fproxy/License.txt b/sidecar/fproxy/License.txt new file mode 100644 index 0000000..05117f8 --- /dev/null +++ b/sidecar/fproxy/License.txt @@ -0,0 +1,17 @@ +============LICENSE_START======================================================= +org.onap.aaf +================================================================================ +Copyright © 2018 European Software Marketing Ltd. +================================================================================ +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +============LICENSE_END========================================================= \ No newline at end of file diff --git a/sidecar/fproxy/README.md b/sidecar/fproxy/README.md new file mode 100644 index 0000000..e1d3667 --- /dev/null +++ b/sidecar/fproxy/README.md @@ -0,0 +1,41 @@ +# Introduction + +The AAF Forward Proxy is a forward proxy service with credential caching capabilities for incoming REST requests. It is one of two applications (along with Reverse proxy) deployed as a +Kubernetes sidecar to the main Primary service + +## Features + +Forward Proxy: + +* The service will forward all incoming REST requests on to their original endpoints. +* Add any cached security credentials to the forwarding request + +### Credential Cache: +The credential cache is a short-lived in-memory cache, keyed on a transaction ID. The following data is cached: + +* Transaction ID - this is the key for retrieving cached values +* CredentialName - this is the name of the credential to be cached. + This should correspond to the header name for a header credential, or the cookie name for a cookie credential. +* CredentialValue - this is the value associated with the credential. + This should correspond to the header value of a header credential, or the cookie contents for a cookie credential. +* CredentialType - this is the type of the credential to be cached. Currently supported values are: HEADER, COOKIE. + The cache has a configurable cache expiry period, so that any cache entries older than the expiry period will be automatically removed from the cache. + +### Credential Cache REST API: +Credentials can be added to the credential cache by performing a REST POST using the following URL: + +(Note that the transaction ID is provided as a URL parameter) + +https://:/credential-cache/ +The body of the request should contain the cached data (described above) in JSON format as follows: + +{ "credentialName":"foo", "credentialValue":"bar", "credentialType":"
" } + + +## Configuring the fProxy service +The fProxy service is configured through the fproxy.properties file that resides under the ${CONFIG_HOME} environment variable. + +The file has the following configurable properties: + +credential.cache.timeout.ms This is the time in milliseconds that a cache entry will expire after it is added. 180000 +transactionid.header.name This is the name of the header in incoming requests that will contain the transaction ID. X-TransactionId \ No newline at end of file diff --git a/sidecar/fproxy/config/auth/client-cert.p12 b/sidecar/fproxy/config/auth/client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d GIT binary patch literal 2556 zcmY+EdpHw{8^>p6vvN1q+;S^Iwz0#F1O>%q@$`lt@_`#}p!mZsr!v zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9lQ! z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P) zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-# z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8 z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|) zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~4pp?YJgza+-^?9hj4GbOZGiTk*` zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$| zOatMJv&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3 zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<) zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ z?gc*Y;wbUR8lJ2rgmFlsgovS9poe; z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYuW*6-_qZ0DEnz99sZ)ti;* z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4 zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e` z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TSMtJ1I5Y>bsno58xjYj38Ok z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{ zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw6>}QGd-<8Iza65dzA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$EBtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0;8pDe`nY>J&-|1qBOe zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI F_zSHP#{>WX literal 0 HcmV?d00001 diff --git a/sidecar/fproxy/config/auth/tomcat_keystore b/sidecar/fproxy/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..9eec841aa2c1243b5ca3e22b0b116e5bca2afd49 GIT binary patch literal 2214 zcmcJQXHyf35{AvG`{CJ{ot=GmXP3T7-vj^vpko357Sz|n&7RYU`$h=up~Z`{XDvR*`$ zzz#)47haP~tv|D6mK5}zGvJ;XTcs8(8BRtSutt0nY_g%MoRa|;|Md5m6Fh;Jq2N{Y z_@3}C$JB}YtUs*Za?s`JeoMO1+r=63TnZY#qy*QgQqWyhEkSt;6nsS%)@q-fP~E0k z;;U!hctBy*u?73i4m--P-{w7I}r@otzjdND9D8ErKeeYe+W~WR6XoY%67E(c zKG2?clD{PU%-x8D{xsDjm8_i!Iz*!~sprgz-pbd|wD(J^B61Y&c8N|WjVZ|w(#tL3 z);vAKL47*5^D&KRS;w=+hJbeg9DS27bTdLTKaF?v@IGVZYIWHjnM2&;#FbO!hU2qE z+bdse`Ua`*ZDSbQ2`zDZPe8T@&;k+)>fplIw{8rpK#w_^oyy@JG-<*ytx4iE#yxnm0w= zsQ3mhmsjlZsqDe$)4tZiZ8RyqHRA(V@Z-;JVxjT&?A7`G1xSuj{d4T^ z`)2$ClX^CNSj2ZA7>6eiBWnlCZ#_k7+R{j3Zs3k}#59ZG%&egH70h}?*UV&AM*Nux zftp}&{@Bu4uYsw@OI5B^W#l8Gva3CRE@@gldvhn`*Zk<$Y0#?*w(wKl@IPPerG#ew zF#ma(&R;XYX7qXa!7I*7ye&-MlMsvA*gq!(+D7brD%esfz4f5p*wqG`A;*o|ZZ!I} z+5PP#v@U?VeeENz+c5~Ar}mueC$HJKfJ&S_*{uz6VF>tC@l@c(g?Mr?%9Bnz=F$N% zGJwGPmUyvf1q#=GQSz;4>Y0n!PhQ=nPlaG+ZKuVDSYCSTCB@@0XY72sTWR}GFu0sM zuJU)M7B9no2}*V)H*Q$sZ4bK=uc;9Z#*YlOBsxVL(zz4`vhyg-qhWGi7huPU<11)Y5*UN!14#^-uFzS7BV58VKr zEA@&jM5+va6#HX6u>AXmQdEdZs8yblX}kfBR64HCf0!aQRy-pc`BR7Bd{w0`La7pI zkm=yi-+ve=rYfwtttUgeMdb|Jcjx%UI#bu~NFgHk+;KiDl~>v4d7X3w z9rc55$0f!7n&sJ9{L+P^xOe}Ks>QqeF)(&V{YCm!er2w>_iX(t_Tivuge8N>R-3qr~xQviRhIz7E zmF2Mnc|_>mPq`r8ijUH>?@90qr{15OW~Xm0vAh-gzs|zfiNZj${Gzru|mOS5GWjURRewE_Y};HIkp*=k2hBQiz7ez0-g*`J z;kBFnkU1$tF0Q3m>%h|VsX%2p1>*X`1iB_Xsp#U?;-t;1ook?X4d(qVk*{RR6P$!( zp1b3J(1hT0hDnnDpuGp1ZS=|N6}7K@$PGzIw|!Z2!?d{VA_xow0CUArqA20xnF@14 z_#iwJi$B9~LoCv7gCyLen@bi+ATHT|ns~f5$0h;+Rx~^Phbuh2WcIpC_L=IRX6m;L zysyK_ECDymj03FucK5@FeBsQGhhk{RwcU?BM=B2vJs7~^Rk^HuniMI0TX6bN0{i~@uuQZjr@ z0~JCi^gFuj9Za{klpnkui<5%Dg>7HPFqAv?53G&aN9E0RU&+ronb{ED1*wh|l;Zsh_>tSL literal 0 HcmV?d00001 diff --git a/sidecar/fproxy/config/fproxy.properties b/sidecar/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/sidecar/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/sidecar/fproxy/config/logback-spring.xml b/sidecar/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..75ec26d --- /dev/null +++ b/sidecar/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/sidecar/fproxy/config/readme.txt b/sidecar/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/sidecar/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml new file mode 100644 index 0000000..8035e84 --- /dev/null +++ b/sidecar/fproxy/pom.xml @@ -0,0 +1,190 @@ + + + + 4.0.0 + + fproxy + 1.0.0-SNAPSHOT + jar + + + org.onap.aaf.cadi + sidecar + 1.0.0-SNAPSHOT + + + aaf-fproxy + ONAP AAF Forward Proxy Microservice For Pluggable Security + + + + 2.0.3.RELEASE + ${basedir}/target + true + + + + + + + org.springframework.boot + spring-boot-dependencies + ${spring.boot.version} + pom + import + + + + + + + org.springframework.boot + spring-boot-starter-jetty + + + + org.springframework.boot + spring-boot-starter-web + + + spring-boot-starter-tomcat + org.springframework.boot + + + + + + org.springframework.boot + spring-boot-starter-actuator + + + + org.apache.commons + commons-lang3 + + + + org.apache.httpcomponents + httpclient + + + + + org.springframework.boot + spring-boot-starter-test + test + + + + + + fproxy + + + org.springframework.boot + spring-boot-maven-plugin + ${spring.boot.version} + + + + repackage + + + exec + + + + + + com.mycila + license-maven-plugin + + + org.apache.maven.plugins + maven-surefire-plugin + + false + 1 + + + + org.apache.maven.plugins + maven-resources-plugin + 3.0.2 + + + copy-docker-file + package + + copy-resources + + + target + true + + + ${basedir}/src/main/docker + true + + + ${basedir}/src/main/bin/ + true + + + + + + + + com.spotify + docker-maven-plugin + 0.4.11 + + + com.github.jnr + jnr-unixsocket + 0.13 + + + + true + docker-hub + ${docker.push.registry}/onap/${project.artifactId} + ${docker.location} + + latest + + true + + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + + diff --git a/sidecar/fproxy/src/main/bin/start.sh b/sidecar/fproxy/src/main/bin/start.sh new file mode 100644 index 0000000..53662b6 --- /dev/null +++ b/sidecar/fproxy/src/main/bin/start.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# ============LICENSE_START======================================================= +# org.onap.aaf +# ================================================================================ +# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2017-2018 European Software Marketing Ltd. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +BASEDIR="/opt/app/fproxy" + +if [ -z "${KEY_STORE_PASSWORD}" ]; then + echo "KEY_STORE_PASSWORD must be set in order to start up process" + exit 1 +fi + +PROPS="-DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}" +JVM_MAX_HEAP=${MAX_HEAP:-1024} + +exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${BASEDIR}/fproxy-exec.jar diff --git a/sidecar/fproxy/src/main/docker/Dockerfile b/sidecar/fproxy/src/main/docker/Dockerfile new file mode 100644 index 0000000..d91f0e3 --- /dev/null +++ b/sidecar/fproxy/src/main/docker/Dockerfile @@ -0,0 +1,35 @@ +FROM ubuntu:14.04 + +ARG MICRO_HOME=/opt/app/fproxy +ARG BIN_HOME=$MICRO_HOME/bin +ARG JAR_FILE=fproxy-exec.jar + +RUN apt-get update + +# Install and setup java8 +RUN apt-get update && apt-get install -y software-properties-common +## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step +RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk + +RUN sudo dpkg --purge --force-depends ca-certificates-java +RUN sudo apt-get install ca-certificates-java + +## Setup JAVA_HOME, this is useful for docker commandline +ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture) +RUN export JAVA_HOME + +# Build up the deployment folder structure +RUN mkdir -p $MICRO_HOME +COPY ${JAR_FILE} $MICRO_HOME +RUN mkdir -p $BIN_HOME +COPY *.sh $BIN_HOME +RUN chmod 755 $BIN_HOME/* +RUN ln -s /logs $MICRO_HOME/logs +RUN mkdir /logs +# Create the appuser +RUN groupadd -r appgroup && \ + useradd -r -u 1001 -g appgroup appuser && \ + chown -R appuser:appgroup $MICRO_HOME && \ + chmod 777 /logs +USER appuser +CMD ["/opt/app/fproxy/bin/start.sh"] diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java new file mode 100644 index 0000000..f433c65 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java @@ -0,0 +1,37 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import org.onap.aaf.fproxy.cache.CredentialCache; +import org.onap.aaf.fproxy.cache.InMemoryCredentialCache; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Scope; + +@Configuration +public class CredentialCacheConfig { + + @Bean + @Scope("singleton") + public CredentialCache inMemoryCredentialCacheSingleton() { + return new InMemoryCredentialCache(); + } + +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java new file mode 100644 index 0000000..d226dc8 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java @@ -0,0 +1,74 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import java.util.HashMap; +import javax.annotation.PostConstruct; +import org.eclipse.jetty.util.security.Password; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.context.annotation.PropertySource; +import org.springframework.core.env.Environment; + +@SpringBootApplication +@PropertySource("file:${CONFIG_HOME}/fproxy.properties") +public class FProxyApplication extends SpringBootServletInitializer { + + @Autowired + private Environment env; + + /** + * Spring Boot Initialization. + * + * @param args main args + */ + public static void main(String[] args) { + String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD"); + if (keyStorePassword == null || keyStorePassword.isEmpty()) { + throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set"); + } + HashMap props = new HashMap<>(); + props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword)); + new FProxyApplication().configure(new SpringApplicationBuilder(FProxyApplication.class).properties(props)) + .run(args); + } + + /** + * Set required trust store system properties using values from application.properties + */ + @PostConstruct + public void setSystemProperties() { + String keyStorePath = env.getProperty("server.ssl.key-store"); + if (keyStorePath != null) { + String keyStorePassword = env.getProperty("server.ssl.key-store-password"); + + if (keyStorePassword != null) { + System.setProperty("javax.net.ssl.keyStore", keyStorePath); + System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); + System.setProperty("javax.net.ssl.trustStore", keyStorePath); + System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword); + } else { + throw new IllegalArgumentException("Env property server.ssl.key-store-password not set"); + } + } + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java new file mode 100644 index 0000000..a1aef28 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java @@ -0,0 +1,70 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.client.RestTemplateBuilder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.util.ResourceUtils; +import org.springframework.web.client.RestTemplate; + +@Configuration +public class RestTemplateConfig { + + @Value("${server.ssl.client-cert}") + private String clientCertPath; + + @Value("${server.ssl.key-store-password}") + private String clientCertPassword; + + @Profile("secure") + @Bean + public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException { + return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build())); + } + + @Profile("noHostVerification") + @Bean + public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder) + throws GeneralSecurityException, IOException { + return new RestTemplate(new HttpComponentsClientHttpRequestFactory( + getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build())); + } + + private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException { + + SSLContext sslContext = SSLContextBuilder.create() + .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(), + clientCertPassword.toCharArray()) + .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build(); + + return HttpClients.custom().setSSLContext(sslContext); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java new file mode 100644 index 0000000..00fe9d4 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java @@ -0,0 +1,37 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache; + +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.springframework.lang.Nullable; + +public interface CredentialCache { + + void add(String key, CredentialCacheData value, long periodInMillis); + + void remove(String key); + + @Nullable + CredentialCacheData get(String key); + + void clear(); + + long size(); +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java new file mode 100644 index 0000000..44ce0cd --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java @@ -0,0 +1,116 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache; + +import java.lang.ref.SoftReference; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.DelayQueue; +import java.util.concurrent.Delayed; +import java.util.concurrent.TimeUnit; +import org.onap.aaf.fproxy.data.CredentialCacheData; + +public class InMemoryCredentialCache implements CredentialCache { + + private final ConcurrentHashMap> cache = new ConcurrentHashMap<>(); + private final DelayQueue cleaningUpQueue = new DelayQueue<>(); + + public InMemoryCredentialCache() { + Thread cleanerThread = new Thread(() -> { + while (!Thread.currentThread().isInterrupted()) { + try { + DelayedCacheObject delayedCacheObject = cleaningUpQueue.take(); + cache.remove(delayedCacheObject.getKey(), delayedCacheObject.getReference()); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + } + } + }); + cleanerThread.setDaemon(true); + cleanerThread.start(); + } + + @Override + public void add(String key, CredentialCacheData value, long periodInMillis) { + if (key == null) { + return; + } + if (value == null) { + cache.remove(key); + } else { + long expiryTime = System.currentTimeMillis() + periodInMillis; + SoftReference reference = new SoftReference<>(value); + cache.put(key, reference); + cleaningUpQueue.put(new DelayedCacheObject(key, reference, expiryTime)); + } + } + + @Override + public void remove(String key) { + cache.remove(key); + } + + @Override + public CredentialCacheData get(String key) { + return Optional.ofNullable(cache.get(key)).map(SoftReference::get).orElse(null); + } + + @Override + public void clear() { + cache.clear(); + } + + @Override + public long size() { + return cache.size(); + } + + private static class DelayedCacheObject implements Delayed { + + private final String key; + private final SoftReference reference; + private final long expiryTime; + + public DelayedCacheObject(String key, SoftReference reference, long expiryTime) { + super(); + this.key = key; + this.reference = reference; + this.expiryTime = expiryTime; + } + + @Override + public long getDelay(TimeUnit unit) { + return unit.convert(expiryTime - System.currentTimeMillis(), TimeUnit.MILLISECONDS); + } + + @Override + public int compareTo(Delayed o) { + return Long.compare(expiryTime, ((DelayedCacheObject) o).expiryTime); + } + + public String getKey() { + return key; + } + + public SoftReference getReference() { + return reference; + } + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java new file mode 100644 index 0000000..b80fc32 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java @@ -0,0 +1,89 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache.utils; + +import javax.servlet.http.HttpServletRequest; +import org.onap.aaf.fproxy.cache.CredentialCache; +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpHeaders; +import org.springframework.stereotype.Component; +import org.springframework.web.util.WebUtils; + +@Component +public class CacheUtils { + + Logger logger = LoggerFactory.getLogger(CacheUtils.class); + + @Autowired + private CredentialCache credentialCache; + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + public void populateCredentialsFromCache(HttpHeaders headers, HttpServletRequest request) { + String transactionId = headers.getFirst(transactionIdHeaderName); + if (transactionId != null) { + CredentialCacheData cacheData = credentialCache.get(transactionId); + if (cacheData == null) { + logger.info("Transaction ID {} not found in cache, skipping credential population...", transactionId); + } else if (cacheData.getCredentialType().equals(CredentialType.HEADER)) { + logger.info("Populating header credentials from cache for transaction ID: {}", transactionId); + applyHeaderCacheData(cacheData, headers); + } else if (cacheData.getCredentialType().equals(CredentialType.COOKIE)) { + logger.info("Populating cookie credentials from cache for transaction ID: {}", transactionId); + applyCookieCacheData(cacheData, headers, request); + } + } else { + logger.info("No transaction ID found in request, skipping credential population..."); + } + } + + private void applyHeaderCacheData(CredentialCacheData cacheData, HttpHeaders headers) { + String credentialName = cacheData.getCredentialName(); + if (!headers.containsKey(credentialName)) { + headers.add(credentialName, cacheData.getCredentialValue()); + logger.info("Header credentials successfully populated."); + } else { + logger.info("Request already contains header with name: {}, skipping credential population...", + credentialName); + } + } + + private void applyCookieCacheData(CredentialCacheData cacheData, HttpHeaders headers, HttpServletRequest request) { + String credentialName = cacheData.getCredentialName(); + // Check if Cookie with same name is already set then skip + if (WebUtils.getCookie(request, credentialName) == null) { + headers.add(HttpHeaders.COOKIE, cacheData.getCredentialValue()); + logger.info("Cookie credentials successfully populated."); + } else { + logger.info("Request already contains cookie with name: {}, skipping credential population...", + credentialName); + } + } + + public void addCredentialsToCache(String transactionId, CredentialCacheData credentialdata, long cacheExpiryMs) { + credentialCache.add(transactionId, credentialdata, cacheExpiryMs); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java new file mode 100644 index 0000000..b72ea08 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java @@ -0,0 +1,72 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.data; + +public class CredentialCacheData { + + public enum CredentialType { + HEADER, COOKIE; + } + + private String credentialName; + private String credentialValue; + private CredentialType credentialType; + + public CredentialCacheData() { + super(); + } + + public CredentialCacheData(String credentialName, String credentialValue, CredentialType credentialType) { + super(); + this.credentialName = credentialName; + this.credentialValue = credentialValue; + this.credentialType = credentialType; + } + + public String getCredentialName() { + return credentialName; + } + + public void setCredentialName(String credentialName) { + this.credentialName = credentialName; + } + + public String getCredentialValue() { + return credentialValue; + } + + public void setCredentialValue(String credentialValue) { + this.credentialValue = credentialValue; + } + + public Enum getCredentialType() { + return credentialType; + } + + public void setCredentialType(CredentialType credentialType) { + this.credentialType = credentialType; + } + + @Override + public String toString() { + return "CredentialCacheData [credentialName=" + credentialName + ", credentialType=" + credentialType + "]"; + } + +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java new file mode 100644 index 0000000..0d150ba --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java @@ -0,0 +1,100 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.service; + +import java.net.URI; +import java.util.Enumeration; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.fproxy.cache.utils.CacheUtils; +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.UriComponentsBuilder; + +@RestController +public class ForwardingProxyService { + + Logger logger = LoggerFactory.getLogger(ForwardingProxyService.class); + + private static final long DEFAULT_CACHE_EXPIRY_MS = 180000; // 3 mins + + @Autowired + RestTemplate restTemplate; + + @Autowired + CacheUtils cacheUtils; + + @Value("${credential.cache.timeout.ms:" + DEFAULT_CACHE_EXPIRY_MS + "}") + long cacheExpiryMs; + + @RequestMapping(value = "/credential-cache/{transactionId}", method = RequestMethod.POST) + public ResponseEntity addCredentialToCache(@PathVariable("transactionId") String transactionId, + @RequestBody CredentialCacheData credentialdata) { + logger.info("Updating credential