aop:
auto: false
springdoc:
- show-actuator: true
+ show-actuator: true
management:
endpoints:
web:
http.proxy-host:
http.proxy-port: 0
vardata-directory: /var/information-coordinator-service
-
+ # If the file name is empty, no authorzation token is sent
+ auth-token-file:
\ No newline at end of file
import java.lang.invoke.MethodHandles;
import org.apache.catalina.connector.Connector;
+import org.oransc.ics.clients.SecurityContext;
import org.oransc.ics.configuration.ApplicationConfig;
import org.oransc.ics.controllers.r1producer.ProducerCallbacks;
import org.oransc.ics.repository.InfoJobs;
}
@Bean
- public InfoJobs infoJobs() {
+ public InfoJobs infoJobs(SecurityContext securityContext) {
if (infoJobs == null) {
- infoJobs = new InfoJobs(getApplicationConfig(), producerCallbacks());
+ infoJobs = new InfoJobs(getApplicationConfig(), producerCallbacks(securityContext));
try {
infoJobs.restoreJobsFromDatabase();
} catch (Exception e) {
}
@Bean
- public ProducerCallbacks producerCallbacks() {
+ public ProducerCallbacks producerCallbacks(SecurityContext securityContext) {
if (this.producerCallbacks == null) {
- producerCallbacks = new ProducerCallbacks(getApplicationConfig());
+ producerCallbacks = new ProducerCallbacks(getApplicationConfig(), securityContext);
}
return this.producerCallbacks;
}
import io.swagger.v3.oas.annotations.info.Info;
import io.swagger.v3.oas.annotations.info.License;
-
/**
* Swagger configuration class that uses swagger documentation type and scans
* all the controllers. To access the swagger gui go to
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.lang.Nullable;
+import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.ExchangeStrategies;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec;
-import org.springframework.web.reactive.function.client.WebClientResponseException;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;
private static final AtomicInteger sequenceNumber = new AtomicInteger();
private final SslContext sslContext;
private final HttpProxyConfig httpProxyConfig;
+ private final SecurityContext securityContext;
- public AsyncRestClient(String baseUrl, @Nullable SslContext sslContext, @Nullable HttpProxyConfig httpProxyConfig) {
+ public AsyncRestClient(String baseUrl, @Nullable SslContext sslContext, @Nullable HttpProxyConfig httpProxyConfig,
+ SecurityContext securityContext) {
this.baseUrl = baseUrl;
this.sslContext = sslContext;
this.httpProxyConfig = httpProxyConfig;
+ this.securityContext = securityContext;
}
public Mono<ResponseEntity<String>> postForEntity(String uri, @Nullable String body) {
- Object traceTag = createTraceTag();
- logger.debug("{} POST uri = '{}{}''", traceTag, baseUrl, uri);
- logger.trace("{} POST body: {}", traceTag, body);
Mono<String> bodyProducer = body != null ? Mono.just(body) : Mono.empty();
RequestHeadersSpec<?> request = getWebClient() //
.uri(uri) //
.contentType(MediaType.APPLICATION_JSON) //
.body(bodyProducer, String.class);
- return retrieve(traceTag, request);
+ return retrieve(request);
}
public Mono<String> post(String uri, @Nullable String body) {
}
public Mono<String> postWithAuthHeader(String uri, String body, String username, String password) {
- Object traceTag = createTraceTag();
- logger.debug("{} POST (auth) uri = '{}{}''", traceTag, baseUrl, uri);
- logger.trace("{} POST body: {}", traceTag, body);
-
RequestHeadersSpec<?> request = getWebClient() //
.post() //
.uri(uri) //
.headers(headers -> headers.setBasicAuth(username, password)) //
.contentType(MediaType.APPLICATION_JSON) //
.bodyValue(body);
- return retrieve(traceTag, request) //
