Refactor of an AAIRestInterface

Refactor and some additional tests added

(cherry picked from commit 6d8fa7d179b8de802ae386b317ddd1214eac1c47)

Change-Id: Ibe7583353499352aa81d100b9995b9c74133c447
Issue-ID: VID-229
Signed-off-by: Stern, Ittay (is9613) <is9613@att.com>
[Added proper headers to modified and created files]
Signed-off-by: golabek <tomasz.golabek@nokia.com>

1 files changed, 105 insertions, 0 deletions

diff --git a/vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java b/vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java
new file mode 100644
index 00000000..90d2be95
--- /dev/null
+++ b/vid-app-common/src/main/java/org/onap/vid/aai/util/SSLContextProvider.java
@@ -0,0 +1,105 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * VID
+ * ================================================================================
+ * Copyright (C) 2018 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.vid.aai.util;
+
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.vid.aai.exceptions.HttpClientBuilderException;
+
+import javax.net.ssl.*;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+public class SSLContextProvider {
+
+    private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SSLContextProvider.class);
+
+    public SSLContext getSslContext(String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws HttpClientBuilderException {
+        try {
+            final SSLContext ctx = SSLContext.getInstance("TLSv1.2");
+            KeyManager[] keyManagers = getKeyManagerFactory(keystorePath, keystorePassword, httpClientMode);
+            ctx.init(keyManagers, getTrustManager(httpClientMode), null);
+            return ctx;
+        } catch (IOException | GeneralSecurityException e) {
+            logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up ssl context.");
+            throw new HttpClientBuilderException(e);
+        }
+    }
+
+    /**
+     * @param keystorePath
+     * @param keystorePassword - in clear
+     * @return
+     * @throws IOException
+     * @throws GeneralSecurityException
+     */
+    private KeyManager[] getKeyManagerFactory(String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws IOException, GeneralSecurityException {
+        switch (httpClientMode) {
+            case WITH_KEYSTORE:
+                final KeyManagerFactory kmf;
+                try (FileInputStream fin = new FileInputStream(keystorePath)) {
+                    kmf = KeyManagerFactory.getInstance("SunX509");
+                    KeyStore ks = KeyStore.getInstance("PKCS12");
+                    char[] pwd = keystorePassword.toCharArray();
+                    ks.load(fin, pwd);
+                    kmf.init(ks, pwd);
+                } catch (Exception e) {
+                    logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up kmf");
+                    logger.error(EELFLoggerDelegate.errorLogger, "Error setting up kmf (keystore path: {}, deobfuascated keystore password: {})", keystorePath, keystorePassword, e);
+                    throw e;
+                }
+                return kmf.getKeyManagers();
+
+            case WITHOUT_KEYSTORE:
+                return null;
+
+            default:
+                logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up getKeyManagerFactory. HttpClientMode is " + httpClientMode);
+                throw new IllegalStateException("Error setting up getKeyManagerFactory. HttpClientMode is " + httpClientMode);
+        }
+    }
+
+    private TrustManager[] getTrustManager(HttpClientMode httpClientMode) {
+        //Creating a trustManager that will accept all certificates.
+        //TODO - remove this one the POMBA certificate is added to the tomcat_keystore file
+        TrustManager[] trustAllCerts = null;
+        if (httpClientMode == HttpClientMode.UNSECURE) {
+
+            trustAllCerts = new TrustManager[]{new X509TrustManager() {
+                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                    return new java.security.cert.X509Certificate[]{};
+                }
+
+                public void checkClientTrusted(X509Certificate[] certs, String authType) {
+                    // trust all
+                }
+
+                public void checkServerTrusted(X509Certificate[] certs, String authType) {
+                    // trust all
+                }
+            }};
+        }
+        return trustAllCerts;
+    }
+
+}