Skip to content

Commit

Permalink
Merge pull request #48 from Axway-API-Management-Plus/cassandra_clien…
Browse files Browse the repository at this point in the history
…t_auth

Cassandra client auth
  • Loading branch information
rathnapandi authored May 26, 2022
2 parents 1070c02 + e622c14 commit e95e1bf
Show file tree
Hide file tree
Showing 10 changed files with 399 additions and 256 deletions.
2 changes: 1 addition & 1 deletion .github/badges/jacoco.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
123 changes: 69 additions & 54 deletions README.md

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<groupId>com.axway</groupId>
<artifactId>apim-env-module</artifactId>
<version>1.1.9</version>
<version>1.1.10</version>

<name>apim-env-module</name>
<url>https://axway.com</url>
Expand Down
78 changes: 58 additions & 20 deletions src/main/java/com/axway/ExternalConfigLoader.java
Original file line number Diff line number Diff line change
Expand Up @@ -72,21 +72,28 @@ public void updatePassword(EntityStore entityStore) {
disableInterface(entityStore, filterName, "InetInterface");
}
} else if (key.equalsIgnoreCase("cassandra_disablessl")) {
if (passwordValue.equalsIgnoreCase("true")) {
disableCassandraSSL(entityStore);
}
disableCassandraSSL(entityStore, passwordValue);
} else if (key.startsWith("cassandraCert")) {
try {
List<X509Certificate> certificates = certHelper.parseX509(passwordValue);
int index = 0;
for (X509Certificate certificate : certificates) {
String alias = importPublicCertificate(certificate, entityStore);
if (alias != null) {
updateCassandraCert(entityStore, alias, index != 0);
index++;
String pemKey = System.getenv("cassandra_private_key");
String publicKey = System.getenv("cassandra_public_key");
if( pemKey != null && publicKey != null) {
PKCS12 pkcs12 = importCertAndKeyAndCA(entityStore, publicKey, passwordValue, pemKey, null);
Trace.info("Pem file alias name :" + pkcs12.getAlias());
updateCassandraCertAndKey(entityStore, pkcs12.getAlias(), pkcs12.getCertificates());
}else {
List<X509Certificate> certificates = certHelper.parseX509(passwordValue);

int index = 0;
for (X509Certificate certificate : certificates) {
String alias = importPublicCertificate(certificate, entityStore);
if (alias != null) {
updateCassandraCert(entityStore, alias, index != 0);
index++;
}
}
}
} catch (CertificateException | FileNotFoundException e) {
} catch (Exception e) {
Trace.error("Unable to add Cassandra certificate from Environment variable", e);
}
} else if (key.startsWith("certandkey_")) {
Expand Down Expand Up @@ -375,22 +382,52 @@ public void updateCassandraPassword(EntityStore entityStore, char[] password) {
entityStore.updateEntity(entity);
}

public void updateCassandraCert(EntityStore entityStore, String alias, boolean append) {


public void updateCassandraCertAndKey(EntityStore entityStore, String clientAuthAlias, Certificate[] certificates) {
Entity entity = getCassandraEntity(entityStore);
boolean useSSL = entity.getBooleanValue("useSSL");
if (useSSL) {

String clientAuth = "sslCertificate";
updateCertEntity(entityStore, entity, clientAuthAlias, clientAuth, false);
String filedName = "sslTrustedCerts";

if( certificates.length > 1){
// Start from 1 To ignore public key associated with private key
for (int i = 1; i < certificates.length; i++) {
Certificate certificate = certificates[i];
String alias = Util.getAliasName((X509Certificate) certificate);
updateCertEntity(entityStore, entity, alias, filedName, true);
}
}
}
}

public Entity getCassandraEntity(EntityStore entityStore){
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Entity entity = getEntity(entityStore, shorthandKey);
return getEntity(entityStore, shorthandKey);
}

public void updateCassandraCert(EntityStore entityStore, String alias, boolean append) {
Entity entity = getCassandraEntity(entityStore);
boolean useSSL = entity.getBooleanValue("useSSL");
if (useSSL) {
String filedName = "sslTrustedCerts";
updateCertEntity(entityStore, entity, alias, filedName, append);
}
}

public void disableCassandraSSL(EntityStore entityStore) {
public void disableCassandraSSL(EntityStore entityStore, String value) {
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Entity entity = getEntity(entityStore, shorthandKey);
entity.setBooleanField("useSSL", false);
boolean boolValue = Boolean.parseBoolean(value);
entity.setBooleanField("useSSL", !boolValue);
entityStore.updateEntity(entity);
Trace.info("Disabled Cassandra SSL");
if(!boolValue)
Trace.info("Disabled Cassandra SSL");
else
Trace.info("Enabled Cassandra SSL");
}

// Supports both HTTP and HTTPS interfaces where interfaceType are InetInterface, SSLInterface
Expand All @@ -415,7 +452,6 @@ private String importPublicCertificate(X509Certificate certificate, EntityStore
String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
Entity certEntity = getCertEntity(entityStore, escapedAlias);
Trace.info("Alias :" + alias + "Escaped alias :" + escapedAlias);

if (certEntity == null) {
Trace.info("Adding cert");
certEntity = EntityStoreDelegate.createDefaultedEntity(entityStore, "Certificate");
Expand Down Expand Up @@ -498,14 +534,16 @@ private void updateCertEntity(EntityStore entityStore, Entity entity, String ali
String certStoreDistinguishedName = espk.getFieldValueOfReferencedEntity("dname");
Trace.info(" alias name from Gateway Cert store :" + certStoreDistinguishedName);
if (certStoreDistinguishedName.equals(alias)) {
Trace.info("Removing existing certs" + alias);
Trace.info("Removing existing cert as it matches the current cert" + alias);
values.remove(value);
continue;
}
Trace.info("adding " + alias);
values.add(new Value(portableESPK));
}
Trace.info("adding " + alias);
values.add(new Value(portableESPK));
field.setValues(values);
} else {
Trace.debug("Replacing exising cert reference");
entity.setReferenceField(fieldName, portableESPK);
}
entityStore.updateEntity(entity);
Expand Down
11 changes: 11 additions & 0 deletions src/main/java/com/axway/Util.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.axway;

import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
Expand Down Expand Up @@ -30,4 +31,14 @@ public static Map<String, Map<String, String>> parseCred(Map<String, String> env
}
return values;
}

public static String getAliasName(X509Certificate certificate){


String alias = certificate.getSubjectDN().getName();
if (alias.equals("")) {
alias = certificate.getSerialNumber().toString();
}
return alias;
}
}
73 changes: 72 additions & 1 deletion src/test/java/com/axway/ExternalConfigLoaderTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import com.vordel.es.Entity;
import com.vordel.es.EntityStore;
import com.vordel.es.EntityStoreFactory;
import com.vordel.es.Value;
import com.vordel.es.util.ShorthandKeyFinder;
import com.vordel.es.xes.PortableESPK;
import com.vordel.trace.Trace;
Expand All @@ -25,6 +26,7 @@
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.*;
import java.util.stream.Collectors;

import static org.powermock.api.mockito.PowerMockito.mockStatic;

Expand Down Expand Up @@ -79,12 +81,26 @@ public void testDisableInterface(){
@Test
public void testDisableCassandraSSL(){

externalConfigLoader.disableCassandraSSL(entityStore);
externalConfigLoader.disableCassandraSSL(entityStore, "true");
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Entity entity = externalConfigLoader.getEntity(entityStore, shorthandKey);
System.out.println(entity.getBooleanValue("useSSL"));
Assert.assertFalse(entity.getBooleanValue("useSSL"));
}

@Test
public void testEnableCassandraSSL() throws NoSuchFieldException, IllegalAccessException{

Map<String, String> envVars = new HashMap<>();
envVars.put("cassandra_disablessl", "false");
setupEnvVariables(envVars);
externalConfigLoader.updatePassword(entityStore);
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Entity entity = externalConfigLoader.getEntity(entityStore, shorthandKey);
Assert.assertTrue(entity.getBooleanValue("useSSL"));
}



@Test
public void testUpdateLDAP(){
Expand Down Expand Up @@ -237,6 +253,8 @@ public void testUpdateCassandraCert() throws NoSuchFieldException, IllegalAccess
"PLHu3INlHcXQs3AY0wNBLhL2jBwZ0uwBYK+entFpCgb+Z+RQ+uxs3joYuKEMj6M6\n" +
"6Xi8yAoGAN92VRi93iss3A7zoAsrPXCO7pNZdz3QzJ3Jjv9KW48DmQ==\n" +
"-----END CERTIFICATE-----";


envVars.put("cassandraCert_root", certificate);
setupEnvVariables(envVars);
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Expand All @@ -249,6 +267,59 @@ public void testUpdateCassandraCert() throws NoSuchFieldException, IllegalAccess

