diff --git a/legal-core/src/main/java/org/opengroup/osdu/legal/di/EntitlementsClientFactory.java b/legal-core/src/main/java/org/opengroup/osdu/legal/di/EntitlementsClientFactory.java
index 9fea31aafc98164e61f97ebc9becfba5c1ccac1d..6a659448f6bf0144f332008da2e073bfc935b2c0 100644
--- a/legal-core/src/main/java/org/opengroup/osdu/legal/di/EntitlementsClientFactory.java
+++ b/legal-core/src/main/java/org/opengroup/osdu/legal/di/EntitlementsClientFactory.java
@@ -24,6 +24,7 @@ import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
+
@Component
@Lazy
public class EntitlementsClientFactory extends AbstractFactoryBean<IEntitlementsFactory> {
diff --git a/legal-core/src/main/java/org/opengroup/osdu/legal/middleware/LegalFilter.java b/legal-core/src/main/java/org/opengroup/osdu/legal/middleware/LegalFilter.java
index 15b5957b13b303fb903c41f2e394dc052ecebe46..c9e0c051b4e2df1b4d82c7fbee948e2fa3ca2500 100644
--- a/legal-core/src/main/java/org/opengroup/osdu/legal/middleware/LegalFilter.java
+++ b/legal-core/src/main/java/org/opengroup/osdu/legal/middleware/LegalFilter.java
@@ -16,7 +16,7 @@ import javax.inject.Inject;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.core.common.provider.interfaces.IAuthorizationService;
-import org.opengroup.osdu.core.common.http.ResponseHeaders;
+import org.opengroup.osdu.core.common.http.ResponseHeadersFactory;
import org.opengroup.osdu.core.common.model.http.Request;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.springframework.context.annotation.Lazy;
@@ -41,6 +41,12 @@ public class LegalFilter implements Filter {
@Inject
private JaxRsDpsLog logger;
+ private ResponseHeadersFactory responseHeadersFactory = new ResponseHeadersFactory();
+
+ // defaults to * for any front-end, string must be comma-delimited if more than one domain
+ @Value("${ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS:*}")
+ String ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS;
+
@Value("${ACCEPT_HTTP:false}")
private boolean acceptHttp;
@@ -119,8 +125,8 @@ public class LegalFilter implements Filter {
}
private void setResponseHeaders(HttpServletResponse httpServletResponse) {
- Map<String, List<Object>> standardHeaders = ResponseHeaders.STANDARD_RESPONSE_HEADERS;
- for (Map.Entry<String, List<Object>> header : standardHeaders.entrySet()) {
+ Map<String, String> responseHeaders = responseHeadersFactory.getResponseHeaders(ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS);
+ for(Map.Entry<String, String> header : responseHeaders.entrySet()){
httpServletResponse.addHeader(header.getKey(), header.getValue().toString());
}
httpServletResponse.addHeader(DpsHeaders.CORRELATION_ID, this.headers.getCorrelationId());
diff --git a/legal-core/src/test/java/org/opengroup/osdu/legal/middleware/LegalFilterTest.java b/legal-core/src/test/java/org/opengroup/osdu/legal/middleware/LegalFilterTest.java
index 86c6f9afb121eecea0fccdc0bbc643a77d225052..aef19d09cf292ad36a9e50c44e06a086096e48ef 100644
--- a/legal-core/src/test/java/org/opengroup/osdu/legal/middleware/LegalFilterTest.java
+++ b/legal-core/src/test/java/org/opengroup/osdu/legal/middleware/LegalFilterTest.java
@@ -44,20 +44,21 @@ public class LegalFilterTest {
Mockito.when(headers.getAuthorization()).thenReturn("authorization-header-value");
Mockito.when(headers.getCorrelationId()).thenReturn("correlation-id-value");
Mockito.when(httpServletRequest.getMethod()).thenReturn("POST");
+ org.springframework.test.util.ReflectionTestUtils.setField(legalFilter, "ACCESS_CONTROL_ALLOW_ORIGIN_DOMAINS", "custom-domain");
legalFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
- Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Origin", Collections.singletonList("*").toString());
- Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Headers", Collections.singletonList("origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey").toString());
- Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Methods", Collections.singletonList("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH").toString());
- Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Credentials", Collections.singletonList("true").toString());
- Mockito.verify(httpServletResponse).addHeader("X-Frame-Options", Collections.singletonList("DENY").toString());
