diff options
Diffstat (limited to 'sdc-distribution-client/src/main')
5 files changed, 45 insertions, 130 deletions
diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java index 94e20fb..ee75102 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java @@ -22,6 +22,7 @@ package org.onap.sdc.http; import java.io.FileInputStream; import java.io.IOException; +import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -29,6 +30,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -39,10 +41,12 @@ import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; import org.onap.sdc.api.consumer.IConfiguration; import org.onap.sdc.utils.Pair; @@ -71,9 +75,7 @@ public class HttpClientFactory { } private Pair<String, CloseableHttpClient> createHttpsClient(IConfiguration configuration) { - return new Pair<>(HTTPS, - initSSL(configuration.getUser(), configuration.getPassword(), configuration.getKeyStorePath(), - configuration.getKeyStorePassword(), configuration.activateServerTLSAuth())); + return new Pair<>(HTTPS, initSSLMtls(configuration)); } private Pair<String, CloseableHttpClient> createHttpClient(IConfiguration configuration) { @@ -84,123 +86,37 @@ public class HttpClientFactory { .setProxy(getHttpProxyHost()).build()); } - private CloseableHttpClient initSSL(String username, String password, String keyStorePath, String keyStorePass, - boolean isSupportSSLVerification) { + private CloseableHttpClient initSSLMtls(IConfiguration configuration) { - try { + try (FileInputStream kis = new FileInputStream(configuration.getKeyStorePath()); + FileInputStream tis = new FileInputStream(configuration.getTrustStorePath())) { - // SSLContextBuilder is not thread safe CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(new AuthScope("localhost", AUTHORIZATION_SCOPE_PORT), - new UsernamePasswordCredentials(username, password)); - SSLContext sslContext; - sslContext = SSLContext.getInstance(TLS); - TrustManagerFactory tmf = createTrustManagerFactory(); - TrustManager[] tms = tmf.getTrustManagers(); - if (isSupportSSLVerification) { - - if (keyStorePath != null && !keyStorePath.isEmpty()) { - // Using null here initialises the TMF with the default - // trust store. - - // Get hold of the default trust manager - X509TrustManager defaultTm = null; - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - defaultTm = (X509TrustManager) tm; - break; - } - } - - // Do the same with your trust store this time - // Adapt how you load the keystore to your needs - KeyStore trustStore = loadKeyStore(keyStorePath, keyStorePass); - - tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(trustStore); - - // Get hold of the default trust manager - X509TrustManager myTm = null; - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - myTm = (X509TrustManager) tm; - break; - } - } - - // Wrap it in your own class. - final X509TrustManager finalDefaultTm = defaultTm; - final X509TrustManager finalMyTm = myTm; - X509TrustManager customTm = new X509TrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - // If you're planning to use client-cert auth, - // merge results from "defaultTm" and "myTm". - return finalDefaultTm.getAcceptedIssuers(); - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - try { - finalMyTm.checkServerTrusted(chain, authType); - } catch (CertificateException e) { - // This will throw another CertificateException - // if this fails too. - finalDefaultTm.checkServerTrusted(chain, authType); - } - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - // If you're planning to use client-cert auth, - // do the same as checking the server. - finalDefaultTm.checkClientTrusted(chain, authType); - } - }; - - tms = new TrustManager[] { customTm }; - - } - - sslContext.init(null, tms, null); - SSLContext.setDefault(sslContext); - - } else { - - SSLContextBuilder builder = new SSLContextBuilder(); - - builder.loadTrustMaterial(null, (chain, authType) -> true); - - sslContext = builder.build(); - } + new UsernamePasswordCredentials(configuration.getUser(), configuration.getPassword())); + + final KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(kis, configuration.getKeyStorePassword().toCharArray()); + final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(ks, configuration.getKeyStorePassword().toCharArray()); + + final KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(tis, configuration.getTrustStorePassword().toCharArray()); + final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(ts); + final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ts, new TrustSelfSignedStrategy()).loadKeyMaterial(ks, configuration.getKeyStorePassword().toCharArray()).build(); HostnameVerifier hostnameVerifier = (hostname, session) -> hostname.equalsIgnoreCase(session.getPeerHost()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { TLS }, null, - hostnameVerifier); + hostnameVerifier); + return HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).setProxy(getHttpsProxyHost()) - .setSSLSocketFactory(sslsf).build(); + .setSSLSocketFactory(sslsf).build(); } catch (Exception e) { throw new HttpSdcClientException("Failed to create https client", e); } } - private TrustManagerFactory createTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(DEFAULT_INIT_KEY_STORE_VALUE); - return tmf; - } - - private KeyStore loadKeyStore(String keyStorePath, String keyStorePass) - throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { - KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (FileInputStream keyStoreData = new FileInputStream(keyStorePath)) { - trustStore.load(keyStoreData, keyStorePass.toCharArray()); - } - return trustStore; - } - private HttpHost getHttpProxyHost() { HttpHost proxyHost = null; if (configuration.isUseSystemProxy() && System.getProperty("http.proxyHost") != null diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java index add4185..8841856 