diff options
author | xuegao <xue.gao@intl.att.com> | 2021-04-09 08:48:47 +0200 |
---|---|---|
committer | Christophe Closset <christophe.closset@intl.att.com> | 2021-04-12 08:37:47 +0000 |
commit | 45e2f0ae4c14ee24e696717c9d150a2ff0bdc872 (patch) | |
tree | 1cfd6c63051730d0653e926709735d383adeab14 /catalog-fe | |
parent | 6035b0849ea1394345d86a63bb68851a8930c4ae (diff) |
Fix weak-cryptography issues
Load the truststore/keystore of our own instead of using the default one.
Issue-ID: SDC-3495
Change-Id: I0ecd764d5198480a065fd38299cc9ff9da66af29
Signed-off-by: xuegao <xue.gao@intl.att.com>
Diffstat (limited to 'catalog-fe')
-rw-r--r-- | catalog-fe/pom.xml | 6 | ||||
-rw-r--r-- | catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java | 2 | ||||
-rw-r--r-- | catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java | 117 |
3 files changed, 6 insertions, 119 deletions
diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml index bde5a8b4bf..3591a51bc2 100644 --- a/catalog-fe/pom.xml +++ b/catalog-fe/pom.xml @@ -26,7 +26,11 @@ <version>${functionaljava.version}</version> <scope>compile</scope> </dependency> - + <dependency> + <groupId>org.onap.sdc.common</groupId> + <artifactId>onap-configuration-management-api</artifactId> + <version>${project.version}</version> + </dependency> <dependency> <groupId>org.openecomp.sdc</groupId> <artifactId>common-app-api</artifactId> diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java index 080ab6809a..e1b4572a05 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java @@ -36,12 +36,12 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.onap.config.api.JettySSLUtils; import org.openecomp.sdc.common.log.wrappers.Logger; import org.openecomp.sdc.exception.InvalidArgumentException; import org.openecomp.sdc.fe.config.ConfigurationManager; import org.openecomp.sdc.fe.config.PluginsConfiguration; import org.openecomp.sdc.fe.config.PluginsConfiguration.Plugin; -import org.openecomp.sdc.fe.utils.JettySSLUtils; public class PluginStatusBL { diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java deleted file mode 100644 index a9badde06b..0000000000 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java +++ /dev/null @@ -1,117 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.openecomp.sdc.fe.utils; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.util.Properties; -import javax.net.ssl.SSLContext; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.ssl.SSLContexts; - -public class JettySSLUtils { - - private JettySSLUtils() { - } - - public static JettySslConfig getSSLConfig() throws IOException { - Properties sslProperties = new Properties(); - String sslPropsPath = System.getenv("JETTY_BASE") + File.separator + "/start.d/ssl.ini"; - File sslPropsFile = new File(sslPropsPath); - try (FileInputStream fis = new FileInputStream(sslPropsFile)) { - sslProperties.load(fis); - } - return new JettySslConfig(sslProperties); - } - - public static SSLContext getSslContext() throws GeneralSecurityException, IOException { - JettySSLUtils.JettySslConfig sslProperties = JettySSLUtils.getSSLConfig(); - KeyStore trustStore = KeyStore.getInstance(sslProperties.getTruststoreType()); - try (FileInputStream instream = new FileInputStream(new File(sslProperties.getTruststorePath()));) { - trustStore.load(instream, (sslProperties.getTruststorePass()).toCharArray()); - } - KeyStore keystore = KeyStore.getInstance(sslProperties.getKeystoreType()); - try (FileInputStream instream = new FileInputStream(new File(sslProperties.getKeystorePath()));) { - keystore.load(instream, sslProperties.getKeystorePass().toCharArray()); - } - // Trust own CA and all self-signed certs - return SSLContexts.custom().loadKeyMaterial(keystore, sslProperties.getKeystorePass().toCharArray()) - .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build(); - } - - public static class JettySslConfig { - - static final String JETTY_BASE = System.getenv("JETTY_BASE"); - static final String KEY_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.keyStoreType"; - static final String TRUST_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.trustStoreType"; - Properties sslProperties; - - JettySslConfig(Properties sslProperties) { - this.sslProperties = sslProperties; - } - - public String getJettyBase() { - return JettySslConfig.JETTY_BASE; - } - - public String getKeystorePath() { - return sslProperties.getProperty("jetty.sslContext.keyStorePath"); - } - - public String getKeystorePass() { - return sslProperties.getProperty("jetty.sslContext.keyStorePassword"); - } - - public String getKeystoreType() { - return sslProperties.getProperty(KEY_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType()); - } - - public String getTruststorePath() { - return sslProperties.getProperty("jetty.sslContext.trustStorePath"); - } - - public String getTruststorePass() { - return sslProperties.getProperty("jetty.sslContext.trustStorePassword"); - } - - public String getTruststoreType() { - return sslProperties.getProperty(TRUST_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType()); - } - - public String getKeyStoreManager() { - return sslProperties.getProperty("jetty.sslContext.keyManagerPassword"); - } - - public Boolean getNeedClientAuth() { - if (sslProperties.containsKey("jetty.sslContext.needClientAuth")) { - return Boolean.valueOf(sslProperties.getProperty("jetty.sslContext.needClientAuth")); - } else { - return Boolean.FALSE; - } - } - - public String getProperty(String key) { - return sslProperties.getProperty(key); - } - } -} |