diff options
author | Piotr Borelowski <p.borelowski@partner.samsung.com> | 2020-06-03 17:01:27 +0200 |
---|---|---|
committer | Piotr Borelowski <p.borelowski@partner.samsung.com> | 2020-07-06 07:31:42 +0000 |
commit | 1940392a7dabd31a68d97155f58406cf71e5be36 (patch) | |
tree | 2ca486f4ad70b03c18d00d4a3986d59726eb0bea /adapters/etsi-sol002-adapter/src/main/java/org/onap | |
parent | 47cb76e07dd671bab171432141fa89f6c2a1c95f (diff) |
Add a certificate in communication with VNFM
Issue-ID: SO-2979
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Change-Id: I7fa13c9371b7789950af315b7772a0ee409cc34b
Diffstat (limited to 'adapters/etsi-sol002-adapter/src/main/java/org/onap')
3 files changed, 85 insertions, 2 deletions
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java index 411572ff5b..38f7a0cd3f 100644 --- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java +++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java @@ -20,17 +20,44 @@ package org.onap.so.adapters.vevnfm.configuration; +import java.io.IOException; +import java.security.*; +import java.security.cert.CertificateException; +import javax.net.ssl.SSLContext; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider; import org.onap.so.configuration.rest.HttpHeadersProvider; import org.onap.so.rest.service.HttpRestServiceProvider; import org.onap.so.rest.service.HttpRestServiceProviderImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.http.client.BufferingClientHttpRequestFactory; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; @Configuration public class ApplicationConfiguration { + private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class); + + private final Resource clientKeyStore; + private final String clientKeyStorePassword; + private final Resource clientTrustStore; + private final String clientTrustStorePassword; + + public ApplicationConfiguration(final ConfigProperties configProperties) { + clientKeyStore = configProperties.getClientKeyStore(); + clientKeyStorePassword = configProperties.getClientKeyStorePassword(); + clientTrustStore = configProperties.getClientTrustStore(); + clientTrustStorePassword = configProperties.getClientTrustStorePassword(); + } + @Bean public AuthorizationHeadersProvider headersProvider() { return new AuthorizationHeadersProvider(); @@ -39,6 +66,35 @@ public class ApplicationConfiguration { @Bean public HttpRestServiceProvider restProvider(final RestTemplate restTemplate, final HttpHeadersProvider headersProvider) { + modify(restTemplate); return new HttpRestServiceProviderImpl(restTemplate, headersProvider); } + + private void modify(final RestTemplate restTemplate) { + + if (clientKeyStore == null || clientTrustStore == null) { + return; + } + + try { + final KeyStore keystore = KeyStore.getInstance("PKCS12"); + keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray()); + + final SSLContext sslContext = new SSLContextBuilder() + .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray()) + .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build(); + + logger.info("Setting truststore: {}", clientTrustStore.getURL()); + + final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext); + final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); + final HttpComponentsClientHttpRequestFactory factory = + new HttpComponentsClientHttpRequestFactory(httpClient); + + restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory)); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException + | IOException | UnrecoverableKeyException e) { + logger.error("Error reading truststore, TLS connection to VNFM will fail.", e); + } + } } diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java index d4ca5af0f2..a8a436ddc6 100644 --- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java +++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java @@ -23,6 +23,7 @@ package org.onap.so.adapters.vevnfm.configuration; import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; @Configuration public class ConfigProperties { @@ -72,6 +73,18 @@ public class ConfigProperties { @Value("${spring.security.usercredentials[0].openpass}") private String springSecurityOpenpass; + @Value("${client.key-store:#{null}}") + private Resource clientKeyStore; + + @Value("${client.key-store-password:#{null}}") + private String clientKeyStorePassword; + + @Value("${client.trust-store:#{null}}") + private Resource clientTrustStore; + + @Value("${client.trust-store-password:#{null}}") + private String clientTrustStorePassword; + public String getVevnfmadapterVnfFilterJson() { return vevnfmadapterVnfFilterJson; } @@ -131,4 +144,20 @@ public class ConfigProperties { public String getSpringSecurityOpenpass() { return springSecurityOpenpass; } + + public Resource getClientKeyStore() { + return clientKeyStore; + } + + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + public Resource getClientTrustStore() { + return clientTrustStore; + } + + public String getClientTrustStorePassword() { + return clientTrustStorePassword; + } } diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java index c128275e43..eba1d087c6 100644 --- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java +++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java @@ -28,7 +28,6 @@ import org.onap.so.adapters.vevnfm.configuration.ConfigProperties; import org.onap.so.adapters.vevnfm.exception.VeVnfmException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.retry.annotation.Backoff; import org.springframework.retry.annotation.EnableRetry; import org.springframework.retry.annotation.Recover; @@ -44,7 +43,6 @@ public class StartupService { private final String vnfmDefaultEndpoint; private final AaiConnection aaiConnection; - @Autowired public StartupService(final ConfigProperties configProperties, final AaiConnection aaiConnection) { this.vnfmDefaultEndpoint = configProperties.getVnfmDefaultEndpoint(); this.aaiConnection = aaiConnection; |