SSL setup for dmaap publisher

Change-Id: I5dbfc551e515a5f3ce23ec9ffc766ae3012a057a
Issue-ID: DCAEGEN2-952
Signed-off-by: piotr.karas <piotr.karas@nokia.com>

4 files changed, 134 insertions, 13 deletions

diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java
index a80f1346..ece7c67b 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java
@@ -25,16 +25,16 @@ import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration;
 
 public class ConsumerReactiveHttpClientFactory {
 
-    private final DMaaPReactiveWebClientFactory reactiveWebClient;
+    private final DMaaPReactiveWebClientFactory reactiveWebClientFactory;
 
-    public ConsumerReactiveHttpClientFactory(DMaaPReactiveWebClientFactory reactiveWebClient) {
-        this.reactiveWebClient = reactiveWebClient;
+    public ConsumerReactiveHttpClientFactory(DMaaPReactiveWebClientFactory reactiveWebClientFactory) {
+        this.reactiveWebClientFactory = reactiveWebClientFactory;
     }
 
     public DMaaPConsumerReactiveHttpClient create(DmaapConsumerConfiguration consumerConfiguration)
             throws SSLException {
         return new DMaaPConsumerReactiveHttpClient(consumerConfiguration,
-                reactiveWebClient.build(consumerConfiguration));
+                reactiveWebClientFactory.build(consumerConfiguration));
     }
 
 }
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java
index b262e6e9..2b339775 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java
@@ -41,7 +41,6 @@ import org.springframework.web.util.DefaultUriBuilderFactory;
 import reactor.core.publisher.Mono;
 
 
-
 /**
  * @author <a href="mailto:przemyslaw.wasala@nokia.com">Przemysław Wąsala</a> on 7/4/18
  */
@@ -53,7 +52,7 @@ public class DMaaPPublisherReactiveHttpClient {
     private final String dmaapProtocol;
     private final String dmaapTopicName;
     private final String dmaapContentType;
-    private final RestTemplate restTemplate;
+    private final Mono<RestTemplate> restTemplateMono;
 
     /**
      * Constructor DMaaPPublisherReactiveHttpClient.
@@ -61,13 +60,13 @@ public class DMaaPPublisherReactiveHttpClient {
      * @param dmaapPublisherConfiguration - DMaaP producer configuration object
      */
     DMaaPPublisherReactiveHttpClient(DmaapPublisherConfiguration dmaapPublisherConfiguration,
-                                     RestTemplate restTemplate) {
+                                     Mono<RestTemplate> restTemplateMono) {
         this.dmaapHostName = dmaapPublisherConfiguration.dmaapHostName();
         this.dmaapProtocol = dmaapPublisherConfiguration.dmaapProtocol();
         this.dmaapPortNumber = dmaapPublisherConfiguration.dmaapPortNumber();
         this.dmaapTopicName = dmaapPublisherConfiguration.dmaapTopicName();
         this.dmaapContentType = dmaapPublisherConfiguration.dmaapContentType();
-        this.restTemplate = restTemplate;
+        this.restTemplateMono = restTemplateMono;
     }
 
     /**
@@ -81,8 +80,8 @@ public class DMaaPPublisherReactiveHttpClient {
         return Mono.defer(() -> {
             HttpEntity<String> request = new HttpEntity<>(createJsonBody(consumerDmaapModelMono), getAllHeaders());
             logger.info("Request: {} {}", getUri(), request);
-            return Mono.just(restTemplate.exchange(getUri(), HttpMethod.POST, request, String.class));
-
+            return restTemplateMono.map(
+                restTemplate -> restTemplate.exchange(getUri(), HttpMethod.POST, request, String.class));
         });
     }
 
@@ -97,7 +96,7 @@ public class DMaaPPublisherReactiveHttpClient {
 
     URI getUri() {
         return new DefaultUriBuilderFactory().builder().scheme(dmaapProtocol).host(dmaapHostName).port(dmaapPortNumber)
-            .path(dmaapTopicName).build();
+                .path(dmaapTopicName).build();
     }
 
