diff --git a/README.md b/README.md index f073d01..fc519f4 100644 --- a/README.md +++ b/README.md @@ -165,34 +165,31 @@ Configuration information is specified in two forms: | `request_timeout_ms` | `30000` | Request Timeout | | `api_key_sources` | `PARAM,HEADER,PATH` | Defines the sources (order of precendence) of the API key. | -### System Properties for TLS configuration for Http server +### Env variables for TLS configuration for Http server + To configure Transport Layer Security (TLS) for the HTTP server in an edge module, the following configuration parameters should be used. -Parameters marked as Required are required only in case when ssl_enabled is set to true. - -| Property | Default | Description | -|-----------------------------------|-------------------|---------------------------------------------------------------------------------------------| -| `http-server.ssl_enabled` | `false` | Set whether SSL/TLS is enabled for Vertx Http Server | -| `http-server.keystore_type` | `NA` | (Required). Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` | -| `http-server.keystore_provider` | `NA` | Set the provider name of the key store | -| `http-server.keystore_path` | `NA` | (Required). Set the location of the keystore file in the local file system | -| `http-server.keystore_password` | `NA` | (Required). Set the password for the keystore | -| `http-server.key_alias` | `NA` | Set the alias of the key within the keystore. | -| `http-server.key_alias_password` | `NA` | Optional param that points to a password of `key_alias` if it protected | - -### System Properties for TLS configuration for Web Client +Parameters marked as Required are required only in case when TLS for the server should be enabled. + +| Property | Default | Description | +|-----------------------------------------------------|------------------|---------------------------------------------------------------------------------------------| +| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE` | `NA` | (Required). Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` | +| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION` | `NA` | (Required). Set the location of the keystore file in the local file system | +| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD` | `NA` | (Required). Set the password for the keystore | +| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS` | `NA` | Set the alias of the key within the keystore. | +| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD` | `NA` | Optional param that points to a password of `KEY_ALIAS` if it protected | + +### Env variables for TLS configuration for Web Client + To configure Transport Layer Security (TLS) for Web clients in the edge module, you can use the following configuration parameters. -Truststore parameters for configuring Web clients are optional even when ssl_enabled = true. -If truststore parameters need to be populated, truststore_type, truststore_path and truststore_password are required. - -| Property | Default | Description | -|-----------------------------------|-------------------|----------------------------------------------------------------------------------| -| `web-client.ssl_enabled` | `false` | Set whether SSL/TLS is enabled for Vertx Http Server | -| `web-client.truststore_type` | `NA` | Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` | -| `web-client.truststore_provider` | `NA` | Set the provider name of the key store | -| `web-client.truststore_path` | `NA` | Set the location of the keystore file in the local file system | -| `web-client.truststore_password` | `NA` | Set the password for the keystore | -| `web-client.key_alias` | `NA` | Set the alias of the key within the keystore. | -| `web-client.key_alias_password` | `NA` | Optional param that points to a password of `key_alias` if it protected | +Truststore parameters for configuring Web clients are optional even when `FOLIO_CLIENT_TLS_ENABLED = true`. +If truststore parameters need to be populated, `FOLIO_CLIENT_TLS_TRUSTSTORETYPE`, `FOLIO_CLIENT_TLS_TRUSTSTOREPATH` and `FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD` are required. + +| Property | Default | Description | +|-----------------------------------------|-------------------|----------------------------------------------------------------------------------| +| `FOLIO_CLIENT_TLS_ENABLED` | `false` | Set whether SSL/TLS is enabled for Vertx Http Server | +| `FOLIO_CLIENT_TLS_TRUSTSTORETYPE` | `NA` | Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` | +| `FOLIO_CLIENT_TLS_TRUSTSTOREPATH` | `NA` | Set the location of the keystore file in the local file system | +| `FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD` | `NA` | Set the password for the keystore | ## Additional information diff --git a/src/main/java/org/folio/edge/core/Constants.java b/src/main/java/org/folio/edge/core/Constants.java index cf03dab..6992e36 100644 --- a/src/main/java/org/folio/edge/core/Constants.java +++ b/src/main/java/org/folio/edge/core/Constants.java @@ -25,22 +25,18 @@ private Constants() { public static final String SYS_API_KEY_SOURCES = "api_key_sources"; public static final String SYS_RESPONSE_COMPRESSION = "response_compression"; - // System properties for SSL/TLS http server configuration - public static final String SYS_HTTP_SERVER_SSL_ENABLED = "http-server.ssl_enabled"; - public static final String SYS_HTTP_SERVER_KEYSTORE_TYPE = "http-server.keystore_type"; - public static final String SYS_HTTP_SERVER_KEYSTORE_PROVIDER = "http-server.keystore_provider"; - public static final String SYS_HTTP_SERVER_KEYSTORE_PATH = "http-server.keystore_path"; - public static final String SYS_HTTP_SERVER_KEYSTORE_PASSWORD = "http-server.keystore_password"; - public static final String SYS_HTTP_SERVER_KEY_ALIAS = "http-server.key_alias"; - public static final String SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD = "http-server.key_alias_password"; - public static final String SYS_WEB_CLIENT_SSL_ENABLED = "web-client.ssl_enabled"; - // System properties for SSL/TLS web client configuration - public static final String SYS_WEB_CLIENT_TRUSTSTORE_TYPE = "web-client.truststore_type"; - public static final String SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER = "web-client.truststore_provider"; - public static final String SYS_WEB_CLIENT_TRUSTSTORE_PATH = "web-client.truststore_path"; - public static final String SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD = "web-client.truststore_password"; - public static final String SYS_WEB_CLIENT_KEY_ALIAS = "web-client.key_alias"; - public static final String SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD = "web-client.key_alias_password"; + // Env variables for SSL/TLS http server configuration + public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE"; + public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION"; + public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD"; + public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS"; + public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD"; + + // Env variables for SSL/TLS web client configuration + public static final String FOLIO_CLIENT_TLS_ENABLED = "FOLIO_CLIENT_TLS_ENABLED"; + public static final String FOLIO_CLIENT_TLS_TRUSTSTORETYPE = "FOLIO_CLIENT_TLS_TRUSTSTORETYPE"; + public static final String FOLIO_CLIENT_TLS_TRUSTSTOREPATH = "FOLIO_CLIENT_TLS_TRUSTSTOREPATH"; + public static final String FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD = "FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD"; // Property names public static final String PROP_SECURE_STORE_TYPE = "secureStore.type"; @@ -100,51 +96,40 @@ private Constants() { System.getProperty(SYS_API_KEY_SOURCES, DEFAULT_API_KEY_SOURCES)); defaultMap.put(SYS_REQUEST_TIMEOUT_MS, Long.parseLong(System.getProperty(SYS_REQUEST_TIMEOUT_MS, - Long.toString(DEFAULT_REQUEST_TIMEOUT_MS)))); + Long.toString(DEFAULT_REQUEST_TIMEOUT_MS)))); defaultMap.put(SYS_TOKEN_CACHE_TTL_MS, Long.parseLong(System.getProperty(SYS_TOKEN_CACHE_TTL_MS, - Long.toString(DEFAULT_TOKEN_CACHE_TTL_MS)))); + Long.toString(DEFAULT_TOKEN_CACHE_TTL_MS)))); defaultMap.put(SYS_NULL_TOKEN_CACHE_TTL_MS, Long.parseLong(System.getProperty(SYS_NULL_TOKEN_CACHE_TTL_MS, - Long.toString(DEFAULT_NULL_TOKEN_CACHE_TTL_MS)))); + Long.toString(DEFAULT_NULL_TOKEN_CACHE_TTL_MS)))); defaultMap.put(SYS_TOKEN_CACHE_CAPACITY, Integer.parseInt(System.getProperty(SYS_TOKEN_CACHE_CAPACITY, - Integer.toString(DEFAULT_TOKEN_CACHE_CAPACITY)))); + Integer.toString(DEFAULT_TOKEN_CACHE_CAPACITY)))); defaultMap.put(SYS_SECURE_STORE_TYPE, - System.getProperty(SYS_SECURE_STORE_TYPE, DEFAULT_SECURE_STORE_TYPE)); + System.getProperty(SYS_SECURE_STORE_TYPE, DEFAULT_SECURE_STORE_TYPE)); defaultMap.put(SYS_RESPONSE_COMPRESSION, Boolean.parseBoolean(System.getProperty(SYS_RESPONSE_COMPRESSION, - Boolean.toString(DEFAULT_RESPONSE_COMPRESSION)))); - defaultMap.put(SYS_HTTP_SERVER_SSL_ENABLED, - Boolean.parseBoolean(System.getProperty(SYS_HTTP_SERVER_SSL_ENABLED, - Boolean.toString(DEFAULT_SSL_ENABLED)))); - defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_TYPE, - System.getProperty(SYS_HTTP_SERVER_KEYSTORE_TYPE)); - defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PROVIDER, - System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PROVIDER)); - defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PATH, - System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PATH)); - defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PASSWORD, - System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PASSWORD)); - defaultMap.put(SYS_HTTP_SERVER_KEY_ALIAS, - System.getProperty(SYS_HTTP_SERVER_KEY_ALIAS)); - defaultMap.put(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD, - System.getProperty(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD)); - defaultMap.put(SYS_WEB_CLIENT_SSL_ENABLED, - Boolean.parseBoolean(System.getProperty(SYS_WEB_CLIENT_SSL_ENABLED, - Boolean.toString(DEFAULT_SSL_ENABLED)))); - defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_TYPE, - System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_TYPE)); - defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER, - System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER)); - defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PATH, - System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PATH)); - defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD, - System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD)); - defaultMap.put(SYS_WEB_CLIENT_KEY_ALIAS, - System.getProperty(SYS_WEB_CLIENT_KEY_ALIAS)); - defaultMap.put(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD, - System.getProperty(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD)); + Boolean.toString(DEFAULT_RESPONSE_COMPRESSION)))); + defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, + System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE)); + defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION, + System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION)); + defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD, + System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD)); + defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS, + System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS)); + defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD, + System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD)); + defaultMap.put(FOLIO_CLIENT_TLS_ENABLED, + Boolean.parseBoolean(System.getenv().getOrDefault(FOLIO_CLIENT_TLS_ENABLED, + Boolean.toString(DEFAULT_SSL_ENABLED)))); + defaultMap.put(FOLIO_CLIENT_TLS_TRUSTSTORETYPE, + System.getenv().get(FOLIO_CLIENT_TLS_TRUSTSTORETYPE)); + defaultMap.put(FOLIO_CLIENT_TLS_TRUSTSTOREPATH, + System.getenv().get(FOLIO_CLIENT_TLS_TRUSTSTOREPATH)); + defaultMap.put(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD, + System.getenv().get(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD)); defaultMap.put(SYS_SECURE_STORE_PROP_FILE, System.getProperty(SYS_SECURE_STORE_PROP_FILE)); defaultMap.put(SYS_OKAPI_URL, diff --git a/src/main/java/org/folio/edge/core/utils/OkapiClientFactoryInitializer.java b/src/main/java/org/folio/edge/core/utils/OkapiClientFactoryInitializer.java index d84bb8f..b27aee2 100644 --- a/src/main/java/org/folio/edge/core/utils/OkapiClientFactoryInitializer.java +++ b/src/main/java/org/folio/edge/core/utils/OkapiClientFactoryInitializer.java @@ -2,13 +2,10 @@ import