+ return retrieve(request) //
.map(this::toBody);
}
public Mono<ResponseEntity<String>> putForEntity(String uri, String body) {
- Object traceTag = createTraceTag();
- logger.debug("{} PUT uri = '{}{}''", traceTag, baseUrl, uri);
- logger.trace("{} PUT body: {}", traceTag, body);
-
RequestHeadersSpec<?> request = getWebClient() //
.put() //
.uri(uri) //
.contentType(MediaType.APPLICATION_JSON) //
.bodyValue(body);
- return retrieve(traceTag, request);
+ return retrieve(request);
}
public Mono<ResponseEntity<String>> putForEntity(String uri) {
- Object traceTag = createTraceTag();
- logger.debug("{} PUT uri = '{}{}''", traceTag, baseUrl, uri);
- logger.trace("{} PUT body: <empty>", traceTag);
RequestHeadersSpec<?> request = getWebClient() //
.put() //
.uri(uri);
- return retrieve(traceTag, request);
+ return retrieve(request);
}
public Mono<String> put(String uri, String body) {
}
public Mono<ResponseEntity<String>> getForEntity(String uri) {
- Object traceTag = createTraceTag();
- logger.debug("{} GET uri = '{}{}''", traceTag, baseUrl, uri);
RequestHeadersSpec<?> request = getWebClient().get().uri(uri);
- return retrieve(traceTag, request);
+ return retrieve(request);
}
public Mono<String> get(String uri) {
}
public Mono<ResponseEntity<String>> deleteForEntity(String uri) {
- Object traceTag = createTraceTag();
- logger.debug("{} DELETE uri = '{}{}''", traceTag, baseUrl, uri);
RequestHeadersSpec<?> request = getWebClient().delete().uri(uri);
- return retrieve(traceTag, request);
+ return retrieve(request);
}
public Mono<String> delete(String uri) {
.map(this::toBody);
}
- private Mono<ResponseEntity<String>> retrieve(Object traceTag, RequestHeadersSpec<?> request) {
- final Class<String> clazz = String.class;
+ private Mono<ResponseEntity<String>> retrieve(RequestHeadersSpec<?> request) {
+ if (securityContext.isConfigured()) {
+ request.headers(h -> h.setBearerAuth(securityContext.getBearerAuthToken()));
+ }
return request.retrieve() //
- .toEntity(clazz) //
- .doOnNext(entity -> logReceivedData(traceTag, entity)) //
- .doOnError(throwable -> onHttpError(traceTag, throwable));
- }
-
- private void logReceivedData(Object traceTag, ResponseEntity<String> entity) {
- logger.trace("{} Received: {} {}", traceTag, entity.getBody(), entity.getHeaders().getContentType());
+ .toEntity(String.class);
}
private static Object createTraceTag() {
return sequenceNumber.incrementAndGet();
}
- private void onHttpError(Object traceTag, Throwable t) {
- if (t instanceof WebClientResponseException) {
- WebClientResponseException exception = (WebClientResponseException) t;
- logger.debug("{} HTTP error status = '{}', body '{}'", traceTag, exception.getStatusCode(),
- exception.getResponseBodyAsString());
- } else {
- logger.debug("{} HTTP error {}", traceTag, t.getMessage());
- }
- }
-
private String toBody(ResponseEntity<String> entity) {
if (entity.getBody() == null) {
return "";
return httpClient;
}
- private WebClient buildWebClient(String baseUrl) {
+ public WebClient buildWebClient(String baseUrl) {
+ Object traceTag = createTraceTag();
+
final HttpClient httpClient = buildHttpClient();
ExchangeStrategies exchangeStrategies = ExchangeStrategies.builder() //
.codecs(configurer -> configurer.defaultCodecs().maxInMemorySize(-1)) //
.build();
+
+ ExchangeFilterFunction reqLogger = ExchangeFilterFunction.ofRequestProcessor(req -> {
+ logger.debug("{} {} uri = '{}''", traceTag, req.method(), req.url());
+ return Mono.just(req);
+ });
+
+ ExchangeFilterFunction respLogger = ExchangeFilterFunction.ofResponseProcessor(resp -> {
