[EDGORDERS-83-ENV]. Refactor for TLS configuration for Spring-based Environment

README.md

@@ -165,34 +165,30 @@ Configuration information is specified in two forms:
 | `request_timeout_ms`      | `30000`             | Request Timeout                                                           |
 | `api_key_sources`         | `PARAM,HEADER,PATH` | Defines the sources (order of precendence) of the API key.                |
 
-### System Properties for TLS configuration for Http server
+### Env variables for TLS configuration for Http server
+
 To configure Transport Layer Security (TLS) for the HTTP server in an edge module, the following configuration parameters should be used.
 Parameters marked as Required are required only in case when ssl_enabled is set to true.
 
-| Property                          | Default           | Description                                                                                 |
-|-----------------------------------|-------------------|---------------------------------------------------------------------------------------------|
-| `http-server.ssl_enabled`         | `false`           | Set whether SSL/TLS is enabled for Vertx Http Server                                        |
-| `http-server.keystore_type`       | `NA`              | (Required). Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` |
-| `http-server.keystore_provider`   | `NA`              | Set the provider name of the key store                                                      |
-| `http-server.keystore_path`       | `NA`              | (Required). Set the location of the keystore file in the local file system                  |
-| `http-server.keystore_password`   | `NA`              | (Required). Set the password for the keystore                                               |
-| `http-server.key_alias`           | `NA`              | Set the alias of the key within the keystore.                                               |
-| `http-server.key_alias_password`  | `NA`              | Optional param that points to a password of `key_alias` if it protected                     |
-
-### System Properties for TLS configuration for Web Client
+| Property                                              | Default           | Description                                                                                 |
+|-------------------------------------------------------|-------------------|---------------------------------------------------------------------------------------------|
+| `SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEYSTORE_TYPE`      | `NA`              | (Required). Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` |
+| `SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEYSTORE_PATH`      | `NA`              | (Required). Set the location of the keystore file in the local file system                  |
+| `SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEYSTORE_PASSWORD`  | `NA`              | (Required). Set the password for the keystore                                               |
+| `SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEY_ALIAS`          | `NA`              | Set the alias of the key within the keystore.                                               |
+
+### Env variables for TLS configuration for Web Client
+
 To configure Transport Layer Security (TLS) for Web clients in the edge module, you can use the following configuration parameters.
 Truststore parameters for configuring Web clients are optional even when ssl_enabled = true.
 If truststore parameters need to be populated, truststore_type, truststore_path and truststore_password are required.
 
-| Property                          | Default           | Description                                                                      |
-|-----------------------------------|-------------------|----------------------------------------------------------------------------------|
-| `web-client.ssl_enabled`          | `false`           | Set whether SSL/TLS is enabled for Vertx Http Server                             |
-| `web-client.truststore_type`      | `NA`              | Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS`  |
-| `web-client.truststore_provider`  | `NA`              | Set the provider name of the key store                                           |
-| `web-client.truststore_path`      | `NA`              | Set the location of the keystore file in the local file system                   |
-| `web-client.truststore_password`  | `NA`              | Set the password for the keystore                                                |
-| `web-client.key_alias`            | `NA`              | Set the alias of the key within the keystore.                                    |
-| `web-client.key_alias_password`   | `NA`              | Optional param that points to a password of `key_alias` if it protected          |
+| Property                                | Default           | Description                                                                      |
+|-----------------------------------------|-------------------|----------------------------------------------------------------------------------|
+| `FOLIO_CLIENT_TLS_ENABLED`              | `false`           | Set whether SSL/TLS is enabled for Vertx Http Server                             |
+| `FOLIO_CLIENT_TLS_TRUSTSTORETYPE`       | `NA`              | Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS`  |
+| `FOLIO_CLIENT_TLS_TRUSTSTOREPATH`       | `NA`              | Set the location of the keystore file in the local file system                   |
+| `FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD`   | `NA`              | Set the password for the keystore                                                |
 
 
 ## Additional information

src/main/java/org/folio/edge/core/Constants.java

@@ -25,22 +25,17 @@ private Constants() {
   public static final String SYS_API_KEY_SOURCES = "api_key_sources";
   public static final String SYS_RESPONSE_COMPRESSION = "response_compression";
 
-  // System properties for SSL/TLS http server configuration
-  public static final String SYS_HTTP_SERVER_SSL_ENABLED = "http-server.ssl_enabled";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_TYPE = "http-server.keystore_type";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_PROVIDER = "http-server.keystore_provider";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_PATH = "http-server.keystore_path";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_PASSWORD = "http-server.keystore_password";
-  public static final String SYS_HTTP_SERVER_KEY_ALIAS = "http-server.key_alias";
-  public static final String SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD = "http-server.key_alias_password";
-  public static final String SYS_WEB_CLIENT_SSL_ENABLED = "web-client.ssl_enabled";
-  // System properties for SSL/TLS web client configuration
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_TYPE = "web-client.truststore_type";
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER = "web-client.truststore_provider";
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_PATH = "web-client.truststore_path";
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD = "web-client.truststore_password";
-  public static final String SYS_WEB_CLIENT_KEY_ALIAS = "web-client.key_alias";
-  public static final String SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD = "web-client.key_alias_password";
+  // Env variables for SSL/TLS http server configuration
+  public static final String SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE = "SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEYSTORE_TYPE";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PATH = "SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEYSTORE_PATH";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD = "SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEYSTORE_PASSWORD";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEY_ALIAS = "SPRING_SSL_BUNDLE_JKS_WEB-SERVER_KEY_ALIAS";
+
+  // Env variables for SSL/TLS web client configuration
+  public static final String FOLIO_CLIENT_TLS_ENABLED = "FOLIO_CLIENT_TLS_ENABLED";
+  public static final String FOLIO_CLIENT_TLS_TRUST_STORE_TYPE = "FOLIO_CLIENT_TLS_TRUSTSTORETYPE";
+  public static final String FOLIO_CLIENT_TLS_TRUST_STORE_PATH = "FOLIO_CLIENT_TLS_TRUSTSTOREPATH";
+  public static final String FOLIO_CLIENT_TLS_TRUST_STORE_PASSWORD = "FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD";
 