}


@Test
public void testUpdateCassandraCertAndKey() throws NoSuchFieldException, IllegalAccessException {

Map<String, String> envVars = new HashMap<>();
String certificate = "-----BEGIN CERTIFICATE-----\n" +
"MIICxDCCAaygAwIBAgIGAW5HwjW7MA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMM\n" +
"BkRvbWFpbjAgFw0xOTEwMzEyMTI1NDBaGA8yMTE5MTAxNDIxMjU0MFowETEPMA0G\n" +
"A1UEAwwGRG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlX2n\n" +
"ePJaDMGWpNUwgyCfyDVIMjLKRjvJ7bID+BF+LI9gxJ2mUVFXl822fT3m2BR5oG8s\n" +
"N/8JgvM+ie2PHxAWYokQcRSwYAFmMMMKp69M8sqAJHrm/QoVvFwCFVm+7DqJVKWu\n" +
"q5K+J+ophJQNhvSl0KLorFI8IodLZq5cDtyhfaB27Zbk1A9ha4PfXmnoFWbDwoZU\n" +
"UanoUy3xisbZ6HTvGKkawn53XaRJo5rn13b/9Np8PCJZLNmAiWoIB3NVyetwxS5C\n" +
"4FwIm2ZRJZny5l+CgJ9Frs9Y0teAz4Z1bqJWn+kfBCxGW8Ab7W7t6ah3a/WoQxi2\n" +
"HDU/134lBvoPhh9udwIDAQABoyAwHjAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQE\n" +
"AwICvDANBgkqhkiG9w0BAQsFAAOCAQEAlEo5pn1j8spkVg3RbLap80iwo8Slk+Fw\n" +
"v8tGqR+GJEiJXDgnPPDMkrE+wtC1kT4VxyQw8D0eittUPjFmoMdxoUwM5Ddf4qS7\n" +
"3LBO74CULyFZ0teyJoaVBjaG6MTg0ZfwUZt552IVLBgjbbE/yYu/dOJckpZlcZE7\n" +
"yRw3ffr/trqh2B5tzwJMnWsakRwAtooRJ2RZ8ufQUhEYdI/7KJajZDQ0IFxleyPZ\n" +
"PLHu3INlHcXQs3AY0wNBLhL2jBwZ0uwBYK+entFpCgb+Z+RQ+uxs3joYuKEMj6M6\n" +
"6Xi8yAoGAN92VRi93iss3A7zoAsrPXCO7pNZdz3QzJ3Jjv9KW48DmQ==\n" +
"-----END CERTIFICATE-----";

String pemKey = "src/test/resources/acp-key.pem";
String cert = "src/test/resources/acp-crt.pem";


envVars.put("cassandraCert_root", certificate);
envVars.put("cassandra_private_key", pemKey);
envVars.put("cassandra_public_key", cert);

setupEnvVariables(envVars);
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Entity entity = externalConfigLoader.getEntity(entityStore, shorthandKey);
entity.setBooleanField("useSSL", true);
entityStore.updateEntity(entity);
externalConfigLoader.updatePassword(entityStore);
entity = externalConfigLoader.getEntity(entityStore, shorthandKey);
String certAlias = "/[Certificates]name=Certificate Store/[Certificate]dname=CN=Domain";
List<Value> values = entity.getField("sslTrustedCerts").getValueList();

System.out.println(values);
System.out.println(values.size());
List<Value> filteredValues = values.stream().filter(value -> ((PortableESPK)value.getRef()).toShorthandString().equals(certAlias)).collect(Collectors.toList());

Assert.assertEquals("sslTrustedCerts", certAlias, ((PortableESPK)filteredValues.get(0).getRef()).toShorthandString());
Assert.assertEquals("sslCertificate", "/[Certificates]name=Certificate Store/[Certificate]dname=213910179734667807042092962809881497910", ((PortableESPK)entity.getField("sslCertificate").getValueList().get(0).getRef()).toShorthandString());


}



@Test
public void testUpdateCassandraKPSTablesConsistencyLevel(){

Expand Down
2 changes: 1 addition & 1 deletion src/test/resources/test-env/CertStore.sha256
Original file line number Diff line number Diff line change
@@ -1 +1 @@
cf683379d11b876556502b0c76ea031796da4cd3c5537ad5346037db4ccc9b3f
446511abc9f9cd7584f5009fbbc2b455562be047a09f2b53d9e0d1960adcac01
Loading

0 comments on commit e95e1bf

Please sign in to comment.