From a2feaf9b65cbba66181fb560b5815a62427d65cc Mon Sep 17 00:00:00 2001 From: vasraz Date: Fri, 5 May 2023 11:57:56 +0100 Subject: Support SIP TLS Signed-off-by: Vasyl Razinkov Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3 Issue-ID: SDC-4483 --- .../onap-configuration-management-api/pom.xml | 5 ++ .../java/org/onap/config/api/JettySSLUtils.java | 79 +++++++++++----------- 2 files changed, 44 insertions(+), 40 deletions(-) (limited to 'common') diff --git a/common/onap-common-configuration-management/onap-configuration-management-api/pom.xml b/common/onap-common-configuration-management/onap-configuration-management-api/pom.xml index 36bff43532..f8fc085b1f 100644 --- a/common/onap-common-configuration-management/onap-configuration-management-api/pom.xml +++ b/common/onap-common-configuration-management/onap-configuration-management-api/pom.xml @@ -24,6 +24,11 @@ + + org.projectlombok + lombok + ${lombok.version} + org.apache.httpcomponents diff --git a/common/onap-common-configuration-management/onap-configuration-management-api/src/main/java/org/onap/config/api/JettySSLUtils.java b/common/onap-common-configuration-management/onap-configuration-management-api/src/main/java/org/onap/config/api/JettySSLUtils.java index 44280cf105..ad3395f720 100644 --- a/common/onap-common-configuration-management/onap-configuration-management-api/src/main/java/org/onap/config/api/JettySSLUtils.java +++ b/common/onap-common-configuration-management/onap-configuration-management-api/src/main/java/org/onap/config/api/JettySSLUtils.java @@ -19,59 +19,61 @@ */ package org.onap.config.api; -import java.io.File; +import lombok.AccessLevel; +import lombok.AllArgsConstructor; +import lombok.NoArgsConstructor; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.ssl.SSLContexts; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.net.ssl.SSLContext; import java.io.FileInputStream; -import java.io.IOException; -import java.security.GeneralSecurityException; +import java.io.InputStream; import java.security.KeyStore; import java.util.Properties; -import javax.net.ssl.SSLContext; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.ssl.SSLContexts; +@NoArgsConstructor(access = AccessLevel.PRIVATE) public class JettySSLUtils { + private static final Logger LOGGER = LoggerFactory.getLogger(JettySSLUtils.class); + private static final String JETTY_BASE = System.getenv("JETTY_BASE"); - private JettySSLUtils() { - } - - public static JettySslConfig getSSLConfig() throws IOException { - Properties sslProperties = new Properties(); - String sslPropsPath = System.getenv("JETTY_BASE") + File.separator + "/start.d/ssl.ini"; - File sslPropsFile = new File(sslPropsPath); - try (FileInputStream fis = new FileInputStream(sslPropsFile)) { + public static JettySslConfig getSSLConfig() { + final Properties sslProperties = new Properties(); + final String sslPropsPath = JETTY_BASE + "/start.d/ssl.ini"; + try (final InputStream fis = new FileInputStream(sslPropsPath)) { sslProperties.load(fis); + } catch (Exception e) { + LOGGER.error("Failed to read '{}'", sslPropsPath, e); } return new JettySslConfig(sslProperties); } - public static SSLContext getSslContext() throws GeneralSecurityException, IOException { - JettySslConfig sslProperties = JettySSLUtils.getSSLConfig(); - KeyStore trustStore = KeyStore.getInstance(sslProperties.getTruststoreType()); - try (FileInputStream instream = new FileInputStream(new File(sslProperties.getTruststorePath()));) { - trustStore.load(instream, (sslProperties.getTruststorePass()).toCharArray()); + public static SSLContext getSslContext() throws Exception { + final JettySslConfig sslProperties = getSSLConfig(); + final KeyStore trustStore = KeyStore.getInstance(sslProperties.getTruststoreType()); + try (final InputStream fis = new FileInputStream(sslProperties.getTruststorePath())) { + trustStore.load(fis, (sslProperties.getTruststorePass()).toCharArray()); } - KeyStore keystore = KeyStore.getInstance(sslProperties.getKeystoreType()); - try (FileInputStream instream = new FileInputStream(new File(sslProperties.getKeystorePath()));) { - keystore.load(instream, sslProperties.getKeystorePass().toCharArray()); + + final KeyStore keystore = KeyStore.getInstance(sslProperties.getKeystoreType()); + try (final InputStream fis = new FileInputStream(sslProperties.getKeystorePath())) { + keystore.load(fis, sslProperties.getKeystorePass().toCharArray()); } // Trust own CA and all self-signed certs - return SSLContexts.custom().loadKeyMaterial(keystore, sslProperties.getKeystorePass().toCharArray()) - .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build(); + return SSLContexts.custom() + .loadKeyMaterial(keystore, sslProperties.getKeystorePass().toCharArray()) + .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()) + .build(); } + @AllArgsConstructor public static class JettySslConfig { - static final String JETTY_BASE = System.getenv("JETTY_BASE"); - static final String KEY_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.keyStoreType"; - static final String TRUST_STORE_TYPE_PROPERTY_NAME = "jetty.sslContext.trustStoreType"; - Properties sslProperties; + private final Properties sslProperties; - JettySslConfig(Properties sslProperties) { - this.sslProperties = sslProperties; - } - - public String getJettyBase() { - return JettySslConfig.JETTY_BASE; + public String getJettyBase(){ + return JETTY_BASE; } public String getKeystorePath() { @@ -83,7 +85,7 @@ public class JettySSLUtils { } public String getKeystoreType() { - return sslProperties.getProperty(KEY_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType()); + return sslProperties.getProperty("jetty.sslContext.keyStoreType", KeyStore.getDefaultType()); } public String getTruststorePath() { @@ -95,10 +97,10 @@ public class JettySSLUtils { } public String getTruststoreType() { - return sslProperties.getProperty(TRUST_STORE_TYPE_PROPERTY_NAME, KeyStore.getDefaultType()); + return sslProperties.getProperty("jetty.sslContext.trustStoreType", KeyStore.getDefaultType()); } - public String getKeyStoreManager() { + public String getKeyManagerPassword() { return sslProperties.getProperty("jetty.sslContext.keyManagerPassword"); } @@ -110,8 +112,5 @@ public class JettySSLUtils { } } - public String getProperty(String key) { - return sslProperties.getProperty(key); - } } } -- cgit 1.2.3-korg