   // Property names
   public static final String PROP_SECURE_STORE_TYPE = "secureStore.type";
@@ -100,51 +95,38 @@ private Constants() {
         System.getProperty(SYS_API_KEY_SOURCES, DEFAULT_API_KEY_SOURCES));
     defaultMap.put(SYS_REQUEST_TIMEOUT_MS,
         Long.parseLong(System.getProperty(SYS_REQUEST_TIMEOUT_MS,
-            Long.toString(DEFAULT_REQUEST_TIMEOUT_MS))));
+          Long.toString(DEFAULT_REQUEST_TIMEOUT_MS))));
     defaultMap.put(SYS_TOKEN_CACHE_TTL_MS,
         Long.parseLong(System.getProperty(SYS_TOKEN_CACHE_TTL_MS,
-            Long.toString(DEFAULT_TOKEN_CACHE_TTL_MS))));
+          Long.toString(DEFAULT_TOKEN_CACHE_TTL_MS))));
     defaultMap.put(SYS_NULL_TOKEN_CACHE_TTL_MS,
         Long.parseLong(System.getProperty(SYS_NULL_TOKEN_CACHE_TTL_MS,
-            Long.toString(DEFAULT_NULL_TOKEN_CACHE_TTL_MS))));
+          Long.toString(DEFAULT_NULL_TOKEN_CACHE_TTL_MS))));
     defaultMap.put(SYS_TOKEN_CACHE_CAPACITY,
         Integer.parseInt(System.getProperty(SYS_TOKEN_CACHE_CAPACITY,
-            Integer.toString(DEFAULT_TOKEN_CACHE_CAPACITY))));
+          Integer.toString(DEFAULT_TOKEN_CACHE_CAPACITY))));
     defaultMap.put(SYS_SECURE_STORE_TYPE,
-        System.getProperty(SYS_SECURE_STORE_TYPE, DEFAULT_SECURE_STORE_TYPE));
+          System.getProperty(SYS_SECURE_STORE_TYPE, DEFAULT_SECURE_STORE_TYPE));
     defaultMap.put(SYS_RESPONSE_COMPRESSION,
         Boolean.parseBoolean(System.getProperty(SYS_RESPONSE_COMPRESSION,
-            Boolean.toString(DEFAULT_RESPONSE_COMPRESSION))));
-    defaultMap.put(SYS_HTTP_SERVER_SSL_ENABLED,
-      Boolean.parseBoolean(System.getProperty(SYS_HTTP_SERVER_SSL_ENABLED,
-        Boolean.toString(DEFAULT_SSL_ENABLED))));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_TYPE,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_TYPE));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PROVIDER,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PROVIDER));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PATH,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PATH));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PASSWORD,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PASSWORD));
-    defaultMap.put(SYS_HTTP_SERVER_KEY_ALIAS,
-      System.getProperty(SYS_HTTP_SERVER_KEY_ALIAS));
-    defaultMap.put(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD,
-      System.getProperty(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD));
-    defaultMap.put(SYS_WEB_CLIENT_SSL_ENABLED,
-      Boolean.parseBoolean(System.getProperty(SYS_WEB_CLIENT_SSL_ENABLED,
-        Boolean.toString(DEFAULT_SSL_ENABLED))));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_TYPE,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_TYPE));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PATH,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PATH));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD));
-    defaultMap.put(SYS_WEB_CLIENT_KEY_ALIAS,
-      System.getProperty(SYS_WEB_CLIENT_KEY_ALIAS));
-    defaultMap.put(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD,
-      System.getProperty(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD));
+          Boolean.toString(DEFAULT_RESPONSE_COMPRESSION))));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PATH,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PATH));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEY_ALIAS,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEY_ALIAS));
+    defaultMap.put(FOLIO_CLIENT_TLS_ENABLED,
+        Boolean.parseBoolean(System.getenv().getOrDefault(FOLIO_CLIENT_TLS_ENABLED,
+          Boolean.toString(DEFAULT_SSL_ENABLED))));
+    defaultMap.put(FOLIO_CLIENT_TLS_TRUST_STORE_TYPE,
+        System.getenv().get(FOLIO_CLIENT_TLS_TRUST_STORE_TYPE));
+    defaultMap.put(FOLIO_CLIENT_TLS_TRUST_STORE_PATH,
+        System.getenv().get(FOLIO_CLIENT_TLS_TRUST_STORE_PATH));
+    defaultMap.put(FOLIO_CLIENT_TLS_TRUST_STORE_PASSWORD,
+        System.getenv().get(FOLIO_CLIENT_TLS_TRUST_STORE_PASSWORD));
     defaultMap.put(SYS_SECURE_STORE_PROP_FILE,
         System.getProperty(SYS_SECURE_STORE_PROP_FILE));
     defaultMap.put(SYS_OKAPI_URL,

src/main/java/org/folio/edge/core/utils/OkapiClientFactoryInitializer.java

@@ -2,13 +2,10 @@
 
 import static org.folio.edge.core.Constants.SYS_OKAPI_URL;
 import static org.folio.edge.core.Constants.SYS_REQUEST_TIMEOUT_MS;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_SSL_ENABLED;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PATH;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_TYPE;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_ENABLED;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUST_STORE_PASSWORD;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUST_STORE_PATH;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUST_STORE_TYPE;
 
 import com.amazonaws.util.StringUtils;
 import io.vertx.core.Vertx;
@@ -27,27 +24,21 @@ private OkapiClientFactoryInitializer() {
   public static OkapiClientFactory createInstance(Vertx vertx, JsonObject config) {
     String okapiUrl = config.getString(SYS_OKAPI_URL);
     Integer requestTimeout = config.getInteger(SYS_REQUEST_TIMEOUT_MS);
-    boolean isSslEnabled = config.getBoolean(SYS_WEB_CLIENT_SSL_ENABLED);
+    boolean isSslEnabled = config.getBoolean(FOLIO_CLIENT_TLS_ENABLED);
     if (isSslEnabled) {
       logger.info("Creating OkapiClientFactory with Enhance HTTP Endpoint Security and TLS mode enabled");
-      String truststoreType = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_TYPE);
-      String truststoreProvider = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER);
-      String truststorePath = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PATH);
-      String truststorePassword = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD);
-      String keyAlias = config.getString(SYS_WEB_CLIENT_KEY_ALIAS);
-      String keyAliasPassword = config.getString(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD);
+      String truststoreType = config.getString(FOLIO_CLIENT_TLS_TRUST_STORE_TYPE);
+      String truststorePath = config.getString(FOLIO_CLIENT_TLS_TRUST_STORE_PATH);
+      String truststorePassword = config.getString(FOLIO_CLIENT_TLS_TRUST_STORE_PASSWORD);
       if (!StringUtils.isNullOrEmpty(truststoreType)
         && !StringUtils.isNullOrEmpty(truststorePath)
         && !StringUtils.isNullOrEmpty(truststorePassword)) {
 
