aboutsummaryrefslogtreecommitdiffstats
path: root/bpmn/so-bpmn-tasks/src/main/java
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2019-08-02 23:20:31 +0000
committerMichaelMorris <michael.morris@est.tech>2019-08-02 23:20:31 +0000
commit37cacbd89a7129e5736916627b25d0ecf0364947 (patch)
tree44f3f1d58c189b67fc13852de31bb7d46f32a875 /bpmn/so-bpmn-tasks/src/main/java
parent8b02fbc54e6db36d969b233d136f90b8d6615f80 (diff)
VNFM adapter support two way TLS
Change-Id: Icdb57587c9070bcce405eeaea4275fea0af0533a Issue-ID: SO-2190 Signed-off-by: MichaelMorris <michael.morris@est.tech>
Diffstat (limited to 'bpmn/so-bpmn-tasks/src/main/java')
-rw-r--r--bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java60
1 files changed, 60 insertions, 0 deletions
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java
index f5bae2c82a..c3c0047fff 100644
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java
@@ -21,14 +21,32 @@
package org.onap.so.bpmn.infrastructure.adapter.vnfm.tasks;
import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
import org.onap.so.configuration.rest.BasicHttpHeadersProvider;
import org.onap.so.configuration.rest.HttpHeadersProvider;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
/**
@@ -40,13 +58,55 @@ import org.springframework.web.client.RestTemplate;
@Configuration
public class VnfmAdapterCreateVnfTaskConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(VnfmAdapterCreateVnfTaskConfiguration.class);
+
+ @Value("${rest.http.client.configuration.ssl.trustStore:#{null}}")
+ private Resource trustStore;
+
+ @Value("${rest.http.client.configuration.ssl.trustStorePassword:#{null}}")
+ private String trustStorePassword;
+
+ @Value("${rest.http.client.configuration.ssl.keyStore:#{null}}")
+ private Resource keyStoreResource;
+
+ @Value("${rest.http.client.configuration.ssl.keyStorePassword:#{null}}")
+ private String keyStorePassword;
+
@Bean
public HttpRestServiceProvider databaseHttpRestServiceProvider(
@Qualifier(CONFIGURABLE_REST_TEMPLATE) @Autowired final RestTemplate restTemplate,
@Autowired final VnfmBasicHttpConfigProvider etsiVnfmAdapter) {
+ if (trustStore != null) {
+ setTrustStore(restTemplate);
+ }
return getHttpRestServiceProvider(restTemplate, new BasicHttpHeadersProvider(etsiVnfmAdapter.getAuth()));
}
+ private void setTrustStore(final RestTemplate restTemplate) {
+ SSLContext sslContext;
+ try {
+ if (keyStoreResource != null) {
+ KeyStore keystore = KeyStore.getInstance("pkcs12");
+ keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray());
+ sslContext =
+ new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray())
+ .loadKeyMaterial(keystore, keyStorePassword.toCharArray()).build();
+ } else {
+ sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build();
+ }
+ logger.info("Setting truststore: {}", trustStore.getURL());
+ final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ final HttpComponentsClientHttpRequestFactory factory =
+ new HttpComponentsClientHttpRequestFactory(httpClient);
+ restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+ | IOException | UnrecoverableKeyException exception) {
+ logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception);
+ }
+ }
+
private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate,
final HttpHeadersProvider httpHeadersProvider) {
return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider);