import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
import java.nio.file.StandardCopyOption;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.clamp.clds.util.ResourceFileUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
@Value("${server.ssl.key-store:#{null}}")
private String keyStore;
- @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}")
+ @Value("${server.ssl.key-store-password:#{null}}")
private String keyStorePass;
@Value("${server.ssl.trust-store:#{null}}")
private String trustStore;
- @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}")
+ @Value("${server.ssl.trust-store-password:#{null}}")
private String trustStorePass;
@Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
private String alias;
- @Value("${clamp.config.cadi.keyFile:#{null}}")
+ @Value("${clamp.config.keyFile:#{null}}")
private String keyFile;
@Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
@Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
private String cadiX509Issuers;
+ @Value("${clamp.config.caCerts:#{null}}")
+ private String caCertsPath;
+
private void checkIfNullProperty(String key, String value) {
- /* When value is null, so not defined in application.properties
- set nothing in System properties */
+ /*
+ * When value is null, so not defined in application.properties set nothing in
+ * System properties
+ */
if (value != null) {
- /* Ensure that any properties already defined in System.prop by JVM params
- won't be overwritten by Spring application.properties values */
+ /*
+ * Ensure that any properties already defined in System.prop by JVM params won't
+ * be overwritten by Spring application.properties values
+ */
System.setProperty(key, System.getProperty(key, value));
}
}
super.init(filterConfig);
}
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ try {
+ String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
+ if (certHeader != null) {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) certificateFactory
+ .generateCertificate(new ByteArrayInputStream(
+ URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes()));
+ X509Certificate caCert = (X509Certificate) certificateFactory
+ .generateCertificate(new ByteArrayInputStream(
+ ResourceFileUtils.getResourceAsString(this.caCertsPath).getBytes()));
+
+ X509Certificate[] certifArray = ((X509Certificate[]) request
+ .getAttribute("javax.servlet.request.X509Certificate"));
+ if (certifArray == null) {
+ certifArray = new X509Certificate[] { cert, caCert };
+ request.setAttribute("javax.servlet.request.X509Certificate", certifArray);
+ } else {
+ certifArray[0] = cert;
+ certifArray[1] = caCert;
+ }
+ }
+
+ } catch (CertificateException e) {
+ logger.error("Unable to inject the X.509 certificate", e);
+ }
+ super.doFilter(request, response, chain);
+ }
+
private String convertSpringToPath(String fileName) {
try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
if (!fileName.contains("file:")) {