         logger.info("Web client truststore options for type: {} are set, configuring Web Client with them", truststoreType);
         TrustOptions trustOptions = new KeyStoreOptions()
           .setType(truststoreType)
-          .setProvider(truststoreProvider)
           .setPath(truststorePath)
-          .setPassword(truststorePassword)
-          .setAlias(keyAlias)
-          .setAliasPassword(keyAliasPassword);
+          .setPassword(truststorePassword);
         return new OkapiClientFactory(vertx, okapiUrl, requestTimeout, trustOptions);
       } else {
         return new OkapiClientFactory(vertx, okapiUrl, requestTimeout, null);

src/main/java/org/folio/edge/core/utils/SslConfigurationUtil.java

@@ -1,12 +1,9 @@
 package org.folio.edge.core.utils;
 
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PASSWORD;
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PATH;
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_PROVIDER;
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEYSTORE_TYPE;
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEY_ALIAS;
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD;
-import static org.folio.edge.core.Constants.SYS_HTTP_SERVER_SSL_ENABLED;
+import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD;
+import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PATH;
+import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE;
+import static org.folio.edge.core.Constants.SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEY_ALIAS;
 
 import com.amazonaws.util.StringUtils;
 import io.vertx.core.json.JsonObject;
@@ -21,35 +18,30 @@ public class SslConfigurationUtil {
   private SslConfigurationUtil() {}
 
   public static void configureSslServerOptionsIfEnabled(JsonObject config, NetServerOptions serverOptions) {
-    final boolean isSslEnabled = config.getBoolean(SYS_HTTP_SERVER_SSL_ENABLED);
+    final boolean isSslEnabled = !StringUtils.isNullOrEmpty(config.getString(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE));
     if (isSslEnabled) {
       logger.info("Enabling Vertx Http Server with TLS/SSL configuration...");
       serverOptions.setSsl(true);
-      String keystoreType = config.getString(SYS_HTTP_SERVER_KEYSTORE_TYPE);
+      String keystoreType = config.getString(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE);
       if (StringUtils.isNullOrEmpty(keystoreType)) {
-        throw new IllegalStateException("'keystore_type' system param must be specified when ssl_enabled = true");
+        throw new IllegalStateException("'SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_TYPE' system param must be specified");
       }
       logger.info("Using {} keystore type for SSL/TLS", keystoreType);
-      String keystoreProvider = config.getString(SYS_HTTP_SERVER_KEYSTORE_PROVIDER);
-      logger.info("Using {} keystore provider for SSL/TLS", keystoreProvider);
-      String keystorePath = config.getString(SYS_HTTP_SERVER_KEYSTORE_PATH);
+      String keystorePath = config.getString(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PATH);
       if (StringUtils.isNullOrEmpty(keystorePath)) {
-        throw new IllegalStateException("'keystore_path' system param must be specified when ssl_enabled = true");
+        throw new IllegalStateException("'SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PATH' system param must be specified");
       }
-      String keystorePassword = config.getString(SYS_HTTP_SERVER_KEYSTORE_PASSWORD);
+      String keystorePassword = config.getString(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD);
       if (StringUtils.isNullOrEmpty(keystorePassword)) {
-        throw new IllegalStateException("'keystore_password' system param must be specified when ssl_enabled = true");
+        throw new IllegalStateException("'SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEYSTORE_PASSWORD' system param must be specified");
       }
-      String keyAlias = config.getString(SYS_HTTP_SERVER_KEY_ALIAS);
-      String keyAliasPassword = config.getString(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD);
+      String keyAlias = config.getString(SPRING_SSL_BUNDLE_JKS_WEB_SERVER_KEY_ALIAS);
 
       serverOptions.setKeyCertOptions(new KeyStoreOptions()
         .setType(keystoreType)
-        .setProvider(keystoreProvider)
         .setPath(keystorePath)
         .setPassword(keystorePassword)
-        .setAlias(keyAlias)
-        .setAliasPassword(keyAliasPassword));
+        .setAlias(keyAlias));
     }
   }
 }