diff options
author | vasraz <vasyl.razinkov@est.tech> | 2023-05-05 11:57:56 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2023-05-08 13:11:02 +0000 |
commit | a2feaf9b65cbba66181fb560b5815a62427d65cc (patch) | |
tree | be49cc57d447f7bb94e717e1ee970d4b095e1473 /catalog-be/src/main/java/org/openecomp/sdc/config | |
parent | af3fdfce91aeea1804c76a8571c102b78dde3794 (diff) |
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3
Issue-ID: SDC-4483
Diffstat (limited to 'catalog-be/src/main/java/org/openecomp/sdc/config')
-rw-r--r-- | catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java | 52 |
1 files changed, 47 insertions, 5 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java index b38210116c..c423795a2f 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java @@ -21,7 +21,11 @@ */ package org.openecomp.sdc.config; +import nl.altindag.ssl.SSLFactory; +import nl.altindag.ssl.util.JettySslUtils; import org.apache.http.impl.client.CloseableHttpClient; +import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.onap.config.api.JettySSLUtils; import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; import org.onap.sdc.security.PortalClient; import org.openecomp.sdc.be.auditing.impl.ConfigurationProvider; @@ -29,19 +33,27 @@ import org.openecomp.sdc.be.components.impl.ComponentLocker; import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler; import org.openecomp.sdc.be.components.impl.lock.ComponentLockAspect; import org.openecomp.sdc.be.components.lifecycle.LifecycleBusinessLogic; +import org.openecomp.sdc.be.config.Configuration; import org.openecomp.sdc.be.config.ConfigurationManager; import org.openecomp.sdc.be.ecomp.converters.AssetMetadataConverter; import org.openecomp.sdc.be.filters.FilterConfiguration; import org.openecomp.sdc.be.filters.PortalConfiguration; import org.openecomp.sdc.be.filters.ThreadLocalUtils; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; +import javax.net.ssl.SSLSessionContext; +import javax.net.ssl.X509ExtendedKeyManager; +import javax.net.ssl.X509ExtendedTrustManager; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; + + // @formatter:off -@Configuration +@org.springframework.context.annotation.Configuration @ComponentScan({ "org.openecomp.sdc.be.user", "org.openecomp.sdc.be.facade.operations", @@ -73,10 +85,11 @@ public class CatalogBESpringConfig { private static final int BEFORE_TRANSACTION_MANAGER = 0; private final ComponentLocker componentLocker; + private final JettySSLUtils.JettySslConfig sslConfig; - @Autowired public CatalogBESpringConfig(ComponentLocker componentLocker) { this.componentLocker = componentLocker; + sslConfig = JettySSLUtils.getSSLConfig(); } @Bean(name = "lifecycleBusinessLogic") @@ -132,7 +145,36 @@ public class CatalogBESpringConfig { } @Bean - public org.openecomp.sdc.be.config.Configuration configuration() { + public Configuration configuration() { return ConfigurationManager.getConfigurationManager().getConfiguration(); } + + @Bean + public SSLFactory sslFactory() throws IOException { + return SSLFactory.builder().withSwappableIdentityMaterial() + .withIdentityMaterial(Files.newInputStream(Path.of(sslConfig.getKeystorePath()), StandardOpenOption.READ), sslConfig.getKeystorePass().toCharArray(), sslConfig.getKeystoreType()).withSwappableTrustMaterial() + .withTrustMaterial(Files.newInputStream(Path.of(sslConfig.getTruststorePath()), StandardOpenOption.READ), sslConfig.getTruststorePass().toCharArray(), sslConfig.getTruststoreType()).withNeedClientAuthentication() + .build(); + } + + @Bean + public SslContextFactory.Server sslContextFactory(SSLFactory sslFactory) { + return JettySslUtils.forServer(sslFactory); + } + + @Bean + public X509ExtendedKeyManager keyManager(SSLFactory sslFactory) throws Exception { + return sslFactory.getKeyManager().orElseThrow(Exception::new); + } + + @Bean + public X509ExtendedTrustManager trustManager(SSLFactory sslFactory) throws Exception { + return sslFactory.getTrustManager().orElseThrow(Exception::new); + } + + @Bean + public SSLSessionContext serverSessionContext(SSLFactory sslFactory) { + return sslFactory.getSslContext().getServerSessionContext(); + } + } |