diff options
| author |   MichaelMorris <michael.morris@est.tech> | 2023-10-03 09:58:40 +0100 |
|---|---|---|
| committer | Michael Morris <michael.morris@est.tech> | 2023-10-26 15:43:18 +0000 |
| commit | 95c95b08ae8fa2592852168ec11b9aff3a6a31d5 (patch) | |
| tree | c1236ae2fa93b900ce39e685122ceab677127582 /catalog-fe/src/main | |
| parent | 0ce40cecbce00104be54871ce87ca99cef2aa480 (diff) | |
TLS support in sdc-fe
Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-4642
Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6
Diffstat (limited to 'catalog-fe/src/main')
| -rw-r--r-- | catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTask.java | 23 | ||||
| -rw-r--r-- | catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java | 13 |
2 files changed, 33 insertions, 3 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTask.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTask.java index 2d99f84b9a..0db9fe9a44 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTask.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/HealthCheckScheduledTask.java @@ -37,15 +37,22 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.Map; + +import javax.servlet.ServletException; + import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.apache.http.HttpStatus; +import org.eclipse.jetty.client.HttpClient; +import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.onap.config.api.JettySSLUtils; import org.openecomp.sdc.common.api.Constants; import org.openecomp.sdc.common.api.HealthCheckInfo; import org.openecomp.sdc.common.api.HealthCheckWrapper; import org.openecomp.sdc.common.config.EcompErrorEnum; import org.openecomp.sdc.common.http.client.api.HttpRequest; import org.openecomp.sdc.common.http.client.api.HttpResponse; +import org.openecomp.sdc.common.http.config.ClientCertificate; import org.openecomp.sdc.common.http.config.HttpClientConfig; import org.openecomp.sdc.common.http.config.Timeouts; import org.openecomp.sdc.common.impl.ExternalConfiguration; @@ -116,7 +123,9 @@ public class HealthCheckScheduledTask implements Runnable { if (healthCheckUrl != null) { ObjectMapper mapper = new ObjectMapper(); try { - HttpResponse<String> response = HttpRequest.get(healthCheckUrl, new HttpClientConfig(new Timeouts(connectTimeoutMs, readTimeoutMs))); + HttpClientConfig clientConfig = new HttpClientConfig(new Timeouts(connectTimeoutMs, readTimeoutMs), getHttpClientCertificate()); + + HttpResponse<String> response = HttpRequest.get(healthCheckUrl, clientConfig); int beStatus = response.getStatusCode(); if (beStatus == HttpStatus.SC_OK || beStatus == HttpStatus.SC_INTERNAL_SERVER_ERROR) { String beJsonResponse = response.getResponse(); @@ -135,6 +144,15 @@ public class HealthCheckScheduledTask implements Runnable { String compName = requestedByBE ? Constants.HC_COMPONENT_FE : baseComponent; return Collections.singletonList(new HealthCheckInfo(compName, HealthCheckInfo.HealthCheckStatus.DOWN, null, description.toString())); } + + private ClientCertificate getHttpClientCertificate() { + ClientCertificate clientCertificate = new ClientCertificate(); + clientCertificate.setKeyStore(JettySSLUtils.getSSLConfig().getKeystorePath()); + clientCertificate.setKeyStorePassword(JettySSLUtils.getSSLConfig().getKeystorePass(), false); + clientCertificate.setTrustStore(JettySSLUtils.getSSLConfig().getTruststorePath()); + clientCertificate.setTrustStorePassword(JettySSLUtils.getSSLConfig().getTruststorePass()); + return clientCertificate; + } private String getExternalComponentHcUri(String baseComponent) { String healthCheckUri = null; @@ -197,7 +215,8 @@ public class HealthCheckScheduledTask implements Runnable { ErrorLogOptionalData errorLogOptionalData = ErrorLogOptionalData.newBuilder().targetEntity(LOG_TARGET_ENTITY_BE) .targetServiceName(LOG_SERVICE_NAME).build(); try { - HttpResponse<String> response = HttpRequest.get(redirectedUrl, new HttpClientConfig(new Timeouts(connectTimeoutMs, readTimeoutMs))); + HttpClientConfig clientConfig = new HttpClientConfig(new Timeouts(connectTimeoutMs, readTimeoutMs), getHttpClientCertificate()); + HttpResponse<String> response = HttpRequest.get(redirectedUrl, clientConfig); log.debug("HC call to BE - status code is {}", response.getStatusCode()); String beJsonResponse = response.getResponse(); feAggHealthCheck = getFeHealthCheckInfos(gson, beJsonResponse); diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java index 891bc4ae34..0923716bd0 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/SSLProxyServlet.java @@ -20,9 +20,11 @@ package org.openecomp.sdc.fe.servlets; import javax.servlet.ServletException; + import org.eclipse.jetty.client.HttpClient; import org.eclipse.jetty.proxy.ProxyServlet; import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.onap.config.api.JettySSLUtils; import org.openecomp.sdc.common.api.Constants; import org.openecomp.sdc.fe.config.Configuration; import org.openecomp.sdc.fe.config.ConfigurationManager; @@ -52,8 +54,17 @@ public abstract class SSLProxyServlet extends ProxyServlet { } private HttpClient getSecureHttpClient() throws ServletException { + final JettySSLUtils.JettySslConfig sslConfig = JettySSLUtils.getSSLConfig(); + SslContextFactory sslContextFactory = new SslContextFactory.Client(); + sslContextFactory.setKeyStorePath(sslConfig.getKeystorePath()); + sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePass()); + sslContextFactory.setKeyManagerPassword(sslConfig.getKeystorePass()); + sslContextFactory.setTrustStorePath(sslConfig.getTruststorePath()); + sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePass()); + sslContextFactory.setKeyStorePath(sslConfig.getKeystorePath()); + // Instantiate HttpClient with the SslContextFactory - final var httpClient = new HttpClient(new SslContextFactory.Client(true)); + final var httpClient = new HttpClient(sslContextFactory); // Configure HttpClient, for example: httpClient.setFollowRedirects(false); // Start HttpClient |