aboutsummaryrefslogtreecommitdiffstats
path: root/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/SslContextFactory.java
diff options
context:
space:
mode:
Diffstat (limited to 'certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/SslContextFactory.java')
-rw-r--r--certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/SslContextFactory.java85
1 files changed, 85 insertions, 0 deletions
diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/SslContextFactory.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/SslContextFactory.java
new file mode 100644
index 00000000..ef74d830
--- /dev/null
+++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/configuration/factory/SslContextFactory.java
@@ -0,0 +1,85 @@
+/*============LICENSE_START=======================================================
+ * aaf-certservice-client
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aaf.certservice.client.configuration.factory;
+
+import org.apache.http.ssl.SSLContexts;
+import org.onap.aaf.certservice.client.configuration.EnvsForTls;
+import org.onap.aaf.certservice.client.configuration.TlsConfigurationEnvs;
+import org.onap.aaf.certservice.client.configuration.exception.TlsConfigurationException;
+
+import javax.net.ssl.SSLContext;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+public class SslContextFactory {
+
+ private static final String JKS = "jks";
+
+ private EnvsForTls envsForTls;
+
+ public SslContextFactory(EnvsForTls envsForTls) {
+ this.envsForTls = envsForTls;
+ }
+
+ public SSLContext create() throws TlsConfigurationException {
+ String keystorePath = envsForTls.getKeystorePath()
+ .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.KEYSTORE_PATH)));
+ String keystorePassword = envsForTls.getKeystorePassword()
+ .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.KEYSTORE_PASSWORD)));
+ String truststorePath = envsForTls.getTruststorePath()
+ .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.TRUSTSTORE_PATH)));
+ String truststorePassword = envsForTls.getTruststorePassword()
+ .orElseThrow(() -> new TlsConfigurationException(createEnvMissingMessage(TlsConfigurationEnvs.TRUSTSTORE_PASSWORD)));
+
+ return createSSLContext(keystorePath, keystorePassword, truststorePath, truststorePassword);
+ }
+
+ private String createEnvMissingMessage(TlsConfigurationEnvs keystorePath) {
+ return String.format("%s env is missing.", keystorePath);
+ }
+
+ private KeyStore setupKeystore(String keystorePath, String certPassword)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
+ KeyStore keyStore = KeyStore.getInstance(JKS);
+ FileInputStream identityKeyStoreFile = new FileInputStream(new File(
+ keystorePath));
+ keyStore.load(identityKeyStoreFile, certPassword.toCharArray());
+ return keyStore;
+ }
+
+ private SSLContext createSSLContext(String keystorePath, String keystorePassword, String truststorePath, String truststorePassword) throws TlsConfigurationException {
+ try {
+ KeyStore identityKeystore = setupKeystore(keystorePath, keystorePassword);
+ KeyStore trustKeystore = setupKeystore(truststorePath, truststorePassword);
+
+ return SSLContexts.custom()
+ .loadKeyMaterial(identityKeystore, keystorePassword.toCharArray())
+ .loadTrustMaterial(trustKeystore, null)
+ .build();
+ } catch (Exception e) {
+ throw new TlsConfigurationException("TLS configuration exception: " + e);
+ }
+ }
+}