diff options
author | Kevin Smokowski <kevin.smokowski@att.com> | 2020-08-31 13:33:39 +0000 |
---|---|---|
committer | Kevin Smokowski <kevin.smokowski@att.com> | 2020-08-31 13:42:26 +0000 |
commit | e0906b672c7a43b3a724da8426e8860f69221e97 (patch) | |
tree | d6b6f6d192ce514ee619a2131f35c77947366499 /restapi-call-node/provider | |
parent | 3fb66d237edb2b4ab5a91693ae2a04e0503f3f5a (diff) |
Restapi-call-node: Fix setting truststore, should not set system properties
Issue-ID: CCSDK-2637
Change-Id: Ie677cca90d9ed946768e6d93187b20c29ecc2166
Signed-off-by: Smokowski, Kevin (ks6305) <kevin.smokowski@att.com>
Diffstat (limited to 'restapi-call-node/provider')
2 files changed, 37 insertions, 2 deletions
diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java index 2a2bc6d3b..9b542af91 100755 --- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java +++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java @@ -36,6 +36,9 @@ public class Parameters { public Set<String> listNameList; public boolean skipSending; public boolean convertResponse; + public String keyStoreFileName; + public String keyStorePassword; + public boolean ssl; public String customHttpHeaders; public String partner; public Boolean dumpHeaders; diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java index 04f53c8b5..3d7042493 100755 --- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java +++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java @@ -38,6 +38,7 @@ import java.net.URI; import java.net.URL; import java.nio.file.Files; import java.nio.file.Paths; +import java.security.KeyStore; import java.util.ArrayList; import java.util.Base64; import java.util.Collections; @@ -52,6 +53,8 @@ import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; import javax.ws.rs.ProcessingException; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; @@ -222,6 +225,9 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { String skipSendingStr = paramMap.get(skipSendingMessage); p.skipSending = "true".equalsIgnoreCase(skipSendingStr); p.convertResponse = valueOf(parseParam(paramMap, "convertResponse", false, "true")); + p.keyStoreFileName = parseParam(paramMap, "keyStoreFileName", false, null); + p.keyStorePassword = parseParam(paramMap, "keyStorePassword", false, null); + p.ssl = p.keyStoreFileName != null && p.keyStorePassword != null; p.customHttpHeaders = parseParam(paramMap, "customHttpHeaders", false, null); p.partner = parseParam(paramMap, "partner", false, null); p.dumpHeaders = valueOf(parseParam(paramMap, "dumpHeaders", false, null)); @@ -781,9 +787,18 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { */ public HttpResponse sendHttpRequest(String request, Parameters p) throws SvcLogicException { - HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); + SSLContext ssl = null; + if (p.ssl && p.restapiUrl.startsWith("https")) { + ssl = createSSLContext(p); + } + Client client; + if (ssl != null) { + HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory()); + client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier((s, sslSession) -> true).build(); + } else { + client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build(); + } - Client client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build(); setClientTimeouts(client); // Needed to support additional HTTP methods such as PATCH client.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, true); @@ -906,6 +921,23 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { return r; } + protected SSLContext createSSLContext(Parameters p) { + try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) { + HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + KeyStore ks = KeyStore.getInstance("PKCS12"); + char[] pwd = p.keyStorePassword.toCharArray(); + ks.load(in, pwd); + kmf.init(ks, pwd); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kmf.getKeyManagers(), null, null); + return ctx; + } catch (Exception e) { + log.error("Error creating SSLContext: {}", e.getMessage(), e); + } + return null; + } + protected void setFailureResponseStatus(SvcLogicContext ctx, String prefix, String errorMessage, HttpResponse resp) { resp.code = 500; |