From 37cacbd89a7129e5736916627b25d0ecf0364947 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Fri, 2 Aug 2019 23:20:31 +0000 Subject: VNFM adapter support two way TLS Change-Id: Icdb57587c9070bcce405eeaea4275fea0af0533a Issue-ID: SO-2190 Signed-off-by: MichaelMorris --- .../VnfmAdapterCreateVnfTaskConfiguration.java | 60 ++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'bpmn/so-bpmn-tasks/src/main') diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java index f5bae2c82a..c3c0047fff 100644 --- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java +++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/VnfmAdapterCreateVnfTaskConfiguration.java @@ -21,14 +21,32 @@ package org.onap.so.bpmn.infrastructure.adapter.vnfm.tasks; import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE; +import java.io.IOException; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import javax.net.ssl.SSLContext; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; import org.onap.so.configuration.rest.BasicHttpHeadersProvider; import org.onap.so.configuration.rest.HttpHeadersProvider; import org.onap.so.rest.service.HttpRestServiceProvider; import org.onap.so.rest.service.HttpRestServiceProviderImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.http.client.BufferingClientHttpRequestFactory; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; /** @@ -40,13 +58,55 @@ import org.springframework.web.client.RestTemplate; @Configuration public class VnfmAdapterCreateVnfTaskConfiguration { + private static final Logger logger = LoggerFactory.getLogger(VnfmAdapterCreateVnfTaskConfiguration.class); + + @Value("${rest.http.client.configuration.ssl.trustStore:#{null}}") + private Resource trustStore; + + @Value("${rest.http.client.configuration.ssl.trustStorePassword:#{null}}") + private String trustStorePassword; + + @Value("${rest.http.client.configuration.ssl.keyStore:#{null}}") + private Resource keyStoreResource; + + @Value("${rest.http.client.configuration.ssl.keyStorePassword:#{null}}") + private String keyStorePassword; + @Bean public HttpRestServiceProvider databaseHttpRestServiceProvider( @Qualifier(CONFIGURABLE_REST_TEMPLATE) @Autowired final RestTemplate restTemplate, @Autowired final VnfmBasicHttpConfigProvider etsiVnfmAdapter) { + if (trustStore != null) { + setTrustStore(restTemplate); + } return getHttpRestServiceProvider(restTemplate, new BasicHttpHeadersProvider(etsiVnfmAdapter.getAuth())); } + private void setTrustStore(final RestTemplate restTemplate) { + SSLContext sslContext; + try { + if (keyStoreResource != null) { + KeyStore keystore = KeyStore.getInstance("pkcs12"); + keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray()); + sslContext = + new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()) + .loadKeyMaterial(keystore, keyStorePassword.toCharArray()).build(); + } else { + sslContext = new SSLContextBuilder() + .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build(); + } + logger.info("Setting truststore: {}", trustStore.getURL()); + final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext); + final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); + final HttpComponentsClientHttpRequestFactory factory = + new HttpComponentsClientHttpRequestFactory(httpClient); + restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory)); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException + | IOException | UnrecoverableKeyException exception) { + logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception); + } + } + private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate, final HttpHeadersProvider httpHeadersProvider) { return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider); -- cgit 1.2.3-korg