sync with master

README.md

@@ -177,7 +177,29 @@ ZGIu5manaCW4XJKyZU/Kp04JR6ojQai65R/OLaFOxQhdZ9rtIN1DAsyTBp/6tqqC
 s2+QnHEKNi5n6eyF81l1X3AGOMp2uUF4CfU=
 -----END CERTIFICATE-----"
 ```
-- PKCS12 - To update the https listener certificate.  There are two environment variables used to setup certificate on Listener interface
+
+- Connect to URL SSL ( 2-Way SSL / Mutual SSL) Authentication 
+
+To update Connect to URL  SSL certificate, there are two environment variables used to set up certificate for SSL Authentication 
+
+  -- connecttourl_certandkey_sslauth
+
+  -- certandkeypassword_sslauth
+
+```bash
+$export connecttourl_certandkey_sslauth="MIIL5gIBAzCCC7AGCSqGSIb3DQEHAaCCC6EEggudMIILmTCCBi8GCSqGSIb3DQEHBqCCBiAwggYcAgEAMIIGFQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI9bSw5/Kr0SsCAggAgIIF6DTG3vfPtoc4NPgJE9FU43PRyMpBcv/JIefNDTvC5CNQ+7b47Afqo6mJFIndSxTEbHcnWNG/ufC2/C+7oTn8aZyrgi868fgysv9knhOe+tPJ1O6RyF690m00CmoRhE4kCDKMPaAeRR2ZAMAqj9nPrxjWMXKdrS8+LeEhq2SYSozP8VR+llaTrDPtO8+mC9KRfJIgrKpbB0G/qdnJNtrhJJ8fhaE+/Ufkhydwe0tldu+kOGMODCWVpCY5q2MRrQlhvQhLOYJ7LA/Ovz1ZDjOAE9oujqvhegDxwHj4I6sxHYhGsPUYstNiiqpI5ZcODxUajd5JmEGytk9LU/9PtKEQrXMB4/H7RsRV2bVMWtDaHVW5g0h0oUTw5SBJuPEZMljfLSIXiazerlDC5wybVKVoImDcSiYqHzEKj4DivSclrNfFk4JMMaKIphZZ2qBkCEZ0hEyGxwixyE09yexzW6/5Aq/LF51NJ8THjVHFFScDyOdNsAjiNugXFKe9OkuXW130bbLO+iGscWeJ6vGzjQRM9XIcAOiGJf0jwrGmTu+lFu70C4w+ka5oe6smcABsi52NbeZ7ylW74Fd+fU/O18nXoa7kTbzW5V/BaN+r5flxh1Xd2tUfvG00ABcWtDfHGXSuAtPp+LKRvgU0zS9BVMEr/ZpBpT3KbZAfGjk7Ies/ICpu1OKIDmLrrXHS6ZFhr7+frSjUrmrqGW4+eRBpLQDWD1/XNVzRkbfyE6Lv/lMBjc5BAEG3ZVRSpg9FemyYe5mVk1ehOMdQvUqEGd7DkmfMyXgpUVAbOqebhkS2PSRfcwZZ8O+LQOAnrWI4PRsO0XhmKpmith7S4F+IZ+xKVtkDJbNjAW63OVXKK1E914n7DuI07YCn3CGC4V4i3QlGUgY6kHoEIEfYroCGwupkSh2VLdtsru0dhoP8Dzo0AteWt7knjSQ+era/aPy3qSDE6uUbFNEHD+ol7iD5JMPGG1vnmlCu3nedwkH66LI4Zh8JSQ8qfNwSPt6GVScmpu6HmyuEH1gx6C98bvdzQMcsE+VmjldgGOIobIsTFFmcQMHEM/12R5A/VtnVEQHUY6giuFJpA7IZ2fKHtUiH0ijq1gntkUwWiJml/rb9DQHeZloKpYTEs7GuFdi8CNBZ/vThUcFPVlu8XslPm1zQZlXLb4/ian2Mdu78/FIWz7VVVSpJOablgltcIzOR2QdVYv/rmJsqecAnn2g1f+c5RvLMv2XfyJUzyfW/krlwswDiySV788BsSDylAAthUzs0RjOSIkRnaBGhYEEwhgcHOZV3l5xBjbde+0mR2hiZ3XdfQN9ZITHeCrkSv6yTtH3zh4X6YiPnY0BptOvAV/Vk/Ktdio5rSg8zjC8EDGun1p8vt/eYiIu6YEmeLxwrH27SJSgpnRkpN+u23Mq0zRrQevc7VEej0q1l4XrTDJcCTJhr5swT1UUnJ57tnKnz5X3rqrq9UrTzohVFR445PJFxHbrzyAq9og4OOU3Ya4NHcJmm0+st/V2kBs65oAGNItDJGBGyObXSKMJb4yFc6lf7EneHRMDnLTlz8XES/AN1KVih3TMfjUfgfcXFVLWKRoPVuQP0uNIPto9AIasnrxIc2zhcFpebbnUIAVRUBvNfbkHOGnjYTPf1iXs1uyDRmnQxWXbFpsBQ77wGkXrEHACbCg6pBoe9Lw2A0N5LWQniZy5dire24ZczJRKnk1W6T5W7khIqQ0h1leHsDS+bRSjaKt7MmPbp50MhoK/pX7M0Y2oO7p7Y3lQDtJ2VblMtwe7xWDbHMXDtpKQmcJg1rb5Q/2RZ3VUm08sEH3thughjogoXqCXOXn/FaJ7lVGA3qdjGgaZi1JLXd8NozwEcuNvSy/517a4Ek/uRXKVzV8WsdW8JZGvyELvlbIrdk5evNLc8W7nG4Q4BGSvEAhdLqLkpfBxgER+SU/ojSTa2wm8r/bKK5q8SVxvxaFYEAhJJyf3BrRNm9PokzDWlRR08teSkL2WKIWVX1Bw0Wo1F78Ee7DCCBWIGCSqGSIb3DQEHAaCCBVMEggVPMIIFSzCCBUcGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAg6h0uS8i8h6AICCAAEggTIpKit9ZymYjEoIoMkUpAq44lSCclY8qSmRhoaWnDNTQLhy37fxMf0hiJZ2krvBzGhNLQyBB2Yrob9lry0Sv24mkOUjRxCAhpDu03EThSC/cebaKN0+W1g4qR3EG5zLDtljI+7tgDBhE/PWuV12ZgoP3t9+JHCo1/OVv/IPtUuiP+EVk+SKW9x9/u/HKaordRi4WMhEVW8pUdMktRSQjSzupDE+8GV2ykaZ5BSfbk4RsZD2dyl5hW9lLQ9xFV786667MQcsDh4DhObWQZtX/bASw0/XS6L+TdJmxSOyIci/RGg5iyLxx7xcWRP6zfIiwacrYMxnEB7GX1QDiS3AdjeFoua+htX1DlP7Om15w/b8q79dLhMw+eSUn8g/aLp9n0PKs5mxn6rMcCrmOZJQq5y+0u7g6zOarKx08d6w7yDNCnDS7Hu2DqwaxhHyToEFjQtCw3e7ALdyB/QsZ5HpNNJjyoS+OYbAUJFU5i/oPSX3714wU/gwx/ZiVt4yWW808b8T8ksAKWhp4Gce+VipuNIXKKMdKgx7GiFK12ev31x5BHw+zSUXGc5TXXy0Nb51PTlFwF9/RBXEEleIq0914cK9UumJ6EpdfX6ssqwS9ASFhXfidAlhwH2fuw9lanFB8Y8IDnvBYCxxxtWymh7RZyBumBIdopRA8D2X51BuX6XeYVCYP7PJtXObQfLvGkY50SNOmHbCexq77UxezbMQES+mKW8YXLtZlsD1poOSmrkmRy+jvMXrHFAQidsI5Z2hZjo2sMZSPe+NAwM84yLJYoAq6LuDyhtk3WEbQNO+GB/KqFBOY3fcX0lHFdYEIovTBW+BhspdYEPvJJ01uzgG2VhvriqJ3/ETinKmMvgf5UpJDY+DJ6tgqprN3YCtPB9+NR4cmNz/OUoZKARy64UPWJuX6APGPFIAOD0gNgHqYcrpuksprX/YiYsBVOv/ouqJ9MG36EZ2WYG/KsdtCTssfHYAll5WFu1pGVKVtQJE7sN3Y34jSJDF2F2UoxQbg2CmEnM57GK7kcPjiPnCKPj+o+SEnC8BIO1TxoYnMUB87zfuO53qAdLdQkBvg2salAUsBEHmrDyIOGnEXBuAhHSHbSZSnGpD8gbhnOqfHkRu/OT5BVvnJE+w+dfTlh9vB777VbA5aEYSN16HucPkj3BelDU9+1GctZsSNg4fV/rla7RMf0SUZ02rVbX+52UwxUvuaDH+Pe+QvkTy6sc4b9IIXTphXoZWGClWBGOLBpHfMyxzu2IX4jE4M26DIwUZnVd0vkMYh8dZywgjBCoAJji6Oc1QiNzI3hAwO2sRTaVX5pxZApR+JwPY9ZwLyaOpTSbOXOP7rNZNTMCs1OUHgQdrmPPkE5EBjD/VqXOfLks0Nc8fV1zhofKe088UTZ/qCZKQwK40qhjnYLZ2C1rYjgGtiGHMaPznmwuIazZV9pKgVw+TGTWQmnmuWq7XDEzorbxh0ExjG4S45IQUaTG2kZ9GuHMj3Ocpmf/cJhTZl7wro2x+p/opJYqdKbMOaA+8orsU5r9BCv7NZFh278fSo3fpPut9+ZpmSaYDPpDjAuYlpzv1NFTyAz8Q2myFWFHSxh+KnSfhrEtf4euDRgQ/9gZ2IqXUsZ3FXUNtymfMUYwHwYJKoZIhvcNAQkUMRIeEABDAE4APQBhAHgAdwBhAHkwIwYJKoZIhvcNAQkVMRYEFFnwiPQwNks1gKUHDM3ye/ArMTPaMC0wITAJBgUrDgMCGgUABBQMVJgNbDx/sDqV37rk+lgsiaWPhgQIXKMl/uHVEFw"
+
+# Use file path - file should be created via config map / mount
+$export connecttourlcertandkey_sslauth = /opt/Axway/apigateway/certs/cert.p12
+
+# Use k8s secret to manage password
+$export connecttourlcertandkey_sslauth=changeit
+```
+**sslauth** is the name of  Connect to URL filter **WARNING**: Do not use blank spaces in Connect to URL filter name. 
+
+![secureport Interface](images/connect2urlsslauth.PNG)
+
+- PKCS12 - To update the https listener certificate.  There are two environment variables used to set up certificate on Listener interface
 
   -- certandkey_secureport
 
@@ -192,11 +214,10 @@ $export certandkey_secureport = /opt/Axway/apigateway/certs/cert.p12
 # Use k8s secret to manage password
 $export certandkeypassword_secureport=changeit
 ```
-**secureport** is the name of the https interface.
+**secureport** is the name of the https interface **WARNING**: Do not use blank spaces. 
 
 ![secureport Interface](images/https_interface.png)
 
-The PKCS12 file is base64 encoded, it will be changed to file ( reading from an external drive or ??)
 
 ## Build the project
 
@@ -228,6 +249,8 @@ $mvn clean install
 
 - Add Loadable module to running gateway using publish script or Import apim-policy-password-cert-env/src/main/resources/typeSet.xml via Policystudio using File -> Import -> Import Custom filters.
 
+(or)
+
 - Parameters of publish command
 ```bash
 Options:

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.axway</groupId>
     <artifactId>apim-env-module</artifactId>
-    <version>1.1.2</version>
+    <version>1.1.3</version>
 
     <name>apim-env-module</name>
     <url>https://axway.com</url>
@@ -16,7 +16,7 @@
         <maven.compiler.source>1.8</maven.compiler.source>
         <maven.compiler.target>1.8</maven.compiler.target>
         <api.version>7.7</api.version>
-        <apim.lib.path>/Users/rnatarajan/AxwayProducts/apim_7_7/lib</apim.lib.path>
+        <apim.lib.path>/Users/rnatarajan/AxwayProducts/apim_7_7_nov/lib</apim.lib.path>
     </properties>
 
     <dependencies>
@@ -31,56 +31,57 @@
             <artifactId>apigw-common</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/apigw-common-7.7.0.1-4.jar</systemPath>
+            <systemPath>${apim.lib.path}/plugins/apigw-common-2.0.1.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-trace</groupId>
             <artifactId>vordel-trace</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-trace-7.7.0.1-4.jar</systemPath>
+            <systemPath>${apim.lib.path}/plugins/vordel-trace-7.7.0.20201130-5.jar</systemPath>
         </dependency>
         <dependency>
-            <groupId>server</groupId>
-            <artifactId>server</artifactId>
+            <groupId>vordel-apigateway</groupId>
+            <artifactId>vordel-apigateway</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/server.jar</systemPath>
+            <systemPath>${apim.lib.path}/vordel-apigateway-7.7.0.20201130-5.jar</systemPath>
         </dependency>
         <dependency>
-            <groupId>precipitate</groupId>
-            <artifactId>precipitate</artifactId>
+
+            <groupId>vordel-core-runtime</groupId>
+            <artifactId>vordel-core-runtime</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/precipitate.jar</systemPath>
+            <systemPath>${apim.lib.path}/vordel-core-runtime-7.7.0.20201130-5.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>es-core</groupId>
             <artifactId>es-core</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/es-core-7.7.0.1-4.jar</systemPath>
+            <systemPath>${apim.lib.path}/plugins/es-core-2.0.4.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-common</groupId>
             <artifactId>vordel-common</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-common-7.7.0.1-4.jar</systemPath>
+            <systemPath>${apim.lib.path}/plugins/vordel-common-7.7.0.20201130-5.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-system</groupId>
             <artifactId>vordel-system</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-system-7.7.0.1-4.jar</systemPath>
+            <systemPath>${apim.lib.path}/plugins/vordel-system-7.7.0.20201130-5.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>vordel-config</groupId>
             <artifactId>vordel-config</artifactId>
             <scope>system</scope>
             <version>${api.version}</version>
-            <systemPath>${apim.lib.path}/plugins/vordel-config-7.7.0.1-4.jar</systemPath>
+            <systemPath>${apim.lib.path}/plugins/vordel-config-7.7.0.20201130-5.jar</systemPath>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>

src/main/java/com/axway/ExternalConfigLoader.java

@@ -24,7 +24,7 @@
 public class ExternalConfigLoader implements LoadableModule {
 
     private static final Logger log = LogManager.getLogger(ExternalConfigLoader.class);
-    private CertHelper certHelper = new CertHelper();
+    private final CertHelper certHelper = new CertHelper();
     private PasswordCipher passwordCipher;
 
 
@@ -131,13 +131,24 @@ private void updatePassword(EntityStore entityStore) {
                 }
             } else if (key.startsWith("certandkey_")) {
                 try {
+                    Trace.info("Updating SSL interface certificate and key");
