diff options
author | Adam Wudzinski <adam.wudzinski@nokia.com> | 2020-10-19 13:45:05 +0200 |
---|---|---|
committer | Adam Wudzinski <adam.wudzinski@nokia.com> | 2020-10-22 15:55:06 +0200 |
commit | d5f1ad72efceda8e10311b9a778aa048ed6909a2 (patch) | |
tree | 4f03a0b66a1b17a18ff0a293771086bb341ab072 /pnfsimulator/src/main | |
parent | 384b7b14722c5a2e351d61b3779869d680cebf8f (diff) |
Adjust PNF simulator to read passwords to stores from files
Issue-ID: INT-1746
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Change-Id: Ib8a59500c15759bb09bb8b19e4757f1c48625af5
Diffstat (limited to 'pnfsimulator/src/main')
6 files changed, 83 insertions, 28 deletions
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java new file mode 100644 index 0000000..72af9e5 --- /dev/null +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java @@ -0,0 +1,53 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.ssl.SSLContexts; + +class CertAuthSslContextFactory { + + private final CertificateReader certificateReader; + + CertAuthSslContextFactory(CertificateReader certificateReader) { + this.certificateReader = certificateReader; + } + + SSLContext createSslContext(SslAuthenticationHelper sslAuthenticationHelper) + throws GeneralSecurityException, IOException { + final String keystorePasswordPath = sslAuthenticationHelper.getClientCertificatePasswordPath(); + + final KeyStore keystore = certificateReader.read(sslAuthenticationHelper.getClientCertificatePath(), + keystorePasswordPath, "PKCS12"); + final KeyStore truststore = certificateReader.read(sslAuthenticationHelper.getTrustStorePath(), + sslAuthenticationHelper.getTrustStorePasswordPath(), "JKS"); + + return SSLContexts.custom() + .loadKeyMaterial(keystore, certificateReader.readPassword(keystorePasswordPath)) + .loadTrustMaterial(truststore, new TrustSelfSignedStrategy()) + .build(); + } + +} diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java index e0b8cc2..a42114b 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java @@ -23,16 +23,24 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; import java.security.GeneralSecurityException; import java.security.KeyStore; class CertificateReader { - KeyStore read(String certificate, String password, String type) throws GeneralSecurityException, IOException { - try (InputStream keyStoreStream = new FileInputStream(certificate)) { + KeyStore read(String certificatePath, String passwordPath, String type) throws GeneralSecurityException, IOException { + try (InputStream keyStoreStream = new FileInputStream(certificatePath)) { KeyStore keyStore = KeyStore.getInstance(type); - keyStore.load(keyStoreStream, PasswordConverter.convert(password)); + keyStore.load(keyStoreStream, readPassword(passwordPath)); return keyStore; } } + + char[] readPassword(String passwordPath) throws IOException { + final String password = Files.readString(Path.of(passwordPath)); + return PasswordConverter.convert(password); + } + } diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java index 521b584..dffd635 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java @@ -20,10 +20,9 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.apache.http.client.HttpClient; - import java.io.IOException; import java.security.GeneralSecurityException; +import org.apache.http.client.HttpClient; public class HttpClientFactoryFacade { @@ -31,7 +30,8 @@ public class HttpClientFactoryFacade { } private static final CertificateReader CERTIFICATE_READER = new CertificateReader(); - private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERTIFICATE_READER); + private static final CertAuthSslContextFactory CERT_AUTH_SSL_CONTEXT_FACTORY = new CertAuthSslContextFactory(CERTIFICATE_READER); + private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERT_AUTH_SSL_CONTEXT_FACTORY); private static final HttpClientFactory HTTP_CLIENT_FACTORY = new HttpClientFactory(SSL_CONTEXT_FACTORY); public static HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException { diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java index c4839fb..b8dfe6f 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java @@ -19,32 +19,26 @@ */ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.apache.http.conn.ssl.TrustAllStrategy; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.conn.ssl.TrustStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; - -import javax.net.ssl.SSLContext; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.TrustAllStrategy; +import org.apache.http.conn.ssl.TrustStrategy; +import org.apache.http.ssl.SSLContextBuilder; class SSLContextFactory { private static final TrustStrategy TRUST_STRATEGY_ALWAYS = new TrustAllStrategy(); - private final CertificateReader certificateReader; + private final CertAuthSslContextFactory certAuthSslContextFactory; - SSLContextFactory(CertificateReader certificateReader) { - this.certificateReader = certificateReader; + SSLContextFactory(CertAuthSslContextFactory certAuthSslContextFactory) { + this.certAuthSslContextFactory = certAuthSslContextFactory; } SSLContext create(SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException { - return SSLContexts.custom() - .loadKeyMaterial(certificateReader.read(sslAuthenticationHelper.getClientCertificateDir(), sslAuthenticationHelper.getClientCertificatePassword(), "PKCS12"), PasswordConverter.convert(sslAuthenticationHelper.getClientCertificatePassword())) - .loadTrustMaterial(certificateReader.read(sslAuthenticationHelper.getTrustStoreDir(), sslAuthenticationHelper.getTrustStorePassword(), "JKS"), new TrustSelfSignedStrategy()) - .build(); + return certAuthSslContextFactory.createSslContext(sslAuthenticationHelper); } SSLContext createTrustAlways() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException { diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java index b785be6..271ad93 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java @@ -38,8 +38,8 @@ public class SslAuthenticationHelper implements Serializable { private boolean clientCertificateEnabled; private boolean strictHostnameVerification; - private String clientCertificateDir; - private String clientCertificatePassword; - private String trustStoreDir; - private String trustStorePassword; + private String clientCertificatePath; + private String clientCertificatePasswordPath; + private String trustStorePath; + private String trustStorePasswordPath; } diff --git a/pnfsimulator/src/main/resources/application.properties b/pnfsimulator/src/main/resources/application.properties index 39334d1..c566ce3 100644 --- a/pnfsimulator/src/main/resources/application.properties +++ b/pnfsimulator/src/main/resources/application.properties @@ -12,7 +12,7 @@ management.endpoints.web.exposure.include=refresh,health ssl.clientCertificateEnabled=true ssl.strictHostnameVerification=${STRICT_HOSTNAME_VERIFICATION:false} -ssl.clientCertificateDir=/app/store/cert.p12 -ssl.clientCertificatePassword=${CLIENT_CERT_PASS:collector} -ssl.trustStoreDir=/app/store/trust.jks -ssl.trustStorePassword=${TRUST_CERT_PASS:collector} +ssl.clientCertificatePath=/app/store/cert.p12 +ssl.clientCertificatePasswordPath=/app/store/p12.pass +ssl.trustStorePath=/app/store/trust.jks +ssl.trustStorePasswordPath=/app/store/trust.pass
\ No newline at end of file |