From 95c95b08ae8fa2592852168ec11b9aff3a6a31d5 Mon Sep 17 00:00:00 2001
From: MichaelMorris <michael.morris@est.tech>
Date: Tue, 3 Oct 2023 09:58:40 +0100
Subject: TLS support in sdc-fe

Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-4642
Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6
---
 .../http/client/api/HttpConnectionMngFactory.java  | 10 +++++++-
 .../sdc/common/http/config/ClientCertificate.java  | 30 ++++++++--------------
 2 files changed, 20 insertions(+), 20 deletions(-)

(limited to 'common-app-api/src/main/java/org/openecomp')

diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
index 966bf857c8..8f3e460ca3 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java
@@ -19,6 +19,7 @@
  */
 package org.openecomp.sdc.common.http.client.api;
 
+import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -70,9 +71,10 @@ public class HttpConnectionMngFactory {
         SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
         SSLConnectionSocketFactory sslsf = null;
         try {
-            sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
             if (clientCertificate != null) {
                 setClientSsl(clientCertificate, sslContextBuilder);
+            } else {
+                sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
             }
             sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
         } catch (GeneralSecurityException e) {
@@ -93,6 +95,11 @@ public class HttpConnectionMngFactory {
             char[] keyStorePassword = clientCertificate.getKeyStorePassword().toCharArray();
             KeyStore clientKeyStore = createClientKeyStore(clientCertificate.getKeyStore(), keyStorePassword);
             sslContextBuilder.loadKeyMaterial(clientKeyStore, keyStorePassword);
+            if (StringUtils.isEmpty(clientCertificate.getTrustStore())) {
+                sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
+            } else {
+                sslContextBuilder.loadTrustMaterial(new File(clientCertificate.getTrustStore()), clientCertificate.getTrustStorePassword().toCharArray());
+            }
             logger.debug("#setClientSsl - Set Client Certificate authentication");
         } catch (IOException | GeneralSecurityException e) {
             logger.debug("#setClientSsl - Set Client Certificate authentication failed with exception, diasable client SSL authentication ", e);
@@ -107,6 +114,7 @@ public class HttpConnectionMngFactory {
         }
         return keyStore;
     }
+    
 
     private String getKeyStoreType(String keyStore) {
         if (!StringUtils.isEmpty(keyStore)) {
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java
index 93fc3b9f0f..2946217ebd 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java
@@ -21,24 +21,33 @@ package org.openecomp.sdc.common.http.config;
 
 import fj.data.Either;
 import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+
 import org.apache.commons.lang3.StringUtils;
 import org.onap.sdc.security.SecurityUtil;
 
 @EqualsAndHashCode
+@Getter
+@Setter
 public class ClientCertificate {
 
     private String keyStore;
     private String keyStorePassword;
-
+    private String trustStore;
+    private String trustStorePassword;
+    
     public ClientCertificate() {
     }
 
     public ClientCertificate(ClientCertificate clientCertificate) {
         setKeyStore(clientCertificate.getKeyStore());
         setKeyStorePassword(clientCertificate.getKeyStorePassword(), false);
+        setTrustStore(clientCertificate.getTrustStore());
+        setTrustStorePassword(clientCertificate.getTrustStorePassword());
     }
 
-    private void setKeyStorePassword(String keyStorePassword, boolean isEncoded) {
+    public void setKeyStorePassword(String keyStorePassword, boolean isEncoded) {
         validate(keyStorePassword);
         if (isEncoded) {
             Either<String, String> passkey = SecurityUtil.decrypt(keyStorePassword);
@@ -52,32 +61,15 @@ public class ClientCertificate {
         }
     }
 
-    public String getKeyStore() {
-        return keyStore;
-    }
-
     public void setKeyStore(String keyStore) {
         validate(keyStore);
         this.keyStore = keyStore;
     }
 
-    public String getKeyStorePassword() {
-        return keyStorePassword;
-    }
-
     public void setKeyStorePassword(String keyStorePassword) {
         setKeyStorePassword(keyStorePassword, true);
     }
 
-    @Override
-    public String toString() {
-        StringBuilder builder = new StringBuilder();
-        builder.append("ClientCertificate [keyStore=");
-        builder.append(keyStore);
-        builder.append("]");
-        return builder.toString();
-    }
-
     private void validate(String str) {
         if (StringUtils.isEmpty(str)) {
             throw new IllegalArgumentException("ClientCertificate keystore and/or kestorePassword cannot be empty");
-- 
cgit 1.2.3-korg