diff options
author | tgolabek <tomasz.golabek@nokia.com> | 2018-05-23 11:40:17 +0200 |
---|---|---|
committer | golabek <tomasz.golabek@nokia.com> | 2018-08-06 13:40:06 +0200 |
commit | f07fc1a586328d2b4cef02bd1d8f9e791130bf1b (patch) | |
tree | c842e8bce5b2acd3c17c494c15e9ad2a6d157a82 /vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java | |
parent | ff76b5ed0aa91d5fdf9dc4f95e8b20f91ed9d072 (diff) |
Refactor of an AAIRestInterface
Refactor and some additional tests added
(cherry picked from commit 6d8fa7d179b8de802ae386b317ddd1214eac1c47)
Change-Id: Ibe7583353499352aa81d100b9995b9c74133c447
Issue-ID: VID-229
Signed-off-by: Stern, Ittay (is9613) <is9613@att.com>
[Added proper headers to modified and created files]
Signed-off-by: golabek <tomasz.golabek@nokia.com>
Diffstat (limited to 'vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java')
-rw-r--r-- | vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java b/vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java new file mode 100644 index 00000000..90d2be95 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java @@ -0,0 +1,105 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2018 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.aai.util; + +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.vid.aai.exceptions.HttpClientBuilderException; + +import javax.net.ssl.*; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.cert.X509Certificate; + +public class SSLContextProvider { + + private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SSLContextProvider.class); + + public SSLContext getSslContext(String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws HttpClientBuilderException { + try { + final SSLContext ctx = SSLContext.getInstance("TLSv1.2"); + KeyManager[] keyManagers = getKeyManagerFactory(keystorePath, keystorePassword, httpClientMode); + ctx.init(keyManagers, getTrustManager(httpClientMode), null); + return ctx; + } catch (IOException | GeneralSecurityException e) { + logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up ssl context."); + throw new HttpClientBuilderException(e); + } + } + + /** + * @param keystorePath + * @param keystorePassword - in clear + * @return + * @throws IOException + * @throws GeneralSecurityException + */ + private KeyManager[] getKeyManagerFactory(String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws IOException, GeneralSecurityException { + switch (httpClientMode) { + case WITH_KEYSTORE: + final KeyManagerFactory kmf; + try (FileInputStream fin = new FileInputStream(keystorePath)) { + kmf = KeyManagerFactory.getInstance("SunX509"); + KeyStore ks = KeyStore.getInstance("PKCS12"); + char[] pwd = keystorePassword.toCharArray(); + ks.load(fin, pwd); + kmf.init(ks, pwd); + } catch (Exception e) { + logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up kmf"); + logger.error(EELFLoggerDelegate.errorLogger, "Error setting up kmf (keystore path: {}, deobfuascated keystore password: {})", keystorePath, keystorePassword, e); + throw e; + } + return kmf.getKeyManagers(); + + case WITHOUT_KEYSTORE: + return null; + + default: + logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up getKeyManagerFactory. HttpClientMode is " + httpClientMode); + throw new IllegalStateException("Error setting up getKeyManagerFactory. HttpClientMode is " + httpClientMode); + } + } + + private TrustManager[] getTrustManager(HttpClientMode httpClientMode) { + //Creating a trustManager that will accept all certificates. + //TODO - remove this one the POMBA certificate is added to the tomcat_keystore file + TrustManager[] trustAllCerts = null; + if (httpClientMode == HttpClientMode.UNSECURE) { + + trustAllCerts = new TrustManager[]{new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[]{}; + } + + public void checkClientTrusted(X509Certificate[] certs, String authType) { + // trust all + } + + public void checkServerTrusted(X509Certificate[] certs, String authType) { + // trust all + } + }}; + } + return trustAllCerts; + } + +} |