fix: read public key from keyring (#3212)

* chore: move babel to dev, modify webpack config, spring security Signed-off-by: achmelo <[email protected]> * read keys from common httpsconfig Signed-off-by: achmelo <[email protected]> --------- Signed-off-by: achmelo <[email protected]>
zowe · Nov 22, 2023 · a0a6937 · a0a6937
1 parent 7d42791
commit a0a6937
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 30 deletions.
diff --git a/...ay-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java b/...ay-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java
@@ -148,7 +148,7 @@ public void updateConfigParameters() {
     }
 
 
-    HttpsFactory factory() {
+    public HttpsFactory factory() {
         HttpsConfig config = HttpsConfig.builder()
             .protocol(protocol)
             .verifySslCertificatesOfServices(verifySslCertificatesOfServices)

diff --git a/...ice/src/main/java/org/zowe/apiml/cloudgatewayservice/service/CertificateChainService.java b/...ice/src/main/java/org/zowe/apiml/cloudgatewayservice/service/CertificateChainService.java
@@ -10,10 +10,11 @@
 
 package org.zowe.apiml.cloudgatewayservice.service;
 
+import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
+import org.zowe.apiml.cloudgatewayservice.config.ConnectionsConfig;
 import org.zowe.apiml.message.log.ApimlLogger;
 import org.zowe.apiml.message.yaml.YamlMessageServiceInstance;
 import org.zowe.apiml.security.HttpsConfig;
@@ -29,28 +30,14 @@
  * This service provides gateway's certificate chain which is used for the southbound communication
  */
 @Service
+@RequiredArgsConstructor
 @Slf4j
 public class CertificateChainService {
-
-    //TODO Once the separate configuration of keystore for client is implemented (PR https://github.com/zowe/api-layer/pull/3051) then update this SSL configuration.
-    @Value("${server.ssl.keyStore:#{null}}")
-    private String keyStore;
-
-    @Value("${server.ssl.keyStorePassword:#{null}}")
-    private char[] keyStorePassword;
-
-    @Value("${server.ssl.keyPassword:#{null}}")
-    private char[] keyPassword;
-
-    @Value("${server.ssl.keyStoreType:PKCS12}")
-    private String keyStoreType;
-
-    @Value("${server.ssl.keyAlias:#{null}}")
-    private String keyAlias;
-
     private static final ApimlLogger apimlLog = ApimlLogger.of(CertificateChainService.class, YamlMessageServiceInstance.getInstance());
     Certificate[] certificates;
 
+    private final ConnectionsConfig connectionsConfig;
+
     public String getCertificatesInPEMFormat() {
         StringWriter stringWriter = new StringWriter();
         if (certificates != null && certificates.length > 0) {
@@ -69,13 +56,7 @@ public String getCertificatesInPEMFormat() {
 
     @PostConstruct
     void loadCertChain() {
-        HttpsConfig config = HttpsConfig.builder()
-            .keyAlias(keyAlias)
-            .keyStore(keyStore)
-            .keyPassword(keyPassword)
-            .keyStorePassword(keyStorePassword)
-            .keyStoreType(keyStoreType)
-            .build();
+        HttpsConfig config = connectionsConfig.factory().getConfig();
         try {
             certificates = SecurityUtils.loadCertificateChain(config);
         } catch (Exception e) {

diff --git a/...src/test/java/org/zowe/apiml/cloudgatewayservice/service/CertificateChainServiceTest.java b/...src/test/java/org/zowe/apiml/cloudgatewayservice/service/CertificateChainServiceTest.java
@@ -17,6 +17,7 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.MockedStatic;
 import org.springframework.test.util.ReflectionTestUtils;
+import org.zowe.apiml.cloudgatewayservice.config.ConnectionsConfig;
 import org.zowe.apiml.security.HttpsConfigError;
 import org.zowe.apiml.security.SecurityUtils;
 
@@ -31,6 +32,7 @@
 
 class CertificateChainServiceTest {
     private CertificateChainService certificateChainService;
+    ConnectionsConfig connectionsConfig = new ConnectionsConfig(null);
 
     private static final String CERTIFICATE_1 =
         "-----BEGIN CERTIFICATE-----\n" +
@@ -94,7 +96,7 @@ class GivenValidCertificateChain {
         void setup() throws CertificateException {
             certificates[0] = generateCert(CERTIFICATE_1);
             certificates[1] = generateCert(CERTIFICATE_2);
-            certificateChainService = new CertificateChainService();
+            certificateChainService = new CertificateChainService(connectionsConfig);
             ReflectionTestUtils.setField(certificateChainService, "certificates", certificates, Certificate[].class);
         }
 
@@ -114,7 +116,7 @@ void whenGetCertificates_thenPEMIsProduced() {
     class GivenNoCertificatesInChain {
         @BeforeEach
         void setup() {
-            certificateChainService = new CertificateChainService();
+            certificateChainService = new CertificateChainService(connectionsConfig);
             ReflectionTestUtils.setField(certificateChainService, "certificates", new Certificate[0], Certificate[].class);
         }
 
@@ -133,7 +135,7 @@ void setup() throws CertificateException {
             certificates[0] = generateCert(CERTIFICATE_1);
             certificates[1] = mock(Certificate.class);
             when(certificates[1].getEncoded()).thenReturn("INVALID_CERT_CONTENT".getBytes());
-            certificateChainService = new CertificateChainService();
+            certificateChainService = new CertificateChainService(connectionsConfig);
             ReflectionTestUtils.setField(certificateChainService, "certificates", certificates, Certificate[].class);
         }
 
@@ -149,7 +151,7 @@ class GivenExceptionDuringChainLoad {
 
         @BeforeEach
         void setup() {
-            certificateChainService = new CertificateChainService();
+            certificateChainService = new CertificateChainService(connectionsConfig);
         }
 
         @Test