fix: PJE enabler sample and password validation fixes (#1819)

* real PJE sample

Signed-off-by: jandadav <janda.david@gmail.com>

* PJE password validation fixes

Signed-off-by: jandadav <janda.david@gmail.com>

* checkstyle

Signed-off-by: jandadav <janda.david@gmail.com>

* Exclude sample from lite lib

Signed-off-by: jandadav <janda.david@gmail.com>

* skip enabler sonar

Signed-off-by: jandadav <janda.david@gmail.com>

Author: jandadav

gradle/lite.gradle

@@ -48,8 +48,13 @@ task liteLibJarAll(type: Jar) {
     archiveName = getBaseNameLite() + ".jar"
     entryCompression = ZipEntryCompression.STORED
     duplicatesStrategy = DuplicatesStrategy.EXCLUDE
-
-    from { rootProject.subprojects.collectMany {getLiteLibJarOutput(it.buildDir)}.collect() }
+    from { rootProject.subprojects.collectMany {
+        if (it.properties.get('projectPath').toString() != ':onboarding-enabler-java-sample-app-plain-java') {
+            getLiteLibJarOutput(it.buildDir)
+        } else {
+            []
+        }
+    }.collect() }
 }
 
 build.dependsOn(liteLibJarAll)

gradle/sonar.gradle

@@ -72,6 +72,12 @@ project(":onboarding-enabler-nodejs") {
     }
 }
 
+project(":onboarding-enabler-java-sample-app-plain-java") {
+    sonarqube {
+        skipProject = true
+    }
+}
+
 project(":onboarding-enabler-nodejs-sample-app") {
     sonarqube {
         skipProject = true

onboarding-enabler-java-sample-app-plain-java/build.gradle

@@ -0,0 +1,15 @@
+dependencies {
+    compile (project(':onboarding-enabler-java'))
+    compile ("javax.servlet:javax.servlet-api:4.0.1")
+}
+
+jar {
+    archiveName = "sample.jar"
+    manifest {
+        attributes "Main-Class": "org.zowe.apiml.sample.PlainJavaEnablerApp"
+    }
+
+    from {
+        configurations.compile.collect { it.isDirectory() ? it : zipTree(it) }
+    }
+}

onboarding-enabler-java-sample-app-plain-java/config/service-configuration.yml

@@ -0,0 +1,44 @@
+serviceId: plainjavaenablersample
+title: Plain java enabler sample
+description: Plain java enabler sample
+baseUrl: https://localhost:8080
+serviceIpAddress: 127.0.0.1
+preferIpAddress: false
+
+homePageRelativeUrl: /greeting
+statusPageRelativeUrl: /status
+healthCheckRelativeUrl: /health
+
+discoveryServiceUrls:
+  - https://localhost:10011/eureka
+
+routes:
+  - gatewayUrl: api/v1
+    serviceUrl: /
+
+apiInfo:
+  - apiId: org.zowe.pjesample
+    version: 1.0.0
+    gatewayUrl: api/v1
+    swaggerUrl:
+    doumentationUrl: https://localhost:8080/apidoc
+
+
+catalog:
+    tile:
+        id: cademoapps
+        title: Sample API Mediation Layer Applications
+        description: Applications which demonstrate how to make a service integrated to the API Mediation Layer ecosystem
+        version: 1.0.0
+
+ssl:
+    verifySslCertificatesOfServices: true
+    protocol: TLSv1.2
+    keyAlias: localhost
+    keyPassword: password
+    keyStore: keystore/localhost/localhost.keystore.p12
+    keyStorePassword: password
+    keyStoreType: PKCS12
+    trustStore: keystore/localhost/localhost.truststore.p12
+    trustStorePassword: password
+    trustStoreType: PKCS12