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java @@ -21,15 +21,14 @@ package org.onap.sdc.impl; import java.util.List; - import org.onap.sdc.api.consumer.IConfiguration; public class Configuration implements IConfiguration { - private List<String> msgBusAddressList; + private String msgBusAddressList; private final String kafkaSecurityProtocolConfig; private final String kafkaSaslMechanism; - private final String kafkaSaslJaasConfig; + private String kafkaSaslJaasConfig = null; private final int kafkaConsumerMaxPollInterval; private final int kafkaConsumerSessionTimeout; private String sdcStatusTopicName; @@ -60,7 +59,9 @@ public class Configuration implements IConfiguration { public Configuration(IConfiguration other) { this.kafkaSecurityProtocolConfig = other.getKafkaSecurityProtocolConfig(); this.kafkaSaslMechanism = other.getKafkaSaslMechanism(); - this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig(); + if (!"SSL".equals(this.kafkaSecurityProtocolConfig)) { + this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig(); + } this.comsumerID = other.getConsumerID(); this.consumerGroup = other.getConsumerGroup(); this.pollingInterval = other.getPollingInterval(); @@ -233,11 +234,11 @@ public class Configuration implements IConfiguration { this.sdcNotificationTopicName = sdcNotificationTopicName; } - public List<String> getMsgBusAddress() { + public String getMsgBusAddress() { return msgBusAddressList; } - public void setMsgBusAddress(List<String> newMsgBusAddress) { + public void setMsgBusAddress(String newMsgBusAddress) { msgBusAddressList = newMsgBusAddress; } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java index a34ba1e..0c05b58 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java @@ -30,6 +30,7 @@ import fj.data.Either; import java.lang.reflect.Type; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.UUID; @@ -324,7 +325,7 @@ public class DistributionClientImpl implements IDistributionClient { errorWrapper.setInnerElement(kafkaData.right().value()); } else { KafkaDataResponse kafkaDataResponse = kafkaData.left().value(); - configuration.setMsgBusAddress(Collections.singletonList(kafkaDataResponse.getKafkaBootStrapServer())); + configuration.setMsgBusAddress(kafkaDataResponse.getKafkaBootStrapServer()); configuration.setNotificationTopicName(kafkaDataResponse.getDistrNotificationTopicName()); configuration.setStatusTopicName(kafkaDataResponse.getDistrStatusTopicName()); log.debug("MessageBus cluster info retrieved successfully {}", kafkaData.left().value()); diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java index 477e677..b285bfe 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java @@ -19,18 +19,22 @@ */ package org.onap.sdc.utils.kafka; +import java.util.Properties; +import java.util.UUID; +import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.clients.consumer.ConsumerConfig; import org.apache.kafka.clients.producer.ProducerConfig; -import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.common.config.SaslConfigs; import org.apache.kafka.common.config.SslConfigs; import org.onap.sdc.impl.Configuration; -import java.util.Properties; -import java.util.UUID; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class KafkaCommonConfig { + private static final Logger log = LoggerFactory.getLogger(KafkaCommonConfig.class); + private final Configuration configuration; - public KafkaCommonConfig(Configuration configuration){ + public KafkaCommonConfig(Configuration configuration) { this.configuration = configuration; } @@ -47,7 +51,6 @@ public class KafkaCommonConfig { props.put(ConsumerConfig.ALLOW_AUTO_CREATE_TOPICS_CONFIG, false); props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "latest"); - return props; } @@ -70,10 +73,10 @@ public class KafkaCommonConfig { props.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, configuration.getTrustStorePassword()); props.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, configuration.getTrustStorePath()); props.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, configuration.getKeyStorePassword()); + props.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, ""); props.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, configuration.getKeyStorePath()); props.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, configuration.getKeyStorePassword()); - } - else{ + } else { props.put(SaslConfigs.SASL_JAAS_CONFIG, configuration.getKafkaSaslJaasConfig()); props.put(SaslConfigs.SASL_MECHANISM, configuration.getKafkaSaslMechanism()); } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java index b151b23..e0b51eb 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java @@ -20,18 +20,12 @@ package org.onap.sdc.utils.kafka; -import java.util.List; import java.util.Properties; -import java.util.UUID; import java.util.concurrent.Future; -import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.clients.producer.KafkaProducer; -import org.apache.kafka.clients.producer.ProducerConfig; import org.apache.kafka.clients.producer.ProducerRecord; import org.apache.kafka.clients.producer.RecordMetadata; import org.apache.kafka.common.KafkaException; -import org.apache.kafka.common.config.SaslConfigs; -import org.apache.kafka.common.config.SslConfigs; import org.onap.sdc.impl.Configuration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,7 +37,7 @@ public class SdcKafkaProducer { private static final Logger log = LoggerFactory.getLogger(SdcKafkaProducer.class); final KafkaProducer<String, String> producer; - private final List<String> msgBusAddresses; + private final String msgBusAddresses; private final String topicName; /** @@ -89,9 +83,9 @@ public class SdcKafkaProducer { } /** - * @return The list kafka endpoints + * @return The list of kafka endpoints */ - public List<String> getMsgBusAddresses() { + public String getMsgBusAddresses() { return msgBusAddresses; } |