diff options
| author |   andrzejszukuc <andrzej.szukuc@nokia.com> | 2018-11-07 12:51:05 +0100 |
|---|---|---|
| committer | andrzejszukuc <andrzej.szukuc@nokia.com> | 2018-11-27 16:54:25 +0100 |
| commit | 1afc93ddb4afc226562043822f6c5e9dc0ed4b2a (patch) | |
| tree | 96f022e83da4c708b99b6d4ef1bc2ea465a526de /src | |
| parent | 174e08b4c4942eaa70cea889b4819334145216b9 (diff) | |
TLS mutual authentication has been added.
Change-Id: I60ebe8e1b06d72413940935396cb7a56af437c0d
Issue-ID: DCAEGEN2-959
Signed-off-by: ANDRZEJ SZUKUC <andrzej.szukuc@nokia.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/main/java/org/onap/dcae/ApplicationSettings.java | 13 | ||||
| -rw-r--r-- | src/main/java/org/onap/dcae/commonFunction/SSLContextCreator.java | 82 | ||||
| -rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiConfiguration.java | 2 | ||||
| -rw-r--r-- | src/main/java/org/onap/dcae/restapi/ServletConfig.java | 56 | ||||
| -rw-r--r-- | src/test/java/org/onap/dcae/TLSTest.java | 138 | ||||
| -rw-r--r-- | src/test/java/org/onap/dcae/TLSTestBase.java | 152 | ||||
| -rw-r--r-- | src/test/java/org/onap/dcae/TestingUtilities.java | 57 | ||||
| -rw-r--r-- | src/test/resources/keystore | bin | 0 -> 3717 bytes | |||
| -rw-r--r-- | src/test/resources/passwordfile | 1 | ||||
| -rw-r--r-- | src/test/resources/trustpasswordfile | 1 | ||||
| -rw-r--r-- | src/test/resources/truststore | bin | 0 -> 5145 bytes |
11 files changed, 484 insertions, 18 deletions
diff --git a/src/main/java/org/onap/dcae/ApplicationSettings.java b/src/main/java/org/onap/dcae/ApplicationSettings.java index 189d4a9a..ead148c4 100644 --- a/src/main/java/org/onap/dcae/ApplicationSettings.java +++ b/src/main/java/org/onap/dcae/ApplicationSettings.java @@ -37,7 +37,6 @@ import org.apache.commons.configuration.PropertiesConfiguration; import org.json.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Component; import javax.annotation.Nullable; import java.io.IOException; @@ -167,10 +166,22 @@ public class ApplicationSettings { return prependWithUserDirOnRelative(properties.getString("collector.keystore.file.location", "etc/keystore")); } + public boolean clientTlsAuthenticationEnabled() { + return httpsEnabled() && properties.getInt("collector.service.secure.clientauth", 0) > 0; + } + public String keystoreAlias() { return properties.getString("collector.keystore.alias", "tomcat"); } + public String truststorePasswordFileLocation() { + return prependWithUserDirOnRelative(properties.getString("collector.truststore.passwordfile", "etc/trustpasswordfile")); + } + + public String truststoreFileLocation() { + return prependWithUserDirOnRelative(properties.getString("collector.truststore.file.location", "etc/truststore")); + } + public String exceptionConfigFileLocation() { return properties.getString("exceptionConfig", null); } diff --git a/src/main/java/org/onap/dcae/commonFunction/SSLContextCreator.java b/src/main/java/org/onap/dcae/commonFunction/SSLContextCreator.java new file mode 100644 index 00000000..29e974ef --- /dev/null +++ b/src/main/java/org/onap/dcae/commonFunction/SSLContextCreator.java @@ -0,0 +1,82 @@ +/*- + * ============LICENSE_START======================================================= + * PROJECT + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dcae.commonFunction; + +import org.springframework.boot.web.server.Ssl; + +import java.nio.file.Path; + +public class SSLContextCreator { + private final String keyStorePassword; + private final String certAlias; + private final Path keyStoreFile; + + private Path trustStoreFile; + private String trustStorePassword; + private boolean hasTlsClientAuthentication = false; + + public static SSLContextCreator create(final Path keyStoreFile, final String certAlias, final String password) { + return new SSLContextCreator(keyStoreFile, certAlias, password); + } + + private SSLContextCreator(final Path keyStoreFile, final String certAlias, final String password) { + this.certAlias = certAlias; + this.keyStoreFile = keyStoreFile; + this.keyStorePassword = password; + } + + public SSLContextCreator withTlsClientAuthentication(final Path trustStoreFile, final String password) { + hasTlsClientAuthentication = true; + this.trustStoreFile = trustStoreFile; + this.trustStorePassword = password; + + return