aboutsummaryrefslogtreecommitdiffstats
path: root/common-app-api
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2023-10-03 09:58:40 +0100
committerMichael Morris <michael.morris@est.tech>2023-10-26 15:43:18 +0000
commit95c95b08ae8fa2592852168ec11b9aff3a6a31d5 (patch)
treec1236ae2fa93b900ce39e685122ceab677127582 /common-app-api
parent0ce40cecbce00104be54871ce87ca99cef2aa480 (diff)
TLS support in sdc-fe
Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-4642 Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6
Diffstat (limited to 'common-app-api')
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java10
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java30
2 files changed, 20 insertions, 20 deletions
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
index 966bf857c8..8f3e460ca3 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
@@ -19,6 +19,7 @@
*/
package org.openecomp.sdc.common.http.client.api;
+import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -70,9 +71,10 @@ public class HttpConnectionMngFactory {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
SSLConnectionSocketFactory sslsf = null;
try {
- sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
if (clientCertificate != null) {
setClientSsl(clientCertificate, sslContextBuilder);
+ } else {
+ sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
}
sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
} catch (GeneralSecurityException e) {
@@ -93,6 +95,11 @@ public class HttpConnectionMngFactory {
char[] keyStorePassword = clientCertificate.getKeyStorePassword().toCharArray();
KeyStore clientKeyStore = createClientKeyStore(clientCertificate.getKeyStore(), keyStorePassword);
sslContextBuilder.loadKeyMaterial(clientKeyStore, keyStorePassword);
+ if (StringUtils.isEmpty(clientCertificate.getTrustStore())) {
+ sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
+ } else {
+ sslContextBuilder.loadTrustMaterial(new File(clientCertificate.getTrustStore()), clientCertificate.getTrustStorePassword().toCharArray());
+ }
logger.debug("#setClientSsl - Set Client Certificate authentication");
} catch (IOException | GeneralSecurityException e) {
logger.debug("#setClientSsl - Set Client Certificate authentication failed with exception, diasable client SSL authentication ", e);
@@ -107,6 +114,7 @@ public class HttpConnectionMngFactory {
}
return keyStore;
}
+
private String getKeyStoreType(String keyStore) {
if (!StringUtils.isEmpty(keyStore)) {
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java
index 93fc3b9f0f..2946217ebd 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java
@@ -21,24 +21,33 @@ package org.openecomp.sdc.common.http.config;
import fj.data.Either;
import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+
import org.apache.commons.lang3.StringUtils;
import org.onap.sdc.security.SecurityUtil;
@EqualsAndHashCode
+@Getter
+@Setter
public class ClientCertificate {
private String keyStore;
private String keyStorePassword;
-
+ private String trustStore;
+ private String trustStorePassword;
+
public ClientCertificate() {
}
public ClientCertificate(ClientCertificate clientCertificate) {
setKeyStore(clientCertificate.getKeyStore());
setKeyStorePassword(clientCertificate.getKeyStorePassword(), false);
+ setTrustStore(clientCertificate.getTrustStore());
+ setTrustStorePassword(clientCertificate.getTrustStorePassword());
}
- private void setKeyStorePassword(String keyStorePassword, boolean isEncoded) {
+ public void setKeyStorePassword(String keyStorePassword, boolean isEncoded) {
validate(keyStorePassword);
if (isEncoded) {
Either<String, String> passkey = SecurityUtil.decrypt(keyStorePassword);
@@ -52,32 +61,15 @@ public class ClientCertificate {
}
}
- public String getKeyStore() {
- return keyStore;
- }
-
public void setKeyStore(String keyStore) {
validate(keyStore);
this.keyStore = keyStore;
}
- public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
public void setKeyStorePassword(String keyStorePassword) {
setKeyStorePassword(keyStorePassword, true);
}
- @Override
- public String toString() {
- StringBuilder builder = new StringBuilder();
- builder.append("ClientCertificate [keyStore=");
- builder.append(keyStore);
- builder.append("]");
- return builder.toString();
- }
-
private void validate(String str) {
if (StringUtils.isEmpty(str)) {
throw new IllegalArgumentException("ClientCertificate keystore and/or kestorePassword cannot be empty");