diff options
| author |   Seshu Kumar M <seshu.kumar.m@huawei.com> | 2019-08-08 12:55:47 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2019-08-08 12:55:47 +0000 |
| commit | 23f5c77f144d8f722083a99603975d4f7ca1926c (patch) | |
| tree | 74495048d44dcebfed7bfdabb7a79818e590624d /bpmn/so-bpmn-tasks | |
| parent | f697af873b2ced50e2f23a2170a1d1889f0b6ab1 (diff) | |
| parent | 37cacbd89a7129e5736916627b25d0ecf0364947 (diff) | |
Merge "VNFM adapter support two way TLS"
Diffstat (limited to 'bpmn/so-bpmn-tasks')
| -rw-r--r-- | bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java index f5bae2c82a..c3c0047fff 100644 --- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java +++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java @@ -21,14 +21,32 @@ package org.onap.so.bpmn.infrastructure.adapter.vnfm.tasks; import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE; +import java.io.IOException; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import javax.net.ssl.SSLContext; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; import org.onap.so.configuration.rest.BasicHttpHeadersProvider; import org.onap.so.configuration.rest.HttpHeadersProvider; import org.onap.so.rest.service.HttpRestServiceProvider; import org.onap.so.rest.service.HttpRestServiceProviderImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.http.client.BufferingClientHttpRequestFactory; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; /** @@ -40,13 +58,55 @@ import org.springframework.web.client.RestTemplate; @Configuration public class VnfmAdapterCreateVnfTaskConfiguration { + private static final Logger logger = LoggerFactory.getLogger(VnfmAdapterCreateVnfTaskConfiguration.class); + + @Value("${rest.http.client.configuration.ssl.trustStore:#{null}}") + private Resource trustStore; + + @Value("${rest.http.client.configuration.ssl.trustStorePassword:#{null}}") + private String trustStorePassword; + + @Value("${rest.http.client.configuration.ssl.keyStore:#{null}}") + private Resource keyStoreResource; + + @Value("${rest.http.client.configuration.ssl.keyStorePassword:#{null}}") + private String keyStorePassword; + @Bean public HttpRestServiceProvider databaseHttpRestServiceProvider( @Qualifier(CONFIGURABLE_REST_TEMPLATE) @Autowired final RestTemplate restTemplate, @Autowired final VnfmBasicHttpConfigProvider etsiVnfmAdapter) { + if (trustStore != null) { + setTrustStore(restTemplate); + } return getHttpRestServiceProvider(restTemplate, new BasicHttpHeadersProvider(etsiVnfmAdapter.getAuth())); } + private void setTrustStore(final RestTemplate restTemplate) { + SSLContext sslContext; + try { + if (keyStoreResource != null) { + KeyStore keystore = KeyStore.getInstance("pkcs12"); + keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray()); + sslContext = + new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()) + .loadKeyMaterial(keystore, keyStorePassword.toCharArray()).build(); + } else { + sslContext = new SSLContextBuilder() + .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build(); + } + logger.info("Setting truststore: {}", trustStore.getURL()); + final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext); + final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); + final HttpComponentsClientHttpRequestFactory factory = + new HttpComponentsClientHttpRequestFactory(httpClient); + restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory)); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException + | IOException | UnrecoverableKeyException exception) { + logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception); + } + } + private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate, final HttpHeadersProvider httpHeadersProvider) { return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider); |