- Mockito.verify(httpServletResponse).addHeader("X-XSS-Protection", Collections.singletonList("1; mode=block").toString());
- Mockito.verify(httpServletResponse).addHeader("X-Content-Type-Options", Collections.singletonList("nosniff").toString());
- Mockito.verify(httpServletResponse).addHeader("Cache-Control", Collections.singletonList("no-cache, no-store, must-revalidate").toString());
- Mockito.verify(httpServletResponse).addHeader("Content-Security-Policy", Collections.singletonList("default-src 'self'").toString());
- Mockito.verify(httpServletResponse).addHeader("Strict-Transport-Security", Collections.singletonList("max-age=31536000; includeSubDomains").toString());
- Mockito.verify(httpServletResponse).addHeader("Expires", Collections.singletonList("0").toString());
+ Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Origin", "custom-domain");
+ Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey");
+ Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH");
+ Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Credentials", "true");
+ Mockito.verify(httpServletResponse).addHeader("X-Frame-Options", "DENY");
+ Mockito.verify(httpServletResponse).addHeader("X-XSS-Protection", "1; mode=block");
+ Mockito.verify(httpServletResponse).addHeader("X-Content-Type-Options", "nosniff");
+ Mockito.verify(httpServletResponse).addHeader("Cache-Control", "no-cache, no-store, must-revalidate");
+ Mockito.verify(httpServletResponse).addHeader("Content-Security-Policy", "default-src 'self'");
+ Mockito.verify(httpServletResponse).addHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+ Mockito.verify(httpServletResponse).addHeader("Expires", "0");
Mockito.verify(httpServletResponse).addHeader("correlation-id", "correlation-id-value");
Mockito.verify(filterChain).doFilter(httpServletRequest, httpServletResponse);
Mockito.verify(logger).request(Mockito.any(Request.class));
diff --git a/pom.xml b/pom.xml
index 2c8090a4fa777b6c70ced9f1145abfdbe1132ea6..5e7e17e9573fa74f9d09a1d2c479604ba62ffa8c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,7 +8,7 @@
<maven.compiler.source>1.8</maven.compiler.source>
<docker.image.prefix>opendes</docker.image.prefix>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <os-core-common.version>0.3.23</os-core-common.version>
+ <os-core-common.version>0.3.28</os-core-common.version>
<snakeyaml.version>1.26</snakeyaml.version>
<spring-web.version>5.1.19.RELEASE</spring-web.version>
</properties>
diff --git a/provider/legal-aws/build-aws/Dockerfile b/provider/legal-aws/build-aws/Dockerfile
index 7704a11a5ee27d8290f76e466a15a0fe6aa079f3..e61167dfd969e48f258c408dbeb7a12de005c516 100644
--- a/provider/legal-aws/build-aws/Dockerfile
+++ b/provider/legal-aws/build-aws/Dockerfile
@@ -16,7 +16,14 @@
FROM amazoncorretto:8
ARG JAR_FILE=provider/legal-aws/target/*spring-boot.jar
+
+#Default to using self signed generated TLS cert
+ENV USE_SELF_SIGNED_SSL_CERT true
+
WORKDIR /
COPY ${JAR_FILE} app.jar
+COPY /provider/legal-aws/build-aws/ssl.sh /ssl.sh
+COPY /provider/legal-aws/build-aws/entrypoint.sh /entrypoint.sh
EXPOSE 8080
-ENTRYPOINT java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
+
+ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]
\ No newline at end of file
diff --git a/provider/legal-aws/build-aws/buildspec.yaml b/provider/legal-aws/build-aws/buildspec.yaml
index 01ed13973390da3d5474bc1774ea8af5d7ec2117..e4071081c1c4481a49bd54f6e40c12e01b657b04 100644
--- a/provider/legal-aws/build-aws/buildspec.yaml
+++ b/provider/legal-aws/build-aws/buildspec.yaml
@@ -27,9 +27,11 @@ phases:
runtime-versions:
java: corretto8
commands:
+ # fix error noted here: https://github.com/yarnpkg/yarn/issues/7866
+ - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
- if [ $(echo $CODEBUILD_SOURCE_VERSION | grep -c ^refs/heads.*) -eq 1 ]; then echo "Branch name found"; else echo "This build only supports branch builds" && exit 1; fi
- - apt-get update -y
- - apt-get install -y maven
+ - apt-get update -y -qq > /dev/null
+ - apt-get install -y maven -qq > /dev/null
- java -version
- mvn -version
# - mvn -B clean # .m2 is not created until the first Maven command
@@ -58,7 +60,7 @@ phases:
- printenv
- echo "Building primary service assemblies..."
