From 95c95b08ae8fa2592852168ec11b9aff3a6a31d5 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Tue, 3 Oct 2023 09:58:40 +0100 Subject: TLS support in sdc-fe Signed-off-by: MichaelMorris Issue-ID: SDC-4642 Change-Id: I960c0a114889c7b5c1c7924cefff93168132e2b6 --- .../http/client/api/HttpConnectionMngFactory.java | 10 +++++++- .../sdc/common/http/config/ClientCertificate.java | 30 ++++++++-------------- 2 files changed, 20 insertions(+), 20 deletions(-) (limited to 'common-app-api/src/main/java') diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java index 966bf857c8..8f3e460ca3 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/client/api/HttpConnectionMngFactory.java @@ -19,6 +19,7 @@ */ package org.openecomp.sdc.common.http.client.api; +import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; @@ -70,9 +71,10 @@ public class HttpConnectionMngFactory { SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); SSLConnectionSocketFactory sslsf = null; try { - sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy()); if (clientCertificate != null) { setClientSsl(clientCertificate, sslContextBuilder); + } else { + sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy()); } sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE); } catch (GeneralSecurityException e) { @@ -93,6 +95,11 @@ public class HttpConnectionMngFactory { char[] keyStorePassword = clientCertificate.getKeyStorePassword().toCharArray(); KeyStore clientKeyStore = createClientKeyStore(clientCertificate.getKeyStore(), keyStorePassword); sslContextBuilder.loadKeyMaterial(clientKeyStore, keyStorePassword); + if (StringUtils.isEmpty(clientCertificate.getTrustStore())) { + sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy()); + } else { + sslContextBuilder.loadTrustMaterial(new File(clientCertificate.getTrustStore()), clientCertificate.getTrustStorePassword().toCharArray()); + } logger.debug("#setClientSsl - Set Client Certificate authentication"); } catch (IOException | GeneralSecurityException e) { logger.debug("#setClientSsl - Set Client Certificate authentication failed with exception, diasable client SSL authentication ", e); @@ -107,6 +114,7 @@ public class HttpConnectionMngFactory { } return keyStore; } + private String getKeyStoreType(String keyStore) { if (!StringUtils.isEmpty(keyStore)) { diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java b/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java index 93fc3b9f0f..2946217ebd 100644 --- a/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java +++ b/common-app-api/src/main/java/org/openecomp/sdc/common/http/config/ClientCertificate.java @@ -21,24 +21,33 @@ package org.openecomp.sdc.common.http.config; import fj.data.Either; import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; + import org.apache.commons.lang3.StringUtils; import org.onap.sdc.security.SecurityUtil; @EqualsAndHashCode +@Getter +@Setter public class ClientCertificate { private String keyStore; private String keyStorePassword; - + private String trustStore; + private String trustStorePassword; + public ClientCertificate() { } public ClientCertificate(ClientCertificate clientCertificate) { setKeyStore(clientCertificate.getKeyStore()); setKeyStorePassword(clientCertificate.getKeyStorePassword(), false); + setTrustStore(clientCertificate.getTrustStore()); + setTrustStorePassword(clientCertificate.getTrustStorePassword()); } - private void setKeyStorePassword(String keyStorePassword, boolean isEncoded) { + public void setKeyStorePassword(String keyStorePassword, boolean isEncoded) { validate(keyStorePassword); if (isEncoded) { Either passkey = SecurityUtil.decrypt(keyStorePassword); @@ -52,32 +61,15 @@ public class ClientCertificate { } } - public String getKeyStore() { - return keyStore; - } - public void setKeyStore(String keyStore) { validate(keyStore); this.keyStore = keyStore; } - public String getKeyStorePassword() { - return keyStorePassword; - } - public void setKeyStorePassword(String keyStorePassword) { setKeyStorePassword(keyStorePassword, true); } - @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("ClientCertificate [keyStore="); - builder.append(keyStore); - builder.append("]"); - return builder.toString(); - } - private void validate(String str) { if (StringUtils.isEmpty(str)) { throw new IllegalArgumentException("ClientCertificate keystore and/or kestorePassword cannot be empty"); -- cgit 1.2.3-korg