Fix the ssl config

[clamp.git] / src / main / java / org / onap / clamp / clds / filter / ClampCadiFilter.java
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java

index 586899a..f68990a 100644 (file)
--- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
@@ -26,16 +26,27 @@ package org.onap.clamp.clds.filter;
  import com.att.eelf.configuration.EELFLogger;
  import com.att.eelf.configuration.EELFManager;
  
+import java.io.ByteArrayInputStream;
  import java.io.File;
  import java.io.IOException;
  import java.io.InputStream;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
  import java.nio.file.StandardCopyOption;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
  
+import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
  
  import org.onap.aaf.cadi.config.Config;
  import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.clamp.clds.util.ResourceFileUtils;
  import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.beans.factory.annotation.Value;
  import org.springframework.context.ApplicationContext;
@@ -49,19 +60,19 @@ public class ClampCadiFilter extends CadiFilter {
      @Value("${server.ssl.key-store:#{null}}")
      private String keyStore;
  
-    @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}")
+    @Value("${server.ssl.key-store-password:#{null}}")
      private String keyStorePass;
  
      @Value("${server.ssl.trust-store:#{null}}")
      private String trustStore;
  
-    @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}")
+    @Value("${server.ssl.trust-store-password:#{null}}")
      private String trustStorePass;
  
      @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
      private String alias;
  
-    @Value("${clamp.config.cadi.keyFile:#{null}}")
+    @Value("${clamp.config.keyFile:#{null}}")
      private String keyFile;
  
      @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
@@ -91,12 +102,19 @@ public class ClampCadiFilter extends CadiFilter {
      @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
      private String cadiX509Issuers;
  
+    @Value("${clamp.config.caCerts:#{null}}")
+    private String caCertsPath;
+
      private void checkIfNullProperty(String key, String value) {
-        /* When value is null, so not defined in application.properties
-           set nothing in System properties */
+        /*
+         * When value is null, so not defined in application.properties set nothing in
+         * System properties
+         */
          if (value != null) {
-            /* Ensure that any properties already defined in System.prop by JVM params
-                won't be overwritten by Spring application.properties values */
+            /*
+             * Ensure that any properties already defined in System.prop by JVM params won't
+             * be overwritten by Spring application.properties values
+             */
              System.setProperty(key, System.getProperty(key, value));
          }
      }
@@ -126,6 +144,37 @@ public class ClampCadiFilter extends CadiFilter {
          super.init(filterConfig);
      }
  
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+        try {
+            String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
+            if (certHeader != null) {
+                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+                X509Certificate cert = (X509Certificate) certificateFactory
+                        .generateCertificate(new ByteArrayInputStream(
+                                URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes()));
+                X509Certificate caCert = (X509Certificate) certificateFactory
+                        .generateCertificate(new ByteArrayInputStream(
+                                ResourceFileUtils.getResourceAsString(this.caCertsPath).getBytes()));
+
+                X509Certificate[] certifArray = ((X509Certificate[]) request
+                        .getAttribute("javax.servlet.request.X509Certificate"));
+                if (certifArray == null) {
+                    certifArray = new X509Certificate[] { cert, caCert };
+                    request.setAttribute("javax.servlet.request.X509Certificate", certifArray);
+                } else {
+                    certifArray[0] = cert;
+                    certifArray[1] = caCert;
+                }
+            }
+
+        } catch (CertificateException e) {
+            logger.error("Unable to inject the X.509 certificate", e);
+        }
+        super.doFilter(request, response, chain);
+    }
+
      private String convertSpringToPath(String fileName) {
          try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
              if (!fileName.contains("file:")) {