SEBSP-181 add option to use s3 with https and cert

SafeExamBrowser · Dec 9, 2024 · 330b36c · 330b36c
1 parent afe5458
commit 330b36c
Showing 1 changed file with 64 additions and 17 deletions.
diff --git a/src/main/java/ch/ethz/seb/sps/server/datalayer/dao/impl/S3DAO.java b/src/main/java/ch/ethz/seb/sps/server/datalayer/dao/impl/S3DAO.java
@@ -22,6 +22,7 @@
 import io.minio.messages.LifecycleRule;
 import io.minio.messages.RuleFilter;
 import io.minio.messages.Status;
+import okhttp3.OkHttpClient;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
@@ -30,8 +31,14 @@
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Service;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.time.ZonedDateTime;
 import java.util.LinkedList;
 import java.util.List;
@@ -60,24 +67,17 @@ public S3DAO(final Environment environment) {
     public void init() throws Exception {
 
         BUCKET_NAME = this.environment.getProperty("sps.s3.bucketName", "sps.s3.defaultBucketName");
+        this.minioClient = createMinioClient();
 
-        this.minioClient =
-                MinioClient.builder()
-                        .endpoint(this.environment.getRequiredProperty("sps.s3.endpointUrl"))
-                        .credentials(
-                                this.environment.getRequiredProperty("sps.s3.accessKey"),
-                                this.environment.getRequiredProperty("sps.s3.secretKey")
-                        )
-                        .build();
+        printAllBucketsInService();
 
         if(!isBucketExisting()){
             createBucket();
-            setBucketLifecycle();
+//            setBucketLifecycle();
 //            getBucketLifecycle();
         }
     }
 
-
     public Result<InputStream> getItem(final String sessionUUID, final Long pk) {
         return Result.tryCatch(() ->
                 this.minioClient.getObject(
@@ -91,7 +91,7 @@ public Result<InputStream> getItem(final String sessionUUID, final Long pk) {
 
     public Result<ObjectWriteResponse> uploadItem(final ByteArrayInputStream screenshotInputStream, final String sessionUUID, final Long pk){
         return Result.tryCatch(() ->
-            this.minioClient.putObject(
+                this.minioClient.putObject(
                         PutObjectArgs.builder()
                                 .bucket(BUCKET_NAME)
                                 .object(sessionUUID + Constants.UNDERLINE + pk)
@@ -102,12 +102,12 @@ public Result<ObjectWriteResponse> uploadItem(final ByteArrayInputStream screens
 
     public Result<ObjectWriteResponse> uploadItemBatch(final List<SnowballObject> batchItems){
         return Result.tryCatch(() ->
-            this.minioClient.uploadSnowballObjects(
-                    UploadSnowballObjectsArgs
-                            .builder()
-                            .bucket(BUCKET_NAME)
-                            .objects(batchItems)
-                            .build())
+                this.minioClient.uploadSnowballObjects(
+                        UploadSnowballObjectsArgs
+                                .builder()
+                                .bucket(BUCKET_NAME)
+                                .objects(batchItems)
+                                .build())
         );
     }
 
@@ -209,4 +209,51 @@ private void getBucketLifecycle(){
             log.error("");
         }
     }
+
+    private MinioClient createMinioClient() throws Exception {
+        if(this.environment.getProperty("sps.s3.tls.cert") == null){
+            return MinioClient.builder()
+                    .endpoint(this.environment.getRequiredProperty("sps.s3.endpointUrl"))
+                    .credentials(
+                            this.environment.getRequiredProperty("sps.s3.accessKey"),
+                            this.environment.getRequiredProperty("sps.s3.secretKey")
+                    )
+                    .build();
+        }
+
+        return MinioClient.builder()
+                .endpoint(this.environment.getRequiredProperty("sps.s3.endpointUrl"))
+                .credentials(
+                        this.environment.getRequiredProperty("sps.s3.accessKey"),
+                        this.environment.getRequiredProperty("sps.s3.secretKey")
+                )
+                .httpClient(createOkHttpClientWithCert())
+                .build();
+    }
+
+    private OkHttpClient createOkHttpClientWithCert() throws Exception {
+        String pemCert = this.environment.getRequiredProperty("sps.s3.tls.cert");
+
+        // Convert PEM string to X509Certificate
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(pemCert.getBytes()));
+
+        // Create a KeyStore and load the certificate
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+        keyStore.setCertificateEntry("custom-cert", cert);
+
+        // Initialize TrustManager with the KeyStore
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(keyStore);
+
+        // Set up SSLContext using the TrustManager
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, tmf.getTrustManagers(), new java.security.SecureRandom());
+
+        // Return the OkHttpClient with SSLContext configured
+        return new OkHttpClient.Builder()
+                .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0])
+                .build();
+    }
 }