From be36287ac8e5a8d28ad744cf5271e5889355ba58 Mon Sep 17 00:00:00 2001 From: "Tait,Trevor(rt0435)" Date: Tue, 4 Dec 2018 14:22:23 -0500 Subject: Use SSL client for Micro Service Update POMBA Network Discovery Context Builder to use HTTPS when talking to Network Discovery Micro Service. Also cleaned up some method and variable names that are incompatible with ONAP. Issue-ID: LOG-878 Change-Id: Id9a6fc3608daa1fce164a0d24b87f4464c3a76bc Signed-off-by: Tait,Trevor(rt0435) --- .../networkdiscovery/JerseyConfiguration.java | 56 ++++++++++++++++++---- .../networkdiscovery/NdctxbConfiguration.java | 2 - .../service/SpringServiceImpl.java | 5 +- 3 files changed, 52 insertions(+), 11 deletions(-) (limited to 'src/main') diff --git a/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/JerseyConfiguration.java b/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/JerseyConfiguration.java index df7c8a8..2bec9ad 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/JerseyConfiguration.java +++ b/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/JerseyConfiguration.java @@ -17,12 +17,25 @@ */ package org.onap.pomba.contextbuilder.networkdiscovery; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; import java.util.logging.Logger; - +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import javax.ws.rs.ApplicationPath; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; - import org.glassfish.jersey.client.ClientConfig; import org.glassfish.jersey.logging.LoggingFeature; import org.glassfish.jersey.server.ResourceConfig; @@ -33,12 +46,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Primary; import org.springframework.stereotype.Component; -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.MapperFeature; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.SerializationFeature; - @Component @ApplicationPath("/") public class JerseyConfiguration extends ResourceConfig { @@ -66,4 +73,37 @@ public class JerseyConfiguration extends ResourceConfig { public Client jerseyClient() { return ClientBuilder.newClient(new ClientConfig()); } + + @Bean + public Client jerseySslClient() throws NoSuchAlgorithmException, KeyManagementException { + + ClientConfig clientConfig = new ClientConfig(); + TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { + public X509Certificate[] getAcceptedIssuers() { + return null; + } + + public void checkClientTrusted(X509Certificate[] certs, String authType) { + } + + public void checkServerTrusted(X509Certificate[] certs, String authType) { + } + } }; + + SSLContext sc = SSLContext.getInstance("TLS"); + sc.init(null, trustAllCerts, new SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + + ClientBuilder.newClient(clientConfig); + + return ClientBuilder.newBuilder() + .sslContext(sc) + .hostnameVerifier(new HostnameVerifier() { + public boolean verify(String s, SSLSession sslSession) { + return true; + } + }) + .withConfig(clientConfig).build(); + } + } diff --git a/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/NdctxbConfiguration.java b/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/NdctxbConfiguration.java index 7781d1a..a600db5 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/NdctxbConfiguration.java +++ b/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/NdctxbConfiguration.java @@ -18,13 +18,11 @@ package org.onap.pomba.contextbuilder.networkdiscovery; -import java.net.InetAddress; import java.util.Arrays; import java.util.Base64; import java.util.HashMap; import java.util.Map; import java.util.stream.StreamSupport; - import org.eclipse.jetty.util.security.Password; import org.onap.pomba.contextbuilder.networkdiscovery.exception.DiscoveryException; import org.slf4j.Logger; diff --git a/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/service/SpringServiceImpl.java b/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/service/SpringServiceImpl.java index d6010c4..58d13b7 100644 --- a/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/service/SpringServiceImpl.java +++ b/src/main/java/org/onap/pomba/contextbuilder/networkdiscovery/service/SpringServiceImpl.java @@ -152,6 +152,9 @@ public class SpringServiceImpl implements SpringService { @Autowired private Client jerseyClient; + @Autowired + private Client jerseySslClient; + private static final ReentrantLock lock = new ReentrantLock(); @Override @@ -543,7 +546,7 @@ public class SpringServiceImpl implements SpringService { callbackUrlStr, partner_name); try { - Response response = jerseyClient.target(networkDiscoveryUrl) + Response response = jerseySslClient.target(networkDiscoveryUrl) .queryParam(NETWORK_DISCOVERY_FIND_RESOURCE_BY_TYPE_REST_REQUEST_ID, requestId) .queryParam(NETWORK_DISCOVERY_FIND_RESOURCE_BY_TYPE_REST_RESOURCE_TYPE, resourceType) .queryParam(NETWORK_DISCOVERY_FIND_RESOURCE_BY_TYPE_REST_RESOURCE_ID, resourceId) -- cgit 1.2.3-korg