fix: throw insecureHttpWarning message only when attls is not enabled (…

…#3810)

* throw insecureHttpWarning message only when attls is not enabled

Signed-off-by: sj895092 <shobhackm9@gmail.com>

apiml-common/src/main/java/org/zowe/apiml/product/web/HttpConfig.java

@@ -45,6 +45,8 @@ public class HttpConfig {
 
     private static final char[] KEYRING_PASSWORD = "password".toCharArray();
 
+    @Value("${server.attls.enabled:false}")
+    private boolean attlsEnabled;
     @Value("${server.ssl.protocol:TLSv1.2}")
     private String protocol;
     @Value("${apiml.httpclient.ssl.enabled-protocols:TLSv1.2,TLSv1.3}")
@@ -285,7 +287,7 @@ public EurekaJerseyClient eurekaJerseyClient() {
 
     @Bean
     public Supplier<EurekaJerseyClientBuilder> eurekaJerseyClientBuilder() {
-        return () -> factory.createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId);
+        return () -> factory.createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId, attlsEnabled);
     }
 
 }

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/config/ConnectionsConfig.java

@@ -123,6 +123,9 @@ public class ConnectionsConfig {
     @Value("${spring.application.name}")
     private String serviceId;
 
+    @Value("${server.attls.enabled:false}")
+    private boolean attlsEnabled;
+
     @Value("${server.ssl.trustStoreRequired:false}")
     private boolean trustStoreRequired;
 
@@ -234,7 +237,7 @@ SslContext sslContext(boolean setKeystore) {
 
     @Bean("primaryApimlEurekaJerseyClient")
     EurekaJerseyClient getEurekaJerseyClient() {
-        return factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId).build();
+        return factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId, attlsEnabled).build();
     }
 
     @Bean(destroyMethod = "shutdown")
@@ -292,7 +295,7 @@ private CloudEurekaClient registerInTheApimlInstance(EurekaClientConfig config,
         BeanUtils.copyProperties(config, configBean);
         configBean.setServiceUrl(urls);
 
-        EurekaJerseyClient jerseyClient = factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId).build();
+        EurekaJerseyClient jerseyClient = factory().createEurekaJerseyClientBuilder(eurekaServerUrl, serviceId, attlsEnabled).build();
         MutableDiscoveryClientOptionalArgs args = new MutableDiscoveryClientOptionalArgs();
         args.setEurekaJerseyClient(jerseyClient);
 

cloud-gateway-service/src/test/java/org/zowe/apiml/cloudgatewayservice/config/AdditionalRegistrationTest.java

@@ -37,6 +37,7 @@
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -83,7 +84,7 @@ class WhenInitializingAdditionalRegistrations {
         public void setUp() {
             configSpy = Mockito.spy(connectionsConfig);
             lenient().doReturn(httpsFactory).when(configSpy).factory();
-            lenient().when(httpsFactory.createEurekaJerseyClientBuilder(any(), any())).thenReturn(mock(EurekaJerseyClientImpl.EurekaJerseyClientBuilder.class));
+            lenient().when(httpsFactory.createEurekaJerseyClientBuilder(any(), any(), anyBoolean())).thenReturn(mock(EurekaJerseyClientImpl.EurekaJerseyClientBuilder.class));
 
             lenient().when(eurekaFactory.createCloudEurekaClient(any(), any(), clientConfigCaptor.capture(), any(), any())).thenReturn(additionalClientOne, additionalClientTwo);
         }

common-service-core/src/main/java/org/zowe/apiml/security/HttpsFactory.java

@@ -237,7 +237,7 @@ public HostnameVerifier getHostnameVerifier() {
         }
     }
 
-    public EurekaJerseyClientBuilder createEurekaJerseyClientBuilder(String eurekaServerUrl, String serviceId) {
+    public EurekaJerseyClientBuilder createEurekaJerseyClientBuilder(String eurekaServerUrl, String serviceId, boolean attlsEnabled) {
         EurekaJerseyClientBuilder builder = new EurekaJerseyClientBuilder();
         builder.withClientName(serviceId);
         builder.withMaxTotalConnections(10);
@@ -248,10 +248,11 @@ public EurekaJerseyClientBuilder createEurekaJerseyClientBuilder(String eurekaSe
         // See:
         // https://github.com/Netflix/eureka/blob/master/eureka-core/src/main/java/com/netflix/eureka/transport/JerseyReplicationClient.java#L160
         if (eurekaServerUrl.startsWith("http://")) {
-            apimlLog.log("org.zowe.apiml.common.insecureHttpWarning");
+            if (!attlsEnabled) {
+                apimlLog.log("org.zowe.apiml.common.insecureHttpWarning");
+            }
         } else {
             builder.withCustomSSL(getSslContext());
-
             builder.withHostnameVerifier(getHostnameVerifier());
         }
         return builder;

common-service-core/src/test/java/org/zowe/apiml/security/HttpsFactoryTest.java

@@ -33,6 +33,7 @@
 class HttpsFactoryTest {
     private static final String EUREKA_URL_NO_SCHEME = "://localhost:10011/eureka/";
     private static final String TEST_SERVICE_ID = "service1";
+    private static final boolean ATTLS = false;
     private static final String INCORRECT_PARAMETER_VALUE = "WRONG";
 
     private HttpsConfig.HttpsConfigBuilder httpsConfigBuilder;
@@ -136,7 +137,7 @@ void shouldCreateEurekaJerseyClientBuilderForHttps() {
         HttpsConfig httpsConfig = httpsConfigBuilder.build();
         HttpsFactory httpsFactory = new HttpsFactory(httpsConfig);
         EurekaJerseyClientImpl.EurekaJerseyClientBuilder clientBuilder =
-            httpsFactory.createEurekaJerseyClientBuilder("https" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID);
+            httpsFactory.createEurekaJerseyClientBuilder("https" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID, ATTLS);
         assertNotNull(clientBuilder);
     }
 
@@ -145,7 +146,7 @@ void shouldCreateEurekaJerseyClientBuilderForHttp() {
         HttpsConfig httpsConfig = httpsConfigBuilder.build();
         HttpsFactory httpsFactory = new HttpsFactory(httpsConfig);
         EurekaJerseyClientImpl.EurekaJerseyClientBuilder clientBuilder =
-            httpsFactory.createEurekaJerseyClientBuilder("http" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID);
+            httpsFactory.createEurekaJerseyClientBuilder("http" + EUREKA_URL_NO_SCHEME, TEST_SERVICE_ID, ATTLS);
         assertNotNull(clientBuilder);
     }
 }

onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/config/ApiMediationServiceConfig.java

@@ -67,6 +67,10 @@ public class ApiMediationServiceConfig {
      *    XML Path: /instance/app
      */
     private String serviceId;
+    /**
+     * to verify if Attls is enabled for the service
+     */
+    private boolean attlsEnabled;
 
     /**
      * * **title** (XML Path: /instance/metadata/apiml.service.title)

onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java

@@ -156,7 +156,7 @@ private EurekaClient initializeEurekaClient(
         HttpsFactory factory = new HttpsFactory(httpsConfig);
 
         EurekaJerseyClient eurekaJerseyClient = factory.createEurekaJerseyClientBuilder(
-            config.getDiscoveryServiceUrls().get(0), config.getServiceId()).build();
+            config.getDiscoveryServiceUrls().get(0), config.getServiceId(), config.isAttlsEnabled()).build();
 
         AbstractDiscoveryClientOptionalArgs<?> args = new DiscoveryClient.DiscoveryClientOptionalArgs();
         args.setEurekaJerseyClient(eurekaJerseyClient);