6 files changed, 42 insertions, 90 deletions

diff --git a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
index 329cb4bed..a72cffd09 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP CLAMP
  * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -74,6 +74,7 @@ public class SslConfig {
                         password.toCharArray());
                 return truststore;
             }
+
         });
     }
 
@@ -83,9 +84,13 @@ public class SslConfig {
         return (tomcat) -> tomcat.setSsl(new Ssl() {
             @Override
             public String getKeyPassword() {
-                String password = PassDecoder.decode(env.getProperty("server.ssl.key-password"),
+                return PassDecoder.decode(env.getProperty("server.ssl.key-password"),
                         env.getProperty("clamp.config.keyFile"));
-                return password;
+            }
+
+            @Override
+            public String getKeyAlias() {
+                return env.getProperty("server.ssl.key-alias");
             }
         });
     }
diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties
index 6b28cf7ef..ba838adb8 100644
--- a/src/main/resources/application-noaaf.properties
+++ b/src/main/resources/application-noaaf.properties
@@ -53,7 +53,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
 
 ## Config part for Client certificates
 server.ssl.client-auth=want
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 1b5a26d0a..7d2d4ef1b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -58,7 +58,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
 
 # The key file used to decode the key store and trust store password
 # If not defined, the key store and trust store password will not be decrypted
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12
deleted file mode 100644
index 268aa1a3c..000000000
--- a/src/main/resources/clds/aaf/org.onap.clamp.p12
+++ /dev/null
diff --git a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
index 9dd2130c6..1a4a2ec5f 100644
--- a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
+++ b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP CLAMP
  * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,17 +26,19 @@ package org.onap.policy.clamp.clds.it;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.io.File;
-import java.io.IOException;
-import java.net.HttpURLConnection;
 import java.nio.charset.Charset;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import org.apache.commons.io.FileUtils;
-import org.junit.BeforeClass;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Value;
@@ -44,7 +46,7 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
@@ -64,53 +66,13 @@ public class HttpsItCase {
     @Value("${server.http-to-https-redirection.port}")
     private String httpPort;
 
-    /**
-     * Setup the variable before tests execution.
-     */
-    @BeforeClass
-    public static void setUp() {
-        try {
-            // setup ssl context to ignore certificate errors
-            SSLContext ctx = SSLContext.getInstance("TLS");
-            X509TrustManager tm = new X509TrustManager() {
-
-                @Override
-                public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
-                        throws java.security.cert.CertificateException {
-                }
-
-                @Override
-                public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
-                        throws java.security.cert.CertificateException {
-                }
-
-                @Override
-                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                    return null;
-                }
-            };
-            ctx.init(null, new TrustManager[] { tm }, null);
-            SSLContext.setDefault(ctx);
-        } catch (Exception ex) {
-            ex.printStackTrace();
-        }
-    }
-
     @Test
     public void testDesignerIndex() throws Exception {
-        RestTemplate template = new RestTemplate();
-        final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
-            @Override
-            public boolean verify(final String hostname, final SSLSession session) {
-                return true;
-            }
-        });
-        template.setRequestFactory(factory);
-        ResponseEntity<String> entity = template.getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
-                String.class);
+        ResponseEntity<String> entity =
+                new RestTemplate().getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
+                        String.class);
         assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
-        ResponseEntity<String> httpsEntity = template
+        ResponseEntity<String> httpsEntity = getRestTemplate()
                 .getForEntity("https://localhost:" + this.httpsPort + "/swagger.html", String.class);
         assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
         assertThat(httpsEntity.getBody()).contains("Clamp Rest API");
@@ -118,16 +80,7 @@ public class HttpsItCase {
 
     @Test
     public void testSwaggerJson() throws Exception {
-        RestTemplate template = new RestTemplate();
-        final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
-            @Override
-            public boolean verify(final String hostname, final SSLSession session) {
-                return true;
-            }
-        });
-        template.setRequestFactory(factory);
-        ResponseEntity<String> httpsEntity = template
+        ResponseEntity<String> httpsEntity = getRestTemplate()
                 .getForEntity("https://localhost:" + this.httpsPort + "/restservices/clds/api-doc", String.class);
         assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
         assertThat(httpsEntity.getBody()).contains("swagger");
@@ -135,25 +88,19 @@ public class HttpsItCase {
                 Charset.defaultCharset());
     }
 
-    /**
-     * Http Request Factory for ignoring SSL hostname errors. Not for production
-     * use!
-     */
-    class MySimpleClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
-
-        private final HostnameVerifier verifier;
-
-        public MySimpleClientHttpRequestFactory(final HostnameVerifier verifier) {
-            this.verifier = verifier;
-        }
-
-        @Override
-        protected void prepareConnection(final HttpURLConnection connection, final String httpMethod)
-                throws IOException {
-            if (connection instanceof HttpsURLConnection) {
-                ((HttpsURLConnection) connection).setHostnameVerifier(this.verifier);
-            }
-            super.prepareConnection(connection, httpMethod);
-        }
+    private RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
+        SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
+                .loadTrustMaterial(null, new TrustStrategy() {
+                    @Override
+                    public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+                        return true;
+                    }
+                }).build();
+        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
+        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
+        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+        requestFactory.setHttpClient(httpClient);
+        RestTemplate restTemplate = new RestTemplate(requestFactory);
+        return restTemplate;
     }
 }
diff --git a/src/test/resources/https/https-test.properties b/src/test/resources/https/https-test.properties
index 86e444efe..aeae64036 100644
--- a/src/test/resources/https/https-test.properties
+++ b/src/test/resources/https/https-test.properties
@@ -31,7 +31,7 @@ server.ssl.key-store=classpath:clds/aaf/org.onap.clamp.p12
 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
 
 # The key file used to decode the key store and trust store password
 # If not defined, the key store and trust store password will not be decrypted