Upgrade CBS java SDK to support SSL

- add TrustStoreKeys class for one-way TLS for CBS client - use trust.jks & trust.pass - add unit test - top up version of Vavr lib (due to bug) Issue-ID: DCAEGEN2-1552 Signed-off-by: Piotr Wielebski <piotr.wielebski@nokia.com> Change-Id: I372c559cce5db8eba5448d99e12cdf6609c40d00
author: pwielebs <piotr.wielebski@nokia.com> 2019-08-20 14:42:53 +0200
committer: kjaniak <kornel.janiak@nokia.com> 2019-11-27 14:20:09 +0100
commit: 01789096439b85ebb9d63633377a3603ef4a9535 (patch)
tree: ee52a2b22b3bf9c97298d80cc368cc61d9366f40 /security/ssl/src/main/java
parent: 2f1cf71e142b1c3494bd4f652f3af2a296430b8f (diff)
2 files changed, 57 insertions, 5 deletions
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java
index 963484a1..bdc55542 100644
--- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java
@@ -24,6 +24,12 @@ import io.netty.handler.ssl.ClientAuth;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingSecurityKeysStoreException;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManagerFactory;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.StandardOpenOption;
@@ -32,11 +38,6 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.TrustManagerFactory;
-import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingSecurityKeysStoreException;
-import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException;
 
 /**
  * @since 1.1.1
@@ -63,6 +64,22 @@ public class SslFactory {
     }
 
     /**
+     * Creates Netty SSL <em>client</em> context using provided TrustStore keys.
+     *
+     * @param keys - TrustStore keys to be used
+     * @return configured SSL context
+     */
+    public SslContext createSecureClientContext(final TrustStoreKeys keys) {
+        try {
+            return SslContextBuilder.forClient()
+                    .trustManager(trustManagerFactory(keys))
+                    .build();
+        } catch (SSLException e) {
+            throw new SecurityConfigurationException(EXCEPTION_MESSAGE, e);
+        }
+    }
+
+    /**
      * Creates Netty SSL <em>server</em> context using provided security keys. Will require client authentication.
      *
      * @param keys - security keys to be used
@@ -111,6 +128,10 @@ public class SslFactory {
         return trustManagerFactory(keys.trustStore(), keys.trustStorePassword());
     }
 
+    private TrustManagerFactory trustManagerFactory(TrustStoreKeys keys) {
+        return trustManagerFactory(keys.trustStore(), keys.trustStorePassword());
+    }
+
     private KeyManagerFactory keyManagerFactory(SecurityKeys keys) {
         return keyManagerFactory(keys.keyStore(), keys.keyStorePassword());
     }
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java
new file mode 100644
index 00000000..99b38e3b
--- /dev/null
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java
@@ -0,0 +1,31 @@
+/*
+ * ============LICENSE_START====================================
+ * DCAEGEN2-SERVICES-SDK
+ * =========================================================
+ * Copyright (C) 2019 Nokia. All rights reserved.
+ * =========================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================
+ */
+
+package org.onap.dcaegen2.services.sdk.security.ssl;
+
+import org.immutables.value.Value;
+
+
+@Value.Immutable
+public interface TrustStoreKeys {
+    SecurityKeysStore trustStore();
+
+    Password trustStorePassword();
+}
+\ No newline at end of file
author	pwielebs <piotr.wielebski@nokia.com>	2019-08-20 14:42:53 +0200
committer	kjaniak <kornel.janiak@nokia.com>	2019-11-27 14:20:09 +0100
commit	01789096439b85ebb9d63633377a3603ef4a9535 (patch)
tree	ee52a2b22b3bf9c97298d80cc368cc61d9366f40 /security/ssl/src/main/java
parent	2f1cf71e142b1c3494bd4f652f3af2a296430b8f (diff)