static org.folio.edge.core.Constants.SYS_OKAPI_URL; import static org.folio.edge.core.Constants.SYS_REQUEST_TIMEOUT_MS; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_SSL_ENABLED; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PATH; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_TYPE; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_ENABLED; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPATH; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTORETYPE; import com.amazonaws.util.StringUtils; import io.vertx.core.Vertx; @@ -27,15 +24,12 @@ private OkapiClientFactoryInitializer() { public static OkapiClientFactory createInstance(Vertx vertx, JsonObject config) { String okapiUrl = config.getString(SYS_OKAPI_URL); Integer requestTimeout = config.getInteger(SYS_REQUEST_TIMEOUT_MS); - boolean isSslEnabled = config.getBoolean(SYS_WEB_CLIENT_SSL_ENABLED); + boolean isSslEnabled = config.getBoolean(FOLIO_CLIENT_TLS_ENABLED); if (isSslEnabled) { logger.info("Creating OkapiClientFactory with Enhance HTTP Endpoint Security and TLS mode enabled"); - String truststoreType = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_TYPE); - String truststoreProvider = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER); - String truststorePath = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PATH); - String truststorePassword = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD); - String keyAlias = config.getString(SYS_WEB_CLIENT_KEY_ALIAS); - String keyAliasPassword = config.getString(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD); + String truststoreType = config.getString(FOLIO_CLIENT_TLS_TRUSTSTORETYPE); + String truststorePath = config.getString(FOLIO_CLIENT_TLS_TRUSTSTOREPATH); + String truststorePassword = config.getString(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD); if (!StringUtils.isNullOrEmpty(truststoreType) && !StringUtils.isNullOrEmpty(truststorePath) && !StringUtils.isNullOrEmpty(truststorePassword)) { @@ -43,11 +37,8 @@ public static OkapiClientFactory createInstance(Vertx vertx, JsonObject config) logger.info("Web client truststore options for type: {} are set, configuring Web Client with them", truststoreType); TrustOptions trustOptions = new KeyStoreOptions() .setType(truststoreType) - .setProvider(truststoreProvider) .setPath(truststorePath) - .setPassword(truststorePassword) - .setAlias(keyAlias) - .setAliasPassword(keyAliasPassword); + .setPassword(truststorePassword); return new OkapiClientFactory(vertx, okapiUrl, requestTimeout, trustOptions); } else { return new OkapiClientFactory(vertx, okapiUrl, requestTimeout, null); diff --git a/src/main/java/org/folio/edge/core/utils/SslConfigurationUtil.java b/src/main/java/org/folio/edge/core/utils/SslConfigurationUtil.java index b166d3b..56f62c7 100644 --- a/src/main/java/org/folio/edge/core/utils/SslConfigurationUtil.java +++ b/src/main/java/org/folio/edge/core/utils/SslConfigurationUtil.java @@ -1,12 +1,10 @@ package org.folio.edge.core.utils; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PASSWORD; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PATH; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PROVIDER; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_TYPE; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEY_ALIAS; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_SSL_ENABLED; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD; import com.amazonaws.util.StringUtils; import io.vertx.core.json.JsonObject; @@ -21,32 +19,26 @@ public class SslConfigurationUtil { private SslConfigurationUtil() {} public static void configureSslServerOptionsIfEnabled(JsonObject config, NetServerOptions serverOptions) { - final boolean isSslEnabled = config.getBoolean(SYS_HTTP_SERVER_SSL_ENABLED); + final String keystoreType = config.getString(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE); + final boolean isSslEnabled = !StringUtils.isNullOrEmpty(keystoreType); if (isSslEnabled) { logger.info("Enabling Vertx Http Server with TLS/SSL configuration..."); serverOptions.setSsl(true); - String keystoreType = config.getString(SYS_HTTP_SERVER_KEYSTORE_TYPE); - if (StringUtils.isNullOrEmpty(keystoreType)) { - throw new IllegalStateException("'keystore_type' system param must be specified when ssl_enabled = true"); - } logger.info("Using {} keystore type for SSL/TLS", keystoreType); - String keystoreProvider = config.getString(SYS_HTTP_SERVER_KEYSTORE_PROVIDER); - logger.info("Using {} keystore provider for SSL/TLS", keystoreProvider); - String keystorePath = config.getString(SYS_HTTP_SERVER_KEYSTORE_PATH); - if (StringUtils.isNullOrEmpty(keystorePath)) { - throw new IllegalStateException("'keystore_path' system param must be specified when ssl_enabled = true"); + String keystoreLocation = config.getString(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION); + if (StringUtils.isNullOrEmpty(keystoreLocation)) { + throw new IllegalStateException("'SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_LOCATION' system param must be specified"); } - String keystorePassword = config.getString(SYS_HTTP_SERVER_KEYSTORE_PASSWORD); + String keystorePassword = config.getString(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD); if (StringUtils.isNullOrEmpty(keystorePassword)) { - throw new IllegalStateException("'keystore_password' system param must be specified when ssl_enabled = true"); + throw new IllegalStateException("'SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD' system param must be specified"); } - String keyAlias = config.getString(SYS_HTTP_SERVER_KEY_ALIAS); - String keyAliasPassword = config.getString(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD); + String keyAlias = config.getString(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS); + String keyAliasPassword = config.getString(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD); serverOptions.setKeyCertOptions(new KeyStoreOptions() .setType(keystoreType) - .setProvider(keystoreProvider) - .setPath(keystorePath) + .setPath(keystoreLocation) .setPassword(keystorePassword) .setAlias(keyAlias) .setAliasPassword(keyAliasPassword)); diff --git a/src/test/java/org/folio/edge/core/EdgeVerticleSslTest.java b/src/test/java/org/folio/edge/core/EdgeVerticleSslTest.java index 1d09837..923ed90 100644 --- a/src/test/java/org/folio/edge/core/EdgeVerticleSslTest.java +++ b/src/test/java/org/folio/edge/core/EdgeVerticleSslTest.java @@ -1,14 +1,13 @@ package org.folio.edge.core; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PASSWORD; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PATH; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_TYPE; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION; +import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE; import static org.folio.edge.core.Constants.SYS_LOG_LEVEL; import static org.folio.edge.core.Constants.SYS_OKAPI_URL; import static org.folio.edge.core.Constants.SYS_PORT; import static org.folio.edge.core.Constants.SYS_REQUEST_TIMEOUT_MS; import static org.folio.edge.core.Constants.SYS_SECURE_STORE_PROP_FILE; -import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_SSL_ENABLED; import static org.mockito.Mockito.spy; import io.vertx.core.DeploymentOptions; @@ -45,22 +44,7 @@ public void tearDownOnce() { @Test public void setupSslConfigWithoutType(TestContext context) throws Exception { JsonObject config = getCommonConfig() - .put(SYS_HTTP_SERVER_SSL_ENABLED, true); - - thrown.expect(IllegalStateException.class); - thrown.expectMessage("'keystore_type' system param must be specified when ssl_enabled = true"); - - deployVerticle(context, config); - } - - @Test - public void setupSslConfigWithoutPath(TestContext context) throws Exception { - JsonObject config = getCommonConfig() - .put(SYS_HTTP_SERVER_SSL_ENABLED, true) - .put(SYS_HTTP_SERVER_KEYSTORE_TYPE, "JKS"); - - thrown.expect(IllegalStateException.class); - thrown.expectMessage("'keystore_path' system param must be specified when ssl_enabled = true"); + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, null); deployVerticle(context, config); } @@ -68,12 +52,11 @@ public void setupSslConfigWithoutPath(TestContext context) throws Exception { @Test public void setupSslConfigWithoutPassword(TestContext context) throws Exception { JsonObject config = getCommonConfig() - .put(SYS_HTTP_SERVER_SSL_ENABLED, true) - .put(SYS_HTTP_SERVER_KEYSTORE_TYPE, "JKS") - .put(SYS_HTTP_SERVER_KEYSTORE_PATH, "sample_keystore.jks"); + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, "JKS") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION, "sample_keystore.jks"); thrown.expect(IllegalStateException.class); - thrown.expectMessage("'keystore_password' system param must be specified when ssl_enabled = true"); + thrown.expectMessage("'SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD' system param must be specified"); deployVerticle(context, config); } @@ -81,10 +64,9 @@ public void setupSslConfigWithoutPassword(TestContext context) throws Exception @Test public void setupSslConfigWitInvalidPath(TestContext context) throws Exception { JsonObject config = getCommonConfig() - .put(SYS_HTTP_SERVER_SSL_ENABLED, true) - .put(SYS_HTTP_SERVER_KEYSTORE_TYPE, "JKS") - .put(SYS_HTTP_SERVER_KEYSTORE_PATH, "some_keystore_path") - .put(SYS_HTTP_SERVER_KEYSTORE_PASSWORD, "password"); + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, "JKS") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION, "some_keystore_path") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD, "password"); thrown.expect(FileSystemException.class); thrown.expectMessage("Unable to read file at path 'some_keystore_path'"); @@ -95,10 +77,9 @@ public void setupSslConfigWitInvalidPath(TestContext context) throws Exception { @Test public void setupSslConfigWithNotValidPassword(TestContext context) throws Exception { JsonObject config = getCommonConfig() - .put(SYS_HTTP_SERVER_SSL_ENABLED, true) - .put(SYS_HTTP_SERVER_KEYSTORE_TYPE, "JKS") - .put(SYS_HTTP_SERVER_KEYSTORE_PATH, "sample_keystore.jks") - .put(SYS_HTTP_SERVER_KEYSTORE_PASSWORD, "not_valid_password"); + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, "JKS") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION, "sample_keystore.jks") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD, "not_valid_password"); thrown.expect(IOException.class); thrown.expectMessage("keystore password was incorrect"); @@ -109,10 +90,9 @@ public void setupSslConfigWithNotValidPassword(TestContext context) throws Excep @Test public void setupCorrectSslConfig(TestContext context) throws Exception { JsonObject config = getCommonConfig() - .put(SYS_HTTP_SERVER_SSL_ENABLED, true) - .put(SYS_HTTP_SERVER_KEYSTORE_TYPE, "JKS") - .put(SYS_HTTP_SERVER_KEYSTORE_PATH, "sample_keystore.jks") - .put(SYS_HTTP_SERVER_KEYSTORE_PASSWORD, "password"); + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, "JKS") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION, "sample_keystore.jks") + .put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD, "password"); deployVerticle(context, config); } diff --git a/src/test/java/org/folio/edge/core/EdgeVerticleTlsIntegrationTest.java b/src/test/java/org/folio/edge/core/EdgeVerticleTlsIntegrationTest.java index c6cc471..28b0c5e 100644 --- a/src/test/java/org/folio/edge/core/EdgeVerticleTlsIntegrationTest.java +++ b/src/test/java/org/folio/edge/core/EdgeVerticleTlsIntegrationTest.java @@ -129,19 +129,18 @@ private JsonObject getCommonConfig(boolean enableWebClientSsl) { .put(Constants.SYS_SECURE_STORE_PROP_FILE, "src/main/resources/ephemeral.properties") .put(Constants.SYS_LOG_LEVEL, "TRACE") .put(Constants.SYS_REQUEST_TIMEOUT_MS, 5000) - .put(Constants.SYS_HTTP_SERVER_SSL_ENABLED, true) - .put(Constants.SYS_HTTP_SERVER_KEYSTORE_TYPE, KEYSTORE_TYPE) - .put(Constants.SYS_HTTP_SERVER_KEYSTORE_PATH, KEYSTORE_PATH) - .put(Constants.SYS_HTTP_SERVER_KEYSTORE_PASSWORD, KEYSTORE_PASSWORD); + .put(Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE, KEYSTORE_TYPE) + .put(Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION, KEYSTORE_PATH) + .put(Constants.SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD, KEYSTORE_PASSWORD); if (enableWebClientSsl) { return config - .put(Constants.SYS_WEB_CLIENT_SSL_ENABLED, true) - .put(Constants.SYS_WEB_CLIENT_TRUSTSTORE_TYPE, KEYSTORE_TYPE) - .put(Constants.SYS_WEB_CLIENT_TRUSTSTORE_PATH, TRUST_STORE_PATH) - .put(Constants.SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD, KEYSTORE_PASSWORD); + .put(Constants.FOLIO_CLIENT_TLS_ENABLED, true) + .put(Constants.FOLIO_CLIENT_TLS_TRUSTSTORETYPE, KEYSTORE_TYPE) + .put(Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPATH, TRUST_STORE_PATH) + .put(Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD, KEYSTORE_PASSWORD); } else { return config - .put(Constants.SYS_WEB_CLIENT_SSL_ENABLED, false); + .put(Constants.FOLIO_CLIENT_TLS_ENABLED, false); } } } diff --git a/src/test/java/org/folio/edge/core/OkapiClientInitializerTest.java b/src/test/java/org/folio/edge/core/OkapiClientInitializerTest.java index 346f2c4..ccf4be1 100644 --- a/src/test/java/org/folio/edge/core/OkapiClientInitializerTest.java +++ b/src/test/java/org/folio/edge/core/OkapiClientInitializerTest.java @@ -2,13 +2,10 @@ import static org.folio.edge.core.Constants.SYS_OKAPI_URL; import static org.folio.edge.core.Constants.SYS_REQUEST_TIMEOUT_MS; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_SSL_ENABLED; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PATH; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER; -import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_TYPE; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_ENABLED; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPATH; +import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTORETYPE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -26,11 +23,8 @@ public class OkapiClientInitializerTest { private static final String OKAPI_URL = "http://mocked.okapi:9130"; private static final Integer REQ_TIMEOUT_MS = 5000; private static final String TRUSTSTORE_TYPE = "some_keystore_type"; - private static final String TRUSTSTORE_PROVIDER = "some_keystore_provider"; private static final String TRUSTSTORE_PATH = "some_keystore_path"; private static final String TRUSTSTORE_PASSWORD = "some_keystore_password"; - private static final String KEY_ALIAS = "some_key_alias"; - private static final String KEY_ALIAS_PASSWORD = "some_key_alias_password"; @Test public void testGetOkapiClientFactory() throws IllegalAccessException { @@ -38,7 +32,7 @@ public void testGetOkapiClientFactory() throws IllegalAccessException { JsonObject config = new JsonObject() .put(SYS_OKAPI_URL, OKAPI_URL) .put(SYS_REQUEST_TIMEOUT_MS, REQ_TIMEOUT_MS) - .put(SYS_WEB_CLIENT_SSL_ENABLED, false); + .put(FOLIO_CLIENT_TLS_ENABLED, false); OkapiClientFactory ocf = OkapiClientFactoryInitializer.createInstance(vertx, config); String okapiUrl = (String) FieldUtils.readDeclaredField(ocf, "okapiURL"); @@ -58,13 +52,10 @@ public void testGetSecuredOkapiClientFactory() throws IllegalAccessException { JsonObject config = new JsonObject() .put(SYS_OKAPI_URL, OKAPI_URL) .put(SYS_REQUEST_TIMEOUT_MS, REQ_TIMEOUT_MS) - .put(SYS_WEB_CLIENT_SSL_ENABLED, true) - .put(SYS_WEB_CLIENT_TRUSTSTORE_TYPE, TRUSTSTORE_TYPE) - .put(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER, TRUSTSTORE_PROVIDER) - .put(SYS_WEB_CLIENT_TRUSTSTORE_PATH, TRUSTSTORE_PATH) - .put(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD, TRUSTSTORE_PASSWORD) - .put(SYS_WEB_CLIENT_KEY_ALIAS, KEY_ALIAS) - .put(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD, KEY_ALIAS_PASSWORD); + .put(FOLIO_CLIENT_TLS_ENABLED, true) + .put(FOLIO_CLIENT_TLS_TRUSTSTORETYPE, TRUSTSTORE_TYPE) + .put(FOLIO_CLIENT_TLS_TRUSTSTOREPATH, TRUSTSTORE_PATH) + .put(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD, TRUSTSTORE_PASSWORD); OkapiClientFactory ocf = OkapiClientFactoryInitializer.createInstance(vertx, config); String okapiUrl = (String) FieldUtils.readDeclaredField(ocf, "okapiURL"); @@ -74,11 +65,8 @@ public void testGetSecuredOkapiClientFactory() throws IllegalAccessException { assertEquals(OKAPI_URL, okapiUrl); assertEquals(REQ_TIMEOUT_MS, reqTimeoutMs); assertEquals(TRUSTSTORE_TYPE, keyStoreOptions.getType()); - assertEquals(TRUSTSTORE_PROVIDER, keyStoreOptions.getProvider()); assertEquals(TRUSTSTORE_PATH, keyStoreOptions.getPath()); assertEquals(TRUSTSTORE_PASSWORD, keyStoreOptions.getPassword()); - assertEquals(KEY_ALIAS, keyStoreOptions.getAlias()); - assertEquals(KEY_ALIAS_PASSWORD, keyStoreOptions.getAliasPassword()); OkapiClient client = ocf.getOkapiClient("tenant"); assertNotNull(client); }