Merge pull request #34 from SafeExamBrowser/SEBSP-181

NadimETH · web-flow · commit 87e5c1a7cb32 · 2024-12-10T16:23:21.000+01:00
Sebsp 181
diff --git a/src/main/java/ch/ethz/seb/sps/server/datalayer/dao/impl/S3DAO.java b/src/main/java/ch/ethz/seb/sps/server/datalayer/dao/impl/S3DAO.java
@@ -22,6 +22,7 @@
 import io.minio.messages.LifecycleRule;
 import io.minio.messages.RuleFilter;
 import io.minio.messages.Status;
+import okhttp3.OkHttpClient;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
@@ -30,8 +31,14 @@
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Service;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.time.ZonedDateTime;
 import java.util.LinkedList;
 import java.util.List;
@@ -60,24 +67,17 @@ public S3DAO(final Environment environment) {
     public void init() throws Exception {
 
         BUCKET_NAME = this.environment.getProperty("sps.s3.bucketName", "sps.s3.defaultBucketName");
+        this.minioClient = createMinioClient();
 
-        this.minioClient =
-                MinioClient.builder()
-                        .endpoint(this.environment.getRequiredProperty("sps.s3.endpointUrl"))
-                        .credentials(
-                                this.environment.getRequiredProperty("sps.s3.accessKey"),
-                                this.environment.getRequiredProperty("sps.s3.secretKey")
-                        )
-                        .build();
+        printAllBucketsInService();
 
         if(!isBucketExisting()){
             createBucket();
-            setBucketLifecycle();
+//            setBucketLifecycle();
 //            getBucketLifecycle();
         }
     }
 
-
     public Result<InputStream> getItem(final String sessionUUID, final Long pk) {
         return Result.tryCatch(() ->
                 this.minioClient.getObject(
@@ -209,4 +209,51 @@ private void getBucketLifecycle(){
             log.error("");
         }
     }
+
+    private MinioClient createMinioClient() throws Exception {
+        if(this.environment.getProperty("sps.s3.tls.cert") == null){
+            return MinioClient.builder()
+                    .endpoint(this.environment.getRequiredProperty("sps.s3.endpointUrl"))
+                    .credentials(
+                            this.environment.getRequiredProperty("sps.s3.accessKey"),
+                            this.environment.getRequiredProperty("sps.s3.secretKey")
+                    )
+                    .build();
+        }
+
+        return MinioClient.builder()
+                .endpoint(this.environment.getRequiredProperty("sps.s3.endpointUrl"))
+                .credentials(
+                        this.environment.getRequiredProperty("sps.s3.accessKey"),
+                        this.environment.getRequiredProperty("sps.s3.secretKey")
+                )
+                .httpClient(createOkHttpClientWithCert())
+                .build();
+    }
+
+    private OkHttpClient createOkHttpClientWithCert() throws Exception {
+        String pemCert = this.environment.getRequiredProperty("sps.s3.tls.cert");
+
+        // Convert PEM string to X509Certificate
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(pemCert.getBytes()));
+
+        // Create a KeyStore and load the certificate
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null, null);
+        keyStore.setCertificateEntry("custom-cert", cert);
+
+        // Initialize TrustManager with the KeyStore
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(keyStore);
+
+        // Set up SSLContext using the TrustManager
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, tmf.getTrustManagers(), new java.security.SecureRandom());
+
+        // Return the OkHttpClient with SSLContext configured
+        return new OkHttpClient.Builder()
+                .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0])
+                .build();
+    }
 }
diff --git a/src/main/resources/config/application.properties b/src/main/resources/config/application.properties
@@ -59,12 +59,15 @@ sps.webservice.internalSecret=${sebserver.password}
 
 ### s3 service
 
-sps.s3.endpointUrl=http://shelbyville:9000
+sps.s3.endpointUrl=${s3.endpointUrl}
 sps.s3.accessKey=${s3.accessKey}
 sps.s3.secretKey=${s3.secretKey}
 sps.s3.bucketName=sebserver-dev
 sps.s3.defaultBucketName=proctoring-bucket
-sps.s3.store.batch=true
+sps.s3.store.batch=false
+sps.s3.tls.cert=
+
+
 
 
 sps.init.adminaccount.generate=true
@@ -87,8 +90,8 @@ sps.gui.redirect.url=${sps.webservice.http.external.scheme}://${sps.webservice.h
 # FULL_RDBMS: all data, meta plus screenshots, go to database
 # FILESYS_RDBMS: screenshots go to file-system and meta data go to database as usual
 
-sps.data.store.adapter=FULL_RDBMS
-#sps.data.store.adapter=S3_RDBMS
+#sps.data.store.adapter=FULL_RDBMS
+sps.data.store.adapter=S3_RDBMS
 sps.data.store.file.dir=/screenshots/
 sps.data.store.batch.interval=1000
 
