[backend/frontend] Continue

Author: RomuDeuxfois

openaev-api/src/main/java/io/openaev/api/stix_process/StixApi.java

@@ -63,8 +63,6 @@ public class StixApi extends RestBehavior {
   public ResponseEntity<?> processBundle(@RequestBody String ctiEvent)
       throws ParsingException, ConnectorError, IOException {
     String workId = null;
-    // TODO check the methods to see if the tenant context is used automatically or if we need to
-    // add it
     String tenantId = TenantContext.getCurrentTenant();
     try {
       JsonNode root = objectMapper.readTree(ctiEvent);
@@ -77,7 +75,7 @@ public ResponseEntity<?> processBundle(@RequestBody String ctiEvent)
       // Create scenario from stix bundle
       // If no simulation for this scenario is in progress, start an execution right away
 
-      Scenario scenario = stixService.processBundle(stixJson);
+      Scenario scenario = stixService.processBundle(stixJson, tenantId);
       openCTIService.acknowledgeProcessedOfCoverage(
           workId, "Coverage successfully created or updated", false, tenantId);
       // Generate response

openaev-api/src/main/java/io/openaev/config/TenantUriUtils.java

@@ -3,7 +3,8 @@
 public final class TenantUriUtils {
 
   public static final String TENANT_ID_PATH_VARIABLE = "tenantId";
-  public static final String TENANT_PREFIX = "/api/tenants/{" + TENANT_ID_PATH_VARIABLE + "}";
+  public static final String TENANT_BASE_PATH = "/api/tenants/";
+  public static final String TENANT_PREFIX = TENANT_BASE_PATH + "{" + TENANT_ID_PATH_VARIABLE + "}";
 
   private TenantUriUtils() {}
 }

openaev-api/src/main/java/io/openaev/opencti/config/OpenCTIConfig.java

@@ -1,19 +1,43 @@
 package io.openaev.opencti.config;
 
-import java.util.Map;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Data;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
-
-/**
- * Binds per-tenant OpenCTI configuration from properties of the form:
- * openaev.xtm.opencti.<tenantId>.enable / .url / .token / .api-url
- */
-@Component
+import org.apache.commons.lang3.StringUtils;
+
 @Data
-@ConfigurationProperties(prefix = "openaev.xtm")
 public class OpenCTIConfig {
+  public static final String GRAPHQL_ENDPOINT_URI = "graphql";
+
+  @JsonProperty("enable")
+  private Boolean enable;
+
+  @JsonProperty("url")
+  private String url;
+
+  @JsonProperty("api-url")
+  private String apiUrl;
+
+  @JsonProperty("token")
+  private String token;
+
+  public String getApiUrl() {
+    // Case 1: apiUrl defined
+    if (apiUrl != null && !apiUrl.isBlank()) {
+      return apiUrl;
+    }
+    // Case 2: fallback to url
+    if (url == null || url.isBlank()) {
+      return null;
+    }
+    String urlStripped = StringUtils.stripEnd(url, "/");
+    if (urlStripped.toLowerCase().contains("/graphql")) {
+      return urlStripped;
+    }
+
+    return String.join("/", urlStripped, GRAPHQL_ENDPOINT_URI);
+  }
 
-  /** Key = tenant ID, value = OpenCTI connection parameters for that tenant. */
-  private Map<String, OpenCTIParamConfig> opencti;
+  public String getFormattedUrl() {
+    return url.endsWith("/") ? url : url + "/";
+  }
 }

openaev-api/src/main/java/io/openaev/opencti/config/OpenCTIParamConfig.java

@@ -0,0 +1,14 @@
+package io.openaev.opencti.config;
+
+import java.util.Map;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@Data
+@ConfigurationProperties(prefix = "openaev.xtm")
+public class XtmConfig {
+
+  private Map<String, OpenCTIConfig> opencti;
+}