+ logger.debug("{} resp: {}", traceTag, resp.statusCode());
+ return Mono.just(resp);
+ });
+
return WebClient.builder() //
.clientConnector(new ReactorClientHttpConnector(httpClient)) //
.baseUrl(baseUrl) //
.exchangeStrategies(exchangeStrategies) //
+ .filter(reqLogger) //
+ .filter(respLogger) //
.build();
}
private final SslContextFactory sslContextFactory;
private final HttpProxyConfig httpProxyConfig;
+ private final SecurityContext securityContext;
- public AsyncRestClientFactory(WebClientConfig clientConfig) {
+ public AsyncRestClientFactory(WebClientConfig clientConfig, SecurityContext securityContext) {
if (clientConfig != null) {
this.sslContextFactory = new CachingSslContextFactory(clientConfig);
this.httpProxyConfig = clientConfig.httpProxyConfig();
this.sslContextFactory = null;
this.httpProxyConfig = null;
}
+ this.securityContext = securityContext;
}
public AsyncRestClient createRestClientNoHttpProxy(String baseUrl) {
if (this.sslContextFactory != null) {
try {
return new AsyncRestClient(baseUrl, this.sslContextFactory.createSslContext(),
- useHttpProxy ? httpProxyConfig : null);
+ useHttpProxy ? httpProxyConfig : null, this.securityContext);
} catch (Exception e) {
String exceptionString = e.toString();
logger.error("Could not init SSL context, reason: {}", exceptionString);
}
}
- return new AsyncRestClient(baseUrl, null, httpProxyConfig);
+ return new AsyncRestClient(baseUrl, null, httpProxyConfig, this.securityContext);
}
private class SslContextFactory {
--- /dev/null
+/*-
+ * ========================LICENSE_START=================================
+ * O-RAN-SC
+ * %%
+ * Copyright (C) 2022 Nordix Foundation
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.oransc.ics.clients;
+
+import java.lang.invoke.MethodHandles;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import lombok.Setter;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@EnableConfigurationProperties
+@ConfigurationProperties()
+@Component
+public class SecurityContext {
+
+ private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+ private long tokenTimestamp = 0;
+
+ private String authToken = "";
+
+ @Setter
+ private Path authTokenFilePath;
+
+ public SecurityContext(@Value("${app.auth-token-file:\"\"}") String authTokenFilename) {
+ if (!authTokenFilename.isEmpty()) {
+ this.authTokenFilePath = Path.of(authTokenFilename);
+ }
+ }
+
+ public boolean isConfigured() {
+ return authTokenFilePath != null;
+ }
+
+ public synchronized String getBearerAuthToken() {
+ if (!isConfigured()) {
+ return "";
+ }
+ try {
+ long lastModified = authTokenFilePath.toFile().lastModified();
+ if (lastModified != this.tokenTimestamp) {
+ this.authToken = Files.readString(authTokenFilePath);
+ this.tokenTimestamp = lastModified;
+ }
+ } catch (Exception e) {
+ logger.warn("Could not read auth token file: {}, reason: {}", authTokenFilePath, e.getMessage());
+ }
+ return this.authToken;
+ }
+
+}
import org.oransc.ics.clients.AsyncRestClient;
import org.oransc.ics.clients.AsyncRestClientFactory;
+import org.oransc.ics.clients.SecurityContext;
import org.oransc.ics.configuration.ApplicationConfig;
import org.oransc.ics.repository.InfoJob;
import org.oransc.ics.repository.InfoJobs;
private final InfoJobs eiJobs;
@Autowired
- public A1eCallbacks(ApplicationConfig config, InfoJobs eiJobs) {
- AsyncRestClientFactory restClientFactory = new AsyncRestClientFactory(config.getWebClientConfig());
+ public A1eCallbacks(ApplicationConfig config, InfoJobs eiJobs, SecurityContext securityContext) {
+ AsyncRestClientFactory restClientFactory =
+ new AsyncRestClientFactory(config.getWebClientConfig(), securityContext);
