Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove certs & application.properties from main jar #7693

Merged
merged 5 commits into from
May 26, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified EgeriaClient.p12
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1,31 +1,49 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright Contributors to the ODPi Egeria project.

# ========================================================================================================
# The application.properties file is used to configure the OMAG Server Platform which is implemented as
# a spring boot application.

###############################################
### Default port for the OMAG Server Platform
################################################
server.port=9443
server.ssl.key-store=classpath:keystore.p12

################################################
### SSL security.
# The keystore determines the information sent out by the server to identify itself.
# The truststore is where the certificates of trusted servers the platform is calling are located.
# (Note SSL certificate checking is performed on client-side only.)
################################################
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=egeria
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=egeriaserverchassis

server.ssl.trust-store=truststore.p12
server.ssl.trust-store-password=egeria

# WARNING! setting 'false' allows java clients to open https connections without checking certificates validity
# WARNING! setting 'strict.ssl=false' allows java clients to open https connections without checking the validity of
# certificates from the servers it is calling.
# Alternate you can import self signed certificates into java truststore or setup an truststore only for this app
# by adding the store into server.ssl.trust-store parameter
strict.ssl=true
# Comma separated values of http headers to be added to ThreadLocal
header.name.list=

################################################
### startup servers configuration
### Which java packages should be scanned to locate the Spring resource definitions that define the REST APIs?
################################################
scan.packages=org.odpi.openmetadata.*
#userId used to startup the list of configured servers default is 'system'

################################################
### startup servers configuration
################################################
#userId used to start up the list of configured servers default is 'system'
startup.user=system
# Comma separated names of servers to be started
# Comma separated names of servers to be started. The server names should be unquoted.
startup.server.list=
# Comma separated values of http headers to be added to ThreadLocal
header.name.list=

################################################
### Logging
Expand Down
Binary file removed keystore.12
Binary file not shown.
Binary file added keystore.p12
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -104,10 +104,6 @@ dependencies {
implementation project(':open-metadata-resources:open-metadata-samples:governance-services-sample')

}
// Path to the SSL key for OMAG server to function as a client to itself
String keyDirPath = project(':open-metadata-implementation:server-chassis:server-chassis-spring').projectDir.getAbsolutePath() + '/src/main/resources'
File keyDir = file(keyDirPath)
//println keyDirPath

distributions {
egeriaomag {
Expand Down Expand Up @@ -183,13 +179,11 @@ distributions {
include 'NOTICE'
include 'LICENSE'
include 'truststore.p12'
include 'keystore.p12'
include 'application.properties'
include 'content-packs/*'
include 'sample-data/*/*'
}
// copy key to root of targz file
from (keyDir) {
include 'keystore.p12'
}
fileMode = 0755
}
}
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
Expand All @@ -25,8 +26,16 @@ public class HttpRequestHeadersFilter implements Filter {
/**
* @param headerNames list of http header names
*/
public HttpRequestHeadersFilter(List<String> headerNames) {
this.headerNames = headerNames;
public HttpRequestHeadersFilter(List<String> headerNames)
{
if (headerNames == null)
{
this.headerNames = new ArrayList<>();
}
else
{
this.headerNames = headerNames;
}
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,13 @@
import java.util.*;


/**
* OMAGServerPlatform provides the main program for the OMAG Server Platform.
*/
@SpringBootApplication(
scanBasePackages = {"${scan.packages}"}
scanBasePackages = {"${scan.packages:org.odpi.openmetadata.*}"}
)

@OpenAPIDefinition(
info = @Info(
title = "Egeria's Open Metadata and Governance (OMAG) Server Platform",
Expand Down Expand Up @@ -65,19 +69,18 @@
externalDocs = @ExternalDocumentation(description = "OMAG Server Platform documentation",
url="https://egeria-project.org/concepts/omag-server-platform/")
)

public class OMAGServerPlatform
{
@Value("${strict.ssl}")
@Value("${strict.ssl:true}") // Default value is true
Boolean strictSSL;

@Value("${startup.user}")
@Value("${startup.user:system}") // Default value is "system"
String sysUser;

@Value("${startup.server.list}")
@Value("${startup.server.list:}") // Default value is zero length string
String startupServers;

@Value("${header.name.list}")
@Value("${header.name.list:}") // Default value is zero length string
List<String> headerNames;

@Autowired
Expand All @@ -88,27 +91,56 @@ public class OMAGServerPlatform

private boolean triggeredRuntimeHalt = false;
private String startupMessage = "";
private OMAGServerOperationalServices operationalServices = new OMAGServerOperationalServices();
private final OMAGServerOperationalServices operationalServices = new OMAGServerOperationalServices();

private static final Logger log = LoggerFactory.getLogger(OMAGServerPlatform.class);

public static void main(String[] args) {

/**
* Java main
* @param args program arguments used to override environment variables
*/
public static void main(String[] args)
{
SpringApplication.run(OMAGServerPlatform.class, args);
}


