From b9e7afd028547fa7d000b3982f24ec32f06235db Mon Sep 17 00:00:00 2001 From: Pavel Aharoni Date: Tue, 18 Apr 2017 13:24:50 +0300 Subject: [SDC-9] TLS 1.2 and HTTPS Change-Id: I271ba4a4b45ab9792636faffe6d1c151ec591fd9 Signed-off-by: Pavel Aharoni --- jython-tosca-parser/pom.xml | 2 +- pom.xml | 2 +- sdc-distribution-ci/pom.xml | 2 +- sdc-distribution-client/pom.xml | 2 +- .../src/main/java/org/openecomp/sdc/http/HttpAsdcClient.java | 10 +++++----- .../java/org/openecomp/sdc/impl/DistributionClientImpl.java | 6 +++--- .../java/org/openecomp/sdc/impl/DistributionClientTest.java | 4 ++-- sdc-tosca-parser/pom.xml | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/jython-tosca-parser/pom.xml b/jython-tosca-parser/pom.xml index 01507cc..ea942b7 100644 --- a/jython-tosca-parser/pom.xml +++ b/jython-tosca-parser/pom.xml @@ -5,7 +5,7 @@ org.openecomp.sdc.sdc-distribution-client sdc-main-distribution-client - 1.1.6-SNAPSHOT + 1.1.7-SNAPSHOT jython-tosca-parser diff --git a/pom.xml b/pom.xml index 3235dcd..53b21e6 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ org.openecomp.sdc.sdc-distribution-client sdc-main-distribution-client - 1.1.6-SNAPSHOT + 1.1.7-SNAPSHOT pom diff --git a/sdc-distribution-ci/pom.xml b/sdc-distribution-ci/pom.xml index a570d62..61d67f2 100644 --- a/sdc-distribution-ci/pom.xml +++ b/sdc-distribution-ci/pom.xml @@ -6,7 +6,7 @@ org.openecomp.sdc.sdc-distribution-client sdc-main-distribution-client - 1.1.6-SNAPSHOT + 1.1.7-SNAPSHOT sdc-distribution-ci diff --git a/sdc-distribution-client/pom.xml b/sdc-distribution-client/pom.xml index 9ec6d02..14e03b5 100644 --- a/sdc-distribution-client/pom.xml +++ b/sdc-distribution-client/pom.xml @@ -6,7 +6,7 @@ org.openecomp.sdc.sdc-distribution-client sdc-main-distribution-client - 1.1.6-SNAPSHOT + 1.1.7-SNAPSHOT sdc-distribution-client diff --git a/sdc-distribution-client/src/main/java/org/openecomp/sdc/http/HttpAsdcClient.java b/sdc-distribution-client/src/main/java/org/openecomp/sdc/http/HttpAsdcClient.java index a08416c..6eb2ebd 100644 --- a/sdc-distribution-client/src/main/java/org/openecomp/sdc/http/HttpAsdcClient.java +++ b/sdc-distribution-client/src/main/java/org/openecomp/sdc/http/HttpAsdcClient.java @@ -67,7 +67,7 @@ import org.slf4j.LoggerFactory; public class HttpAsdcClient implements IHttpAsdcClient { - private static final String TLS = "TLS"; + private static final String TLS = "TLSv1.2"; private static final String AUTHORIZATION_HEADER = "Authorization"; private static final String HTTPS = "https://"; private static Logger log = LoggerFactory.getLogger(DistributionClientImpl.class.getName()); @@ -178,8 +178,7 @@ public class HttpAsdcClient implements IHttpAsdcClient { sslContext.init(null, tms, null); SSLContext.setDefault(sslContext); - SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1", "TLSv1.1" }, null, hostnameVerifier); - httpClient = HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).setSSLSocketFactory(sslsf).build(); + } else { @@ -192,9 +191,10 @@ public class HttpAsdcClient implements IHttpAsdcClient { }); sslContext = builder.build(); - - httpClient = HttpClientBuilder.create().setSSLHostnameVerifier(hostnameVerifier).setSslcontext(sslContext).setDefaultCredentialsProvider(credsProvider).build(); } + + SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1.2" }, null, hostnameVerifier); + httpClient = HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).setSSLSocketFactory(sslsf).build(); } catch (Exception e) { log.error("Failed to create https client", e); diff --git a/sdc-distribution-client/src/main/java/org/openecomp/sdc/impl/DistributionClientImpl.java b/sdc-distribution-client/src/main/java/org/openecomp/sdc/impl/DistributionClientImpl.java index ce74b26..d051458 100644 --- a/sdc-distribution-client/src/main/java/org/openecomp/sdc/impl/DistributionClientImpl.java +++ b/sdc-distribution-client/src/main/java/org/openecomp/sdc/impl/DistributionClientImpl.java @@ -146,7 +146,7 @@ public class DistributionClientImpl implements IDistributionClient { } if (errorWrapper.isEmpty()) { try { - cambriaConsumer = new ConsumerBuilder().authenticatedBy(credential.getApiKey(), credential.getApiSecret()).knownAs(configuration.getConsumerGroup(), configuration.getConsumerID()).onTopic(notificationTopic).usingHosts(brokerServers) + cambriaConsumer = new ConsumerBuilder().authenticatedBy(credential.getApiKey(), credential.getApiSecret()).knownAs(configuration.getConsumerGroup(), configuration.getConsumerID()).onTopic(notificationTopic).usingHttps().usingHosts(brokerServers) .withSocketTimeout(configuration.getPollingTimeout() * 1000).build(); } catch (MalformedURLException | GeneralSecurityException e) { handleCambriaInitFailure(errorWrapper, e); @@ -393,7 +393,7 @@ public class DistributionClientImpl implements IDistributionClient { private Either getCambriaPublisher() { CambriaBatchingPublisher cambriaPublisher = null; try { - cambriaPublisher = new PublisherBuilder().onTopic(statusTopic).usingHosts(brokerServers).build(); + cambriaPublisher = new PublisherBuilder().onTopic(statusTopic).usingHttps().usingHosts(brokerServers).build(); cambriaPublisher.setApiCredentials(credential.getApiKey(), credential.getApiSecret()); } catch (MalformedURLException | GeneralSecurityException e) { Wrapper errorWrapper = new Wrapper<>(); @@ -582,7 +582,7 @@ public class DistributionClientImpl implements IDistributionClient { private synchronized void initCambriaClient(Wrapper errorWrapper) { if (cambriaIdentityManager == null) { try { - cambriaIdentityManager = new IdentityManagerBuilder().usingHosts(brokerServers).build(); + cambriaIdentityManager = new IdentityManagerBuilder().usingHttps().usingHosts(brokerServers).build(); } catch (MalformedURLException | GeneralSecurityException e) { handleCambriaInitFailure(errorWrapper, e); } diff --git a/sdc-distribution-client/src/test/java/org/openecomp/sdc/impl/DistributionClientTest.java b/sdc-distribution-client/src/test/java/org/openecomp/sdc/impl/DistributionClientTest.java index 72575a7..cf380cb 100644 --- a/sdc-distribution-client/src/test/java/org/openecomp/sdc/impl/DistributionClientTest.java +++ b/sdc-distribution-client/src/test/java/org/openecomp/sdc/impl/DistributionClientTest.java @@ -452,7 +452,7 @@ public class DistributionClientTest { // ########### TESTS TO ADD TO CI START ########### public void createKeysTestCI() throws MalformedURLException, GeneralSecurityException { validateConfigurationTest(); - CambriaIdentityManager trueCambria = new CambriaClientBuilders.IdentityManagerBuilder().usingHosts(serverList).build(); + CambriaIdentityManager trueCambria = new CambriaClientBuilders.IdentityManagerBuilder().usingHttps().usingHosts(serverList).build(); client.cambriaIdentityManager = trueCambria; DistributionClientResultImpl keysResult = client.createUebKeys(); Assert.assertEquals(DistributionActionResultEnum.SUCCESS, keysResult.getDistributionActionResult()); @@ -511,7 +511,7 @@ public class DistributionClientTest { public void registerProducerCI() { try { - CambriaTopicManager topicManager = new CambriaClientBuilders.TopicManagerBuilder().usingHosts(serverList).authenticatedBy("sSJc5qiBnKy2qrlc", "4ZRPzNJfEUK0sSNBvccd2m7X").build(); + CambriaTopicManager topicManager = new CambriaClientBuilders.TopicManagerBuilder().usingHttps().usingHosts(serverList).authenticatedBy("sSJc5qiBnKy2qrlc", "4ZRPzNJfEUK0sSNBvccd2m7X").build(); topicManager.allowProducer("ASDC-DISTR-STATUS-TOPIC-TESTER", "1FSVAA3bRjhSKNAI"); } catch (HttpException | IOException | GeneralSecurityException e) { // TODO Auto-generated catch block diff --git a/sdc-tosca-parser/pom.xml b/sdc-tosca-parser/pom.xml index 3bc6a80..199a923 100644 --- a/sdc-tosca-parser/pom.xml +++ b/sdc-tosca-parser/pom.xml @@ -6,7 +6,7 @@ org.openecomp.sdc.sdc-distribution-client sdc-main-distribution-client - 1.1.6-SNAPSHOT + 1.1.7-SNAPSHOT sdc-tosca-parser -- cgit 1.2.3-korg