1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
/*
* Copyright © 2017-2019 AT&T, Bell Canada
* Modifications Copyright © 2019 Huawei.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.onap.ccsdk.cds.blueprintsprocessor.rest.service
import org.apache.http.conn.ssl.NoopHostnameVerifier
import org.apache.http.conn.ssl.SSLConnectionSocketFactory
import org.apache.http.impl.client.CloseableHttpClient
import org.apache.http.impl.client.HttpClients
import org.apache.http.message.BasicHeader
import org.apache.http.ssl.SSLContextBuilder
import org.onap.ccsdk.cds.blueprintsprocessor.rest.BasicAuthRestClientProperties
import org.onap.ccsdk.cds.blueprintsprocessor.rest.SSLBasicAuthRestClientProperties
import org.onap.ccsdk.cds.blueprintsprocessor.rest.SSLRestClientProperties
import org.onap.ccsdk.cds.blueprintsprocessor.rest.SSLTokenAuthRestClientProperties
import org.onap.ccsdk.cds.blueprintsprocessor.rest.utils.WebClientUtils
import org.springframework.http.HttpHeaders
import org.springframework.http.MediaType
import java.io.File
import java.io.FileInputStream
import java.security.KeyStore
import java.security.cert.X509Certificate
class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) :
BlueprintWebClientService {
var auth: BlueprintWebClientService? = null
init {
auth = getAuthService()
}
private fun getAuthService(): BlueprintWebClientService? {
// type,url and additional headers don't get carried over to TokenAuthRestClientProperties from SSLTokenAuthRestClientProperties
// set them in auth obj to be consistent. TODO: refactor
return when (restClientProperties) {
is SSLBasicAuthRestClientProperties -> {
val basicAuthProps = BasicAuthRestClientProperties()
basicAuthProps.username = restClientProperties.username
basicAuthProps.password = restClientProperties.password
basicAuthProps.additionalHeaders = restClientProperties.additionalHeaders
basicAuthProps.url = restClientProperties.url
basicAuthProps.type = restClientProperties.type
BasicAuthRestClientService(basicAuthProps)
}
is SSLTokenAuthRestClientProperties -> {
val token = restClientProperties.tokenAuth!!
token.additionalHeaders = restClientProperties.additionalHeaders
token.url = restClientProperties.url
token.type = restClientProperties.type
TokenAuthRestClientService(token)
}
else -> {
// Returns null for No auth
null
}
}
}
override fun defaultHeaders(): Map<String, String> {
if (auth != null) {
return auth!!.defaultHeaders()
}
return mapOf(
HttpHeaders.CONTENT_TYPE to MediaType.APPLICATION_JSON_VALUE,
HttpHeaders.ACCEPT to MediaType.APPLICATION_JSON_VALUE
)
}
override fun host(uri: String): String {
return restClientProperties.url + uri
}
override fun httpClient(): CloseableHttpClient {
val keystoreInstance = restClientProperties.keyStoreInstance
val sslKey = restClientProperties.sslKey
val sslKeyPwd = restClientProperties.sslKeyPassword
val sslTrust = restClientProperties.sslTrust
val sslTrustPwd = restClientProperties.sslTrustPassword
val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname
val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String ->
true
}
val sslContext = SSLContextBuilder.create()
if (sslKey != null && sslKeyPwd != null) {
FileInputStream(sslKey).use { keyInput ->
val keyStore = KeyStore.getInstance(keystoreInstance)
keyStore.load(keyInput, sslKeyPwd.toCharArray())
sslContext.loadKeyMaterial(keyStore, sslKeyPwd.toCharArray())
}
}
sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy)
var csf: SSLConnectionSocketFactory
if (sslTrustIgnoreHostname) {
csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier())
} else {
csf = SSLConnectionSocketFactory(sslContext.build())
}
return HttpClients.custom()
.addInterceptorFirst(WebClientUtils.logRequest())
.addInterceptorLast(WebClientUtils.logResponse())
.setSSLSocketFactory(csf).build()
}
// Non Blocking Rest Implementation
override suspend fun httpClientNB(): CloseableHttpClient {
return httpClient()
}
override fun convertToBasicHeaders(headers: Map<String, String>): Array<BasicHeader> {
val mergedDefaultAndSuppliedHeaders = defaultHeaders().plus(headers)
// During the initialization, getAuthService() sets the auth variable.
// If it's not null, then we have an authentication mechanism.
// If null - indicates no-auth used
if (auth != null) {
return auth!!.convertToBasicHeaders(mergedDefaultAndSuppliedHeaders)
}
// inject additionalHeaders
return super.convertToBasicHeaders(
mergedDefaultAndSuppliedHeaders
.plus(verifyAdditionalHeaders(restClientProperties))
)
}
}
|