summaryrefslogtreecommitdiffstats
path: root/adapters/etsi-sol002-adapter/src/main/java/org/onap
diff options
context:
space:
mode:
authorPiotr Borelowski <p.borelowski@partner.samsung.com>2020-06-03 17:01:27 +0200
committerPiotr Borelowski <p.borelowski@partner.samsung.com>2020-07-06 07:31:42 +0000
commit1940392a7dabd31a68d97155f58406cf71e5be36 (patch)
tree2ca486f4ad70b03c18d00d4a3986d59726eb0bea /adapters/etsi-sol002-adapter/src/main/java/org/onap
parent47cb76e07dd671bab171432141fa89f6c2a1c95f (diff)
Add a certificate in communication with VNFM
Issue-ID: SO-2979 Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com> Change-Id: I7fa13c9371b7789950af315b7772a0ee409cc34b
Diffstat (limited to 'adapters/etsi-sol002-adapter/src/main/java/org/onap')
-rw-r--r--adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java56
-rw-r--r--adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java29
-rw-r--r--adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java2
3 files changed, 85 insertions, 2 deletions
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
index 411572ff5b..38f7a0cd3f 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
@@ -20,17 +20,44 @@
package org.onap.so.adapters.vevnfm.configuration;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider;
import org.onap.so.configuration.rest.HttpHeadersProvider;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
@Configuration
public class ApplicationConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class);
+
+ private final Resource clientKeyStore;
+ private final String clientKeyStorePassword;
+ private final Resource clientTrustStore;
+ private final String clientTrustStorePassword;
+
+ public ApplicationConfiguration(final ConfigProperties configProperties) {
+ clientKeyStore = configProperties.getClientKeyStore();
+ clientKeyStorePassword = configProperties.getClientKeyStorePassword();
+ clientTrustStore = configProperties.getClientTrustStore();
+ clientTrustStorePassword = configProperties.getClientTrustStorePassword();
+ }
+
@Bean
public AuthorizationHeadersProvider headersProvider() {
return new AuthorizationHeadersProvider();
@@ -39,6 +66,35 @@ public class ApplicationConfiguration {
@Bean
public HttpRestServiceProvider restProvider(final RestTemplate restTemplate,
final HttpHeadersProvider headersProvider) {
+ modify(restTemplate);
return new HttpRestServiceProviderImpl(restTemplate, headersProvider);
}
+
+ private void modify(final RestTemplate restTemplate) {
+
+ if (clientKeyStore == null || clientTrustStore == null) {
+ return;
+ }
+
+ try {
+ final KeyStore keystore = KeyStore.getInstance("PKCS12");
+ keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray());
+
+ final SSLContext sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray())
+ .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build();
+
+ logger.info("Setting truststore: {}", clientTrustStore.getURL());
+
+ final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ final HttpComponentsClientHttpRequestFactory factory =
+ new HttpComponentsClientHttpRequestFactory(httpClient);
+
+ restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+ | IOException | UnrecoverableKeyException e) {
+ logger.error("Error reading truststore, TLS connection to VNFM will fail.", e);
+ }
+ }
}
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
index d4ca5af0f2..a8a436ddc6 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
@@ -23,6 +23,7 @@ package org.onap.so.adapters.vevnfm.configuration;
import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
@Configuration
public class ConfigProperties {
@@ -72,6 +73,18 @@ public class ConfigProperties {
@Value("${spring.security.usercredentials[0].openpass}")
private String springSecurityOpenpass;
+ @Value("${client.key-store:#{null}}")
+ private Resource clientKeyStore;
+
+ @Value("${client.key-store-password:#{null}}")
+ private String clientKeyStorePassword;
+
+ @Value("${client.trust-store:#{null}}")
+ private Resource clientTrustStore;
+
+ @Value("${client.trust-store-password:#{null}}")
+ private String clientTrustStorePassword;
+
public String getVevnfmadapterVnfFilterJson() {
return vevnfmadapterVnfFilterJson;
}
@@ -131,4 +144,20 @@ public class ConfigProperties {
public String getSpringSecurityOpenpass() {
return springSecurityOpenpass;
}
+
+ public Resource getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ public Resource getClientTrustStore() {
+ return clientTrustStore;
+ }
+
+ public String getClientTrustStorePassword() {
+ return clientTrustStorePassword;
+ }
}
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
index c128275e43..eba1d087c6 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
@@ -28,7 +28,6 @@ import org.onap.so.adapters.vevnfm.configuration.ConfigProperties;
import org.onap.so.adapters.vevnfm.exception.VeVnfmException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.annotation.Backoff;
import org.springframework.retry.annotation.EnableRetry;
import org.springframework.retry.annotation.Recover;
@@ -44,7 +43,6 @@ public class StartupService {
private final String vnfmDefaultEndpoint;
private final AaiConnection aaiConnection;
- @Autowired
public StartupService(final ConfigProperties configProperties, final AaiConnection aaiConnection) {
this.vnfmDefaultEndpoint = configProperties.getVnfmDefaultEndpoint();
this.aaiConnection = aaiConnection;