aboutsummaryrefslogtreecommitdiffstats
path: root/prh-aai-client/src
diff options
context:
space:
mode:
authorMaciej Wejs <maciej.wejs@nokia.com>2018-11-06 12:07:12 +0100
committerMaciej Wejs <maciej.wejs@nokia.com>2018-11-06 12:07:12 +0100
commit8330d0e6c2cf1d9d8215e13b928530c2277fa974 (patch)
treeb475506131e3aac411721da0c166609f054db02d /prh-aai-client/src
parente8a80102a45458b3f1d15e07dc0a63e1370c44a7 (diff)
SSL implementation for PRH to AAI calls
Change-Id: Ic9777760346258afb40610fa9c9bc261964752cf Issue-ID: DCAEGEN2-950 Signed-off-by: Maciej Wejs <maciej.wejs@nokia.com>
Diffstat (limited to 'prh-aai-client/src')
-rw-r--r--prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java46
1 files changed, 34 insertions, 12 deletions
diff --git a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java
index 5963d9c3..ad57ba47 100644
--- a/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java
+++ b/prh-aai-client/src/main/java/org/onap/dcaegen2/services/prh/service/AaiReactiveWebClient.java
@@ -25,11 +25,10 @@ import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.SERVICE_
import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.util.Map;
import javax.net.ssl.SSLException;
import org.onap.dcaegen2.services.prh.config.AaiClientConfiguration;
+import org.onap.dcaegen2.services.prh.ssl.SslFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
@@ -45,21 +44,32 @@ public class AaiReactiveWebClient {
private static final Logger LOGGER = LoggerFactory.getLogger(AaiReactiveWebClient.class);
- private String aaiUserName;
- private String aaiUserPassword;
- private Map<String, String> aaiHeaders;
+ private final String aaiUserName;
+ private final String aaiUserPassword;
+ private final Map<String, String> aaiHeaders;
+ private final Boolean enableAaiCertAuth;
+ private final String trustStore;
+ private final String trustStorePassword;
+ private final String keyStore;
+ private final String keyStorePassword;
+ private final SslFactory sslFactory;
/**
* Creating AaiReactiveWebClient.
*
* @param configuration - configuration object
- * @return AaiReactiveWebClient
+ * @param sslFactory - factory for ssl setup
*/
- public AaiReactiveWebClient fromConfiguration(AaiClientConfiguration configuration) {
+ public AaiReactiveWebClient(SslFactory sslFactory, AaiClientConfiguration configuration) {
this.aaiUserName = configuration.aaiUserName();
this.aaiUserPassword = configuration.aaiUserPassword();
this.aaiHeaders = configuration.aaiHeaders();
- return this;
+ this.trustStore = configuration.trustStore();
+ this.trustStorePassword = configuration.trustStorePassword();
+ this.keyStore = configuration.keyStore();
+ this.keyStorePassword = configuration.keyStorePassword();
+ this.enableAaiCertAuth = configuration.enableAaiCertAuth();
+ this.sslFactory = sslFactory;
}
/**
@@ -69,12 +79,12 @@ public class AaiReactiveWebClient {
*/
public WebClient build() throws SSLException {
LOGGER.debug("Setting ssl context");
- SslContext sslContext = SslContextBuilder
- .forClient()
- .trustManager(InsecureTrustManagerFactory.INSTANCE)
- .build();
+
+ SslContext sslContext = createSslContext();
+
ClientHttpConnector reactorClientHttpConnector = new ReactorClientHttpConnector(
HttpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(sslContext)));
+
return WebClient.builder()
.clientConnector(reactorClientHttpConnector)
.defaultHeaders(httpHeaders -> httpHeaders.setAll(aaiHeaders))
@@ -84,6 +94,18 @@ public class AaiReactiveWebClient {
.build();
}
+ private SslContext createSslContext() throws SSLException {
+ if (enableAaiCertAuth) {
+ return sslFactory.createSecureContext(
+ keyStore,
+ keyStorePassword,
+ trustStore,
+ trustStorePassword
+ );
+ }
+ return sslFactory.createInsecureContext();
+ }
+
private ExchangeFilterFunction logRequest() {
return ExchangeFilterFunction.ofRequestProcessor(clientRequest -> {
MDC.put(SERVICE_NAME, String.valueOf(clientRequest.url()));