onboarding-enabler-java-sample-app-plain-java/readme.md

@@ -0,0 +1,21 @@
+# Plain Java Enabler Sample
+✌( ͡° ͜ʖ ͡°)✌ "Superplain" edition
+
+It's so _LIGHT_ that it doesn't have any _REST_ endpoints.
+
+### Quick start
+
+- run
+    
+    `java -jar <jar location> <path to configuration>`
+
+- run against local api-layer instance from api-layer repository root
+    
+    `java -jar ./onboarding-enabler-java-sample-app-plain-java/build/libs/sample.jar ./onboarding-enabler-java-sample-app-plain-java/config/service-configuration.yml`
+
+- run on mainframe (assuming artefacts in the same folder, with keyrings)
+
+    `java -Xquickstart -Dfile.encoding=UTF-8 -Djava.protocol.handler.pkgs=com.ibm.crypto.provider -jar sample.jar service-configuration.yml`
+
+### Configuration
+Configuration sample can be found in the `config` folder. The config is for local api layer instance, running from repository root. Customize and use as you see fit.

onboarding-enabler-java-sample-app-plain-java/src/main/java/org/zowe/apiml/sample/PlainJavaEnablerApp.java

@@ -0,0 +1,44 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.sample;
+
+import org.zowe.apiml.eurekaservice.client.config.ApiMediationServiceConfig;
+import org.zowe.apiml.eurekaservice.client.impl.ApiMediationClientImpl;
+import org.zowe.apiml.eurekaservice.client.util.ApiMediationServiceConfigReader;
+import org.zowe.apiml.exception.ServiceDefinitionException;
+
+import java.util.Objects;
+import java.util.logging.Logger;
+
+public class PlainJavaEnablerApp {
+
+    private static Logger log = Logger.getLogger(PlainJavaEnablerApp.class.getName());
+
+    public static void main(String[] args) throws InterruptedException {
+        if (args.length == 0 || Objects.isNull(args[0]) || args[0].isEmpty()) {
+            throw new IllegalArgumentException("Please provide path to service configuration file as a first argument");
+        }
+        String configurationFile = args[0];
+        try {
+            ApiMediationServiceConfigReader reader = new ApiMediationServiceConfigReader();
+            ApiMediationServiceConfig config = reader.loadConfiguration(configurationFile);
+            ApiMediationClientImpl apiMediationClient = new ApiMediationClientImpl();
+            apiMediationClient.register(config);
+        } catch (ServiceDefinitionException sde) {
+            log.severe("Service configuration failed. Check log for previous errors: " + sde.getMessage());
+            sde.printStackTrace();
+            throw new IllegalStateException("Configuration problem");
+        }
+        log.info("Configuration loaded, sleeping the main thread. Verify registration correctness in Discovery service");
+
+        Thread.currentThread().join();
+    }
+}

onboarding-enabler-java-sample-app/build.gradle

@@ -1,9 +1,10 @@
 buildscript {
     repositories {
         mavenCentral()
+        gradlePluginPortal()
     }
     dependencies {
-        classpath 'com.bmuschko:gradle-tomcat-plugin:2.5'
+        classpath 'com.bmuschko:gradle-tomcat-plugin:2.7.0'
     }
 }
 
@@ -36,11 +37,10 @@ dependencies {
     testCompile libraries.mockito_core
     testCompile libraries.json_path
 
-    def tomcatVersion = '8.0.53'
+    def tomcatVersion = '9.0.1'
     tomcat "org.apache.tomcat.embed:tomcat-embed-core:${tomcatVersion}",
-        "org.apache.tomcat.embed:tomcat-embed-logging-juli:${tomcatVersion}",
+        "org.apache.tomcat.embed:tomcat-embed-logging-juli:9.0.0.M6",
         "org.apache.tomcat.embed:tomcat-embed-jasper:${tomcatVersion}"
-        "org.apache.tomcat.embed:tomcat-servlet-api:${tomcatVersion}"
 }
 
 tomcat {
@@ -53,4 +53,6 @@ tomcat {
     tomcatRun.truststoreFile = file("${project.rootDir}/keystore/localhost/localhost.truststore.p12")
     tomcatRun.keystorePass = "password"
     tomcatRun.truststorePass = "password"
+    httpProtocol = 'org.apache.coyote.http11.Http11Nio2Protocol'
+    ajpProtocol  = 'org.apache.coyote.ajp.AjpNio2Protocol'
 }

onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/util/EurekaInstanceConfigValidator.java

