From b81c681cb6be761a2abb5e2f5af1b923bef1f6b4 Mon Sep 17 00:00:00 2001 From: awudzins Date: Fri, 13 Mar 2020 16:54:18 +0100 Subject: Switch client and server to communicate over TLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue-ID: AAF-1084 Signed-off-by: Adam WudziƄski Change-Id: I7f11b27c7dcdf4fc3eba2d5e64b6dc775c80dd74 --- .../onap/aaf/certservice/client/CertServiceClient.java | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java') diff --git a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java index 0916bb8a..1b5b8ee3 100644 --- a/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java +++ b/certServiceClient/src/main/java/org/onap/aaf/certservice/client/CertServiceClient.java @@ -19,26 +19,30 @@ package org.onap.aaf.certservice.client; -import java.security.KeyPair; import org.onap.aaf.certservice.client.api.ExitableException; -import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; import org.onap.aaf.certservice.client.certification.CsrFactory; import org.onap.aaf.certservice.client.certification.KeyPairFactory; +import org.onap.aaf.certservice.client.certification.PrivateKeyToPemEncoder; import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreator; import org.onap.aaf.certservice.client.certification.conversion.KeystoreTruststoreCreatorFactory; import org.onap.aaf.certservice.client.common.Base64Encoder; import org.onap.aaf.certservice.client.configuration.EnvsForClient; import org.onap.aaf.certservice.client.configuration.EnvsForCsr; +import org.onap.aaf.certservice.client.configuration.EnvsForTls; import org.onap.aaf.certservice.client.configuration.factory.ClientConfigurationFactory; import org.onap.aaf.certservice.client.configuration.factory.CsrConfigurationFactory; +import org.onap.aaf.certservice.client.configuration.factory.SslContextFactory; import org.onap.aaf.certservice.client.configuration.model.ClientConfiguration; import org.onap.aaf.certservice.client.configuration.model.CsrConfiguration; -import org.onap.aaf.certservice.client.httpclient.CloseableHttpClientProvider; +import org.onap.aaf.certservice.client.httpclient.CloseableHttpsClientProvider; import org.onap.aaf.certservice.client.httpclient.HttpClient; import org.onap.aaf.certservice.client.httpclient.model.CertServiceResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.SSLContext; +import java.security.KeyPair; + import static org.onap.aaf.certservice.client.api.ExitStatus.SUCCESS; import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.KEY_SIZE; import static org.onap.aaf.certservice.client.certification.EncryptionAlgorithmConstants.RSA_ENCRYPTION_ALGORITHM; @@ -62,9 +66,10 @@ public class CertServiceClient { CsrConfiguration csrConfiguration = new CsrConfigurationFactory(new EnvsForCsr()).create(); KeyPair keyPair = keyPairFactory.create(); CsrFactory csrFactory = new CsrFactory(csrConfiguration); + SSLContext sslContext = new SslContextFactory(new EnvsForTls()).create(); - CloseableHttpClientProvider provider = new CloseableHttpClientProvider( - clientConfiguration.getRequestTimeout()); + CloseableHttpsClientProvider provider = new CloseableHttpsClientProvider( + sslContext, clientConfiguration.getRequestTimeout()); HttpClient httpClient = new HttpClient(provider, clientConfiguration.getUrlToCertService()); CertServiceResponse certServiceData = @@ -74,7 +79,7 @@ public class CertServiceClient { base64Encoder.encode(pkEncoder.encodePrivateKeyToPem(keyPair.getPrivate()))); KeystoreTruststoreCreator filesCreator = new KeystoreTruststoreCreatorFactory( - clientConfiguration.getCertsOutputPath()).create(); + clientConfiguration.getCertsOutputPath()).create(); filesCreator.createKeystore(certServiceData.getCertificateChain(), keyPair.getPrivate()); filesCreator.createTruststore(certServiceData.getTrustedCertificates()); } catch (ExitableException e) { -- cgit 1.2.3-korg