[EDGORDERS-83-ENV]. Refactor for TLS configuration for Spring-based E…

…nvironment (#105)

* [EDGORDERS-83-ENV]. Refactor for TLS configuration for Spring-based Environment

README.md

@@ -165,34 +165,31 @@ Configuration information is specified in two forms:
 | `request_timeout_ms`      | `30000`             | Request Timeout                                                           |
 | `api_key_sources`         | `PARAM,HEADER,PATH` | Defines the sources (order of precendence) of the API key.                |
 
-### System Properties for TLS configuration for Http server
+### Env variables for TLS configuration for Http server
+
 To configure Transport Layer Security (TLS) for the HTTP server in an edge module, the following configuration parameters should be used.
-Parameters marked as Required are required only in case when ssl_enabled is set to true.
-
-| Property                          | Default           | Description                                                                                 |
-|-----------------------------------|-------------------|---------------------------------------------------------------------------------------------|
-| `http-server.ssl_enabled`         | `false`           | Set whether SSL/TLS is enabled for Vertx Http Server                                        |
-| `http-server.keystore_type`       | `NA`              | (Required). Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` |
-| `http-server.keystore_provider`   | `NA`              | Set the provider name of the key store                                                      |
-| `http-server.keystore_path`       | `NA`              | (Required). Set the location of the keystore file in the local file system                  |
-| `http-server.keystore_password`   | `NA`              | (Required). Set the password for the keystore                                               |
-| `http-server.key_alias`           | `NA`              | Set the alias of the key within the keystore.                                               |
-| `http-server.key_alias_password`  | `NA`              | Optional param that points to a password of `key_alias` if it protected                     |
-
-### System Properties for TLS configuration for Web Client
+Parameters marked as Required are required only in case when TLS for the server should be enabled.
+
+| Property                                            | Default          | Description                                                                                 |
+|-----------------------------------------------------|------------------|---------------------------------------------------------------------------------------------|
+| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE`     | `NA`             | (Required). Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS` |
+| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION` | `NA`             | (Required). Set the location of the keystore file in the local file system                  |
+| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD` | `NA`             | (Required). Set the password for the keystore                                               |
+| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS`         | `NA`             | Set the alias of the key within the keystore.                                               |
+| `SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD`      | `NA`             | Optional param that points to a password of `KEY_ALIAS` if it protected                     |
+
+### Env variables for TLS configuration for Web Client
+
 To configure Transport Layer Security (TLS) for Web clients in the edge module, you can use the following configuration parameters.
-Truststore parameters for configuring Web clients are optional even when ssl_enabled = true.
-If truststore parameters need to be populated, truststore_type, truststore_path and truststore_password are required.
-
-| Property                          | Default           | Description                                                                      |
-|-----------------------------------|-------------------|----------------------------------------------------------------------------------|
-| `web-client.ssl_enabled`          | `false`           | Set whether SSL/TLS is enabled for Vertx Http Server                             |
-| `web-client.truststore_type`      | `NA`              | Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS`  |
-| `web-client.truststore_provider`  | `NA`              | Set the provider name of the key store                                           |
-| `web-client.truststore_path`      | `NA`              | Set the location of the keystore file in the local file system                   |
-| `web-client.truststore_password`  | `NA`              | Set the password for the keystore                                                |
-| `web-client.key_alias`            | `NA`              | Set the alias of the key within the keystore.                                    |
-| `web-client.key_alias_password`   | `NA`              | Optional param that points to a password of `key_alias` if it protected          |
+Truststore parameters for configuring Web clients are optional even when `FOLIO_CLIENT_TLS_ENABLED = true`.
+If truststore parameters need to be populated, `FOLIO_CLIENT_TLS_TRUSTSTORETYPE`, `FOLIO_CLIENT_TLS_TRUSTSTOREPATH` and `FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD` are required.
+
+| Property                                | Default           | Description                                                                      |
+|-----------------------------------------|-------------------|----------------------------------------------------------------------------------|
+| `FOLIO_CLIENT_TLS_ENABLED`              | `false`           | Set whether SSL/TLS is enabled for Vertx Http Server                             |
+| `FOLIO_CLIENT_TLS_TRUSTSTORETYPE`       | `NA`              | Set the type of the keystore. Common types include `JKS`, `PKCS12`, and `BCFKS`  |
+| `FOLIO_CLIENT_TLS_TRUSTSTOREPATH`       | `NA`              | Set the location of the keystore file in the local file system                   |
+| `FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD`   | `NA`              | Set the password for the keystore                                                |
 
 
 ## Additional information

src/main/java/org/folio/edge/core/Constants.java

@@ -25,22 +25,18 @@ private Constants() {
   public static final String SYS_API_KEY_SOURCES = "api_key_sources";
   public static final String SYS_RESPONSE_COMPRESSION = "response_compression";
 
