summaryrefslogtreecommitdiffstats
path: root/catalog-fe/src
diff options
context:
space:
mode:
authorxuegao <xue.gao@intl.att.com>2021-04-09 08:48:47 +0200
committerChristophe Closset <christophe.closset@intl.att.com>2021-04-12 08:37:47 +0000
commit45e2f0ae4c14ee24e696717c9d150a2ff0bdc872 (patch)
tree1cfd6c63051730d0653e926709735d383adeab14 /catalog-fe/src
parent6035b0849ea1394345d86a63bb68851a8930c4ae (diff)
Fix weak-cryptography issues
Load the truststore/keystore of our own instead of using the default one. Issue-ID: SDC-3495 Change-Id: I0ecd764d5198480a065fd38299cc9ff9da66af29 Signed-off-by: xuegao <xue.gao@intl.att.com>
Diffstat (limited to 'catalog-fe/src')
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java2
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java117
2 files changed, 1 insertions, 118 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
index 080ab6809a..e1b4572a05 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
@@ -36,12 +36,12 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.onap.config.api.JettySSLUtils;
import org.openecomp.sdc.common.log.wrappers.Logger;
import org.openecomp.sdc.exception.InvalidArgumentException;
import org.openecomp.sdc.fe.config.ConfigurationManager;
import org.openecomp.sdc.fe.config.PluginsConfiguration;
import org.openecomp.sdc.fe.config.PluginsConfiguration.Plugin;
-import org.openecomp.sdc.fe.utils.JettySSLUtils;
public class PluginStatusBL {
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java
deleted file mode 100644
index a9badde06b..0000000000
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * SDC
- * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.openecomp.sdc.fe.utils;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.util.Properties;
-import javax.net.ssl.SSLContext;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.ssl.SSLContexts;
-
-public class JettySSLUtils {
-
- private JettySSLUtils() {
- }
-
- public static JettySslConfig getSSLConfig() throws IOException {
- Properties sslProperties = new Properties();
- String sslPropsPath = System.getenv("JETTY_BASE") + File.separator + "/start.d/ssl.ini";
- File sslPropsFile = new File(sslPropsPath);
- try (FileInputStream fis = new FileInputStream(sslPropsFile)) {
- sslProperties.load(fis);
- }
- return new JettySslConfig(sslProperties);
- }
-
- public static SSLContext getSslContext() throws GeneralSecurityException, IOException {
- JettySSLUtils.JettySslConfig sslProperties = JettySSLUtils.getSSLConfig();
- KeyStore trustStore = KeyStore.getInstance(sslProperties.getTruststoreType());
- try (FileInputStream instream = new FileInputStream(new File(sslProperties.getTruststorePath()));) {
- trustStore.load(instream, (sslProperties.getTruststorePass()).toCharArray());
- }
- KeyStore keystore = KeyStore.getInstance(sslProperties.getKeystoreType());
- try (FileInputStream instream = new FileInputStream(new File(sslProperties.getKeystorePath()));) {
- keystore.load(instream, sslProperties.getKeystorePass().toCharArray());
- }
- // Trust own CA and all self-signed certs
- return SSLContexts.custom().loadKeyMaterial(keystore, sslProperties.getKeystorePass().toCharArray())
- .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
- }
-
- public static class JettySslConfig {
-
- static final String JETTY_BASE = System.getenv("JETTY_BASE");
- static final String KEY_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.keyStoreType";
- static final String TRUST_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.trustStoreType";
- Properties sslProperties;
-
- JettySslConfig(Properties sslProperties) {
- this.sslProperties = sslProperties;
- }
-
- public String getJettyBase() {
- return JettySslConfig.JETTY_BASE;
- }
-
- public String getKeystorePath() {
- return sslProperties.getProperty("jetty.sslContext.keyStorePath");
- }
-
- public String getKeystorePass() {
- return sslProperties.getProperty("jetty.sslContext.keyStorePassword");
- }
-
- public String getKeystoreType() {
- return sslProperties.getProperty(KEY_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType());
- }
-
- public String getTruststorePath() {
- return sslProperties.getProperty("jetty.sslContext.trustStorePath");
- }
-
- public String getTruststorePass() {
- return sslProperties.getProperty("jetty.sslContext.trustStorePassword");
- }
-
- public String getTruststoreType() {
- return sslProperties.getProperty(TRUST_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType());
- }
-
- public String getKeyStoreManager() {
- return sslProperties.getProperty("jetty.sslContext.keyManagerPassword");
- }
-
- public Boolean getNeedClientAuth() {
- if (sslProperties.containsKey("jetty.sslContext.needClientAuth")) {
- return Boolean.valueOf(sslProperties.getProperty("jetty.sslContext.needClientAuth"));
- } else {
- return Boolean.FALSE;
- }
- }
-
- public String getProperty(String key) {
- return sslProperties.getProperty(key);
- }
- }
-}