- - mvn -B test install -pl legal-core,provider/legal-aws -Ddeployment.environment=prod
+ - mvn -ntp -B test install -pl legal-core,provider/legal-aws -Ddeployment.environment=prod
# Suspended until further notice
# - echo "Copying assemblies to dist..."
@@ -96,4 +98,4 @@ artifacts:
name: ${REPO_NAME}_${BRANCH_NAME}_$(date +%F)_${CODEBUILD_BUILD_NUMBER}.zip
cache:
paths:
- - "/root/.m2/**/*"
\ No newline at end of file
+ - "/root/.m2/**/*"
diff --git a/provider/legal-aws/build-aws/entrypoint.sh b/provider/legal-aws/build-aws/entrypoint.sh
new file mode 100755
index 0000000000000000000000000000000000000000..9bd3ec69d01fba69f4bece2162e7faba5cc0f0cb
--- /dev/null
+++ b/provider/legal-aws/build-aws/entrypoint.sh
@@ -0,0 +1,15 @@
+
+
+if [ -n $USE_SELF_SIGNED_SSL_CERT ];
+then
+ export SSL_KEY_PASSWORD=$RANDOM$RANDOM$RANDOM;
+ export SSL_KEY_STORE_PASSWORD=$SSL_KEY_PASSWORD;
+ export SSL_KEY_STORE_DIR=/tmp/certs;
+ export SSL_KEY_STORE_NAME=osduonaws.p12;
+ export SSL_KEY_STORE_PATH=$SSL_KEY_STORE_DIR/$SSL_KEY_STORE_NAME;
+ export SSL_KEY_ALIAS=osduonaws;
+
+ ./ssl.sh;
+fi
+
+java $JAVA_OPTS -jar /app.jar
\ No newline at end of file
diff --git a/provider/legal-aws/build-aws/ssl.sh b/provider/legal-aws/build-aws/ssl.sh
new file mode 100755
index 0000000000000000000000000000000000000000..9ede565684bdd46cb09e56fce721ced55206ca07
--- /dev/null
+++ b/provider/legal-aws/build-aws/ssl.sh
@@ -0,0 +1,34 @@
+# Copyright © 2021 Amazon Web Services
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/usr/bin/env bash
+
+#Future: Support for using Amazon Cert Manager
+# if [ "$1" == "webserver" ] && [ -n $ACM_CERTIFICATE_ARN ];
+# then
+
+# aws acm export-certificate --certificate-arn $ACM_CERTIFICATE_ARN --passphrase $(echo -n 'aws123' | openssl base64 -e) | jq -r '"\(.PrivateKey)"' > ${SSL_KEY_PATH}.enc
+# openssl rsa -in ${SSL_KEY_PATH}.enc -out $SSL_KEY_PATH -passin pass:aws123
+# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.CertificateChain)"' > $SSL_CERT_PATH
+# aws acm get-certificate --certificate-arn $ACM_CERTIFICATE_ARN | jq -r '"\(.Certificate)"' >> $SSL_CERT_PATH
+
+# fi
+
+if [ -n $USE_SELF_SIGNED_SSL_CERT ];
+then
+ mkdir -p $SSL_KEY_STORE_DIR
+ pushd $SSL_KEY_STORE_DIR
+ keytool -genkeypair -alias $SSL_KEY_ALIAS -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore $SSL_KEY_STORE_NAME -validity 3650 -keypass $SSL_KEY_PASSWORD -storepass $SSL_KEY_PASSWORD -dname "CN=localhost, OU=AWS, O=Energy, L=Houston, ST=TX, C=US"
+ popd
+fi
diff --git a/provider/legal-aws/pom.xml b/provider/legal-aws/pom.xml
index 4a2b6c8e9636217c992cfc0c1284d8e70a331667..4a0c392999254c34d034b6e215f843d1b87d8aab 100644
--- a/provider/legal-aws/pom.xml
+++ b/provider/legal-aws/pom.xml
@@ -37,7 +37,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.3.7</version>
+ <version>0.3.17</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
diff --git a/provider/legal-aws/src/main/resources/application.properties b/provider/legal-aws/src/main/resources/application.properties
