DataFileCollector use wrong KeyManagerFactory

Issue-ID: DCAEGEN2-1854 Signed-off-by: burdziak <olaf.burdziakowski@nokia.com> Change-Id: I71c7526097014e10d0ef091e38a929b81ba1f627
author: burdziak <olaf.burdziakowski@nokia.com> 2019-10-16 15:21:59 +0200
committer: burdziak <olaf.burdziakowski@nokia.com> 2019-10-16 15:21:59 +0200
commit: d063203fe3379ff84059c1cf98b67faa75183465 (patch)
tree: b4807ab0fb3f7e1f8301e2b5600fcd6ec048d168
parent: 23b56c6b8fc256e5a070cfefe31c90b1fbe46bce (diff)
3 files changed, 34 insertions, 17 deletions
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java
index 76eb8637..f7121efc 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java
@@ -28,17 +28,16 @@ import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.util.Optional;
-
 import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
-
 import org.apache.commons.net.ftp.FTP;
 import org.apache.commons.net.ftp.FTPReply;
 import org.apache.commons.net.ftp.FTPSClient;
-import org.apache.commons.net.util.KeyManagerUtils;
 import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException;
 import org.onap.dcaegen2.collectors.datafile.exceptions.NonRetryableDatafileTaskException;
 import org.slf4j.Logger;
@@ -58,8 +57,9 @@ public class FtpsClient implements FileCollectClient {
     FTPSClient realFtpsClient = new FTPSClient();
     private final FileServerData fileServerData;
     private static TrustManager theTrustManager = null;
+    private static KeyManager theKeyManager = null;
 
-    private final String keyCertPath;
+    private final Path keyCertPath;
     private final String keyCertPasswordPath;
     private final Path trustedCaPath;
     private final String trustedCaPasswordPath;
@@ -73,7 +73,7 @@ public class FtpsClient implements FileCollectClient {
      * @param trustedCaPath path to the PNF's trusted keystore.
      * @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore.
      */
-    public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath,
+    public FtpsClient(FileServerData fileServerData, Path keyCertPath, String keyCertPasswordPath, Path trustedCaPath,
         String trustedCaPasswordPath) {
         this.fileServerData = fileServerData;
         this.keyCertPath = keyCertPath;
@@ -86,7 +86,7 @@ public class FtpsClient implements FileCollectClient {
     public void open() throws DatafileTaskException {
         try {
             realFtpsClient.setNeedClientAuth(true);
-            realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath));
+            realFtpsClient.setKeyManager(getKeyManager(keyCertPath, keyCertPasswordPath));
             realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath));
             setUpConnection();
         } catch (DatafileTaskException e) {
@@ -204,7 +204,7 @@ public class FtpsClient implements FileCollectClient {
         }
     }
 
-    protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath)
+    protected KeyManager getKeyManager(Path keyCertPath, String keyCertPasswordPath)
         throws IOException, GeneralSecurityException {
         String keyCertPassword = "";
         try {
@@ -214,6 +214,23 @@ public class FtpsClient implements FileCollectClient {
             e.printStackTrace();
         }
 
-        return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword);
+        synchronized (FtpsClient.class) {
+            if (theKeyManager == null) {
+                theKeyManager = createKeyManager(keyCertPath, keyCertPassword);
+            }
+            return theKeyManager;
+        }
+    }
+
+    private KeyManager createKeyManager(Path keyCertPath, String keyCertPassword)
+        throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+        logger.trace("Creating key manager from file: {}", keyCertPath);
+        try (InputStream fis = createInputStream(keyCertPath)) {
+            KeyStore keyStore = KeyStore.getInstance("JKS");
+            keyStore.load(fis, keyCertPassword.toCharArray());
+            KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509");
+            factory.init(keyStore, keyCertPassword.toCharArray());
+            return factory.getKeyManagers()[0];
+        }
     }
 }
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
index a1f8a66e..3e292975 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
@@ -159,7 +159,7 @@ public class FileCollector {
 
     protected FtpsClient createFtpsClient(FileData fileData) {
         FtpesConfig config = datafileAppConfig.getFtpesConfiguration();
-        return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(),
+        return new FtpsClient(fileData.fileServerData(), Paths.get(config.keyCert()), config.keyPasswordPath(),
             Paths.get(config.trustedCa()), config.trustedCaPasswordPath());
     }
 }
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java
index a747701a..11a428bc 100644
--- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java
@@ -75,7 +75,7 @@ public class FtpsClientTest {
 
     @BeforeEach
     protected void setUp() throws Exception {
-        clientUnderTestSpy = spy(new FtpsClient(createFileServerData(), FTP_KEY_PATH, FTP_KEY_PASSWORD, TRUSTED_CA_PATH,
+        clientUnderTestSpy = spy(new FtpsClient(createFileServerData(), Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD, TRUSTED_CA_PATH,
             TRUSTED_CA_PASSWORD));
         clientUnderTestSpy.realFtpsClient = ftpsClientMock;
     }
@@ -101,7 +101,7 @@ public class FtpsClientTest {
     @Test
     public void collectFile_allOk() throws Exception {
 
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
         doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
         doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
@@ -141,7 +141,7 @@ public class FtpsClientTest {
     @Test
     public void collectFileFaultTrustedCA_shouldFail_no_trustedCA_file() throws Exception {
 
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doThrow(new IOException("problem")).when(clientUnderTestSpy).createInputStream(TRUSTED_CA_PATH);
 
         assertThatThrownBy(() -> clientUnderTestSpy.open())
@@ -151,7 +151,7 @@ public class FtpsClientTest {
     @Test
     public void collectFileFaultTrustedCA_shouldFail_empty_trustedCA_file() throws Exception {
 
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doReturn(inputStreamMock).when(clientUnderTestSpy).createInputStream(TRUSTED_CA_PATH);
 
         assertThatThrownBy(() -> clientUnderTestSpy.open())
@@ -161,7 +161,7 @@ public class FtpsClientTest {
     @Test
     public void collectFileFaultyLogin_shouldFail() throws Exception {
 
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
         doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
         doReturn(false).when(ftpsClientMock).login(USERNAME, PASSWORD);
@@ -177,7 +177,7 @@ public class FtpsClientTest {
 
     @Test
     public void collectFileBadRequestResponse_shouldFail() throws Exception {
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
         doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
         doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
@@ -197,7 +197,7 @@ public class FtpsClientTest {
 
     @Test
     public void collectFile_shouldFail() throws Exception {
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
         doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
         doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
@@ -216,7 +216,7 @@ public class FtpsClientTest {
 
     @Test
     public void collectFile_shouldFail_ioexception() throws Exception {
-        doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+        doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
         doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
         doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
         doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
author	burdziak <olaf.burdziakowski@nokia.com>	2019-10-16 15:21:59 +0200
committer	burdziak <olaf.burdziakowski@nokia.com>	2019-10-16 15:21:59 +0200
commit	d063203fe3379ff84059c1cf98b67faa75183465 (patch)
tree	b4807ab0fb3f7e1f8301e2b5600fcd6ec048d168
parent	23b56c6b8fc256e5a070cfefe31c90b1fbe46bce (diff)