-  // System properties for SSL/TLS http server configuration
-  public static final String SYS_HTTP_SERVER_SSL_ENABLED = "http-server.ssl_enabled";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_TYPE = "http-server.keystore_type";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_PROVIDER = "http-server.keystore_provider";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_PATH = "http-server.keystore_path";
-  public static final String SYS_HTTP_SERVER_KEYSTORE_PASSWORD = "http-server.keystore_password";
-  public static final String SYS_HTTP_SERVER_KEY_ALIAS = "http-server.key_alias";
-  public static final String SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD = "http-server.key_alias_password";
-  public static final String SYS_WEB_CLIENT_SSL_ENABLED = "web-client.ssl_enabled";
-  // System properties for SSL/TLS web client configuration
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_TYPE = "web-client.truststore_type";
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER = "web-client.truststore_provider";
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_PATH = "web-client.truststore_path";
-  public static final String SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD = "web-client.truststore_password";
-  public static final String SYS_WEB_CLIENT_KEY_ALIAS = "web-client.key_alias";
-  public static final String SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD = "web-client.key_alias_password";
+  // Env variables for SSL/TLS http server configuration
+  public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS";
+  public static final String SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD = "SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD";
+
+  // Env variables for SSL/TLS web client configuration
+  public static final String FOLIO_CLIENT_TLS_ENABLED = "FOLIO_CLIENT_TLS_ENABLED";
+  public static final String FOLIO_CLIENT_TLS_TRUSTSTORETYPE = "FOLIO_CLIENT_TLS_TRUSTSTORETYPE";
+  public static final String FOLIO_CLIENT_TLS_TRUSTSTOREPATH = "FOLIO_CLIENT_TLS_TRUSTSTOREPATH";
+  public static final String FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD = "FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD";
 
   // Property names
   public static final String PROP_SECURE_STORE_TYPE = "secureStore.type";
@@ -100,51 +96,40 @@ private Constants() {
         System.getProperty(SYS_API_KEY_SOURCES, DEFAULT_API_KEY_SOURCES));
     defaultMap.put(SYS_REQUEST_TIMEOUT_MS,
         Long.parseLong(System.getProperty(SYS_REQUEST_TIMEOUT_MS,
-            Long.toString(DEFAULT_REQUEST_TIMEOUT_MS))));
+          Long.toString(DEFAULT_REQUEST_TIMEOUT_MS))));
     defaultMap.put(SYS_TOKEN_CACHE_TTL_MS,
         Long.parseLong(System.getProperty(SYS_TOKEN_CACHE_TTL_MS,
-            Long.toString(DEFAULT_TOKEN_CACHE_TTL_MS))));
+          Long.toString(DEFAULT_TOKEN_CACHE_TTL_MS))));
     defaultMap.put(SYS_NULL_TOKEN_CACHE_TTL_MS,
         Long.parseLong(System.getProperty(SYS_NULL_TOKEN_CACHE_TTL_MS,
-            Long.toString(DEFAULT_NULL_TOKEN_CACHE_TTL_MS))));
+          Long.toString(DEFAULT_NULL_TOKEN_CACHE_TTL_MS))));
     defaultMap.put(SYS_TOKEN_CACHE_CAPACITY,
         Integer.parseInt(System.getProperty(SYS_TOKEN_CACHE_CAPACITY,
-            Integer.toString(DEFAULT_TOKEN_CACHE_CAPACITY))));
+          Integer.toString(DEFAULT_TOKEN_CACHE_CAPACITY))));
     defaultMap.put(SYS_SECURE_STORE_TYPE,
-        System.getProperty(SYS_SECURE_STORE_TYPE, DEFAULT_SECURE_STORE_TYPE));
+          System.getProperty(SYS_SECURE_STORE_TYPE, DEFAULT_SECURE_STORE_TYPE));
     defaultMap.put(SYS_RESPONSE_COMPRESSION,
         Boolean.parseBoolean(System.getProperty(SYS_RESPONSE_COMPRESSION,
-            Boolean.toString(DEFAULT_RESPONSE_COMPRESSION))));
-    defaultMap.put(SYS_HTTP_SERVER_SSL_ENABLED,
-      Boolean.parseBoolean(System.getProperty(SYS_HTTP_SERVER_SSL_ENABLED,
-        Boolean.toString(DEFAULT_SSL_ENABLED))));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_TYPE,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_TYPE));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PROVIDER,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PROVIDER));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PATH,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PATH));
-    defaultMap.put(SYS_HTTP_SERVER_KEYSTORE_PASSWORD,
-      System.getProperty(SYS_HTTP_SERVER_KEYSTORE_PASSWORD));
-    defaultMap.put(SYS_HTTP_SERVER_KEY_ALIAS,
-      System.getProperty(SYS_HTTP_SERVER_KEY_ALIAS));
-    defaultMap.put(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD,
-      System.getProperty(SYS_HTTP_SERVER_KEY_ALIAS_PASSWORD));
-    defaultMap.put(SYS_WEB_CLIENT_SSL_ENABLED,
-      Boolean.parseBoolean(System.getProperty(SYS_WEB_CLIENT_SSL_ENABLED,
-        Boolean.toString(DEFAULT_SSL_ENABLED))));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_TYPE,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_TYPE));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PATH,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PATH));
-    defaultMap.put(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD,
-      System.getProperty(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD));
-    defaultMap.put(SYS_WEB_CLIENT_KEY_ALIAS,
-      System.getProperty(SYS_WEB_CLIENT_KEY_ALIAS));
-    defaultMap.put(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD,
-      System.getProperty(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD));
+          Boolean.toString(DEFAULT_RESPONSE_COMPRESSION))));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_TYPE));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_LOCATION));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEYSTORE_PASSWORD));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_ALIAS));
+    defaultMap.put(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD,
+        System.getenv().get(SPRING_SSL_BUNDLE_JKS_WEBSERVER_KEY_PASSWORD));
+    defaultMap.put(FOLIO_CLIENT_TLS_ENABLED,
+        Boolean.parseBoolean(System.getenv().getOrDefault(FOLIO_CLIENT_TLS_ENABLED,
+          Boolean.toString(DEFAULT_SSL_ENABLED))));
+    defaultMap.put(FOLIO_CLIENT_TLS_TRUSTSTORETYPE,
+        System.getenv().get(FOLIO_CLIENT_TLS_TRUSTSTORETYPE));
+    defaultMap.put(FOLIO_CLIENT_TLS_TRUSTSTOREPATH,
+        System.getenv().get(FOLIO_CLIENT_TLS_TRUSTSTOREPATH));
+    defaultMap.put(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD,
+        System.getenv().get(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD));
     defaultMap.put(SYS_SECURE_STORE_PROP_FILE,
         System.getProperty(SYS_SECURE_STORE_PROP_FILE));
     defaultMap.put(SYS_OKAPI_URL,