openaev-api/src/main/java/io/openaev/opencti/config/XtmConfig.java

@@ -1,7 +1,6 @@
 package io.openaev.opencti.connectors;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
-import io.openaev.database.model.Tenant;
 import java.util.ArrayList;
 import java.util.List;
 import lombok.Data;
@@ -15,7 +14,7 @@ public abstract class ConnectorBase {
   private boolean playbookCompatible = false;
   private String listenCallbackURI;
   private volatile String jwks;
-  private String tenantId = Tenant.DEFAULT_TENANT_UUID;
+  private String tenantId;
 
   public abstract String getName();
 

openaev-api/src/main/java/io/openaev/opencti/connectors/ConnectorBase.java

@@ -5,12 +5,16 @@
 import java.util.Set;
 
 public class Constants {
+  // -- CAPABILITIES --
+  public static final Set<Capability> PROCESS_STIX_ROLE_CAPABILITIES =
+      new HashSet<>(Set.of(Capability.MANAGE_STIX_BUNDLE));
+
+  // -- ROLE --
   public static final String PROCESS_STIX_ROLE_ID = "2c24790b-fa69-4565-8dc8-b00f85ca47d5";
   public static final String PROCESS_STIX_ROLE_NAME = "STIX bundle processors";
   public static final String PROCESS_STIX_ROLE_DESCRIPTION = "Can process STIX bundles via API";
-  public static final Set<Capability> PROCESS_STIX_ROLE_CAPABILITIES =
-      new HashSet<>(Set.of(Capability.MANAGE_STIX_BUNDLE));
 
+  // -- GROUP --
   public static final String PROCESS_STIX_GROUP_ID = "0b4db570-fdf4-44e9-8daa-39130189fec8";
   public static final String PROCESS_STIX_GROUP_NAME = "STIX bundle processors";
   public static final String PROCESS_STIX_GROUP_DESCRIPTION =

openaev-api/src/main/java/io/openaev/opencti/connectors/Constants.java

@@ -1,44 +1,27 @@
 package io.openaev.opencti.connectors.impl;
 
-import static io.openaev.config.TenantUriUtils.TENANT_PREFIX;
+import static io.openaev.config.TenantUriUtils.TENANT_BASE_PATH;
 
 import io.openaev.config.OpenAEVConfig;
-import io.openaev.opencti.config.OpenCTIParamConfig;
+import io.openaev.opencti.config.OpenCTIConfig;
 import io.openaev.opencti.connectors.ConnectorBase;
 import io.openaev.opencti.connectors.ConnectorType;
 import io.openaev.utils.StringUtils;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.UUID;
 import lombok.Getter;
 import lombok.Setter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
 
-@Component
 @Getter
-@ConfigurationProperties(prefix = "openaev.xtm.opencti.connector.security-coverage")
 public class SecurityCoverageConnector extends ConnectorBase {
-  // TODO migrate connector and user to match with the new one
-  private static final String BASE_ID = "68949a7b-c1c2-4649-b3de-7db804ba02bb";
+  private static final UUID NAMESPACE = UUID.fromString("68949a7b-c1c2-4649-b3de-7db804ba02bb");
+  private static final String STIX_PROCESS_BUNDLE_PATH = "/stix/process-bundle";
 
-  // need to access the base URL for overriding the callback URI
-  private OpenCTIParamConfig openCTIParamConfig;
-  private OpenAEVConfig mainConfig;
-
-  @Autowired
-  public void setOpenCTIParamConfig(OpenCTIParamConfig openCTIParamConfig) {
-    this.openCTIParamConfig = openCTIParamConfig;
-  }
-
-  @Autowired
-  public void setMainConfig(OpenAEVConfig mainConfig) {
-    this.mainConfig = mainConfig;
-  }
+  @Setter private OpenCTIConfig openCTIConfig;
+  @Setter private OpenAEVConfig openAEVConfig;
 
   private final ConnectorType type = ConnectorType.INTERNAL_ENRICHMENT;
-  // TODO update with tenant name at the end
-  private final String name = "OpenAEV Coverage";
   @Setter private volatile String jwks;
 
   public SecurityCoverageConnector() {
@@ -47,38 +30,46 @@ public SecurityCoverageConnector() {
     this.setAutoUpdate(true);
   }
 
