+ # ========================LICENSE_START=================================
+ # Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ # ======================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ # ========================LICENSE_END===================================
+
spring:
profiles:
active: prod
-
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
+ # See springboot documentation.
+ port : 8633
+ http-port: 8680
+ ssl:
+ key-store-type: JKS
+ key-store: /opt/app/r-app-catalogue/etc/cert/keystore.jks
+ key-store-password: r-app-catalogue
+ key-password: r-app-catalogue
+ key-alias: server-cert
--- /dev/null
+/*-
+ * ========================LICENSE_START=================================
+ * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * ======================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.oransc.rappcatalogue.configuration;
+
+import org.apache.catalina.connector.Connector;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Configure embedded Tomcat
+ */
+
+@Configuration
+public class TomcatConfig {
+
+ @Value("${server.http-port}")
+ private int httpPort = 0;
+
+ // Embedded Tomcat with HTTP and HTTPS support
+ @Bean
+ public ServletWebServerFactory servletContainer() {
+ TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
+
+ if (httpPort > 0) {
+ tomcat.addAdditionalTomcatConnectors(getHttpConnector(httpPort));
+ }
+ return tomcat;
+ }
+
+ private static Connector getHttpConnector(int httpPort) {
+ Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
+ connector.setScheme("http");
+ connector.setPort(httpPort);
+ connector.setSecure(false);
+ return connector;
+ }
+}
--- /dev/null
+/*-
+ * ========================LICENSE_START=================================
+ * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * ======================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.oransc.rappcatalogue;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.boot.test.web.client.TestRestTemplate.HttpClientOption;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.boot.web.server.AbstractConfigurableWebServerFactory;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.util.ResourceUtils;
+import org.springframework.web.client.ResourceAccessException;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(
+ properties = { //
+ "server.ssl.key-store=./config/r-app-catalogue-keystore.jks", //
+ "server.http-port=0"})
+public class HttpsRequestTest {
+
+ @Value("${server.ssl.key-store-password}")
+ private String keyStorePassword; // inject password from config
+
+ @Value("${server.ssl.key-store}")
+ private String keyStore; // inject keyStore from config
+
+ @LocalServerPort
+ private int port;
+
+ @Autowired
+ private AbstractConfigurableWebServerFactory webServerFactory;
+
+ @Test
+ public void testSsl() {
+ assertEquals(this.webServerFactory.getSsl().isEnabled(), true);
+ }
+
+ @Test
+ public void rest_OverPlainHttp_GetsBadRequestRequiresTLS() throws Exception {
+ TestRestTemplate template = new TestRestTemplate();
+ ResponseEntity<String> responseEntity =
+ template.getForEntity("http://localhost:" + port + "/services", String.class);
+ assertEquals(HttpStatus.BAD_REQUEST, responseEntity.getStatusCode());
+ assertTrue(responseEntity.getBody().contains("This combination of host and port requires TLS"));
+ }
+
+ @Test
+ public void rest_WithoutSSLConfiguration_ThrowsSSLExceptionUnableFindValidCertPath() throws Exception {
+ TestRestTemplate template = new TestRestTemplate();
+
+ ResourceAccessException thrown = assertThrows(ResourceAccessException.class, () -> {
+ template.getForEntity("https://localhost:" + port + "/services", String.class);
+ });
+ assertTrue(thrown.getMessage().contains("unable to find valid certification path to requested target"));
+ }
+
+ @Test
+ public void rest_WithTwoWaySSL_AuthenticatesAndGetsExpectedResponse() throws Exception {
+
+ SSLContext sslContext = new SSLContextBuilder().loadKeyMaterial(ResourceUtils.getFile(keyStore),
+ keyStorePassword.toCharArray(), keyStorePassword.toCharArray()).build();
+
+ SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);
+ RestTemplateBuilder rtb =
+ new RestTemplateBuilder().requestFactory(() -> factory).rootUri("https://localhost:" + port);
+
+ TestRestTemplate template = new TestRestTemplate(rtb, null, null, HttpClientOption.SSL);
+
+ ResponseEntity<String> responseEntity = template.getForEntity("/services", String.class);
+ assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
+ assertEquals("[]", responseEntity.getBody());
+ }
+
+}