this; + } + + private void configureKeyStore(final Ssl ssl) { + final String keyStore = keyStoreFile.toAbsolutePath().toString(); + + ssl.setKeyStore(keyStore); + ssl.setKeyPassword(keyStorePassword); + ssl.setKeyAlias(certAlias); + } + + private void configureTrustStore(final Ssl ssl) { + final String trustStore = trustStoreFile.toAbsolutePath().toString(); + + ssl.setTrustStore(trustStore); + ssl.setTrustStorePassword(trustStorePassword); + ssl.setClientAuth(Ssl.ClientAuth.NEED); + } + + public Ssl build() { + final Ssl ssl = new Ssl(); + ssl.setEnabled(true); + + configureKeyStore(ssl); + + if (hasTlsClientAuthentication) { + configureTrustStore(ssl); + } + + return ssl; + } +}
\ No newline at end of file diff --git a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java index 85db81df..9ebb5394 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java +++ b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java @@ -25,9 +25,11 @@ import org.onap.dcae.ApplicationSettings; import org.slf4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +@EnableWebMvc @Configuration public class ApiConfiguration implements WebMvcConfigurer { private final ApplicationSettings applicationSettings; diff --git a/src/main/java/org/onap/dcae/restapi/ServletConfig.java b/src/main/java/org/onap/dcae/restapi/ServletConfig.java index 871904c6..49455e54 100644 --- a/src/main/java/org/onap/dcae/restapi/ServletConfig.java +++ b/src/main/java/org/onap/dcae/restapi/ServletConfig.java @@ -22,6 +22,7 @@ package org.onap.dcae.restapi; import org.onap.dcae.ApplicationSettings; +import org.onap.dcae.commonFunction.SSLContextCreator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -31,6 +32,7 @@ import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerF import org.springframework.stereotype.Component; import java.io.IOException; +import java.nio.file.Path; import java.nio.file.Paths; import static java.nio.file.Files.readAllBytes; @@ -45,31 +47,57 @@ public class ServletConfig implements WebServerFactoryCustomizer<ConfigurableSer @Override public void customize(ConfigurableServletWebServerFactory container) { - if (properties.authorizationEnabled()) { - container.setSsl(createSSL()); + final boolean hasClientTlsAuthentication = properties.clientTlsAuthenticationEnabled(); + + if (hasClientTlsAuthentication || properties.authorizationEnabled()) { + container.setSsl(hasClientTlsAuthentication ? httpsContextWithTlsAuthentication() : simpleHttpsContext()); container.setPort(properties.httpsPort()); } else { container.setPort(properties.httpPort()); } } - private Ssl createSSL() { + private SSLContextCreator simpleHttpsContextBuilder() { log.info("Enabling SSL"); - Ssl ssl = new Ssl(); - ssl.setEnabled(true); - String keyStore = Paths.get(properties.keystoreFileLocation()).toAbsolutePath().toString(); + + final Path keyStore = toAbsolutePath(properties.keystoreFileLocation()); log.info("Using keyStore path: " + keyStore); - ssl.setKeyStore(keyStore); - String keyPasswordFileLocation = Paths.get(properties.keystorePasswordFileLocation()).toAbsolutePath().toString(); - log.info("Using keyStore password from: " + keyPasswordFileLocation); - ssl.setKeyPassword(getKeyStorePassword(keyPasswordFileLocation)); - ssl.setKeyAlias(properties.keystoreAlias()); - return ssl; + + final Path keyStorePasswordLocation = toAbsolutePath(properties.keystorePasswordFileLocation()); + final String keyStorePassword = getKeyStorePassword(keyStorePasswordLocation); + log.info("Using keyStore password from: " + keyStorePasswordLocation); + + final String alias = properties.keystoreAlias(); + + return SSLContextCreator.create(keyStore, alias, keyStorePassword); + } + + private Ssl simpleHttpsContext() { + return simpleHttpsContextBuilder().build(); + } + + private Ssl httpsContextWithTlsAuthentication() { + final SSLContextCreator sslContextCreator = simpleHttpsContextBuilder(); + + log.info("Enabling TLS client authorization"); + + final Path trustStore = toAbsolutePath(properties.truststoreFileLocation()); + log.info("Using trustStore path: " + trustStore); + + final Path trustPasswordFileLocation = toAbsolutePath(properties.truststorePasswordFileLocation()); + final String trustStorePassword = getKeyStorePassword(trustPasswordFileLocation); + log.info("Using trustStore password from: " + trustPasswordFileLocation); + + return sslContextCreator.withTlsClientAuthentication(trustStore, trustStorePassword).build(); + } + + private Path toAbsolutePath(final String path) { + return Paths.get(path).toAbsolutePath(); } - private String getKeyStorePassword(String location) { + private String getKeyStorePassword(final Path location) { try { - return new String(readAllBytes(Paths.get(location))); + return new String(readAllBytes(location)); } catch (IOException e) { log.error("Could not read keystore password from: '" + location + "'.", e); throw new RuntimeException(e); diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java new file mode 100644 index 00000000..63099b7d --- /dev/null +++ b/src/test/java/org/onap/dcae/TLSTest.java @@ -0,0 +1,138 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dcaegen2.collectors.ves + * ================================================================================ + * Copyright (C) 2018 Nokia. All rights reserved. + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dcae; + +import io.vavr.collection.HashMap; +import org.junit.jupiter.api.Nested; +import org.junit.jupiter.api.Test; +import org.springframework.context.annotation.Import; +import org.springframework.http.HttpStatus; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.Mockito.when; +import static org.onap.dcae.TLSTest.HttpsConfiguration.USERNAME; +import static org.onap.dcae.TLSTest.HttpsConfiguration.PASSWORD; + +public class TLSTest extends TLSTestBase { + + @Nested + @Import(HttpConfiguration.class) + class HttpTest extends TestClassBase { + + @Test + public void shouldHttpRequestSucceed() { + assertEquals(HttpStatus.OK, makeHttpRequest().getStatusCode()); + } + + @Test + public void shouldHttpsRequestFail() { + assertThrows(Exception.class, this::makeHttpsRequest); + } + } + + @Nested + @Import(HttpsConfiguration.class) + class HttpsTest extends TestClassBase { + + + @Test + public void shouldHttpsRequestWithoutBasicAuthFail() { + assertThrows(Exception.class, this::makeHttpsRequest); + } + + @Test + public void shouldHttpsRequestWithBasicAuthSucceed() { + assertEquals(HttpStatus.OK, makeHttpsRequestWithBasicAuth(USERNAME, PASSWORD).getStatusCode()); + } + } + + @Nested + @Import(HttpsConfigurationWithTLSAuthentication.class) + class HttpsWithTLSAuthenticationTest extends TestClassBase { + + @Test + public void shouldHttpsRequestWithoutCertificateFail() { + assertThrows(Exception.class, this::makeHttpsRequest); + } + + @Test + public void shouldHttpsRequestWithCertificateSucceed() { + assertEquals(HttpStatus.OK, makeHttpsRequestWithClientCert().getStatusCode()); + } + } + + @Nested + @Import(HttpsConfigurationWithTLSAuthenticationAndBasicAuth.class) + class HttpsWithTLSAuthenticationAndBasicAuthTest extends TestClassBase { + + @Test + public void shouldHttpsRequestWithoutBasicAuthFail() { + assertThrows(Exception.class, this::makeHttpsRequestWithClientCert); + } + + @Test + public void shouldHttpsRequestWithBasicAuthSucceed() { + assertEquals(HttpStatus.OK, makeHttpsRequestWithClientCertAndBasicAuth(USERNAME, PASSWORD).getStatusCode()); + } + } + + // ApplicationSettings configurations + static class HttpConfiguration extends TLSTestBase.ConfigurationBase { + @Override + protected void configureSettings(ApplicationSettings settings) { + } + } + + static class HttpsConfiguration extends TLSTestBase.ConfigurationBase { + public static final String USERNAME = "TestUser"; + public static final String PASSWORD = "TestPassword"; + + @Override + protected void configureSettings(ApplicationSettings settings) { + when(settings.keystoreAlias()).thenReturn(KEYSTORE_ALIAS); + when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString()); + when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString()); + when(settings.authorizationEnabled()).thenReturn(true); + when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, PASSWORD)); + } + } + + static class HttpsConfigurationWithTLSAuthentication extends HttpsConfiguration { + @Override + protected void configureSettings(ApplicationSettings