this.restClient = restClientFactory.createRestClientUseHttpProxy("");
this.eiJobs = eiJobs;
}
import org.oransc.ics.clients.AsyncRestClient;
import org.oransc.ics.clients.AsyncRestClientFactory;
+import org.oransc.ics.clients.SecurityContext;
import org.oransc.ics.configuration.ApplicationConfig;
import org.oransc.ics.repository.InfoType;
import org.oransc.ics.repository.InfoTypeSubscriptions;
public static final String API_VERSION = "version_1";
- public ConsumerCallbacks(@Autowired ApplicationConfig config,
- @Autowired InfoTypeSubscriptions infoTypeSubscriptions) {
- AsyncRestClientFactory restClientFactory = new AsyncRestClientFactory(config.getWebClientConfig());
+ @Autowired
+ public ConsumerCallbacks(ApplicationConfig config, InfoTypeSubscriptions infoTypeSubscriptions,
+ SecurityContext securityContext) {
+ AsyncRestClientFactory restClientFactory =
+ new AsyncRestClientFactory(config.getWebClientConfig(), securityContext);
this.restClient = restClientFactory.createRestClientNoHttpProxy("");
infoTypeSubscriptions.registerCallbackhandler(this, API_VERSION);
}
import org.oransc.ics.clients.AsyncRestClient;
import org.oransc.ics.clients.AsyncRestClientFactory;
+import org.oransc.ics.clients.SecurityContext;
import org.oransc.ics.configuration.ApplicationConfig;
import org.oransc.ics.repository.InfoJob;
import org.oransc.ics.repository.InfoJobs;
private final AsyncRestClient restClient;
- public ProducerCallbacks(ApplicationConfig config) {
- AsyncRestClientFactory restClientFactory = new AsyncRestClientFactory(config.getWebClientConfig());
+ public ProducerCallbacks(ApplicationConfig config, SecurityContext securityContext) {
+ AsyncRestClientFactory restClientFactory =
+ new AsyncRestClientFactory(config.getWebClientConfig(), securityContext);
this.restClient = restClientFactory.createRestClientNoHttpProxy("");
}
import java.io.FileOutputStream;
import java.io.PrintStream;
import java.lang.invoke.MethodHandles;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.util.Arrays;
+import java.util.Map;
import org.json.JSONObject;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.extension.ExtendWith;
import org.oransc.ics.clients.AsyncRestClient;
import org.oransc.ics.clients.AsyncRestClientFactory;
+import org.oransc.ics.clients.SecurityContext;
import org.oransc.ics.configuration.ApplicationConfig;
import org.oransc.ics.configuration.ImmutableHttpProxyConfig;
import org.oransc.ics.configuration.ImmutableWebClientConfig;
@Autowired
InfoTypeSubscriptions infoTypeSubscriptions;
+ @Autowired
+ SecurityContext securityContext;
+
private static Gson gson = new GsonBuilder().create();
/**
this.producerSimulator.getTestResults().reset();
this.consumerSimulator.getTestResults().reset();
this.a1eCallbacksSimulator.getTestResults().reset();
+ this.securityContext.setAuthTokenFilePath(null);
}
@AfterEach
ProducerSimulatorController.TestResults simulatorResults = this.producerSimulator.getTestResults();
await().untilAsserted(() -> assertThat(simulatorResults.jobsStopped).hasSize(1));
assertThat(simulatorResults.jobsStopped.get(0)).isEqualTo("jobId");
+
}
@Test
"Could not find Information subscription: junk");
}
+ @Test
+ void testAuthHeader() throws Exception {
+ final String AUTH_TOKEN = "testToken";
+ Path authFile = Files.createTempFile("icsTestAuthToken", ".txt");
+ Files.write(authFile, AUTH_TOKEN.getBytes());
+ this.securityContext.setAuthTokenFilePath(authFile);
+ putInfoProducerWithOneType(PRODUCER_ID, TYPE_ID);
+ putInfoJob(TYPE_ID, "jobId");
+
+ // Test that authorization header is sent to the producer.
