From 01789096439b85ebb9d63633377a3603ef4a9535 Mon Sep 17 00:00:00 2001 From: pwielebs Date: Tue, 20 Aug 2019 14:42:53 +0200 Subject: Upgrade CBS java SDK to support SSL - add TrustStoreKeys class for one-way TLS for CBS client - use trust.jks & trust.pass - add unit test - top up version of Vavr lib (due to bug) Issue-ID: DCAEGEN2-1552 Signed-off-by: Piotr Wielebski Change-Id: I372c559cce5db8eba5448d99e12cdf6609c40d00 --- .../services/sdk/security/ssl/SslFactory.java | 31 ++++++++++++++++++---- .../services/sdk/security/ssl/TrustStoreKeys.java | 31 ++++++++++++++++++++++ .../services/sdk/security/ssl/SslFactoryIT.java | 14 +++++----- 3 files changed, 64 insertions(+), 12 deletions(-) create mode 100644 security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java (limited to 'security/ssl') diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java index 963484a1..bdc55542 100644 --- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java +++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java @@ -24,6 +24,12 @@ import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.util.InsecureTrustManagerFactory; +import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingSecurityKeysStoreException; +import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLException; +import javax.net.ssl.TrustManagerFactory; import java.io.IOException; import java.nio.file.Files; import java.nio.file.StandardOpenOption; @@ -32,11 +38,6 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLException; -import javax.net.ssl.TrustManagerFactory; -import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingSecurityKeysStoreException; -import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException; /** * @since 1.1.1 @@ -62,6 +63,22 @@ public class SslFactory { } } + /** + * Creates Netty SSL client context using provided TrustStore keys. + * + * @param keys - TrustStore keys to be used + * @return configured SSL context + */ + public SslContext createSecureClientContext(final TrustStoreKeys keys) { + try { + return SslContextBuilder.forClient() + .trustManager(trustManagerFactory(keys)) + .build(); + } catch (SSLException e) { + throw new SecurityConfigurationException(EXCEPTION_MESSAGE, e); + } + } + /** * Creates Netty SSL server context using provided security keys. Will require client authentication. * @@ -111,6 +128,10 @@ public class SslFactory { return trustManagerFactory(keys.trustStore(), keys.trustStorePassword()); } + private TrustManagerFactory trustManagerFactory(TrustStoreKeys keys) { + return trustManagerFactory(keys.trustStore(), keys.trustStorePassword()); + } + private KeyManagerFactory keyManagerFactory(SecurityKeys keys) { return keyManagerFactory(keys.keyStore(), keys.keyStorePassword()); } diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java new file mode 100644 index 00000000..99b38e3b --- /dev/null +++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/TrustStoreKeys.java @@ -0,0 +1,31 @@ +/* + * ============LICENSE_START==================================== + * DCAEGEN2-SERVICES-SDK + * ========================================================= + * Copyright (C) 2019 Nokia. All rights reserved. + * ========================================================= + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================== + */ + +package org.onap.dcaegen2.services.sdk.security.ssl; + +import org.immutables.value.Value; + + +@Value.Immutable +public interface TrustStoreKeys { + SecurityKeysStore trustStore(); + + Password trustStorePassword(); +} \ No newline at end of file diff --git a/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactoryIT.java b/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactoryIT.java index 966aa5cb..0bd57a40 100644 --- a/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactoryIT.java +++ b/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactoryIT.java @@ -19,18 +19,18 @@ */ package org.onap.dcaegen2.services.sdk.security.ssl; -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.onap.dcaegen2.services.sdk.security.ssl.Passwords.fromResource; - import io.netty.handler.ssl.SslContext; -import java.net.URISyntaxException; -import java.nio.file.Paths; -import org.assertj.core.api.Assertions; import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.Test; import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingSecurityKeysStoreException; +import java.net.URISyntaxException; +import java.nio.file.Paths; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.onap.dcaegen2.services.sdk.security.ssl.Passwords.fromResource; + /** * @author Piotr Jaszczyk * @since April 2019 -- cgit 1.2.3-korg