+  @Override
+  public String getName() {
+    return "OpenAEV Coverage - " + this.getTenantId();
+  }
+
   @Override
   public String getId() {
-    return BASE_ID + ":" + this.getTenantId();
+    return UUID.nameUUIDFromBytes((NAMESPACE + ":" + this.getTenantId()).getBytes()).toString();
   }
 
   @Override
   public String getUrl() {
-    return openCTIParamConfig.getUrl();
+    return openCTIConfig.getUrl();
   }
 
   @Override
   public String getApiUrl() {
-    return openCTIParamConfig.getApiUrl();
+    return openCTIConfig.getApiUrl();
   }
 
   @Override
   public String getToken() {
-    return openCTIParamConfig.getToken();
+    return openCTIConfig.getToken();
   }
 
   @Override
   public boolean shouldRegister() {
-    return Boolean.TRUE.equals(openCTIParamConfig.getEnable())
-        && !StringUtils.isBlank(this.getListenCallbackURI())
-        && !StringUtils.isBlank(this.getName())
-        && !StringUtils.isBlank(this.getToken())
-        && !StringUtils.isBlank(this.getUrl())
-        && this.getType() != null;
+    return openCTIConfig != null
+        && Boolean.TRUE.equals(openCTIConfig.getEnable())
+        && !StringUtils.isBlank(this.getTenantId())
+        && !StringUtils.isBlank(openCTIConfig.getUrl())
+        && !StringUtils.isBlank(openCTIConfig.getToken())
+        && openAEVConfig != null;
   }
 
   @Override
   public String getListenCallbackURI() {
-    return mainConfig.getBaseUrl() + TENANT_PREFIX + this.getTenantId() + "/stix/process-bundle";
+    return openAEVConfig.getBaseUrl()
+        + TENANT_BASE_PATH
+        + this.getTenantId()
+        + STIX_PROCESS_BUNDLE_PATH;
   }
 }

openaev-api/src/main/java/io/openaev/opencti/connectors/impl/SecurityCoverageConnector.java

@@ -0,0 +1,49 @@
+package io.openaev.opencti.connectors.service;
+
+import io.openaev.database.model.User;
+import io.openaev.service.UserService;
+import java.util.Optional;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+/**
+ * Handles cleanup of pre-multi-tenant OpenCTI connector service accounts.
+ *
+ * <p>Before multi-tenancy, a single connector user was created with email {@code
+ * connector-<baseId>@openaev.invalid}. After multi-tenancy, each tenant gets its own connector user
+ * with email {@code connector-opencti-<baseId>:<tenantId>@openaev.invalid}.
+ *
+ * <p>This class detects and deletes the legacy user so the new tenant-scoped user can be created
+ * cleanly.
+ *
+ * <p><b>TODO: remove this class once all deployments have been migrated to multi-tenant.</b>
+ */
+@Component
+@RequiredArgsConstructor
+@Slf4j
+public class LegacyOpenCTIConnectorMigration {
+
+  private static final String LEGACY_CONNECTOR_BASE_ID = "68949a7b-c1c2-4649-b3de-7db804ba02bb";
+  private static final String LEGACY_EMAIL_PATTERN = "connector-%s@openaev.invalid";
+
+  private final UserService userService;
+
+  /**
+   * Deletes the legacy (pre-multi-tenant) connector service account if it still exists.
+   *
+   * @param newEmail the new tenant-scoped email, used only for logging
+   */
+  public void deleteLegacyConnectorUserIfExists(String newEmail) {
+    String legacyEmail = LEGACY_EMAIL_PATTERN.formatted(LEGACY_CONNECTOR_BASE_ID);
+    Optional<User> legacyUser = userService.findByEmailIgnoreCase(legacyEmail);
+
+    if (legacyUser.isPresent()) {
+      log.info(
+          "Deleting legacy connector service account {} — replaced by tenant-scoped account {}",
+          legacyEmail,
+          newEmail);
+      userService.delete(legacyUser.get().getId());
+    }
+  }
+}