+ await().untilAsserted(() -> assertThat(this.producerSimulator.getTestResults().receivedHeaders).hasSize(1));
+ Map<String, String> headers = this.producerSimulator.getTestResults().receivedHeaders.get(0);
+ assertThat(headers).containsEntry("authorization", "Bearer " + AUTH_TOKEN);
+
+ Files.delete(authFile);
+
+ // Test that it works. The cached header is used
+ putInfoJob(TYPE_ID, "jobId2");
+ await().untilAsserted(() -> assertThat(this.infoJobs.size()).isEqualByComparingTo(2));
+ headers = this.producerSimulator.getTestResults().receivedHeaders.get(1);
+ assertThat(headers).containsEntry("authorization", "Bearer " + AUTH_TOKEN);
+
+ }
+
private String typeSubscriptionUrl() {
return ConsumerConsts.API_ROOT + "/info-type-subscription";
}
.trustStorePassword(config.trustStorePassword()) //
.httpProxyConfig(httpProxyConfig).build();
- AsyncRestClientFactory restClientFactory = new AsyncRestClientFactory(config);
+ AsyncRestClientFactory restClientFactory = new AsyncRestClientFactory(config, securityContext);
return restClientFactory.createRestClientNoHttpProxy(baseUrl());
}
private static AsyncRestClient clientUnderTest;
+ private static final SecurityContext securityContext = new SecurityContext("");
+
@BeforeAll
static void init() {
// skip a lot of unnecessary logs from MockWebServer
InternalLoggerFactory.setDefaultFactory(JdkLoggerFactory.INSTANCE);
Loggers.useJdkLoggers();
mockWebServer = new MockWebServer();
- clientUnderTest = new AsyncRestClient(mockWebServer.url(BASE_URL).toString(), null, null);
+ clientUnderTest = new AsyncRestClient(mockWebServer.url(BASE_URL).toString(), null, null, securityContext);
}
@AfterAll
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Map;
import lombok.Getter;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RestController;
@RestController("ProducerSimulatorController")
public List<ProducerJobInfo> jobsStarted = Collections.synchronizedList(new ArrayList<ProducerJobInfo>());
public List<String> jobsStopped = Collections.synchronizedList(new ArrayList<String>());
+ public List<Map<String, String>> receivedHeaders =
+ Collections.synchronizedList(new ArrayList<Map<String, String>>());
public int noOfRejectedCreate = 0;
public int noOfRejectedDelete = 0;
public boolean errorFound = false;
public void reset() {
jobsStarted.clear();
jobsStopped.clear();
+ receivedHeaders.clear();
this.errorFound = false;
this.noOfRejectedCreate = 0;
this.noOfRejectedDelete = 0;
content = @Content(schema = @Schema(implementation = VoidResponse.class))) //
})
public ResponseEntity<Object> jobCreatedCallback( //
+ @RequestHeader Map<String, String> headers, //
@RequestBody ProducerJobInfo request) {
try {
+ logHeaders(headers);
this.testResults.jobsStarted.add(request);
+ this.testResults.receivedHeaders.add(headers);
logger.info("Job started callback {}", request.id);
if (request.id == null) {
throw new NullPointerException("Illegal argument");
content = @Content(schema = @Schema(implementation = VoidResponse.class))) //
})
public ResponseEntity<Object> jobDeletedCallback( //
- @PathVariable(ConsumerConsts.INFO_JOB_ID_PATH) String infoJobId) {
+ @RequestHeader Map<String, String> headers, @PathVariable(ConsumerConsts.INFO_JOB_ID_PATH) String infoJobId) {
try {
+ logHeaders(headers);
logger.info("Job deleted callback {}", infoJobId);
this.testResults.jobsStopped.add(infoJobId);
+ this.testResults.receivedHeaders.add(headers);
return new ResponseEntity<>(HttpStatus.OK);
} catch (Exception e) {
return ErrorResponse.create(e, HttpStatus.NOT_FOUND);
})
public ResponseEntity<Object> producerSupervision() {
logger.info("Producer supervision");
- return new ResponseEntity<>(HttpStatus.OK);
+ return new ResponseEntity<>("Hunky dory", HttpStatus.OK);
}
@GetMapping(path = SUPERVISION_ERROR_URL, produces = MediaType.APPLICATION_JSON_VALUE)
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
+ private void logHeaders(Map<String, String> headers) {
+ logger.debug("Header begin");
+ headers.forEach((key, value) -> logger.debug(" key: {}, value: {}", key, value));
+ logger.debug("Header end");
+ }
+
}