settings) { + super.configureSettings(settings); + when(settings.authorizationEnabled()).thenReturn(false); + when(settings.clientTlsAuthenticationEnabled()).thenReturn(true); + when(settings.truststoreFileLocation()).thenReturn(TRUSTSTORE.toString()); + when(settings.truststorePasswordFileLocation()).thenReturn(TRUSTSTORE_PASSWORD_FILE.toString()); + } + } + + static class HttpsConfigurationWithTLSAuthenticationAndBasicAuth extends HttpsConfigurationWithTLSAuthentication { + @Override + protected void configureSettings(ApplicationSettings settings) { + super.configureSettings(settings); + when(settings.authorizationEnabled()).thenReturn(true); + } + } +} diff --git a/src/test/java/org/onap/dcae/TLSTestBase.java b/src/test/java/org/onap/dcae/TLSTestBase.java new file mode 100644 index 00000000..8b486ec7 --- /dev/null +++ b/src/test/java/org/onap/dcae/TLSTestBase.java @@ -0,0 +1,152 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dcaegen2.collectors.ves + * ================================================================================ + * Copyright (C) 2018 Nokia. All rights reserved. + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dcae; + +import org.json.JSONObject; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mockito; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Primary; +import org.springframework.http.ResponseEntity; +import org.springframework.http.client.support.BasicAuthenticationInterceptor; +import org.springframework.test.context.junit.jupiter.SpringExtension; +import org.springframework.web.client.RestTemplate; + +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.concurrent.LinkedBlockingQueue; + +import static org.onap.dcae.TestingUtilities.*; + +@Configuration +@ExtendWith(SpringExtension.class) +public class TLSTestBase { + protected static final String KEYSTORE_ALIAS = "localhost"; + protected static final Path RESOURCES = Paths.get("src", "test", "resources"); + protected static final Path KEYSTORE = Paths.get(RESOURCES.toString(), "keystore"); + protected static final Path KEYSTORE_PASSWORD_FILE = Paths.get(RESOURCES.toString(), "passwordfile"); + protected static final Path TRUSTSTORE = Paths.get(RESOURCES.toString(), "truststore"); + protected static final Path TRUSTSTORE_PASSWORD_FILE = Paths.get(RESOURCES.toString(), "trustpasswordfile"); + + protected static abstract class ConfigurationBase { + protected final ApplicationSettings settings = Mockito.mock(ApplicationSettings.class); + + @Bean + @Primary + public ApplicationSettings settings() { + configureSettings(settings); + return settings; + } + + protected abstract void configureSettings(final ApplicationSettings settings); + } + + @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) + protected abstract class TestClassBase { + @MockBean + @Qualifier("inputQueue") + protected LinkedBlockingQueue<JSONObject> queue; + + @LocalServerPort + private int port; + + private final String keyStorePassword; + private final String trustStorePassword; + + public TestClassBase() { + keyStorePassword = readFile(KEYSTORE_PASSWORD_FILE); + trustStorePassword = readFile(TRUSTSTORE_PASSWORD_FILE); + } + + private String getURL(final String protocol, final String uri) { + return protocol + "://localhost:" + port + uri; + } + + private RestTemplate addBasicAuth(final RestTemplate template, final String username, final String password) { + template.getInterceptors() + .add(new BasicAuthenticationInterceptor(username, password)); + + return template; + } + + public String createHttpURL(String uri) { + return getURL("http", uri); + } + + public String createHttpsURL(String uri) { + return getURL("https", uri); + } + + public RestTemplate createHttpRestTemplate() { + return new RestTemplate(); + } + + public RestTemplate createHttpsRestTemplate() { + return rethrow(() -> + createRestTemplateWithSsl( + sslBuilderWithTrustStore(KEYSTORE, keyStorePassword).build() + )); + } + + public RestTemplate createHttpsRestTemplateWithKeyStore() { + return rethrow(() -> + createRestTemplateWithSsl( + configureKeyStore( + sslBuilderWithTrustStore(KEYSTORE, keyStorePassword), + TRUSTSTORE, + trustStorePassword + ).build()) + ); + } + + public ResponseEntity<String> makeHttpRequest() { + return createHttpRestTemplate().getForEntity(createHttpURL("/"), String.class); + } + + public ResponseEntity<String> makeHttpsRequest() { + return createHttpsRestTemplate().getForEntity(createHttpsURL("/"), String.class); + } + + + public