@@ -28,6 +28,7 @@ public class EurekaInstanceConfigValidator {
 
     private static final String UNSET_VALUE_STRING = "{apiml.";
     private static final char[] UNSET_VALUE_CHAR_ARRAY = UNSET_VALUE_STRING.toCharArray();
+    private static final String KEYRING_KEY = "JCERACFKS";
 
     private final List<String> missingSslParameters = new ArrayList<>();
     private final List<String> missingRoutesParameters = new ArrayList<>();
@@ -94,9 +95,6 @@ private void validateSslParameters(Ssl ssl, List<String> missingSslParameters) {
         if (isInvalid(ssl.getTrustStoreType())) {
             addParameterToProblemsList("trustStoreType", missingSslParameters);
         }
-        if (isInvalid(ssl.getKeyPassword())) {
-            addParameterToProblemsList("keyPassword", missingSslParameters);
-        }
         if (ssl.getEnabled() == null) {
             addParameterToProblemsList("enabled", missingSslParameters);
         }
@@ -105,13 +103,19 @@ private void validateSslParameters(Ssl ssl, List<String> missingSslParameters) {
     private void validateSsl(Ssl ssl) {
         validateSslParameters(ssl, missingSslParameters);
         if (isInvalid(ssl.getTrustStorePassword()) && (isInvalid(ssl.getTrustStoreType()) ||
-                (!isInvalid(ssl.getTrustStoreType()) && !ssl.getTrustStoreType().equals("JCERACFKS")))) {
+                (!isInvalid(ssl.getTrustStoreType()) && !ssl.getTrustStoreType().equals(KEYRING_KEY)))) {
             addParameterToProblemsList("trustStorePassword", missingSslParameters);
         }
         if (isInvalid(ssl.getKeyStorePassword()) && (isInvalid(ssl.getKeyStoreType()) ||
-                (!isInvalid(ssl.getKeyStoreType()) && !ssl.getKeyStoreType().equals("JCERACFKS")))) {
+                (!isInvalid(ssl.getKeyStoreType()) && !ssl.getKeyStoreType().equals(KEYRING_KEY)))) {
             addParameterToProblemsList("keyStorePassword", missingSslParameters);
         }
+        if (isInvalid(ssl.getKeyPassword()) && (isInvalid(ssl.getKeyStoreType()) ||
+            (!isInvalid(ssl.getKeyStoreType()) && !ssl.getKeyStoreType().equals(KEYRING_KEY)))) {
+            addParameterToProblemsList("keyPassword", missingSslParameters);
+        }
+
+
         if (!missingSslParameters.isEmpty()) {
             throw new MetadataValidationException(String.format("SSL parameters ** %s ** are missing or were not replaced by the system properties.", String.join(", ", missingSslParameters)));
         }

onboarding-enabler-java/src/test/java/org/zowe/apiml/eurekaservice/client/util/EurekaInstanceConfigValidatorTest.java

@@ -24,6 +24,7 @@
 
 import javax.servlet.ServletContext;
 import java.util.Collections;
+import java.util.function.Consumer;
 
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -54,7 +55,7 @@ void givenServiceConfiguration_whenConfigurationIsValid_thenValidate() throws Se
     @CsvSource(value = {
         "bad-ssl-configuration.yml|SSL configuration was not provided. Try add apiml.service.ssl section.",
         "wrong-routes-service-configuration.yml|Routes parameters  ** gatewayUrl, serviceUrl ** are missing or were not replaced by the system properties.",
-        "missing-ssl-configuration.yml|SSL parameters ** protocol, trustStore, keyStore, keyAlias, keyStoreType, trustStoreType, keyPassword, enabled, trustStorePassword, keyStorePassword ** are missing or were not replaced by the system properties."
+        "missing-ssl-configuration.yml|SSL parameters ** protocol, trustStore, keyStore, keyAlias, keyStoreType, trustStoreType, enabled, trustStorePassword, keyStorePassword, keyPassword ** are missing or were not replaced by the system properties."
     }, delimiter = '|')
     void givenConfigurationWithInvalidSsl_whenValidate_thenThrowException(String cfgFile, String expectedMsg) throws ServiceDefinitionException {
         ApiMediationServiceConfig testConfig = configReader.loadConfiguration(cfgFile);
@@ -71,6 +72,31 @@ void givenConfigurationWithHttpEurekaAndInvalidSsl_thenValidate() throws Service
         assertDoesNotThrow(() -> validator.validate(testConfig));
     }
 
