From 37cacbd89a7129e5736916627b25d0ecf0364947 Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Fri, 2 Aug 2019 23:20:31 +0000 Subject: VNFM adapter support two way TLS Change-Id: Icdb57587c9070bcce405eeaea4275fea0af0533a Issue-ID: SO-2190 Signed-off-by: MichaelMorris --- .../svnfm/simulator/config/ApplicationConfig.java | 8 ++++- .../simulator/services/OperationProgressor.java | 35 ++++++++++++++++++++-- 2 files changed, 40 insertions(+), 3 deletions(-) (limited to 'vnfm-simulator/vnfm-service/src/main/java') diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java index 32c05ebca8..a1abb05f07 100644 --- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java @@ -1,6 +1,5 @@ package org.onap.svnfm.simulator.config; -import java.net.InetAddress; import java.util.Arrays; import org.onap.svnfm.simulator.constants.Constant; import org.springframework.beans.factory.annotation.Autowired; @@ -23,6 +22,9 @@ public class ApplicationConfig implements ApplicationRunner { @Value("${server.dns.name:so-vnfm-simulator.onap}") private String serverDnsName; + @Value("${server.request.grant.auth:oauth}") + private String grantAuth; + @Autowired private Environment environment; @@ -37,6 +39,10 @@ public class ApplicationConfig implements ApplicationRunner { return baseUrl; } + public String getGrantAuth() { + return grantAuth; + } + @Bean public CacheManager cacheManager() { final Cache inlineResponse201 = new ConcurrentMapCache(Constant.IN_LINE_RESPONSE_201_CACHE); diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java index eed62780c0..6e9478bdeb 100644 --- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java @@ -8,10 +8,17 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.net.URL; import java.nio.charset.StandardCharsets; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; import java.util.UUID; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.ws.rs.core.MediaType; import org.apache.commons.codec.binary.Base64; import org.modelmapper.ModelMapper; @@ -44,12 +51,16 @@ import org.onap.svnfm.simulator.repository.VnfOperationRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; public abstract class OperationProgressor implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(OperationProgressor.class); private static final String CERTIFICATE_TO_TRUST = "so-vnfm-adapter.crt.pem"; + private Resource keyStoreResource = new ClassPathResource("so-vnfm-simulator.p12"); + private String keyStorePassword = "7Em3&j4.19xYiMelhD5?xbQ."; + protected final VnfOperation operation; protected final SvnfmService svnfmService; private final VnfOperationRepository vnfOperationRepository; @@ -73,12 +84,14 @@ public abstract class OperationProgressor implements Runnable { String callBackUrl = subscriptionService.getSubscriptions().iterator().next().getCallbackUri(); callBackUrl = callBackUrl.substring(0, callBackUrl.indexOf("/lcn/")); apiClient.setBasePath(callBackUrl); + apiClient.setKeyManagers(getKeyManagers()); apiClient.setSslCaCert(getCertificateToTrust()); notificationClient = new DefaultApi(apiClient); final org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient grantApiClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient(); grantApiClient.setBasePath(callBackUrl); + grantApiClient.setKeyManagers(getKeyManagers()); grantApiClient.setSslCaCert(getCertificateToTrust()); grantClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.api.DefaultApi(grantApiClient); } @@ -92,6 +105,22 @@ public abstract class OperationProgressor implements Runnable { } } + private KeyManager[] getKeyManagers() { + KeyStore keystore; + try { + keystore = KeyStore.getInstance("pkcs12"); + keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray()); + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); + keyManagerFactory.init(keystore, keyStorePassword.toCharArray()); + return keyManagerFactory.getKeyManagers(); + } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException + | UnrecoverableKeyException exception) { + LOGGER.error("Error reading certificate, https calls using two way TLS to VNFM adapter will fail", + exception); + return new KeyManager[0]; + } + } + @Override public void run() { try { @@ -247,8 +276,10 @@ public abstract class OperationProgressor implements Runnable { final SubscriptionsAuthenticationParamsOauth2ClientCredentials subscriptionAuthentication = subscriptionService.getSubscriptions().iterator().next().getAuthentication() .getParamsOauth2ClientCredentials(); - final String authHeader = - "Bearer " + getToken(notificationClient.getApiClient(), subscriptionAuthentication); + + final String authHeader = applicationConfig.getGrantAuth().equals("oauth") + ? "Bearer " + getToken(notificationClient.getApiClient(), subscriptionAuthentication) + : null; final ApiResponse response = grantClient.grantsPostWithHttpInfo(grantRequest, MediaType.APPLICATION_JSON, MediaType.APPLICATION_JSON, authHeader); -- cgit 1.2.3-korg