diff options
Diffstat (limited to 'pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevel.java')
-rw-r--r-- | pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevel.java | 125 |
1 files changed, 0 insertions, 125 deletions
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevel.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevel.java deleted file mode 100644 index fb3b958..0000000 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevel.java +++ /dev/null @@ -1,125 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PNF-REGISTRATION-HANDLER - * ================================================================================ - * Copyright (C) 2018 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.pnfsimulator.simulator.client.utils.ssl; - -import org.apache.http.client.HttpClient; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.TrustAllStrategy; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.conn.ssl.TrustStrategy; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.net.ssl.SSLContext; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.MalformedURLException; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.util.Optional; - -public enum SslSupportLevel { - - NONE { - public HttpClient getClient(RequestConfig requestConfig, SslAuthenticationHelper sslAuthenticationHelper) { - LOGGER.info("<!-----IN SslSupportLevel.NONE, Creating BasicHttpClient for http protocol----!>"); - return HttpClientBuilder - .create() - .setDefaultRequestConfig(requestConfig) - .build(); - } - }, - ALWAYS_TRUST { - public HttpClient getClient(RequestConfig requestConfig, SslAuthenticationHelper sslAuthenticationHelper) - throws GeneralSecurityException, IOException { - LoggerFactory.getLogger(SslSupportLevel.class).info("<!-----IN SslSupportLevel.ALWAYS_TRUST, Creating client with SSL support for https protocol----!>"); - HttpClient client; - try { - SSLContext alwaysTrustSslContext = SSLContextBuilder.create().loadTrustMaterial(TRUST_STRATEGY_ALWAYS).build(); - client = HttpClients.custom() - .setSSLContext(alwaysTrustSslContext) - .setSSLHostnameVerifier(new NoopHostnameVerifier()) - .setDefaultRequestConfig(requestConfig) - .build(); - - } catch (GeneralSecurityException e) { - String errorMessage = - String.format( - "Could not initialize client due to SSL exception: %s. " + - "Default client without SSL support will be used instead." + - "\nCause: %s", - e.getMessage(), - e.getCause() - ); - LOGGER.error(errorMessage, e); - client = NONE.getClient(requestConfig, sslAuthenticationHelper); - } - return client; - } - }, - CLIENT_CERT_AUTH { - @Override - public HttpClient getClient(RequestConfig requestConfig, SslAuthenticationHelper sslAuthenticationHelper) - throws GeneralSecurityException, IOException { - - SSLContext sslContext = SSLContexts.custom() - .loadKeyMaterial(readCertificate(sslAuthenticationHelper.getClientCertificateDir(), sslAuthenticationHelper.getClientCertificatePassword(), "PKCS12"), getPasswordAsCharArray(sslAuthenticationHelper.getClientCertificatePassword())) - .loadTrustMaterial(readCertificate(sslAuthenticationHelper.getTrustStoreDir(), sslAuthenticationHelper.getTrustStorePassword(), "JKS"), new TrustSelfSignedStrategy()) - .build(); - - return HttpClients.custom() - .setSSLContext(sslContext) - .setSSLHostnameVerifier(new NoopHostnameVerifier()) - .setDefaultRequestConfig(requestConfig) - .build(); - } - - private KeyStore readCertificate(String certificate, String password, String type) throws GeneralSecurityException, IOException { - try (InputStream keyStoreStream = new FileInputStream(certificate)) { - KeyStore keyStore = KeyStore.getInstance(type); - keyStore.load(keyStoreStream, getPasswordAsCharArray(password)); - return keyStore; - } - } - - private char[] getPasswordAsCharArray(String clientCertificatePassword) { - return Optional.ofNullable(clientCertificatePassword).map(String::toCharArray).orElse(null); - } - }; - - private static final Logger LOGGER = LoggerFactory.getLogger(SslSupportLevel.class); - private static final TrustStrategy TRUST_STRATEGY_ALWAYS = new TrustAllStrategy(); - - public static SslSupportLevel getSupportLevelBasedOnProtocol(String url) throws MalformedURLException { - return "https".equals(new URL(url).getProtocol()) ? SslSupportLevel.ALWAYS_TRUST : SslSupportLevel.NONE; - } - - public abstract HttpClient getClient(RequestConfig config, SslAuthenticationHelper sslAuthenticationHelper) - throws GeneralSecurityException, IOException; - -} |