2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END============================================
20 * ===================================================================
24 package org.onap.clamp.clds.filter;
26 import com.att.eelf.configuration.EELFLogger;
27 import com.att.eelf.configuration.EELFManager;
29 import java.io.ByteArrayInputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.net.URLDecoder;
34 import java.nio.charset.StandardCharsets;
35 import java.nio.file.StandardCopyOption;
36 import java.security.cert.CertificateException;
37 import java.security.cert.CertificateFactory;
38 import java.security.cert.X509Certificate;
40 import javax.servlet.FilterChain;
41 import javax.servlet.FilterConfig;
42 import javax.servlet.ServletException;
43 import javax.servlet.ServletRequest;
44 import javax.servlet.ServletResponse;
45 import javax.servlet.http.HttpServletRequest;
47 import org.onap.aaf.cadi.config.Config;
48 import org.onap.aaf.cadi.filter.CadiFilter;
49 import org.onap.clamp.clds.util.ResourceFileUtils;
50 import org.springframework.beans.factory.annotation.Autowired;
51 import org.springframework.beans.factory.annotation.Value;
52 import org.springframework.context.ApplicationContext;
54 public class ClampCadiFilter extends CadiFilter {
55 private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class);
58 private ApplicationContext appContext;
60 @Value("${server.ssl.key-store:#{null}}")
61 private String keyStore;
63 @Value("${server.ssl.key-store-password:#{null}}")
64 private String keyStorePass;
66 @Value("${server.ssl.trust-store:#{null}}")
67 private String trustStore;
69 @Value("${server.ssl.trust-store-password:#{null}}")
70 private String trustStorePass;
72 @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
75 @Value("${clamp.config.keyFile:#{null}}")
76 private String keyFile;
78 @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
79 private String cadiLoglevel;
81 @Value("${clamp.config.cadi.cadiLatitude:#{null}}")
82 private String cadiLatitude;
84 @Value("${clamp.config.cadi.cadiLongitude:#{null}}")
85 private String cadiLongitude;
87 @Value("${clamp.config.cadi.aafLocateUrl:#{null}}")
88 private String aafLocateUrl;
90 @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}")
91 private String oauthTokenUrl;
93 @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}")
94 private String oauthIntrospectUrl;
96 @Value("${clamp.config.cadi.aafEnv:#{null}}")
97 private String aafEnv;
99 @Value("${clamp.config.cadi.aafUrl:#{null}}")
100 private String aafUrl;
102 @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
103 private String cadiX509Issuers;
105 @Value("${clamp.config.caCerts:#{null}}")
106 private String caCertsPath;
108 private void checkIfNullProperty(String key, String value) {
110 * When value is null, so not defined in application.properties set nothing in
115 * Ensure that any properties already defined in System.prop by JVM params won't
116 * be overwritten by Spring application.properties values
118 System.setProperty(key, System.getProperty(key, value));
123 public void init(FilterConfig filterConfig) throws ServletException {
124 // set some properties in System so that Cadi filter will find its config
125 // The JVM values set will always overwrite the Spring ones.
126 checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile));
127 checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
128 checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
129 checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
131 checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
132 checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl);
133 checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl);
135 checkIfNullProperty(Config.AAF_ENV, aafEnv);
136 checkIfNullProperty(Config.AAF_URL, aafUrl);
137 checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers);
138 checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore));
139 checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore));
140 checkIfNullProperty(Config.CADI_ALIAS, alias);
141 checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass);
142 checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass);
144 super.init(filterConfig);
148 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
149 throws IOException, ServletException {
151 String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
152 if (certHeader != null) {
153 CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
154 X509Certificate cert = (X509Certificate) certificateFactory
155 .generateCertificate(new ByteArrayInputStream(
156 URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes()));
157 X509Certificate caCert = (X509Certificate) certificateFactory
158 .generateCertificate(new ByteArrayInputStream(
159 ResourceFileUtils.getResourceAsString(this.caCertsPath).getBytes()));
161 X509Certificate[] certifArray = ((X509Certificate[]) request
162 .getAttribute("javax.servlet.request.X509Certificate"));
163 if (certifArray == null) {
164 certifArray = new X509Certificate[] { cert, caCert };
165 request.setAttribute("javax.servlet.request.X509Certificate", certifArray);
167 certifArray[0] = cert;
168 certifArray[1] = caCert;
172 } catch (CertificateException e) {
173 logger.error("Unable to inject the X.509 certificate", e);
175 super.doFilter(request, response, chain);
178 private String convertSpringToPath(String fileName) {
179 try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
180 if (!fileName.contains("file:")) {
181 File targetFile = new File(appContext.getResource(fileName).getFilename());
182 java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
183 return targetFile.getPath();
185 return appContext.getResource(fileName).getFile().getPath();
187 } catch (IOException e) {
188 logger.error("Unable to open and copy the file: " + fileName, e);