diff --git a/apiml-common/src/main/java/org/zowe/apiml/product/web/HttpConfig.java b/apiml-common/src/main/java/org/zowe/apiml/product/web/HttpConfig.java index 4250a6a8d0..9ad3d0b3bc 100644 --- a/apiml-common/src/main/java/org/zowe/apiml/product/web/HttpConfig.java +++ b/apiml-common/src/main/java/org/zowe/apiml/product/web/HttpConfig.java @@ -45,6 +45,8 @@ public class HttpConfig { private static final char[] KEYRING_PASSWORD = "password".toCharArray(); + @Value("${server.attls.enabled:false}") + private boolean attlsEnabled; @Value("${server.ssl.protocol:TLSv1.2}") private String protocol; @Value("${apiml.httpclient.ssl.enabled-protocols:TLSv1.2,TLSv1.3}") @@ -285,7 +287,7 @@ public EurekaJerseyClient eurekaJerseyClient() { @Bean public Supplier eurekaJerseyClientBuilder() { - return () -> factory.createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId); + return () -> factory.createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId, attlsEnabled); } } diff --git a/cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java b/cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java index 223c5b24e0..a644c6830e 100644 --- a/cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java +++ b/cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java @@ -123,6 +123,9 @@ public class ConnectionsConfig { @Value("${spring.application.name}") private String serviceId; + @Value("${server.attls.enabled:false}") + private boolean attlsEnabled; + @Value("${server.ssl.trustStoreRequired:false}") private boolean trustStoreRequired; @@ -234,7 +237,7 @@ SslContext sslContext(boolean setKeystore) { @Bean("primaryApimlEurekaJerseyClient") EurekaJerseyClient getEurekaJerseyClient() { - return factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId).build(); + return factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId, attlsEnabled).build(); } @Bean(destroyMethod = "shutdown") @@ -292,7 +295,7 @@ private CloudEurekaClient registerInTheApimlInstance(EurekaClientConfig config, BeanUtils.copyProperties(config, configBean); configBean.setServiceUrl(urls); - EurekaJerseyClient jerseyClient = factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId).build(); + EurekaJerseyClient jerseyClient = factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId, attlsEnabled).build(); MutableDiscoveryClientOptionalArgs args = new MutableDiscoveryClientOptionalArgs(); args.setEurekaJerseyClient(jerseyClient); diff --git a/cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/config/AdditionalRegistrationTest.java b/cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/config/AdditionalRegistrationTest.java index 92e578d469..76d591ce14 100644 --- a/cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/config/AdditionalRegistrationTest.java +++ b/cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/config/AdditionalRegistrationTest.java @@ -37,6 +37,7 @@ import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -83,7 +84,7 @@ class WhenInitializingAdditionalRegistrations { public void setUp() { configSpy = Mockito.spy(connectionsConfig); lenient().doReturn(httpsFactory).when(configSpy).factory(); - lenient().when(httpsFactory.createEurekaJerseyClientBuilder(any(), any())).thenReturn(mock(EurekaJerseyClientImpl.EurekaJerseyClientBuilder.class)); + lenient().when(httpsFactory.createEurekaJerseyClientBuilder(any(), any(), anyBoolean())).thenReturn(mock(EurekaJerseyClientImpl.EurekaJerseyClientBuilder.class)); lenient().when(eurekaFactory.createCloudEurekaClient(any(), any(), clientConfigCaptor.capture(), any(), any())).thenReturn(additionalClientOne, additionalClientTwo); } diff --git a/common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java b/common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java index 160ea951a1..c20f4c616d 100644 --- a/common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java +++ b/common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java @@ -237,7 +237,7 @@ public HostnameVerifier getHostnameVerifier() { } } - public EurekaJerseyClientBuilder createEurekaJerseyClientBuilder(String eurekaServerUrl, String serviceId) { + public EurekaJerseyClientBuilder createEurekaJerseyClientBuilder(String eurekaServerUrl, String serviceId, boolean attlsEnabled) { EurekaJerseyClientBuilder builder = new EurekaJerseyClientBuilder(); builder.withClientName(serviceId); builder.withMaxTotalConnections(10); @@ -248,10 +248,11 @@ public EurekaJerseyClientBuilder createEurekaJerseyClientBuilder(String eurekaSe // See: // https://github.com/Netflix/eureka/blob/master/eureka-core/src/main/java/com/netflix/eureka/transport/JerseyReplicationClient.java#L160 if (eurekaServerUrl.startsWith("http://")) { - apimlLog.log("org.zowe.apiml.common.insecureHttpWarning"); + if (!attlsEnabled) { + apimlLog.log("org.zowe.apiml.common.insecureHttpWarning"); + } } else { builder.withCustomSSL(getSslContext()); - builder.withHostnameVerifier(getHostnameVerifier()); } return builder; diff --git a/common-service-core/src/test/java/org/zowe/apiml/security/HttpsFactoryTest.java b/common-service-core/src/test/java/org/zowe/apiml/security/HttpsFactoryTest.java index 5fbdb5ac8d..9feabbba76 100644 --- a/common-service-core/src/test/java/org/zowe/apiml/security/HttpsFactoryTest.java +++ b/common-service-core/src/test/java/org/zowe/apiml/security/HttpsFactoryTest.java @@ -33,6 +33,7 @@ class HttpsFactoryTest { private static final String EUREKA_URL_NO_SCHEME = "://localhost:10011/eureka/"; private static final String TEST_SERVICE_ID = "service1"; + private static final boolean ATTLS = false; private static final String INCORRECT_PARAMETER_VALUE = "WRONG"; private HttpsConfig.HttpsConfigBuilder httpsConfigBuilder; @@ -136,7 +137,7 @@ void shouldCreateEurekaJerseyClientBuilderForHttps() { HttpsConfig httpsConfig = httpsConfigBuilder.build(); HttpsFactory httpsFactory = new HttpsFactory(httpsConfig); EurekaJerseyClientImpl.EurekaJerseyClientBuilder clientBuilder = - httpsFactory.createEurekaJerseyClientBuilder("https" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID); + httpsFactory.createEurekaJerseyClientBuilder("https" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID, ATTLS); assertNotNull(clientBuilder); } @@ -145,7 +146,7 @@ void shouldCreateEurekaJerseyClientBuilderForHttp() { HttpsConfig httpsConfig = httpsConfigBuilder.build(); HttpsFactory httpsFactory = new HttpsFactory(httpsConfig); EurekaJerseyClientImpl.EurekaJerseyClientBuilder clientBuilder = - httpsFactory.createEurekaJerseyClientBuilder("http" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID); + httpsFactory.createEurekaJerseyClientBuilder("http" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID, ATTLS); assertNotNull(clientBuilder); } } diff --git a/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/config/ApiMediationServiceConfig.java b/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/config/ApiMediationServiceConfig.java index c71334b3dd..035197f5ab 100644 --- a/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/config/ApiMediationServiceConfig.java +++ b/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/config/ApiMediationServiceConfig.java @@ -67,6 +67,10 @@ public class ApiMediationServiceConfig { * XML Path: /instance/app */ private String serviceId; + /** + * to verify if Attls is enabled for the service + */ + private boolean attlsEnabled; /** * * **title** (XML Path: /instance/metadata/apiml.service.title) diff --git a/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java b/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java index 45f4d4a1b8..2aa08adad2 100644 --- a/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java +++ b/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java @@ -156,7 +156,7 @@ private EurekaClient initializeEurekaClient( HttpsFactory factory = new HttpsFactory(httpsConfig); EurekaJerseyClient eurekaJerseyClient = factory.createEurekaJerseyClientBuilder( - config.getDiscoveryServiceUrls().get(0), config.getServiceId()).build(); + config.getDiscoveryServiceUrls().get(0), config.getServiceId(), config.isAttlsEnabled()).build(); AbstractDiscoveryClientOptionalArgs args = new DiscoveryClient.DiscoveryClientOptionalArgs(); args.setEurekaJerseyClient(eurekaJerseyClient);