From 45e2f0ae4c14ee24e696717c9d150a2ff0bdc872 Mon Sep 17 00:00:00 2001
From: xuegao <xue.gao@intl.att.com>
Date: Fri, 9 Apr 2021 08:48:47 +0200
Subject: Fix weak-cryptography issues

Load the truststore/keystore of our own instead of using the default one.

Issue-ID: SDC-3495
Change-Id: I0ecd764d5198480a065fd38299cc9ff9da66af29
Signed-off-by: xuegao <xue.gao@intl.att.com>
---
 catalog-fe/pom.xml                                 |   6 +-
 .../org/openecomp/sdc/fe/impl/PluginStatusBL.java  |   2 +-
 .../org/openecomp/sdc/fe/utils/JettySSLUtils.java  | 117 ---------------------
 3 files changed, 6 insertions(+), 119 deletions(-)
 delete mode 100644 catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java

(limited to 'catalog-fe')

diff --git a/catalog-fe/pom.xml b/catalog-fe/pom.xml
index bde5a8b4bf..3591a51bc2 100644
--- a/catalog-fe/pom.xml
+++ b/catalog-fe/pom.xml
@@ -26,7 +26,11 @@
       <version>${functionaljava.version}</version>
       <scope>compile</scope>
     </dependency>
-
+    <dependency>
+      <groupId>org.onap.sdc.common</groupId>
+      <artifactId>onap-configuration-management-api</artifactId>
+      <version>${project.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.openecomp.sdc</groupId>
       <artifactId>common-app-api</artifactId>
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
index 080ab6809a..e1b4572a05 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/impl/PluginStatusBL.java
@@ -36,12 +36,12 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.onap.config.api.JettySSLUtils;
 import org.openecomp.sdc.common.log.wrappers.Logger;
 import org.openecomp.sdc.exception.InvalidArgumentException;
 import org.openecomp.sdc.fe.config.ConfigurationManager;
 import org.openecomp.sdc.fe.config.PluginsConfiguration;
 import org.openecomp.sdc.fe.config.PluginsConfiguration.Plugin;
-import org.openecomp.sdc.fe.utils.JettySSLUtils;
 
 public class PluginStatusBL {
 
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java
deleted file mode 100644
index a9badde06b..0000000000
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/utils/JettySSLUtils.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * SDC
- * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.openecomp.sdc.fe.utils;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.util.Properties;
-import javax.net.ssl.SSLContext;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.ssl.SSLContexts;
-
-public class JettySSLUtils {
-
-    private JettySSLUtils() {
-    }
-
-    public static JettySslConfig getSSLConfig() throws IOException {
-        Properties sslProperties = new Properties();
-        String sslPropsPath = System.getenv("JETTY_BASE") + File.separator + "/start.d/ssl.ini";
-        File sslPropsFile = new File(sslPropsPath);
-        try (FileInputStream fis = new FileInputStream(sslPropsFile)) {
-            sslProperties.load(fis);
-        }
-        return new JettySslConfig(sslProperties);
-    }
-
-    public static SSLContext getSslContext() throws GeneralSecurityException, IOException {
-        JettySSLUtils.JettySslConfig sslProperties = JettySSLUtils.getSSLConfig();
-        KeyStore trustStore = KeyStore.getInstance(sslProperties.getTruststoreType());
-        try (FileInputStream instream = new FileInputStream(new File(sslProperties.getTruststorePath()));) {
-            trustStore.load(instream, (sslProperties.getTruststorePass()).toCharArray());
-        }
-        KeyStore keystore = KeyStore.getInstance(sslProperties.getKeystoreType());
-        try (FileInputStream instream = new FileInputStream(new File(sslProperties.getKeystorePath()));) {
-            keystore.load(instream, sslProperties.getKeystorePass().toCharArray());
-        }
-        // Trust own CA and all self-signed certs
-        return SSLContexts.custom().loadKeyMaterial(keystore, sslProperties.getKeystorePass().toCharArray())
-            .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
-    }
-
-    public static class JettySslConfig {
-
-        static final String JETTY_BASE = System.getenv("JETTY_BASE");
-        static final String KEY_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.keyStoreType";
-        static final String TRUST_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.trustStoreType";
-        Properties sslProperties;
-
-        JettySslConfig(Properties sslProperties) {
-            this.sslProperties = sslProperties;
-        }
-
-        public String getJettyBase() {
-            return JettySslConfig.JETTY_BASE;
-        }
-
-        public String getKeystorePath() {
-            return sslProperties.getProperty("jetty.sslContext.keyStorePath");
-        }
-
-        public String getKeystorePass() {
-            return sslProperties.getProperty("jetty.sslContext.keyStorePassword");
-        }
-
-        public String getKeystoreType() {
-            return sslProperties.getProperty(KEY_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType());
-        }
-
-        public String getTruststorePath() {
-            return sslProperties.getProperty("jetty.sslContext.trustStorePath");
-        }
-
-        public String getTruststorePass() {
-            return sslProperties.getProperty("jetty.sslContext.trustStorePassword");
-        }
-
-        public String getTruststoreType() {
-            return sslProperties.getProperty(TRUST_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType());
-        }
-
-        public String getKeyStoreManager() {
-            return sslProperties.getProperty("jetty.sslContext.keyManagerPassword");
-        }
-
-        public Boolean getNeedClientAuth() {
-            if (sslProperties.containsKey("jetty.sslContext.needClientAuth")) {
-                return Boolean.valueOf(sslProperties.getProperty("jetty.sslContext.needClientAuth"));
-            } else {
-                return Boolean.FALSE;
-            }
-        }
-
-        public String getProperty(String key) {
-            return sslProperties.getProperty(key);
-        }
-    }
-}
-- 
cgit 1.2.3-korg