From d063203fe3379ff84059c1cf98b67faa75183465 Mon Sep 17 00:00:00 2001 From: burdziak Date: Wed, 16 Oct 2019 15:21:59 +0200 Subject: DataFileCollector use wrong KeyManagerFactory Issue-ID: DCAEGEN2-1854 Signed-off-by: burdziak Change-Id: I71c7526097014e10d0ef091e38a929b81ba1f627 --- .../collectors/datafile/ftp/FtpsClient.java | 33 ++++++++++++++++------ .../collectors/datafile/tasks/FileCollector.java | 2 +- .../collectors/datafile/ftp/FtpsClientTest.java | 16 +++++------ 3 files changed, 34 insertions(+), 17 deletions(-) diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java index 76eb8637..f7121efc 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java @@ -28,17 +28,16 @@ import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Optional; - import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; - import org.apache.commons.net.ftp.FTP; import org.apache.commons.net.ftp.FTPReply; import org.apache.commons.net.ftp.FTPSClient; -import org.apache.commons.net.util.KeyManagerUtils; import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException; import org.onap.dcaegen2.collectors.datafile.exceptions.NonRetryableDatafileTaskException; import org.slf4j.Logger; @@ -58,8 +57,9 @@ public class FtpsClient implements FileCollectClient { FTPSClient realFtpsClient = new FTPSClient(); private final FileServerData fileServerData; private static TrustManager theTrustManager = null; + private static KeyManager theKeyManager = null; - private final String keyCertPath; + private final Path keyCertPath; private final String keyCertPasswordPath; private final Path trustedCaPath; private final String trustedCaPasswordPath; @@ -73,7 +73,7 @@ public class FtpsClient implements FileCollectClient { * @param trustedCaPath path to the PNF's trusted keystore. * @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore. */ - public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath, + public FtpsClient(FileServerData fileServerData, Path keyCertPath, String keyCertPasswordPath, Path trustedCaPath, String trustedCaPasswordPath) { this.fileServerData = fileServerData; this.keyCertPath = keyCertPath; @@ -86,7 +86,7 @@ public class FtpsClient implements FileCollectClient { public void open() throws DatafileTaskException { try { realFtpsClient.setNeedClientAuth(true); - realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath)); + realFtpsClient.setKeyManager(getKeyManager(keyCertPath, keyCertPasswordPath)); realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath)); setUpConnection(); } catch (DatafileTaskException e) { @@ -204,7 +204,7 @@ public class FtpsClient implements FileCollectClient { } } - protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath) + protected KeyManager getKeyManager(Path keyCertPath, String keyCertPasswordPath) throws IOException, GeneralSecurityException { String keyCertPassword = ""; try { @@ -214,6 +214,23 @@ public class FtpsClient implements FileCollectClient { e.printStackTrace(); } - return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword); + synchronized (FtpsClient.class) { + if (theKeyManager == null) { + theKeyManager = createKeyManager(keyCertPath, keyCertPassword); + } + return theKeyManager; + } + } + + private KeyManager createKeyManager(Path keyCertPath, String keyCertPassword) + throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { + logger.trace("Creating key manager from file: {}", keyCertPath); + try (InputStream fis = createInputStream(keyCertPath)) { + KeyStore keyStore = KeyStore.getInstance("JKS"); + keyStore.load(fis, keyCertPassword.toCharArray()); + KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509"); + factory.init(keyStore, keyCertPassword.toCharArray()); + return factory.getKeyManagers()[0]; + } } } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java index a1f8a66e..3e292975 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java @@ -159,7 +159,7 @@ public class FileCollector { protected FtpsClient createFtpsClient(FileData fileData) { FtpesConfig config = datafileAppConfig.getFtpesConfiguration(); - return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(), + return new FtpsClient(fileData.fileServerData(), Paths.get(config.keyCert()), config.keyPasswordPath(), Paths.get(config.trustedCa()), config.trustedCaPasswordPath()); } } diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java index a747701a..11a428bc 100644 --- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java +++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClientTest.java @@ -75,7 +75,7 @@ public class FtpsClientTest { @BeforeEach protected void setUp() throws Exception { - clientUnderTestSpy = spy(new FtpsClient(createFileServerData(), FTP_KEY_PATH, FTP_KEY_PASSWORD, TRUSTED_CA_PATH, + clientUnderTestSpy = spy(new FtpsClient(createFileServerData(), Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD, TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD)); clientUnderTestSpy.realFtpsClient = ftpsClientMock; } @@ -101,7 +101,7 @@ public class FtpsClientTest { @Test public void collectFile_allOk() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD); doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH); doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD); @@ -141,7 +141,7 @@ public class FtpsClientTest { @Test public void collectFileFaultTrustedCA_shouldFail_no_trustedCA_file() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doThrow(new IOException("problem")).when(clientUnderTestSpy).createInputStream(TRUSTED_CA_PATH); assertThatThrownBy(() -> clientUnderTestSpy.open()) @@ -151,7 +151,7 @@ public class FtpsClientTest { @Test public void collectFileFaultTrustedCA_shouldFail_empty_trustedCA_file() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doReturn(inputStreamMock).when(clientUnderTestSpy).createInputStream(TRUSTED_CA_PATH); assertThatThrownBy(() -> clientUnderTestSpy.open()) @@ -161,7 +161,7 @@ public class FtpsClientTest { @Test public void collectFileFaultyLogin_shouldFail() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD); doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH); doReturn(false).when(ftpsClientMock).login(USERNAME, PASSWORD); @@ -177,7 +177,7 @@ public class FtpsClientTest { @Test public void collectFileBadRequestResponse_shouldFail() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD); doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH); doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD); @@ -197,7 +197,7 @@ public class FtpsClientTest { @Test public void collectFile_shouldFail() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD); doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH); doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD); @@ -216,7 +216,7 @@ public class FtpsClientTest { @Test public void collectFile_shouldFail_ioexception() throws Exception { - doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD); + doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD); doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD); doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH); doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD); -- cgit 1.2.3-korg