index 1eb038d5ed0136c093a80130210a1fe590a9af6c..c3c28a1323b784344345befb9ebb45c97286c807 100644
--- a/provider/legal-aws/src/main/resources/application.properties
+++ b/provider/legal-aws/src/main/resources/application.properties
@@ -30,4 +30,11 @@ aws.sns.region=${AWS_REGION}
aws.ssm=${SSM_ENABLED}
aws.ssm.prefix=/osdu/${ENVIRONMENT}
aws.legal.sns.topic.arn=${aws.ssm.prefix}/legal/legal-sns-topic-arn
-aws.legal.s3.bucket.name=${aws.ssm.prefix}/legal/legal-s3-bucket-name
\ No newline at end of file
+aws.legal.s3.bucket.name=${aws.ssm.prefix}/legal/legal-s3-bucket-name
+
+server.ssl.enabled=${SSL_ENABLED:true}
+server.ssl.key-store-type=PKCS12
+server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
+server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
+server.ssl.key-password=${SSL_KEY_PASSWORD:}
+server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
\ No newline at end of file
diff --git a/provider/legal-aws/src/main/resources/skipper.keystore b/provider/legal-aws/src/main/resources/skipper.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..3524c7c68dcd9b53cb13971f955654774ea1dd35
Binary files /dev/null and b/provider/legal-aws/src/main/resources/skipper.keystore differ
diff --git a/testing/legal-test-aws/build-aws/prepare-dist.sh b/testing/legal-test-aws/build-aws/prepare-dist.sh
index 399037b4cf273a594f7ce8b3ac28de4e286ee28d..baa16e0c8f465655d25f1dfd39bd6789ce553f85 100755
--- a/testing/legal-test-aws/build-aws/prepare-dist.sh
+++ b/testing/legal-test-aws/build-aws/prepare-dist.sh
@@ -21,13 +21,13 @@ echo $INTEGRATION_TEST_OUTPUT_BIN_DIR
rm -rf "$INTEGRATION_TEST_OUTPUT_DIR"
mkdir -p "$INTEGRATION_TEST_OUTPUT_DIR" && mkdir -p "$INTEGRATION_TEST_OUTPUT_BIN_DIR"
echo "Building integration testing assemblies and gathering artifacts..."
-mvn install -f "$INTEGRATION_TEST_SOURCE_DIR_CORE"/pom.xml
-mvn install dependency:copy-dependencies -DskipTests -f "$INTEGRATION_TEST_SOURCE_DIR_AWS"/pom.xml -DincludeGroupIds=org.opengroup.osdu -Dmdep.copyPom
+mvn -ntp install -f "$INTEGRATION_TEST_SOURCE_DIR_CORE"/pom.xml
+mvn -ntp install dependency:copy-dependencies -DskipTests -f "$INTEGRATION_TEST_SOURCE_DIR_AWS"/pom.xml -DincludeGroupIds=org.opengroup.osdu -Dmdep.copyPom
cp "$INTEGRATION_TEST_SOURCE_DIR_AWS"/target/dependency/* "${INTEGRATION_TEST_OUTPUT_BIN_DIR}"
-(cd "${INTEGRATION_TEST_OUTPUT_BIN_DIR}" && ls *.jar | sed -e 's/\.jar$//' | xargs -I {} echo mvn install:install-file -Dfile={}.jar -DpomFile={}.pom >> install-deps.sh)
+(cd "${INTEGRATION_TEST_OUTPUT_BIN_DIR}" && ls *.jar | sed -e 's/\.jar$//' | xargs -I {} echo mvn -ntp install:install-file -Dfile={}.jar -DpomFile={}.pom >> install-deps.sh)
chmod +x "${INTEGRATION_TEST_OUTPUT_BIN_DIR}"/install-deps.sh
-mvn clean -f "$INTEGRATION_TEST_SOURCE_DIR_AWS"/pom.xml
+mvn -ntp clean -f "$INTEGRATION_TEST_SOURCE_DIR_AWS"/pom.xml
cp -R "$INTEGRATION_TEST_SOURCE_DIR_AWS"/* "${INTEGRATION_TEST_OUTPUT_DIR}"/
#copy testing parent pom to output
-cp ./testing/pom.xml "${OUTPUT_DIR}/testing"
\ No newline at end of file
+cp ./testing/pom.xml "${OUTPUT_DIR}/testing"
