summaryrefslogtreecommitdiffstats
path: root/bpmn/so-bpmn-tasks/src
diff options
context:
space:
mode:
authorSeshu Kumar M <seshu.kumar.m@huawei.com>2019-08-08 12:55:47 +0000
committerGerrit Code Review <gerrit@onap.org>2019-08-08 12:55:47 +0000
commit23f5c77f144d8f722083a99603975d4f7ca1926c (patch)
tree74495048d44dcebfed7bfdabb7a79818e590624d /bpmn/so-bpmn-tasks/src
parentf697af873b2ced50e2f23a2170a1d1889f0b6ab1 (diff)
parent37cacbd89a7129e5736916627b25d0ecf0364947 (diff)
Merge "VNFM adapter support two way TLS"
Diffstat (limited to 'bpmn/so-bpmn-tasks/src')
-rw-r--r--bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java60
1 files changed, 60 insertions, 0 deletions
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java
index f5bae2c82a..c3c0047fff 100644
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java
@@ -21,14 +21,32 @@
package org.onap.so.bpmn.infrastructure.adapter.vnfm.tasks;
import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
import org.onap.so.configuration.rest.BasicHttpHeadersProvider;
import org.onap.so.configuration.rest.HttpHeadersProvider;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
/**
@@ -40,13 +58,55 @@ import org.springframework.web.client.RestTemplate;
@Configuration
public class VnfmAdapterCreateVnfTaskConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(VnfmAdapterCreateVnfTaskConfiguration.class);
+
+ @Value("${rest.http.client.configuration.ssl.trustStore:#{null}}")
+ private Resource trustStore;
+
+ @Value("${rest.http.client.configuration.ssl.trustStorePassword:#{null}}")
+ private String trustStorePassword;
+
+ @Value("${rest.http.client.configuration.ssl.keyStore:#{null}}")
+ private Resource keyStoreResource;
+
+ @Value("${rest.http.client.configuration.ssl.keyStorePassword:#{null}}")
+ private String keyStorePassword;
+
@Bean
public HttpRestServiceProvider databaseHttpRestServiceProvider(
@Qualifier(CONFIGURABLE_REST_TEMPLATE) @Autowired final RestTemplate restTemplate,
@Autowired final VnfmBasicHttpConfigProvider etsiVnfmAdapter) {
+ if (trustStore != null) {
+ setTrustStore(restTemplate);
+ }
return getHttpRestServiceProvider(restTemplate, new BasicHttpHeadersProvider(etsiVnfmAdapter.getAuth()));
}
+ private void setTrustStore(final RestTemplate restTemplate) {
+ SSLContext sslContext;
+ try {
+ if (keyStoreResource != null) {
+ KeyStore keystore = KeyStore.getInstance("pkcs12");
+ keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray());
+ sslContext =
+ new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray())
+ .loadKeyMaterial(keystore, keyStorePassword.toCharArray()).build();
+ } else {
+ sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build();
+ }
+ logger.info("Setting truststore: {}", trustStore.getURL());
+ final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ final HttpComponentsClientHttpRequestFactory factory =
+ new HttpComponentsClientHttpRequestFactory(httpClient);
+ restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+ | IOException | UnrecoverableKeyException exception) {
+ logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception);
+ }
+ }
+
private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate,
final HttpHeadersProvider httpHeadersProvider) {
return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider);