Implement client authentication to ElasticSearch

[aai/search-data-service.git] / src / main / java / org / onap / aai / sa / searchdbabstraction / elasticsearch / config / ElasticSearchConfig.java

diff --git a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
index 1bf1db7..f5cb9da 100644 (file)
--- a/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
+++ b/src/main/java/org/onap/aai/sa/searchdbabstraction/elasticsearch/config/ElasticSearchConfig.java
@@ -20,9 +20,22 @@
  */
 package org.onap.aai.sa.searchdbabstraction.elasticsearch.config;
 
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Optional;
 import java.util.Properties;
+import org.eclipse.jetty.util.security.Password;
+import org.onap.aai.sa.searchdbabstraction.util.SearchDbConstants;
 
 public class ElasticSearchConfig {
+
+    private String uriScheme;
+    private String trustStore;
+    private String trustStorePassword;
+    private String keyStore;
+    private String keyStorePassword;
+    private String authUser;
+    private String authPassword;
     private String ipAddress;
     private String httpPort;
     private String javaApiPort;
@@ -31,15 +44,33 @@ public class ElasticSearchConfig {
     public static final String ES_CLUSTER_NAME = "es.cluster-name";
     public static final String ES_IP_ADDRESS = "es.ip-address";
     public static final String ES_HTTP_PORT = "es.http-port";
-
+    public static final String ES_URI_SCHEME = "es.uri-scheme";
+    public static final String ES_TRUST_STORE = "es.trust-store";
+    public static final String ES_TRUST_STORE_ENC = "es.trust-store-password";
+    public static final String ES_KEY_STORE = "es.key-store";
+    public static final String ES_KEY_STORE_ENC = "es.key-store-password";
+    public static final String ES_AUTH_USER = "es.auth-user";
+    public static final String ES_AUTH_ENC = "es.auth-password";
+
+    private static final String DEFAULT_URI_SCHEME = "http";
     private static final String JAVA_API_PORT_DEFAULT = "9300";
+    private String authValue;
 
     public ElasticSearchConfig(Properties props) {
-
+        setUriScheme(props.getProperty(ES_URI_SCHEME));
+        if (getUriScheme().equals("https")) {
+            initializeHttpsProperties(props);
+        }
         setClusterName(props.getProperty(ES_CLUSTER_NAME));
         setIpAddress(props.getProperty(ES_IP_ADDRESS));
         setHttpPort(props.getProperty(ES_HTTP_PORT));
         setJavaApiPort(JAVA_API_PORT_DEFAULT);
+        initializeAuthValues(props);
+    }
+
+
+    public String getUriScheme() {
+        return this.uriScheme;
     }
 
     public String getIpAddress() {
@@ -74,10 +105,105 @@ public class ElasticSearchConfig {
         this.clusterName = clusterName;
     }
 
+    public void setKeyStore(String keyStore) {
+        this.keyStore = keyStore;
+    }
+
+    public void setKeyStorePassword(String keyStorePassword) {
+        this.keyStorePassword = keyStorePassword;
+    }
+
+    public String getKeyStorePath() {
+        return keyStore;
+    }
+
+    public String getKeyStorePassword() {
+        return keyStorePassword;
+    }
+
+    public String getTrustStorePath() {
+        return trustStore;
+    }
+
+    public void setTrustStore(String trustStore) {
+        this.trustStore = trustStore;
+    }
+
+    public void setTrustStorePassword(String trustStorePassword) {
+        this.trustStorePassword = trustStorePassword;
+    }
+
+    public String getTrustStorePassword() {
+        return trustStorePassword;
+    }
+
+    public void setAuthUser(String authUser) {
+        this.authUser = authUser;
+    }
+
+    public String getAuthUser() {
+        return authUser;
+    }
+
+    public void setAuthPassword(String authPassword) {
+        this.authPassword = authPassword;
+    }
+
+    public String getAuthPassword() {
+        return authPassword;
+    }
+
+    public boolean useAuth() {
+        return getAuthUser() != null || getAuthPassword() != null;
+    }
+
+    public String getAuthValue() {
+        return authValue;
+    }
+
     @Override
     public String toString() {
-        return "ElasticSearchConfig [ipAddress=" + ipAddress + ", httpPort=" + httpPort + ", javaApiPort=" + javaApiPort
-                + ", clusterName=" + clusterName + "]";
+        return String.format(
+                "%s://%s:%s (cluster=%s) (API port=%s)%nauth=%s%ntrustStore=%s (passwd %s)%nkeyStore=%s (passwd %s)",
+                uriScheme, ipAddress, httpPort, clusterName, javaApiPort, useAuth(), trustStore,
+                trustStorePassword != null, keyStore, keyStorePassword != null);
     }
 
+    private void initializeAuthValues(Properties props) {
+        setAuthUser(props.getProperty(ES_AUTH_USER));
+        Optional<String> passwordValue = Optional.ofNullable(props.getProperty(ES_AUTH_ENC));
+        if (passwordValue.isPresent()) {
+            setAuthPassword(Password.deobfuscate(passwordValue.get()));
+        }
+        if (useAuth()) {
+            authValue = "Basic " + Base64.getEncoder()
+                    .encodeToString((getAuthUser() + ":" + getAuthPassword()).getBytes(StandardCharsets.UTF_8));
+        }
+    }
+
+    private void initializeHttpsProperties(Properties props) {
+        Optional<String> trustStoreFile = Optional.ofNullable(props.getProperty(ES_TRUST_STORE));
+        if (trustStoreFile.isPresent()) {
+            setTrustStore(SearchDbConstants.SDB_SPECIFIC_CONFIG + trustStoreFile.get());
+        }
+
+        Optional<String> passwordValue = Optional.ofNullable(props.getProperty(ES_TRUST_STORE_ENC));
+        if (passwordValue.isPresent()) {
+            setTrustStorePassword(Password.deobfuscate(passwordValue.get()));
+        }
+
+        Optional<String> keyStoreFile = Optional.ofNullable(props.getProperty(ES_KEY_STORE));
+        if (keyStoreFile.isPresent()) {
+            setKeyStore(SearchDbConstants.SDB_SPECIFIC_CONFIG + keyStoreFile.get());
+        }
+
+        passwordValue = Optional.ofNullable(props.getProperty(ES_KEY_STORE_ENC));
+        if (passwordValue.isPresent()) {
+            setKeyStorePassword(Password.deobfuscate(passwordValue.get()));
+        }
+    }
+
+    private void setUriScheme(String uriScheme) {
+        this.uriScheme = Optional.ofNullable(uriScheme).orElse(DEFAULT_URI_SCHEME);
+    }
 }