/**
* Make adjustments to the local environment.
*
* @return bean
*/
@Bean
public InitializingBean getInitialize()
{
return () -> {
return () ->
{
log.info("Working directory is: " + System.getProperty("user.dir"));

if (!strictSSL)
{
log.warn("strict.ssl is set to false! Invalid certificates will be accepted for connection!");
log.warn("Option strict.ssl is set to false! Invalid certificates will be accepted for connection!");
HttpHelper.noStrictSSL();
} else if( System.getProperty("javax.net.ssl.trustStore")==null ) {
//load the 'javax.net.ssl.trustStore' and
//'javax.net.ssl.trustStorePassword' from application.properties
System.setProperty("javax.net.ssl.trustStore", env.getProperty("server.ssl.trust-store"));
System.setProperty("javax.net.ssl.trustStorePassword", env.getProperty("server.ssl.trust-store-password"));
}

if (System.getProperty("javax.net.ssl.trustStore") == null)
{
log.warn("Java trust store 'javax.net.ssl.trustStore' is null - this is needed by Tomcat - using 'server.ssl.trust-store'");

/*
* load the 'javax.net.ssl.trustStore' and 'javax.net.ssl.trustStorePassword' from application.properties.
* Note, these variables should only used for mutual SSL. This function is provided for backward compatibility.
* Also note that there is an NPE if the java variables are set to null.
*/
if (env.getProperty("server.ssl.trust-store") != null)
{
System.setProperty("javax.net.ssl.trustStore", env.getProperty("server.ssl.trust-store"));
}
if (env.getProperty("server.ssl.trust-store-password") != null)
{
System.setProperty("javax.net.ssl.trustStorePassword", env.getProperty("server.ssl.trust-store-password"));
}
}
};
}
Expand Down Expand Up @@ -167,7 +199,7 @@ private void autoStartConfig()


/**
* Deactivate all servers that were started automatically
* Deactivate all servers that were started automatically
*/
private void temporaryDeactivateServers()
{
Expand All @@ -183,45 +215,64 @@ private void temporaryDeactivateServers()
}
}


/**
* ApplicationContextListener detects various events during the lifetime of the OMAGServerPlatform run.
*/
@Component
public class ApplicationContextListener
{

/**
* Print out message to say that the platform is ready.
*/
@EventListener(ApplicationReadyEvent.class)
public void applicationReady() {
public void applicationReady()
{
autoStartConfig();
System.out.println(OMAGServerPlatform.this.startupMessage);

if(triggeredRuntimeHalt){
if (triggeredRuntimeHalt)
{
Runtime.getRuntime().halt(43);
}
System.out.println(new Date() + " OMAG server platform ready for more configuration");
}


/**
* Detect platform shutdown.
*
* @param event unused event information
*/
@EventListener
public void onApplicationEvent(ContextClosedEvent event)
{
temporaryDeactivateServers();
}
}

/**
* Detect failures
*/
@Component
public class CustomSpringEventListener implements ApplicationListener<StartupFailEvent>
{
@Override
public void onApplicationEvent(StartupFailEvent event) {
public void onApplicationEvent(StartupFailEvent event)
{
log.info("Received startup fail event with message: {} " + event.getMessage());
temporaryDeactivateServers();
}

}

/**
* Initialization of HttpRequestHeadersFilter. headerNames is a list of headers defined in application properties.
* @return bean of an initialized FilterRegistrationBean
*/
@Bean
public FilterRegistrationBean<HttpRequestHeadersFilter> getRequestHeadersFilter() {
public FilterRegistrationBean<HttpRequestHeadersFilter> getRequestHeadersFilter()
{
FilterRegistrationBean<HttpRequestHeadersFilter> registrationBean = new FilterRegistrationBean<>();

registrationBean.setFilter(new HttpRequestHeadersFilter(headerNames));
Expand All @@ -230,5 +281,4 @@ public FilterRegistrationBean<HttpRequestHeadersFilter> getRequestHeadersFilter(

return registrationBean;
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,54 @@

import org.springframework.context.ApplicationEvent;

import java.io.Serial;

/**
* Application event used for the case of startup list fails
*/
public class StartupFailEvent extends ApplicationEvent {
public class StartupFailEvent extends ApplicationEvent
{

@Serial
private static final long serialVersionUID = 1L;

private Object source;
private String message;
private final Object source;
private final String message;


public StartupFailEvent(Object source, String message) {
/**
* Constructor
*
* @param source source
* @param message message
*/
public StartupFailEvent(Object source, String message)
{
super(source);
this.source = source;
this.message = message;
}

public Object getSource() {

/**
* Return the source.
*
* @return object
*/
@Override
public Object getSource()
github-advanced-security[bot] marked this conversation as resolved.
Fixed
Show resolved Hide resolved
{
return source;
}

public String getMessage() {

/**
* Return the message.
*
* @return string
*/
public String getMessage()
{
return message;
}
}
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading