TLS support in sdc-fe

Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-4642 Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6
author: MichaelMorris <michael.morris@est.tech> 2023-10-03 09:58:40 +0100
committer: Michael Morris <michael.morris@est.tech> 2023-10-26 15:43:18 +0000
commit: 95c95b08ae8fa2592852168ec11b9aff3a6a31d5 (patch)
tree: c1236ae2fa93b900ce39e685122ceab677127582 /common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
parent: 0ce40cecbce00104be54871ce87ca99cef2aa480 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
index 966bf857c8..8f3e460ca3 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
@@ -19,6 +19,7 @@
  */
 package org.openecomp.sdc.common.http.client.api;
 
+import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -70,9 +71,10 @@ public class HttpConnectionMngFactory {
         SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
         SSLConnectionSocketFactory sslsf = null;
         try {
-            sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
             if (clientCertificate != null) {
                 setClientSsl(clientCertificate, sslContextBuilder);
+            } else {
+                sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
             }
             sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
         } catch (GeneralSecurityException e) {
@@ -93,6 +95,11 @@ public class HttpConnectionMngFactory {
             char[] keyStorePassword = clientCertificate.getKeyStorePassword().toCharArray();
             KeyStore clientKeyStore = createClientKeyStore(clientCertificate.getKeyStore(), keyStorePassword);
             sslContextBuilder.loadKeyMaterial(clientKeyStore, keyStorePassword);
+            if (StringUtils.isEmpty(clientCertificate.getTrustStore())) {
+                sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
+            } else {
+                sslContextBuilder.loadTrustMaterial(new File(clientCertificate.getTrustStore()), clientCertificate.getTrustStorePassword().toCharArray());
+            }
             logger.debug("#setClientSsl - Set Client Certificate authentication");
         } catch (IOException | GeneralSecurityException e) {
             logger.debug("#setClientSsl - Set Client Certificate authentication failed with exception, diasable client SSL authentication ", e);
@@ -107,6 +114,7 @@ public class HttpConnectionMngFactory {
         }
         return keyStore;
     }
+    
 
     private String getKeyStoreType(String keyStore) {
         if (!StringUtils.isEmpty(keyStore)) {
author	MichaelMorris <michael.morris@est.tech>	2023-10-03 09:58:40 +0100
committer	Michael Morris <michael.morris@est.tech>	2023-10-26 15:43:18 +0000
commit	95c95b08ae8fa2592852168ec11b9aff3a6a31d5 (patch)
tree	c1236ae2fa93b900ce39e685122ceab677127582 /common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
parent	0ce40cecbce00104be54871ce87ca99cef2aa480 (diff)