fix: wrong using of certificates in ZAAS client (#1514)

pj892031 · web-flow · commit 964c4fa6f487 · 2021-06-09T10:21:12.000+02:00
* fix

Signed-off-by: Pavel Jareš &lt;pavel.jares@broadcom.com&gt;

* fix by review

Signed-off-by: Pavel Jareš &lt;pavel.jares@broadcom.com&gt;
diff --git a/zaas-client/src/main/java/org/zowe/apiml/zaasclient/config/ConfigProperties.java b/zaas-client/src/main/java/org/zowe/apiml/zaasclient/config/ConfigProperties.java
@@ -9,10 +9,14 @@
  */
 package org.zowe.apiml.zaasclient.config;
 
+import lombok.Builder;
 import lombok.Data;
+import lombok.experimental.Tolerate;
 
 @Data
+@Builder
 public class ConfigProperties {
+
     private String apimlHost;
     private String apimlPort;
     private String apimlBaseUrl;
@@ -24,4 +28,23 @@ public class ConfigProperties {
     private char[] trustStorePassword;
     private boolean httpOnly;
     private boolean nonStrictVerifySslCertificatesOfServices;
+
+    @Tolerate
+    public ConfigProperties() {
+        // no args constructor
+    }
+
+    public ConfigProperties withoutKeyStore() {
+        return ConfigProperties.builder()
+            .apimlHost(apimlHost)
+            .apimlPort(apimlPort)
+            .apimlBaseUrl(apimlBaseUrl)
+            .trustStoreType(trustStoreType)
+            .trustStorePath(trustStorePath)
+            .trustStorePassword(trustStorePassword)
+            .httpOnly(httpOnly)
+            .nonStrictVerifySslCertificatesOfServices(nonStrictVerifySslCertificatesOfServices)
+            .build();
+    }
+
 }
diff --git a/zaas-client/src/main/java/org/zowe/apiml/zaasclient/service/internal/ZaasClientImpl.java b/zaas-client/src/main/java/org/zowe/apiml/zaasclient/service/internal/ZaasClientImpl.java
@@ -13,6 +13,7 @@
 import org.zowe.apiml.zaasclient.config.ConfigProperties;
 import org.zowe.apiml.zaasclient.exception.ZaasClientErrorCodes;
 import org.zowe.apiml.zaasclient.exception.ZaasClientException;
+import org.zowe.apiml.zaasclient.exception.ZaasConfigurationErrorCodes;
 import org.zowe.apiml.zaasclient.exception.ZaasConfigurationException;
 import org.zowe.apiml.zaasclient.service.ZaasClient;
 import org.zowe.apiml.zaasclient.service.ZaasToken;
@@ -26,12 +27,17 @@ public class ZaasClientImpl implements ZaasClient {
     private final PassTicketService passTickets;
 
     public ZaasClientImpl(ConfigProperties configProperties) throws ZaasConfigurationException {
+        if (!configProperties.isHttpOnly() && (configProperties.getKeyStorePath() == null)) {
+            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.KEY_STORE_NOT_PROVIDED);
+        }
+
         CloseableClientProvider httpClientProvider = getTokenProvider(configProperties);
+        CloseableClientProvider httpClientProviderWithoutCert = getTokenProviderWithoutCert(configProperties, httpClientProvider);
+
         String baseUrl = String.format("%s://%s:%s%s", getScheme(configProperties.isHttpOnly()), configProperties.getApimlHost(), configProperties.getApimlPort(),
             configProperties.getApimlBaseUrl());
-        tokens = new ZaasJwtService(httpClientProvider, baseUrl);
+        tokens = new ZaasJwtService(httpClientProviderWithoutCert, baseUrl);
         passTickets = new PassTicketServiceImpl(httpClientProvider, baseUrl);
-
     }
 
     private CloseableClientProvider getTokenProvider(ConfigProperties configProperties) throws ZaasConfigurationException {
@@ -40,7 +46,16 @@ private CloseableClientProvider getTokenProvider(ConfigProperties configProperti
         } else {
             return new ZaasHttpsClientProvider(configProperties);
         }
+    }
 
+    private CloseableClientProvider getTokenProviderWithoutCert (
+        ConfigProperties configProperties,
+        CloseableClientProvider defaultCloseableClientProvider) throws ZaasConfigurationException
+    {
+        if (configProperties.isHttpOnly()) {
+            return defaultCloseableClientProvider;
+        }
+        return getTokenProvider(configProperties.withoutKeyStore());
     }
 
     private Object getScheme(boolean httpOnly) {
diff --git a/zaas-client/src/main/java/org/zowe/apiml/zaasclient/service/internal/ZaasHttpsClientProvider.java b/zaas-client/src/main/java/org/zowe/apiml/zaasclient/service/internal/ZaasHttpsClientProvider.java
@@ -71,11 +71,8 @@ public void clearCookieStore() {
 