 }
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DmaaPRestTemplateFactory.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DmaaPRestTemplateFactory.java
new file mode 100644
index 00000000..6c1005d6
--- /dev/null
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DmaaPRestTemplateFactory.java
@@ -0,0 +1,115 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcaegen2.services.prh.service.producer;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.onap.dcaegen2.services.prh.config.DmaapPublisherConfiguration;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+import reactor.core.publisher.Mono;
+
+public class DmaaPRestTemplateFactory {
+
+    /**
+     * Function for creating RestTemplate object.
+     *
+     * @param publisherConfiguration - DMaaP publisher configuration object
+     * @return RestTemplate with correct ssl configuration
+     */
+    public Mono<RestTemplate> build(DmaapPublisherConfiguration publisherConfiguration) {
+        if (publisherConfiguration.enableDmaapCertAuth()) {
+            return createRestTemplateWithSslSetup(publisherConfiguration);
+        }
+
+        return Mono.just(new RestTemplate());
+    }
+
+    private Mono<RestTemplate> createRestTemplateWithSslSetup(DmaapPublisherConfiguration publisherConfiguration) {
+        try {
+            RestTemplateBuilder builder = new RestTemplateBuilder();
+
+            SSLContext sslContext = createSslContext(publisherConfiguration,
+                    loadPasswordFromFile(publisherConfiguration.keyStorePasswordPath()),
+                    loadPasswordFromFile(publisherConfiguration.trustStorePasswordPath()));
+
+            return Mono.just(builder
+                    .requestFactory(() -> createRequestFactory(sslContext)).build());
+
+        } catch (GeneralSecurityException | IOException e) {
+            return Mono.error(e);
+        }
+    }
+
+    private SSLContext createSslContext(DmaapPublisherConfiguration publisherConfiguration,
+                                        String keyStorePassword, String trustStorePassword)
+            throws IOException, GeneralSecurityException {
+        return new SSLContextBuilder()
+                        .loadKeyMaterial(
+                                keyStore(publisherConfiguration.keyStorePath(), keyStorePassword),
+                                keyStorePassword.toCharArray())
+                        .loadTrustMaterial(
+                                getFile(publisherConfiguration.trustStorePath()), trustStorePassword.toCharArray())
+                        .build();
+    }
+
+    private HttpComponentsClientHttpRequestFactory createRequestFactory(SSLContext sslContext) {
+        SSLConnectionSocketFactory socketFactory =
+                new SSLConnectionSocketFactory(sslContext);
+        HttpClient httpClient = HttpClients.custom()
+                .setSSLSocketFactory(socketFactory).build();
+
+        return new HttpComponentsClientHttpRequestFactory(httpClient);
+    }
+
+    private KeyStore keyStore(String keyStoreFile, String keyStorePassword)
+            throws GeneralSecurityException, IOException {
+        KeyStore ks = KeyStore.getInstance("jks");
+        ks.load(getResource(keyStoreFile), keyStorePassword.toCharArray());
+        return ks;
+    }
+
+    private File getFile(String fileName) {
+        return new File(fileName);
+    }
+
+    private InputStream getResource(String fileName) throws FileNotFoundException {
+        return new FileInputStream(fileName);
+    }
+
+    private String loadPasswordFromFile(String path) throws IOException {
+        return new String(Files.readAllBytes(Paths.get(path)));
+    }
+
+}
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/PublisherReactiveHttpClientFactory.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/PublisherReactiveHttpClientFactory.java
index 0fc8f16a..7f97f903 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/PublisherReactiveHttpClientFactory.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/PublisherReactiveHttpClientFactory.java
@@ -21,12 +21,19 @@
 package org.onap.dcaegen2.services.prh.service.producer;
 
 import org.onap.dcaegen2.services.prh.config.DmaapPublisherConfiguration;
-import org.springframework.web.client.RestTemplate;
+
 
 public class PublisherReactiveHttpClientFactory {
 
+    private final DmaaPRestTemplateFactory restTemplateFactory;
+
+    public PublisherReactiveHttpClientFactory(DmaaPRestTemplateFactory restTemplateFactory) {
+        this.restTemplateFactory = restTemplateFactory;
+    }
+
     public DMaaPPublisherReactiveHttpClient create(DmaapPublisherConfiguration publisherConfiguration) {
-        return new DMaaPPublisherReactiveHttpClient(publisherConfiguration, new RestTemplate());
+        return new DMaaPPublisherReactiveHttpClient(publisherConfiguration,
+                restTemplateFactory.build(publisherConfiguration));
     }
 
 }