From c87a8c05937361d7d5fd239c75f8bca60f543068 Mon Sep 17 00:00:00 2001 From: sebdet Date: Thu, 9 May 2019 10:16:51 +0200 Subject: Fix http4 component Fix usage of http4 camel component so that we can use the SSL https connection for any connection Issue-ID: CLAMP-374 Change-Id: Ice982e596f6ac283caef5da48482effa7652add3 Signed-off-by: sebdet --- .../onap/clamp/clds/config/CamelConfiguration.java | 80 +++++++++++++++++++++- .../clamp/clds/config/spring/SSLConfiguration.java | 56 --------------- 2 files changed, 79 insertions(+), 57 deletions(-) delete mode 100644 src/main/java/org/onap/clamp/clds/config/spring/SSLConfiguration.java (limited to 'src/main') diff --git a/src/main/java/org/onap/clamp/clds/config/CamelConfiguration.java b/src/main/java/org/onap/clamp/clds/config/CamelConfiguration.java index 3a98788f..de6e4dcd 100644 --- a/src/main/java/org/onap/clamp/clds/config/CamelConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/CamelConfiguration.java @@ -22,11 +22,34 @@ package org.onap.clamp.clds.config; +import java.io.IOException; +import java.net.URL; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; + import org.apache.camel.CamelContext; import org.apache.camel.builder.RouteBuilder; +import org.apache.camel.component.http4.HttpClientConfigurer; +import org.apache.camel.component.http4.HttpComponent; import org.apache.camel.model.rest.RestBindingMode; +import org.apache.http.config.Registry; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.socket.PlainConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.conn.BasicHttpClientConnectionManager; import org.onap.clamp.clds.util.ClampVersioning; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; @Component @@ -35,8 +58,60 @@ public class CamelConfiguration extends RouteBuilder { @Autowired CamelContext camelContext; + @Autowired + private Environment env; + + private void configureDefaultSslProperties() { + if (env.getProperty("server.ssl.trust-store") != null) { + URL storeResource = CamelConfiguration.class + .getResource(env.getProperty("server.ssl.trust-store").replaceAll("classpath:", "")); + System.setProperty("javax.net.ssl.trustStore", storeResource.getPath()); + System.setProperty("javax.net.ssl.trustStorePassword", env.getProperty("server.ssl.trust-store-password")); + System.setProperty("javax.net.ssl.trustStoreType", "jks"); + System.setProperty("ssl.TrustManagerFactory.algorithm", "PKIX"); + storeResource = CamelConfiguration.class + .getResource(env.getProperty("server.ssl.key-store").replaceAll("classpath:", "")); + System.setProperty("javax.net.ssl.keyStore", storeResource.getPath()); + System.setProperty("javax.net.ssl.keyStorePassword", env.getProperty("server.ssl.key-store-password")); + System.setProperty("javax.net.ssl.keyStoreType", env.getProperty("server.ssl.key-store-type")); + } + } + + private void registerTrustStore() + throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, CertificateException, IOException { + if (env.getProperty("server.ssl.trust-store") != null) { + KeyStore truststore = KeyStore.getInstance("JKS"); + truststore.load( + getClass().getClassLoader() + .getResourceAsStream(env.getProperty("server.ssl.trust-store").replaceAll("classpath:", "")), + env.getProperty("server.ssl.trust-store-password").toCharArray()); + + TrustManagerFactory trustFactory = TrustManagerFactory.getInstance("PKIX"); + trustFactory.init(truststore); + SSLContext sslcontext = SSLContext.getInstance("TLS"); + sslcontext.init(null, trustFactory.getTrustManagers(), null); + SSLSocketFactory factory = new SSLSocketFactory(sslcontext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + SchemeRegistry registry = new SchemeRegistry(); + final Scheme scheme = new Scheme("https4", 443, factory); + registry.register(scheme); + ConnectionSocketFactory plainsf = PlainConnectionSocketFactory.getSocketFactory(); + HttpComponent http4 = camelContext.getComponent("https4", HttpComponent.class); + http4.setHttpClientConfigurer(new HttpClientConfigurer() { + + @Override + public void configureHttpClient(HttpClientBuilder builder) { + builder.setSSLSocketFactory(factory); + Registry registry = RegistryBuilder.create() + .register("https", factory).register("http", plainsf).build(); + builder.setConnectionManager(new BasicHttpClientConnectionManager(registry)); + } + }); + } + } + @Override - public void configure() { + public void configure() + throws KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { restConfiguration().component("servlet").bindingMode(RestBindingMode.json).jsonDataFormat("clamp-gson") .dataFormatProperty("prettyPrint", "true")// .enableCORS(true) // turn on swagger api-doc @@ -45,5 +120,8 @@ public class CamelConfiguration extends RouteBuilder { .apiProperty("base.path", "/restservices/clds/"); // .apiProperty("cors", "true"); camelContext.setTracing(true); + + configureDefaultSslProperties(); + registerTrustStore(); } } diff --git a/src/main/java/org/onap/clamp/clds/config/spring/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/spring/SSLConfiguration.java deleted file mode 100644 index ac5849b8..00000000 --- a/src/main/java/org/onap/clamp/clds/config/spring/SSLConfiguration.java +++ /dev/null @@ -1,56 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * =================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.config.spring; - -import java.net.URL; - -import javax.annotation.PostConstruct; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.core.env.Environment; - -@Configuration -public class SSLConfiguration { - @Autowired - private Environment env; - - @PostConstruct - private void configureSSL() { - if (env.getProperty("server.ssl.trust-store") != null) { - URL storeResource = SSLConfiguration.class - .getResource(env.getProperty("server.ssl.trust-store").replaceAll("classpath:", "")); - System.setProperty("javax.net.ssl.trustStore", storeResource.getPath()); - System.setProperty("javax.net.ssl.trustStorePassword", env.getProperty("server.ssl.trust-store-password")); - System.setProperty("javax.net.ssl.trustStoreType", env.getProperty("server.ssl.key-store-type")); - - storeResource = SSLConfiguration.class - .getResource(env.getProperty("server.ssl.key-store").replaceAll("classpath:", "")); - System.setProperty("javax.net.ssl.keyStore", storeResource.getPath()); - System.setProperty("javax.net.ssl.keyStorePassword", env.getProperty("server.ssl.key-store-password")); - System.setProperty("javax.net.ssl.keyStoreType", env.getProperty("server.ssl.key-store-type")); - } - } -} \ No newline at end of file -- cgit 1.2.3-korg