diff options
Diffstat (limited to 'pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl')
5 files changed, 79 insertions, 24 deletions
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java new file mode 100644 index 0000000..72af9e5 --- /dev/null +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java @@ -0,0 +1,53 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.ssl.SSLContexts; + +class CertAuthSslContextFactory { + + private final CertificateReader certificateReader; + + CertAuthSslContextFactory(CertificateReader certificateReader) { + this.certificateReader = certificateReader; + } + + SSLContext createSslContext(SslAuthenticationHelper sslAuthenticationHelper) + throws GeneralSecurityException, IOException { + final String keystorePasswordPath = sslAuthenticationHelper.getClientCertificatePasswordPath(); + + final KeyStore keystore = certificateReader.read(sslAuthenticationHelper.getClientCertificatePath(), + keystorePasswordPath, "PKCS12"); + final KeyStore truststore = certificateReader.read(sslAuthenticationHelper.getTrustStorePath(), + sslAuthenticationHelper.getTrustStorePasswordPath(), "JKS"); + + return SSLContexts.custom() + .loadKeyMaterial(keystore, certificateReader.readPassword(keystorePasswordPath)) + .loadTrustMaterial(truststore, new TrustSelfSignedStrategy()) + .build(); + } + +} diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java index e0b8cc2..a42114b 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java @@ -23,16 +23,24 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; import java.security.GeneralSecurityException; import java.security.KeyStore; class CertificateReader { - KeyStore read(String certificate, String password, String type) throws GeneralSecurityException, IOException { - try (InputStream keyStoreStream = new FileInputStream(certificate)) { + KeyStore read(String certificatePath, String passwordPath, String type) throws GeneralSecurityException, IOException { + try (InputStream keyStoreStream = new FileInputStream(certificatePath)) { KeyStore keyStore = KeyStore.getInstance(type); - keyStore.load(keyStoreStream, PasswordConverter.convert(password)); + keyStore.load(keyStoreStream, readPassword(passwordPath)); return keyStore; } } + + char[] readPassword(String passwordPath) throws IOException { + final String password = Files.readString(Path.of(passwordPath)); + return PasswordConverter.convert(password); + } + } diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java index 521b584..dffd635 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java @@ -20,10 +20,9 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.apache.http.client.HttpClient; - import java.io.IOException; import java.security.GeneralSecurityException; +import org.apache.http.client.HttpClient; public class HttpClientFactoryFacade { @@ -31,7 +30,8 @@ public class HttpClientFactoryFacade { } private static final CertificateReader CERTIFICATE_READER = new CertificateReader(); - private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERTIFICATE_READER); + private static final CertAuthSslContextFactory CERT_AUTH_SSL_CONTEXT_FACTORY = new CertAuthSslContextFactory(CERTIFICATE_READER); + private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERT_AUTH_SSL_CONTEXT_FACTORY); private static final HttpClientFactory HTTP_CLIENT_FACTORY = new HttpClientFactory(SSL_CONTEXT_FACTORY); public static HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException { diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java index c4839fb..b8dfe6f 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java @@ -19,32 +19,26 @@ */ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.apache.http.conn.ssl.TrustAllStrategy; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.conn.ssl.TrustStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; - -import javax.net.ssl.SSLContext; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.TrustAllStrategy; +import org.apache.http.conn.ssl.TrustStrategy; +import org.apache.http.ssl.SSLContextBuilder; class SSLContextFactory { private static final TrustStrategy TRUST_STRATEGY_ALWAYS = new TrustAllStrategy(); - private final CertificateReader certificateReader; + private final CertAuthSslContextFactory certAuthSslContextFactory; - SSLContextFactory(CertificateReader certificateReader) { - this.certificateReader = certificateReader; + SSLContextFactory(CertAuthSslContextFactory certAuthSslContextFactory) { + this.certAuthSslContextFactory = certAuthSslContextFactory; } SSLContext create(SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException { - return SSLContexts.custom() - .loadKeyMaterial(certificateReader.read(sslAuthenticationHelper.getClientCertificateDir(), sslAuthenticationHelper.getClientCertificatePassword(), "PKCS12"), PasswordConverter.convert(sslAuthenticationHelper.getClientCertificatePassword())) - .loadTrustMaterial(certificateReader.read(sslAuthenticationHelper.getTrustStoreDir(), sslAuthenticationHelper.getTrustStorePassword(), "JKS"), new TrustSelfSignedStrategy()) - .build(); + return certAuthSslContextFactory.createSslContext(sslAuthenticationHelper); } SSLContext createTrustAlways() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException { diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java index b785be6..271ad93 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java @@ -38,8 +38,8 @@ public class SslAuthenticationHelper implements Serializable { private boolean clientCertificateEnabled; private boolean strictHostnameVerification; - private String clientCertificateDir; - private String clientCertificatePassword; - private String trustStoreDir; - private String trustStorePassword; + private String clientCertificatePath; + private String clientCertificatePasswordPath; + private String trustStorePath; + private String trustStorePasswordPath; } |