src/main/java/org/folio/edge/core/utils/OkapiClientFactoryInitializer.java

@@ -2,13 +2,10 @@
 
 import static org.folio.edge.core.Constants.SYS_OKAPI_URL;
 import static org.folio.edge.core.Constants.SYS_REQUEST_TIMEOUT_MS;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_SSL_ENABLED;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PATH;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER;
-import static org.folio.edge.core.Constants.SYS_WEB_CLIENT_TRUSTSTORE_TYPE;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_ENABLED;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTOREPATH;
+import static org.folio.edge.core.Constants.FOLIO_CLIENT_TLS_TRUSTSTORETYPE;
 
 import com.amazonaws.util.StringUtils;
 import io.vertx.core.Vertx;
@@ -27,27 +24,21 @@ private OkapiClientFactoryInitializer() {
   public static OkapiClientFactory createInstance(Vertx vertx, JsonObject config) {
     String okapiUrl = config.getString(SYS_OKAPI_URL);
     Integer requestTimeout = config.getInteger(SYS_REQUEST_TIMEOUT_MS);
-    boolean isSslEnabled = config.getBoolean(SYS_WEB_CLIENT_SSL_ENABLED);
+    boolean isSslEnabled = config.getBoolean(FOLIO_CLIENT_TLS_ENABLED);
     if (isSslEnabled) {
       logger.info("Creating OkapiClientFactory with Enhance HTTP Endpoint Security and TLS mode enabled");
-      String truststoreType = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_TYPE);
-      String truststoreProvider = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PROVIDER);
-      String truststorePath = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PATH);
-      String truststorePassword = config.getString(SYS_WEB_CLIENT_TRUSTSTORE_PASSWORD);
-      String keyAlias = config.getString(SYS_WEB_CLIENT_KEY_ALIAS);
-      String keyAliasPassword = config.getString(SYS_WEB_CLIENT_KEY_ALIAS_PASSWORD);
+      String truststoreType = config.getString(FOLIO_CLIENT_TLS_TRUSTSTORETYPE);
+      String truststorePath = config.getString(FOLIO_CLIENT_TLS_TRUSTSTOREPATH);
+      String truststorePassword = config.getString(FOLIO_CLIENT_TLS_TRUSTSTOREPASSWORD);
       if (!StringUtils.isNullOrEmpty(truststoreType)
         && !StringUtils.isNullOrEmpty(truststorePath)
         && !StringUtils.isNullOrEmpty(truststorePassword)) {
 
         logger.info("Web client truststore options for type: {} are set, configuring Web Client with them", truststoreType);
         TrustOptions trustOptions = new KeyStoreOptions()
           .setType(truststoreType)
-          .setProvider(truststoreProvider)
           .setPath(truststorePath)
-          .setPassword(truststorePassword)
-          .setAlias(keyAlias)
-          .setAliasPassword(keyAliasPassword);
+          .setPassword(truststorePassword);
         return new OkapiClientFactory(vertx, okapiUrl, requestTimeout, trustOptions);
       } else {
         return new OkapiClientFactory(vertx, okapiUrl, requestTimeout, null);