diff --git a/testing/legal-test-aws/build-aws/run-tests.sh b/testing/legal-test-aws/build-aws/run-tests.sh
index d5c64f7d2e39297671f79f0fb1f5cf6eae68e85d..1a32cd848b400effb539715343abf509a670888c 100755
--- a/testing/legal-test-aws/build-aws/run-tests.sh
+++ b/testing/legal-test-aws/build-aws/run-tests.sh
@@ -29,10 +29,22 @@ export AWS_COGNITO_AUTH_FLOW=USER_PASSWORD_AUTH
export AWS_COGNITO_AUTH_PARAMS_PASSWORD=$ADMIN_PASSWORD
export AWS_COGNITO_AUTH_PARAMS_USER=$ADMIN_USER
export AWS_COGNITO_CLIENT_ID=$AWS_COGNITO_CLIENT_ID
-export AWS_S3_ENDPOINT=s3.us-east-1.amazonaws.com
-export AWS_S3_REGION=us-east-1
-export DYNAMO_DB_ENDPOINT=dynamodb.us-east-1.amazonaws.com
-export DYNAMO_DB_REGION=us-east-1
+if [ -z "$LEGAL_S3_ENDPOINT" ]
+then
+ export AWS_S3_ENDPOINT=s3.us-east-1.amazonaws.com
+else
+ export AWS_S3_ENDPOINT=$LEGAL_S3_ENDPOINT
+fi
+
+export AWS_S3_REGION=$AWS_REGION
+if [ -z "$LEGAL_DYNAMODB_ENDPOINT" ]
+then
+ export DYNAMO_DB_ENDPOINT=dynamodb.us-east-1.amazonaws.com
+else
+ export DYNAMO_DB_ENDPOINT=$LEGAL_DYNAMODB_ENDPOINT
+
+fi
+export DYNAMO_DB_REGION=$AWS_REGION
export HOST_URL=$LEGAL_URL
export MY_TENANT=int-test-legal
export S3_LEGAL_CONFIG_BUCKET=$LEGAL_S3_BUCKET
@@ -42,7 +54,7 @@ export TABLE_PREFIX=$RESOURCE_PREFIX
#### RUN INTEGRATION TEST #########################################################################
-mvn test -f "$SCRIPT_SOURCE_DIR"/../pom.xml
+mvn -ntp test -f "$SCRIPT_SOURCE_DIR"/../pom.xml
TEST_EXIT_CODE=$?
#### COPY TEST REPORTS #########################################################################
@@ -53,4 +65,4 @@ if [ -n "$1" ]
cp -R "$SCRIPT_SOURCE_DIR"/../target/surefire-reports "$1"
fi
-exit $TEST_EXIT_CODE
\ No newline at end of file
+exit $TEST_EXIT_CODE
diff --git a/testing/legal-test-aws/pom.xml b/testing/legal-test-aws/pom.xml
index 431cb48d2e17c3c2b444e53cdfeaeb2d157f8df4..d990dcb743f64c4cb01f0e7e9a91ad7c718f8b11 100644
--- a/testing/legal-test-aws/pom.xml
+++ b/testing/legal-test-aws/pom.xml
@@ -45,7 +45,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
- <version>0.3.7</version>
+ <version>0.3.16</version>
</dependency>
<!-- AWS managed packages -->
@@ -150,4 +150,4 @@
</plugin>
</plugins>
</build>
-</project>
\ No newline at end of file
+</project>
diff --git a/testing/legal-test-aws/src/test/java/org/opengroup/osdu/legal/util/AwsLegalTagUtils.java b/testing/legal-test-aws/src/test/java/org/opengroup/osdu/legal/util/AwsLegalTagUtils.java
index 4b0de1bdb8f493f5d7896c25e0edf6236750f99c..329990130bcc766195d136c860373afb077578b0 100644
--- a/testing/legal-test-aws/src/test/java/org/opengroup/osdu/legal/util/AwsLegalTagUtils.java
+++ b/testing/legal-test-aws/src/test/java/org/opengroup/osdu/legal/util/AwsLegalTagUtils.java
@@ -48,6 +48,7 @@ public class AwsLegalTagUtils extends LegalTagUtils {
S3Config s3Config = new S3Config(amazonS3Endpoint, amazonS3Region);
AmazonS3 s3Client = s3Config.amazonS3();
+
try {
s3Client.putObject(BUCKET_NAME_AWS, FILE_NAME, readTestFile("TenantConfigTestingPurpose.json"));
} catch(IOException e){