                     char[] password = System.getenv("certandkeypassword" + "_" + filterName).toCharArray();
                     String alias = importP12(entityStore, passwordValue, password);
                     Trace.info("P12 file alias name :" + alias);
                     configureP12(entityStore, filterName, alias);
                 } catch (Exception e) {
                     Trace.error("Unable to add the p12 from Environment variable", e);
                 }
+            }else if (key.startsWith("connecttourlcertandkey_")) {
+                try {
+                    Trace.info("Updating Connect to URL client Auth certificate and key");
+                    char[] password = System.getenv("connecttourlcertandkeypassword" + "_" + filterName).toCharArray();
+                    String alias = importP12(entityStore, passwordValue, password);
+                    Trace.info("P12 file alias name :" + alias);
+                    connectToURLConfigureP12(entityStore, filterName, alias);
+                } catch (Exception e) {
+                    Trace.error("Unable to add the p12 from Environment variable", e);
+                }
             }
         }
 
@@ -362,22 +373,54 @@ private String importPublicCertificate(X509Certificate certificate, EntityStore
     private void configureP12(EntityStore entityStore, String name, String alias) {
 
         String shorthandKey = "/[NetService]name=Service/[HTTP]**/[SSLInterface]name=" + name;
-        ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
-        List<Entity> entities = shorthandKeyFinder.getEntities(shorthandKey);
+        //ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
+        //List<Entity> entities = shorthandKeyFinder.getEntities(shorthandKey);
+        List<Entity> entities = getEntities(entityStore, shorthandKey);
         if (entities.isEmpty()) {
             Trace.error("Listener interface is not available");
             return;
+        }else if(entities.size() > 1){
+            Trace.error("Found more than one Listener interface");
+            return;
         }
         Entity entity = entities.get(0);
+        String fieldName = "serverCert";
+        updateP12Cert(entityStore, entity, alias, fieldName);
+    }
+
+    private List<Entity> getEntities(EntityStore entityStore, String shorthandKey){
+        ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
+        return shorthandKeyFinder.getEntities(shorthandKey);
+    }
+
+    private void updateP12Cert(EntityStore entityStore, Entity entity, String alias, String fieldName){
+
         String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
         Entity certEntity = getCertEntity(entityStore, escapedAlias);
         //Trace.info("Certificate entity set to listener interface "+ certEntity);
         PortableESPK portableESPK = PortableESPK.toPortableKey(entityStore, certEntity.getPK());
         //Trace.info("Portable : " + portableESPK);
-        entity.setReferenceField("serverCert", portableESPK);
+        entity.setReferenceField(fieldName, portableESPK);
         entityStore.updateEntity(entity);
     }
 
+    private void connectToURLConfigureP12(EntityStore entityStore, String name, String alias) {
+
+        String shorthandKey = "/[FilterCircuit]**/[ConnectToURLFilter]name=" + name;
+        //ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
+        List<Entity> entities = getEntities(entityStore, shorthandKey);
+        if (entities.isEmpty()) {
+            Trace.error("Unable to find connect to URL filter");
+            return;
+        }else if(entities.size() > 1){
+            Trace.error("Found more than one connect to URL filter");
+            return;
+        }
+        Entity entity = entities.get(0);
+        String fieldName = "sslUsers";
+        updateP12Cert(entityStore, entity, alias, fieldName);
+    }
+
     private Entity getCertEntity(EntityStore entityStore, String alias) {
         String shorthandKey = "/[Certificates]name=Certificate Store";
         ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
@@ -393,7 +436,7 @@ private Entity getCertEntity(EntityStore entityStore, String alias) {
 
     private String importP12(EntityStore entityStore, String cert, char[] password) throws Exception {
 
-        PKCS12 pkcs12 = null;
+        PKCS12 pkcs12;
         File file = new File(cert);
         if(file.exists()){
             pkcs12 = certHelper.parseP12(file, password);