From 8330d0e6c2cf1d9d8215e13b928530c2277fa974 Mon Sep 17 00:00:00 2001
From: Maciej Wejs <maciej.wejs@nokia.com>
Date: Tue, 6 Nov 2018 12:07:12 +0100
Subject: SSL implementation for PRH to AAI calls

Change-Id: Ic9777760346258afb40610fa9c9bc261964752cf
Issue-ID: DCAEGEN2-950
Signed-off-by: Maciej Wejs <maciej.wejs@nokia.com>
---
 prh-commons/pom.xml                                |  4 +
 .../onap/dcaegen2/services/prh/ssl/SslFactory.java | 91 ++++++++++++++++++++++
 2 files changed, 95 insertions(+)
 create mode 100644 prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java

(limited to 'prh-commons')

diff --git a/prh-commons/pom.xml b/prh-commons/pom.xml
index 91fd9082..11a0babc 100644
--- a/prh-commons/pom.xml
+++ b/prh-commons/pom.xml
@@ -74,5 +74,9 @@
       <groupId>org.springframework</groupId>
       <artifactId>spring-web</artifactId>
     </dependency>
+    <dependency>
+      <groupId>io.projectreactor.netty</groupId>
+      <artifactId>reactor-netty</artifactId>
+    </dependency>
   </dependencies>
 </project>
diff --git a/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java b/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java
new file mode 100644
index 00000000..6ffff1b9
--- /dev/null
+++ b/prh-commons/src/main/java/org/onap/dcaegen2/services/prh/ssl/SslFactory.java
@@ -0,0 +1,91 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcaegen2.services.prh.ssl;
+
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManagerFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SslFactory {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SslFactory.class);
+
+    public SslContext createSecureContext(String keyStoreFilename,
+        String keyStorePassword,
+        String trustStoreFilename,
+        String trustStorePassword) throws SSLException {
+        LOGGER.info("Creating secure ssl context for: {} {}", keyStoreFilename, trustStoreFilename);
+        try {
+            return SslContextBuilder
+                .forClient()
+                .keyManager(keyManagerFactory(keyStoreFilename, loadPasswordFromFile(keyStorePassword)))
+                .trustManager(trustManagerFactory(trustStoreFilename, loadPasswordFromFile(trustStorePassword)))
+                .build();
+        } catch (Exception ex) {
+            throw new SSLException(ex);
+        }
+    }
+
+    public SslContext createInsecureContext() throws SSLException {
+        LOGGER.info("Creating insecure ssl context");
+        return SslContextBuilder
+            .forClient()
+            .trustManager(InsecureTrustManagerFactory.INSTANCE)
+            .build();
+    }
+
+    private KeyManagerFactory keyManagerFactory(String fileName, String password) throws Exception {
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        kmf.init(loadKeyStoreFromFile(fileName, password),
+            password.toCharArray());
+        return kmf;
+    }
+
+    private TrustManagerFactory trustManagerFactory(String fileName, String password) throws Exception {
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(loadKeyStoreFromFile(fileName, password));
+        return tmf;
+    }
+
+    private KeyStore loadKeyStoreFromFile(String fileName, String keyStorePassword) throws Exception {
+        KeyStore ks = KeyStore.getInstance("jks");
+        ks.load(getResource(fileName), keyStorePassword.toCharArray());
+        return ks;
+    }
+
+    private InputStream getResource(String fileName) throws Exception {
+        return new FileInputStream(fileName);
+    }
+
+    private String loadPasswordFromFile(String path) throws Exception {
+        return new String(Files.readAllBytes(Paths.get(path)));
+    }
+}
-- 
cgit 1.2.3-korg