Add a certificate in communication with VNFM

Issue-ID: SO-2979
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Change-Id: I7fa13c9371b7789950af315b7772a0ee409cc34b

3 files changed, 85 insertions, 2 deletions

diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
index 411572ff5b..38f7a0cd3f 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
@@ -20,17 +20,44 @@
 
 package org.onap.so.adapters.vevnfm.configuration;
 
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider;
 import org.onap.so.configuration.rest.HttpHeadersProvider;
 import org.onap.so.rest.service.HttpRestServiceProvider;
 import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
 @Configuration
 public class ApplicationConfiguration {
 
+    private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class);
+
+    private final Resource clientKeyStore;
+    private final String clientKeyStorePassword;
+    private final Resource clientTrustStore;
+    private final String clientTrustStorePassword;
+
+    public ApplicationConfiguration(final ConfigProperties configProperties) {
+        clientKeyStore = configProperties.getClientKeyStore();
+        clientKeyStorePassword = configProperties.getClientKeyStorePassword();
+        clientTrustStore = configProperties.getClientTrustStore();
+        clientTrustStorePassword = configProperties.getClientTrustStorePassword();
+    }
+
     @Bean
     public AuthorizationHeadersProvider headersProvider() {
         return new AuthorizationHeadersProvider();
@@ -39,6 +66,35 @@ public class ApplicationConfiguration {
     @Bean
     public HttpRestServiceProvider restProvider(final RestTemplate restTemplate,
             final HttpHeadersProvider headersProvider) {
+        modify(restTemplate);
         return new HttpRestServiceProviderImpl(restTemplate, headersProvider);
     }
+
+    private void modify(final RestTemplate restTemplate) {
+
+        if (clientKeyStore == null || clientTrustStore == null) {
+            return;
+        }
+
+        try {
+            final KeyStore keystore = KeyStore.getInstance("PKCS12");
+            keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray());
+
+            final SSLContext sslContext = new SSLContextBuilder()
+                    .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray())
+                    .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build();
+
+            logger.info("Setting truststore: {}", clientTrustStore.getURL());
+
+            final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+            final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+            final HttpComponentsClientHttpRequestFactory factory =
+                    new HttpComponentsClientHttpRequestFactory(httpClient);
+
+            restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+                | IOException | UnrecoverableKeyException e) {
+            logger.error("Error reading truststore, TLS connection to VNFM will fail.", e);
+        }
+    }
 }
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
index d4ca5af0f2..a8a436ddc6 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
@@ -23,6 +23,7 @@ package org.onap.so.adapters.vevnfm.configuration;
 import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
 
 @Configuration
 public class ConfigProperties {
@@ -72,6 +73,18 @@ public class ConfigProperties {
     @Value("${spring.security.usercredentials[0].openpass}")
     private String springSecurityOpenpass;
 
+    @Value("${client.key-store:#{null}}")
+    private Resource clientKeyStore;
+
+    @Value("${client.key-store-password:#{null}}")
+    private String clientKeyStorePassword;
+
+    @Value("${client.trust-store:#{null}}")
+    private Resource clientTrustStore;
+
+    @Value("${client.trust-store-password:#{null}}")
+    private String clientTrustStorePassword;
+
     public String getVevnfmadapterVnfFilterJson() {
         return vevnfmadapterVnfFilterJson;
     }
@@ -131,4 +144,20 @@ public class ConfigProperties {
     public String getSpringSecurityOpenpass() {
         return springSecurityOpenpass;
     }
+
+    public Resource getClientKeyStore() {
+        return clientKeyStore;
+    }
+
+    public String getClientKeyStorePassword() {
+        return clientKeyStorePassword;
+    }
+
+    public Resource getClientTrustStore() {
+        return clientTrustStore;
+    }
+
+    public String getClientTrustStorePassword() {
+        return clientTrustStorePassword;
+    }
 }
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
index c128275e43..eba1d087c6 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
@@ -28,7 +28,6 @@ import org.onap.so.adapters.vevnfm.configuration.ConfigProperties;
 import org.onap.so.adapters.vevnfm.exception.VeVnfmException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.retry.annotation.Backoff;
 import org.springframework.retry.annotation.EnableRetry;
 import org.springframework.retry.annotation.Recover;
@@ -44,7 +43,6 @@ public class StartupService {
     private final String vnfmDefaultEndpoint;
     private final AaiConnection aaiConnection;
 
-    @Autowired
     public StartupService(final ConfigProperties configProperties, final AaiConnection aaiConnection) {
         this.vnfmDefaultEndpoint = configProperties.getVnfmDefaultEndpoint();
         this.aaiConnection = aaiConnection;