diff options
-rw-r--r-- | prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java | 32 | ||||
-rw-r--r-- | prh-commons/src/test/java/org/onap/dcaegen2/services/prh/ssl/SslFactoryTest.java | 62 | ||||
-rw-r--r-- | prh-commons/src/test/resources/keystore.password | 1 | ||||
-rw-r--r-- | prh-commons/src/test/resources/org.onap.dcae.jks | bin | 0 -> 4512 bytes | |||
-rw-r--r-- | prh-commons/src/test/resources/org.onap.dcae.trust.jks | bin | 0 -> 1413 bytes | |||
-rw-r--r-- | prh-commons/src/test/resources/truststore.password | 1 |
6 files changed, 90 insertions, 6 deletions
diff --git a/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java b/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java index 891bcb73..60e1224e 100644 --- a/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java +++ b/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java @@ -24,9 +24,12 @@ import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; import java.nio.file.Paths; +import java.security.GeneralSecurityException; import java.security.KeyStore; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLException; @@ -38,6 +41,15 @@ public class SslFactory { private static final Logger LOGGER = LoggerFactory.getLogger(SslFactory.class); + /** + * Function for creating secure ssl context. + * + * @param keyStorePath - path to file with keystore + * @param keyStorePasswordPath - path to file with keystore password + * @param trustStorePath - path to file with truststore + * @param trustStorePasswordPath - path to file with truststore password + * @return configured ssl context + */ public SslContext createSecureContext(String keyStorePath, String keyStorePasswordPath, String trustStorePath, @@ -49,11 +61,16 @@ public class SslFactory { .keyManager(keyManagerFactory(keyStorePath, loadPasswordFromFile(keyStorePasswordPath))) .trustManager(trustManagerFactory(trustStorePath, loadPasswordFromFile(trustStorePasswordPath))) .build(); - } catch (Exception ex) { + } catch (GeneralSecurityException | IOException ex) { throw new SSLException(ex); } } + /** + * Function for creating insecure ssl context. + * + * @return configured insecure ssl context + */ public SslContext createInsecureContext() throws SSLException { LOGGER.info("Creating insecure ssl context"); return SslContextBuilder @@ -62,30 +79,33 @@ public class SslFactory { .build(); } - private KeyManagerFactory keyManagerFactory(String path, String password) throws Exception { + private KeyManagerFactory keyManagerFactory(String path, String password) + throws GeneralSecurityException, IOException { KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(loadKeyStoreFromFile(path, password), password.toCharArray()); return kmf; } - private TrustManagerFactory trustManagerFactory(String path, String password) throws Exception { + private TrustManagerFactory trustManagerFactory(String path, String password) + throws GeneralSecurityException, IOException { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(loadKeyStoreFromFile(path, password)); return tmf; } - private KeyStore loadKeyStoreFromFile(String path, String keyStorePassword) throws Exception { + private KeyStore loadKeyStoreFromFile(String path, String keyStorePassword) + throws GeneralSecurityException, IOException { KeyStore ks = KeyStore.getInstance("jks"); ks.load(getResource(path), keyStorePassword.toCharArray()); return ks; } - private InputStream getResource(String path) throws Exception { + private InputStream getResource(String path) throws FileNotFoundException { return new FileInputStream(path); } - private String loadPasswordFromFile(String path) throws Exception { + private String loadPasswordFromFile(String path) throws IOException { return new String(Files.readAllBytes(Paths.get(path))); } } diff --git a/prh-commons/src/test/java/org/onap/dcaegen2/services/prh/ssl/SslFactoryTest.java b/prh-commons/src/test/java/org/onap/dcaegen2/services/prh/ssl/SslFactoryTest.java new file mode 100644 index 00000000..dbd63911 --- /dev/null +++ b/prh-commons/src/test/java/org/onap/dcaegen2/services/prh/ssl/SslFactoryTest.java @@ -0,0 +1,62 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dcaegen2.services.prh.ssl; + +import javax.net.ssl.SSLException; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; + + +class SslFactoryTest { + + private static final String KEY_STORE = "org.onap.dcae.jks"; + private static final String KEYSTORE_PASSWORD = "keystore.password"; + private static final String TRUSTSTORE_PASSWORD = "truststore.password"; + private static final String TRUST_STORE = "org.onap.dcae.trust.jks"; + private SslFactory sslFactory = new SslFactory(); + + @Test + void shouldCreateInsecureContext() throws SSLException { + Assertions.assertNotNull(sslFactory.createInsecureContext()); + } + + @Test + void shouldCreateSecureContext() throws SSLException { + Assertions.assertNotNull(sslFactory.createSecureContext( + getPath(KEY_STORE), + getPath(KEYSTORE_PASSWORD), + getPath(TRUST_STORE), + getPath(TRUSTSTORE_PASSWORD))); + } + + @Test + void shouldThrowSslExceptionWhenKeystorePasswordIsIncorrect() { + Assertions.assertThrows(SSLException.class, () -> sslFactory.createSecureContext( + getPath(KEY_STORE), + getPath(TRUSTSTORE_PASSWORD), + getPath(TRUST_STORE), + getPath(TRUSTSTORE_PASSWORD))); + } + + private String getPath(String fileName) { + return this.getClass().getClassLoader().getResource(fileName).getPath(); + } +}
\ No newline at end of file diff --git a/prh-commons/src/test/resources/keystore.password b/prh-commons/src/test/resources/keystore.password new file mode 100644 index 00000000..39823872 --- /dev/null +++ b/prh-commons/src/test/resources/keystore.password @@ -0,0 +1 @@ +mYHC98!qX}7h?W}jRv}MIXTJ
\ No newline at end of file diff --git a/prh-commons/src/test/resources/org.onap.dcae.jks b/prh-commons/src/test/resources/org.onap.dcae.jks Binary files differnew file mode 100644 index 00000000..e74ce64f --- /dev/null +++ b/prh-commons/src/test/resources/org.onap.dcae.jks diff --git a/prh-commons/src/test/resources/org.onap.dcae.trust.jks b/prh-commons/src/test/resources/org.onap.dcae.trust.jks Binary files differnew file mode 100644 index 00000000..10103cfb --- /dev/null +++ b/prh-commons/src/test/resources/org.onap.dcae.trust.jks diff --git a/prh-commons/src/test/resources/truststore.password b/prh-commons/src/test/resources/truststore.password new file mode 100644 index 00000000..168e64bd --- /dev/null +++ b/prh-commons/src/test/resources/truststore.password @@ -0,0 +1 @@ +*TQH?Lnszprs4LmlAj38yds(
\ No newline at end of file |