ResponseEntity<String> makeHttpsRequestWithBasicAuth(final String username, final String password) { + return addBasicAuth(createHttpsRestTemplate(), username, password) + .getForEntity(createHttpsURL("/"), String.class); + + } + + public ResponseEntity<String> makeHttpsRequestWithClientCert() { + return createHttpsRestTemplateWithKeyStore().getForEntity(createHttpsURL("/"), String.class); + } + + public ResponseEntity<String> makeHttpsRequestWithClientCertAndBasicAuth( + final String username, + final String password) { + return addBasicAuth(createHttpsRestTemplateWithKeyStore(), username, password) + .getForEntity(createHttpsURL("/"), String.class); + } + } +} diff --git a/src/test/java/org/onap/dcae/TestingUtilities.java b/src/test/java/org/onap/dcae/TestingUtilities.java index bd05c4ea..4c0d5382 100644 --- a/src/test/java/org/onap/dcae/TestingUtilities.java +++ b/src/test/java/org/onap/dcae/TestingUtilities.java @@ -24,13 +24,30 @@ import static java.nio.file.Files.readAllBytes; import static org.assertj.core.api.Assertions.assertThat; import io.vavr.control.Try; + import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; + +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; import org.assertj.core.api.AbstractThrowableAssert; import org.assertj.core.api.Java6Assertions; import org.json.JSONObject; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.web.client.RestTemplate; + +import javax.net.ssl.SSLContext; /** * @author Pawel Szalapski (pawel.szalapski@nokia.com) @@ -67,11 +84,11 @@ public final class TestingUtilities { * Exception in test case usually means there is something wrong, it should never be catched, but rather thrown to * be handled by JUnit framework. */ - private static <T> T rethrow(CheckedSupplier<T> supplier) { + public static <T> T rethrow(CheckedSupplier<T> supplier) { try { return supplier.get(); } catch (Exception e) { - throw new RuntimeException(); + throw new RuntimeException(e); } } @@ -84,9 +101,43 @@ public final class TestingUtilities { public static void assertFailureHasInfo(Try any, String... msgPart) { Java6Assertions.assertThat(any.isFailure()).isTrue(); AbstractThrowableAssert<?, ? extends Throwable> o = Java6Assertions.assertThat(any.getCause()) - .hasCauseInstanceOf(Exception.class); + .hasCauseInstanceOf(Exception.class); for (String s : msgPart) { o.hasStackTraceContaining(s); } } + + public static SSLContextBuilder sslBuilderWithTrustStore(final Path trustStore, final String pass) { + return rethrow(() -> + new SSLContextBuilder() + .loadTrustMaterial(trustStore.toFile(), pass.toCharArray()) + ); + } + + public static SSLContextBuilder configureKeyStore( + final SSLContextBuilder builder, + final Path keyStore, + final String pass) { + return rethrow(() -> { + KeyStore cks = KeyStore.getInstance(KeyStore.getDefaultType()); + cks.load(new FileInputStream(keyStore.toFile()), pass.toCharArray()); + + builder.loadKeyMaterial(cks, pass.toCharArray()); + + return builder; + }); + } + + public static RestTemplate createRestTemplateWithSsl(final SSLContext context) { + final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context); + final HttpClient httpClient = HttpClients + .custom() + .setSSLSocketFactory(socketFactory) + .build(); + + final HttpComponentsClientHttpRequestFactory factory = + new HttpComponentsClientHttpRequestFactory(httpClient); + + return new RestTemplate(factory); + } } diff --git a/src/test/resources/keystore b/src/test/resources/keystore Binary files differnew file mode 100644 index 00000000..f0822cb8 --- /dev/null +++ b/src/test/resources/keystore diff --git a/src/test/resources/passwordfile b/src/test/resources/passwordfile new file mode 100644 index 00000000..11e1e240 --- /dev/null +++ b/src/test/resources/passwordfile @@ -0,0 +1 @@ +vestest
\ No newline at end of file diff --git a/src/test/resources/trustpasswordfile b/src/test/resources/trustpasswordfile new file mode 100644 index 00000000..11e1e240 --- /dev/null +++ b/src/test/resources/trustpasswordfile @@ -0,0 +1 @@ +vestest
\ No newline at end of file diff --git a/src/test/resources/truststore b/src/test/resources/truststore Binary files differnew file mode 100644 index 00000000..b0802a72 --- /dev/null +++ b/src/test/resources/truststore |