+    @Test
+    void emptyKeyringPasswordsAreSupported() throws ServiceDefinitionException {
+        ApiMediationServiceConfig testConfig = configReader.loadConfiguration("service-configuration-keyring.yml");
+        testConfig.setDiscoveryServiceUrls(Collections.singletonList("https://localhost:10011/eureka"));
+        assertDoesNotThrow(() -> validator.validate(testConfig));
+    }
+
+    @SuppressWarnings("squid:S5778") //Lambda formatting
+    @Test
+    void emptyPasswordsWithKeystoresAreValidatedAsErrors() {
+        assertThrows(MetadataValidationException.class, () -> validator.validate(
+            loadValidSslConfiguration(c -> c.getSsl().setKeyPassword(null))));
+        assertThrows(MetadataValidationException.class, () -> validator.validate(
+            loadValidSslConfiguration(c -> c.getSsl().setKeyStorePassword(null))));
+        assertThrows(MetadataValidationException.class, () -> validator.validate(
+            loadValidSslConfiguration(c -> c.getSsl().setTrustStorePassword(null))));
+    }
+
+    private ApiMediationServiceConfig loadValidSslConfiguration(Consumer<ApiMediationServiceConfig> configModifier) throws ServiceDefinitionException {
+        ApiMediationServiceConfig testConfig = configReader.loadConfiguration("service-configuration.yml");
+        testConfig.setDiscoveryServiceUrls(Collections.singletonList("https://localhost:10011/eureka"));
+        configModifier.accept(testConfig);
+        return testConfig;
+    }
+
     @Test
     void givenSystemProperties_whenLoadFromFile_thenNoOverrideBySystemProp() throws Exception {
         System.setProperty("apiml.serviceId", "veronica");

onboarding-enabler-java/src/test/resources/service-configuration-keyring.yml

@@ -0,0 +1,52 @@
+serviceId: service
+title: HelloWorld Spring REST API
+description: POC for exposing a Spring REST API
+baseUrl: http://localhost:10021/hellospring
+serviceIpAddress: 127.0.0.1
+
+homePageRelativeUrl: /
+statusPageRelativeUrl: /application/info
+healthCheckRelativeUrl: /application/health
+
+discoveryServiceUrls:
+    - http://eureka:password@localhost:10011/eureka
+    - http://eureka:password@localhost:10011/eureka1
+
+routes:
+    - gatewayUrl: api/v1
+      serviceUrl: /hellospring/api/v1
+    - gatewayUrl: api/v1/api-doc
+      serviceUrl: /hellospring/api-doc
+
+apiInfo:
+    - apiId: zowe.apiml.hellospring
+      gatewayUrl: api/v1
+      swaggerUrl: http://localhost:10021/hellospring/api-doc
+
+catalog:
+    tile:
+        id: helloworld-spring
+        title: HelloWorld Spring REST API
+        description: Proof of Concept application to demonstrate exposing a REST API in the MFaaS ecosystem
+        version: 1.0.0
+
+ssl:
+    enabled: true
+    protocol: TLSv1.2
+    keyAlias: localhost
+    keyStore: safkeyring:////my_racf_id/my_key_ring
+    keyStoreType: JCERACFKS
+    trustStore: safkeyring:////my_racf_id/my_key_ring
+    trustStoreType: JCERACFKS
+
+customMetadata:
+    key: value
+    customService.key1: value1
+    customService.key2: value2
+    customService:
+        key3: value3
+        key4: value4
+        evenmorelevels:
+            key5:
+                key6:
+                    key7: value7