2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END============================================
20 * ===================================================================
24 package org.onap.clamp.clds.filter;
26 import com.att.eelf.configuration.EELFLogger;
27 import com.att.eelf.configuration.EELFManager;
29 import java.io.ByteArrayInputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.net.URLDecoder;
34 import java.nio.charset.StandardCharsets;
35 import java.nio.file.StandardCopyOption;
36 import java.security.cert.CertificateException;
37 import java.security.cert.CertificateFactory;
38 import java.security.cert.X509Certificate;
40 import javax.servlet.FilterChain;
41 import javax.servlet.FilterConfig;
42 import javax.servlet.ServletException;
43 import javax.servlet.ServletRequest;
44 import javax.servlet.ServletResponse;
45 import javax.servlet.http.HttpServletRequest;
47 import org.onap.aaf.cadi.config.Config;
48 import org.onap.aaf.cadi.filter.CadiFilter;
49 import org.onap.clamp.clds.util.ResourceFileUtil;
50 import org.springframework.beans.factory.annotation.Autowired;
51 import org.springframework.beans.factory.annotation.Value;
52 import org.springframework.context.ApplicationContext;
54 public class ClampCadiFilter extends CadiFilter {
55 private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class);
58 private ApplicationContext appContext;
60 @Value("${server.ssl.key-store:#{null}}")
61 private String keyStore;
63 @Value("${server.ssl.key-store-password:#{null}}")
64 private String keyStorePass;
66 @Value("${server.ssl.trust-store:#{null}}")
67 private String trustStore;
69 @Value("${server.ssl.trust-store-password:#{null}}")
70 private String trustStorePass;
72 @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
75 @Value("${clamp.config.keyFile:#{null}}")
76 private String keyFile;
78 @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
79 private String cadiLoglevel;
81 @Value("${clamp.config.cadi.cadiLatitude:#{null}}")
82 private String cadiLatitude;
84 @Value("${clamp.config.cadi.cadiLongitude:#{null}}")
85 private String cadiLongitude;
87 @Value("${clamp.config.cadi.aafLocateUrl:#{null}}")
88 private String aafLocateUrl;
90 @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}")
91 private String oauthTokenUrl;
93 @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}")
94 private String oauthIntrospectUrl;
96 @Value("${clamp.config.cadi.aafEnv:#{null}}")
97 private String aafEnv;
99 @Value("${clamp.config.cadi.aafUrl:#{null}}")
100 private String aafUrl;
102 @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
103 private String cadiX509Issuers;
105 private void checkIfNullProperty(String key, String value) {
107 * When value is null, so not defined in application.properties set nothing in
112 * Ensure that any properties already defined in System.prop by JVM params won't
113 * be overwritten by Spring application.properties values
115 System.setProperty(key, System.getProperty(key, value));
120 public void init(FilterConfig filterConfig) throws ServletException {
121 // set some properties in System so that Cadi filter will find its config
122 // The JVM values set will always overwrite the Spring ones.
123 checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile));
124 checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
125 checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
126 checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
128 checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
129 checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl);
130 checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl);
132 checkIfNullProperty(Config.AAF_ENV, aafEnv);
133 checkIfNullProperty(Config.AAF_URL, aafUrl);
134 checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers);
135 checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore));
136 checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore));
137 checkIfNullProperty(Config.CADI_ALIAS, alias);
138 checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass);
139 checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass);
141 super.init(filterConfig);
145 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
146 throws IOException, ServletException {
148 String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
149 if (certHeader != null) {
150 CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
151 X509Certificate cert = (X509Certificate) certificateFactory
152 .generateCertificate(new ByteArrayInputStream(
153 URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes()));
154 X509Certificate caCert = (X509Certificate) certificateFactory
155 .generateCertificate(new ByteArrayInputStream(
156 ResourceFileUtil.getResourceAsString("clds/aaf/ssl/ca-certs.pem").getBytes()));
158 X509Certificate[] certifArray = ((X509Certificate[]) request
159 .getAttribute("javax.servlet.request.X509Certificate"));
160 if (certifArray == null) {
161 certifArray = new X509Certificate[] { cert, caCert };
162 request.setAttribute("javax.servlet.request.X509Certificate", certifArray);
164 certifArray[0] = cert;
165 certifArray[1] = caCert;
169 } catch (CertificateException e) {
170 logger.error("Unable to inject the X.509 certificate", e);
172 super.doFilter(request, response, chain);
175 private String convertSpringToPath(String fileName) {
176 try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
177 if (!fileName.contains("file:")) {
178 File targetFile = new File(appContext.getResource(fileName).getFilename());
179 java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
180 return targetFile.getPath();
182 return appContext.getResource(fileName).getFile().getPath();
184 } catch (IOException e) {
185 logger.error("Unable to open and copy the file: " + fileName, e);