     @Override
     public synchronized CloseableHttpClient getHttpClient() throws ZaasConfigurationException {
-        if (keyStorePath == null) {
-            throw new ZaasConfigurationException(ZaasConfigurationErrorCodes.KEY_STORE_NOT_PROVIDED);
-        }
         if (httpsClientWithKeyStoreAndTrustStore == null) {
-            if (kmf == null) {
+            if ((kmf == null) && (keyStorePath != null)) {
                 initializeKeyStoreManagerFactory();
             }
             httpsClientWithKeyStoreAndTrustStore = sharedHttpClientConfiguration(getSSLContext())
diff --git a/zaas-client/src/test/java/org/zowe/apiml/zaasclient/service/internal/ZaasClientImplHttpTests.java b/zaas-client/src/test/java/org/zowe/apiml/zaasclient/service/internal/ZaasClientImplHttpTests.java
@@ -25,6 +25,7 @@ void testHttpOnlyZaasClientCanBeCreated() throws ZaasConfigurationException {
         configProperties.setApimlPort("10010");
         configProperties.setApimlBaseUrl("/api/v1/gateway/auth");
         configProperties.setNonStrictVerifySslCertificatesOfServices(false);
+        configProperties.setKeyStorePath("keystorePath");
         ZaasClient client = new ZaasClientImpl(configProperties);
         assertNotNull(client);
     }
diff --git a/zaas-client/src/test/java/org/zowe/apiml/zaasclient/service/internal/ZaasClientTest.java b/zaas-client/src/test/java/org/zowe/apiml/zaasclient/service/internal/ZaasClientTest.java
@@ -14,6 +14,7 @@
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
+import org.zowe.apiml.zaasclient.config.ConfigProperties;
 import org.zowe.apiml.zaasclient.exception.ZaasClientErrorCodes;
 import org.zowe.apiml.zaasclient.exception.ZaasClientException;
 import org.zowe.apiml.zaasclient.exception.ZaasConfigurationException;
@@ -146,4 +147,15 @@ void givenValidToken_whenLogoutIsCalled_thenSuccessLogout() {
         assertDoesNotThrow(() -> underTest.logout("apimlAuthenticationToken=" + VALID_TOKEN));
     }
 
+    @Test
+    void givenNullKeyStorePath_whenTheClientIsConstructed_thenExceptionIsThrown() {
+        ConfigProperties config = new ConfigProperties();
+        config.setTrustStorePassword(VALID_PASSWORD.toCharArray());
+        config.setTrustStorePath("src/test/resources/localhost.truststore.p12");
+        config.setTrustStoreType("PKCS12");
+        ZaasConfigurationException zaasException = assertThrows(ZaasConfigurationException.class, () -> new ZaasClientImpl(config));
+
+        assertThat(zaasException.getErrorCode().getId(), is("ZWEAS501E"));
+    }
+
 }
diff --git a/zaas-client/src/test/java/org/zowe/apiml/zaasclient/service/internal/ZaasHttpsClientProviderTests.java b/zaas-client/src/test/java/org/zowe/apiml/zaasclient/service/internal/ZaasHttpsClientProviderTests.java
@@ -102,18 +102,6 @@ void giveInvalidTrustStorePath_whenTheClientIsConstructed_thenExceptionsIsThrown
         assertThat(zaasException.getErrorCode().getId(), is("ZWEAS503E"));
     }
 
-    @Test
-    void givenNullKeyStorePath_whenTheClientIsConstructed_thenExceptionIsThrown() throws ZaasConfigurationException {
-        ConfigProperties config = new ConfigProperties();
-        config.setTrustStorePassword(PASSWORD);
-        config.setTrustStorePath("src/test/resources/localhost.truststore.p12");
-        config.setTrustStoreType("PKCS12");
-        ZaasHttpsClientProvider provider = new ZaasHttpsClientProvider(config);
-        ZaasConfigurationException zaasException = assertThrows(ZaasConfigurationException.class, provider::getHttpClient);
-
-        assertThat(zaasException.getErrorCode().getId(), is("ZWEAS501E"));
-    }
-
     @Test
     void givenInvalidKeyStorePath_whenTheClientIsConstructed_thenExceptionIsThrown() throws ZaasConfigurationException {
         ConfigProperties config = new ConfigProperties();

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ void testHttpOnlyZaasClientCanBeCreated() throws ZaasConfigurationException {`
`25`	`25`	`configProperties.setApimlPort("10010");`
`26`	`26`	`configProperties.setApimlBaseUrl("/api/v1/gateway/auth");`
`27`	`27`	`configProperties.setNonStrictVerifySslCertificatesOfServices(false);`
	`28`	`+ configProperties.setKeyStorePath("keystorePath");`
`28`	`29`	`ZaasClient client = new ZaasClientImpl(configProperties);`
`29`	`30`	`assertNotNull(client);`
`30`	`31`	`}`