diff options
Diffstat (limited to 'datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java')
-rw-r--r-- | datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java new file mode 100644 index 00000000..e60ec0f4 --- /dev/null +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java @@ -0,0 +1,132 @@ +/*- + * ============LICENSE_START====================================================================== + * Copyright (C) 2021 Nokia. All rights reserved. + * =============================================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * ============LICENSE_END======================================================================== + */ +package org.onap.dcaegen2.collectors.datafile.http; + +import org.apache.http.config.Registry; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; +import org.onap.dcaegen2.collectors.datafile.commons.SecurityUtil; +import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.core.io.FileSystemResource; + +import javax.net.ssl.SSLContext; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Paths; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; + +/** + * Utility class supplying connection manager for HTTPS protocol. + * + * @author <a href="mailto:krzysztof.gajewski@nokia.com">Krzysztof Gajewski</a> + */ +public class HttpsClientConnectionManagerUtil { + + private HttpsClientConnectionManagerUtil() { + } + + private static final Logger logger = LoggerFactory.getLogger(HttpsClientConnectionManagerUtil.class); + //Be aware to be less than ScheduledTasks.NUMBER_OF_WORKER_THREADS + private static final int MAX_NUMBER_OF_CONNECTIONS = 200; + private static PoolingHttpClientConnectionManager connectionManager; + + public static PoolingHttpClientConnectionManager instance() throws DatafileTaskException { + if (connectionManager == null) { + throw new DatafileTaskException("ConnectionManager has to be set or update first"); + } + return connectionManager; + } + + public static void setupOrUpdate(String keyCertPath, String keyCertPasswordPath, String trustedCaPath, + String trustedCaPasswordPath) throws DatafileTaskException { + synchronized (HttpsClientConnectionManagerUtil.class) { + if (connectionManager != null) { + connectionManager.close(); + connectionManager = null; + } + setup(keyCertPath, keyCertPasswordPath, trustedCaPath, trustedCaPasswordPath); + } + logger.trace("HttpsConnectionManager setup or updated"); + } + + private static void setup(String keyCertPath, String keyCertPasswordPath, String trustedCaPath, + String trustedCaPasswordPath) throws DatafileTaskException { + try { + SSLContextBuilder sslBuilder = SSLContexts.custom(); + sslBuilder = supplyKeyInfo(keyCertPath, keyCertPasswordPath, sslBuilder); + sslBuilder = supplyTrustInfo(trustedCaPath, trustedCaPasswordPath, sslBuilder); + + SSLContext sslContext = sslBuilder.build(); + + SSLConnectionSocketFactory sslConnectionSocketFactory = + new SSLConnectionSocketFactory(sslContext, new String[] {"TLSv1.2"}, null, + (hostname, session) -> true); + + Registry<ConnectionSocketFactory> socketFactoryRegistry = + RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslConnectionSocketFactory) + .build(); + + connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry); + connectionManager.setMaxTotal(MAX_NUMBER_OF_CONNECTIONS); + + } catch (Exception e) { + throw new DatafileTaskException("Unable to prepare HttpsConnectionManager : ", e); + } + } + + private static SSLContextBuilder supplyKeyInfo(String keyCertPath, String keyCertPasswordPath, + SSLContextBuilder sslBuilder) + throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, + UnrecoverableKeyException { + String keyPass = SecurityUtil.getKeystorePasswordFromFile(keyCertPasswordPath); + KeyStore keyFile = createKeyStore(keyCertPath, keyPass); + return sslBuilder.loadKeyMaterial(keyFile, keyPass.toCharArray()); + } + + private static KeyStore createKeyStore(String trustedCaPath, String trustedCaPassword) + throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + logger.trace("Creating trust manager from file: {}", trustedCaPath); + try (InputStream fis = createInputStream(trustedCaPath)) { + KeyStore keyStore = KeyStore.getInstance("PKCS12"); + keyStore.load(fis, trustedCaPassword.toCharArray()); + return keyStore; + } + } + + private static InputStream createInputStream(String localFileName) throws IOException { + FileSystemResource realResource = new FileSystemResource(Paths.get(localFileName)); + return realResource.getInputStream(); + } + + private static SSLContextBuilder supplyTrustInfo(String trustedCaPath, String trustedCaPasswordPath, + SSLContextBuilder sslBuilder) + throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException { + String trustPass = SecurityUtil.getTruststorePasswordFromFile(trustedCaPasswordPath); + File trustStoreFile = new File(trustedCaPath); + return sslBuilder.loadTrustMaterial(trustStoreFile, trustPass.toCharArray()); + } +} |