cache with transaction ID: {}", transactionId); + + // Update credential cache + logger.debug("Credential data: {}", credentialdata); + cacheUtils.addCredentialsToCache(transactionId, credentialdata, cacheExpiryMs); + + logger.info("Credential cache successfully updated with transaction ID: {}", transactionId); + return new ResponseEntity<>(transactionId, HttpStatus.OK); + } + + @RequestMapping("/**") + public ResponseEntity forwardRest(@RequestBody(required = false) String body, HttpMethod method, + HttpServletRequest request, HttpServletResponse response) { + + String requestUrl = request.getRequestURI(); + + logger.info("Request received: {}", requestUrl); + + URI uri = UriComponentsBuilder.fromHttpUrl(request.getRequestURL().toString()).query(request.getQueryString()) + .build(true).toUri(); + + HttpHeaders headers = new HttpHeaders(); + Enumeration headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String headerName = headerNames.nextElement(); + headers.set(headerName, request.getHeader(headerName)); + } + + cacheUtils.populateCredentialsFromCache(headers, request); + + HttpEntity httpEntity = new HttpEntity<>(body, headers); + + logger.info("Forwarding request..."); + + return restTemplate.exchange(uri, method, httpEntity, String.class); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java new file mode 100644 index 0000000..ce6e162 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java @@ -0,0 +1,35 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.util; + +/** This exception is thrown when the request fails validation. */ +public class RequestValidationException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Constructor for an instance of this exception with just a message. + * + * @param message information about the exception + */ + public RequestValidationException(String message) { + super(message); + } +} diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties new file mode 100644 index 0000000..d269c54 --- /dev/null +++ b/sidecar/fproxy/src/main/resources/application.properties @@ -0,0 +1,14 @@ +CONFIG_HOME=config + +server.port=10680 +server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12 +server.ssl.client-auth=need + +server.contextPath=/ + +logging.config=${CONFIG_HOME}/logback-spring.xml + +spring.profiles.active=secure + +management.endpoints.web.base-path=/fproxy \ No newline at end of file diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java new file mode 100644 index 0000000..ba876e0 --- /dev/null +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java @@ -0,0 +1,49 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.eclipse.jetty.util.security.Password; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.fproxy.service.ForwardingProxyService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class FProxyIT { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Autowired + private ForwardingProxyService fProxyService; + + @Test + public void contexLoads() throws Exception { + assertThat(fProxyService).isNotNull(); + } +} diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java new file mode 100644 index 0000000..ccf13e9 --- /dev/null +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java @@ -0,0 +1,208 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import static org.hamcrest.Matchers.equalTo; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.header; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.method; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; +import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import javax.servlet.http.Cookie; +import org.eclipse.jetty.util.security.Password; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.client.MockRestServiceServer; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.web.client.RestTemplate; + +@RunWith(SpringRunner.class) +@SpringBootTest +@AutoConfigureMockMvc +public class FProxyServiceTest { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + @Autowired + private MockMvc mvc; + + @Autowired + private RestTemplate restTemplate; + + private MockRestServiceServer mockServer; + + @Before + public void setUp() { + mockServer = MockRestServiceServer.createServer(restTemplate); + } + + @Test + public void testRequestFrowarding() throws Exception { + String testUrl = "https://localhost:80/testurl"; + String testResponse = "Response from MockRestService"; + + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testCredentialCacheEndpoint() throws Exception { + populateCredentialCache("tx1", "headername", "headervalue", CredentialType.HEADER.toString()); + } + + @Test + public void testPopulateHeaderFromCache() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String headerName = "headername"; + String headerValue = "headervalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with header credentials + populateCredentialCache(testTransactionId, headerName, headerValue, CredentialType.HEADER.toString()); + + // Expect mock server to be called with request containing cached header + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(headerName, headerValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testHeaderAlreadyExists() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String headerName = "headername"; + String headerValue = "headervalue"; + String newHeaderValue = "newheadervalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with header credentials using a new value + populateCredentialCache(testTransactionId, headerName, newHeaderValue, CredentialType.HEADER.toString()); + + // Expect mock server to be called with request containing the original header credential value, not the cached + // new header value + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(headerName, headerValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server that already contains a header with same name as the one that has been cached + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId).header(headerName, headerValue)) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testPopulateCookieFromCache() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String cookieName = "testcookie"; + String cookieValue = "testcookie=testvalue"; + String testResponse = "Response from MockRestService"; + + // Populate the cache with cookie credentials + populateCredentialCache(testTransactionId, cookieName, cookieValue, CredentialType.COOKIE.toString()); + + // Expect mock server to be called with request containing cached header + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(HttpHeaders.COOKIE, cookieValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testCookieAlreadyExists() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String cookieName = "testcookie"; + String cookieValue = "testvalue"; + String newCookieValue = "newtestvalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with cookie credentials using a new value + populateCredentialCache(testTransactionId, cookieName, newCookieValue, CredentialType.COOKIE.toString()); + + // Expect mock server to be called with request containing the original cookie credential value, not the cached + // new cookie value + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(HttpHeaders.COOKIE, cookieName + "=" + cookieValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server that already contains a cookie with same name as the one that has been cached + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId).cookie(new Cookie(cookieName, cookieValue))) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + private void populateCredentialCache(String transactionId, String credentialName, String credentialValue, + String credentialType) throws Exception { + String cacheUrl = "https://localhost:80/credential-cache/" + transactionId; + String requestBody = "{ \"credentialName\":\"" + credentialName + "\", \"credentialValue\":\"" + credentialValue + + "\", \"credentialType\":\"" + credentialType + "\" }"; + + // Populate the cache with credentials + mvc.perform(MockMvcRequestBuilders.post(cacheUrl).content(requestBody).contentType(MediaType.APPLICATION_JSON) + .accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(transactionId))); + } +} diff --git a/sidecar/fproxy/version.properties b/sidecar/fproxy/version.properties new file mode 100644 index 0000000..5128787 --- /dev/null +++ b/sidecar/fproxy/version.properties @@ -0,0 +1,13 @@ +# Versioning variables +# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) +# because they are used in Jenkins, whose plug-in doesn't support + +major=1 +minor=0 +patch=0 + +base_version=${major}.${minor}.${patch} + +# Release must be completed with git revision # in Jenkins +release_version=${base_version} +snapshot_version=${base_version}-SNAPSHOT diff --git a/sidecar/pom.xml b/sidecar/pom.xml new file mode 100644 index 0000000..d33816c --- /dev/null +++ b/sidecar/pom.xml @@ -0,0 +1,80 @@ + + + + 4.0.0 + org.onap.aaf.cadi + sidecar + 1.0.0-SNAPSHOT + aaf-cadi-sidecar + pom + + + org.onap.oparent + oparent + 1.2.0 + + + + + UTF-8 + UTF-8 + 1.8 + + + + + + + fproxy + + + + + + + com.mycila + license-maven-plugin + 3.0 + +
License.txt
+ + src/main/java/** + src/test/java/** + pom.xml + + true + + + + + + check + + validate + + + + + + + -- 2.16.6