Optionally disable client authentication

[aai/babel.git] / src / main / java / org / onap / aai / babel / BabelApplication.java

diff --git a/src/main/java/org/onap/aai/babel/BabelApplication.java b/src/main/java/org/onap/aai/babel/BabelApplication.java
index cc3ca4b..0b0285b 100644 (file)
--- a/src/main/java/org/onap/aai/babel/BabelApplication.java
+++ b/src/main/java/org/onap/aai/babel/BabelApplication.java
@@ -1,5 +1,5 @@
 /**
- * ============LICENSE_START=======================================================
+ * ============LICENSE_START=======================================================
  * org.onap.aai
  * ================================================================================
  * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
@@ -31,6 +31,8 @@ import org.springframework.context.annotation.ImportResource;
 @ImportResource("classpath:babel-beans.xml")
 public class BabelApplication extends SpringBootServletInitializer {
 
+    private static final String OBFS_PATTERN = "OBF:";
+
     /**
      * Spring Boot Initialization.
      * 
@@ -42,7 +44,13 @@ public class BabelApplication extends SpringBootServletInitializer {
             throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set");
         }
         HashMap<String, Object> props = new HashMap<>();
-        props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
+        String decryptedValue = keyStorePassword.startsWith(OBFS_PATTERN)? Password.deobfuscate(keyStorePassword) : keyStorePassword;
+        props.put("server.ssl.key-store-password", decryptedValue);
+
+        String requireClientAuth = System.getenv("REQUIRE_CLIENT_AUTH");
+        props.put("server.ssl.client-auth",
+                Boolean.FALSE.toString().equalsIgnoreCase(requireClientAuth) ? "want" : "need");
+
         new BabelApplication().configure(new SpringApplicationBuilder(BabelApplication.class).properties(props))
                 .run(args);
     }