summaryrefslogtreecommitdiffstats
path: root/vnfm-simulator
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2019-08-02 23:20:31 +0000
committerMichaelMorris <michael.morris@est.tech>2019-08-02 23:20:31 +0000
commit37cacbd89a7129e5736916627b25d0ecf0364947 (patch)
tree44f3f1d58c189b67fc13852de31bb7d46f32a875 /vnfm-simulator
parent8b02fbc54e6db36d969b233d136f90b8d6615f80 (diff)
VNFM adapter support two way TLS
Change-Id: Icdb57587c9070bcce405eeaea4275fea0af0533a Issue-ID: SO-2190 Signed-off-by: MichaelMorris <michael.morris@est.tech>
Diffstat (limited to 'vnfm-simulator')
-rw-r--r--vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java8
-rw-r--r--vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java35
2 files changed, 40 insertions, 3 deletions
diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java
index 32c05ebca8..a1abb05f07 100644
--- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java
+++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java
@@ -1,6 +1,5 @@
package org.onap.svnfm.simulator.config;
-import java.net.InetAddress;
import java.util.Arrays;
import org.onap.svnfm.simulator.constants.Constant;
import org.springframework.beans.factory.annotation.Autowired;
@@ -23,6 +22,9 @@ public class ApplicationConfig implements ApplicationRunner {
@Value("${server.dns.name:so-vnfm-simulator.onap}")
private String serverDnsName;
+ @Value("${server.request.grant.auth:oauth}")
+ private String grantAuth;
+
@Autowired
private Environment environment;
@@ -37,6 +39,10 @@ public class ApplicationConfig implements ApplicationRunner {
return baseUrl;
}
+ public String getGrantAuth() {
+ return grantAuth;
+ }
+
@Bean
public CacheManager cacheManager() {
final Cache inlineResponse201 = new ConcurrentMapCache(Constant.IN_LINE_RESPONSE_201_CACHE);
diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
index eed62780c0..6e9478bdeb 100644
--- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
+++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
@@ -8,10 +8,17 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.StandardCharsets;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.ws.rs.core.MediaType;
import org.apache.commons.codec.binary.Base64;
import org.modelmapper.ModelMapper;
@@ -44,12 +51,16 @@ import org.onap.svnfm.simulator.repository.VnfOperationRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
public abstract class OperationProgressor implements Runnable {
private static final Logger LOGGER = LoggerFactory.getLogger(OperationProgressor.class);
private static final String CERTIFICATE_TO_TRUST = "so-vnfm-adapter.crt.pem";
+ private Resource keyStoreResource = new ClassPathResource("so-vnfm-simulator.p12");
+ private String keyStorePassword = "7Em3&j4.19xYiMelhD5?xbQ.";
+
protected final VnfOperation operation;
protected final SvnfmService svnfmService;
private final VnfOperationRepository vnfOperationRepository;
@@ -73,12 +84,14 @@ public abstract class OperationProgressor implements Runnable {
String callBackUrl = subscriptionService.getSubscriptions().iterator().next().getCallbackUri();
callBackUrl = callBackUrl.substring(0, callBackUrl.indexOf("/lcn/"));
apiClient.setBasePath(callBackUrl);
+ apiClient.setKeyManagers(getKeyManagers());
apiClient.setSslCaCert(getCertificateToTrust());
notificationClient = new DefaultApi(apiClient);
final org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient grantApiClient =
new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient();
grantApiClient.setBasePath(callBackUrl);
+ grantApiClient.setKeyManagers(getKeyManagers());
grantApiClient.setSslCaCert(getCertificateToTrust());
grantClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.api.DefaultApi(grantApiClient);
}
@@ -92,6 +105,22 @@ public abstract class OperationProgressor implements Runnable {
}
}
+ private KeyManager[] getKeyManagers() {
+ KeyStore keystore;
+ try {
+ keystore = KeyStore.getInstance("pkcs12");
+ keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray());
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
+ keyManagerFactory.init(keystore, keyStorePassword.toCharArray());
+ return keyManagerFactory.getKeyManagers();
+ } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException
+ | UnrecoverableKeyException exception) {
+ LOGGER.error("Error reading certificate, https calls using two way TLS to VNFM adapter will fail",
+ exception);
+ return new KeyManager[0];
+ }
+ }
+
@Override
public void run() {
try {
@@ -247,8 +276,10 @@ public abstract class OperationProgressor implements Runnable {
final SubscriptionsAuthenticationParamsOauth2ClientCredentials subscriptionAuthentication =
subscriptionService.getSubscriptions().iterator().next().getAuthentication()
.getParamsOauth2ClientCredentials();
- final String authHeader =
- "Bearer " + getToken(notificationClient.getApiClient(), subscriptionAuthentication);
+
+ final String authHeader = applicationConfig.getGrantAuth().equals("oauth")
+ ? "Bearer " + getToken(notificationClient.getApiClient(), subscriptionAuthentication)
+ : null;
final ApiResponse<InlineResponse201> response = grantClient.grantsPostWithHttpInfo(grantRequest,
MediaType.APPLICATION_JSON, MediaType.APPLICATION_JSON, authHeader);