SECCOM HTTPS communication vs. HTTP(TSC must havve)

Issue-ID: USECASEUI-356 Change-Id: I5793e959535824cabf5929c30c911d486fa392b0 Signed-off-by: hekeguang <hekeguang@chinamobile.com>
author: hekeguang <hekeguang@chinamobile.com> 2020-02-24 17:00:51 +0800
committer: hekeguang <hekeguang@chinamobile.com> 2020-02-24 17:01:24 +0800
commit: bd93a470b669b2876f69fa569455a315151107f0 (patch)
tree: 13f4c49a664684f14f61582455c245da055005ee
parent: a74579806cfd480ca1c38147b71cfe1440a2f9c9 (diff)
5 files changed, 130 insertions, 31 deletions
diff --git a/server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java b/server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java
new file mode 100644
index 00000000..7d4e2311
--- /dev/null
+++ b/server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2019 CMCC, Inc. and others. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onap.usecaseui.server.util;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509TrustManager;
+
+public class CustomTrustManager implements X509TrustManager {
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+    }
+}
diff --git a/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java b/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java
index 1b3a5ec1..e2fe11a2 100644
--- a/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java
+++ b/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java
@@ -18,11 +18,27 @@ package org.onap.usecaseui.server.util;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 
+import javax.naming.Context;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import org.glassfish.jersey.client.ClientConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -36,28 +52,33 @@ import retrofit2.converter.jackson.JacksonConverterFactory;
 
 public class RestfulServices {
 
-	private static final Logger logger = LoggerFactory.getLogger(RestfulServices.class);
+    private static final Logger logger = LoggerFactory.getLogger(RestfulServices.class);
 
     public static <T> T create(String baseUrl, Class<T> clazz) {
         Retrofit retrofit = new Retrofit.Builder()
-                .baseUrl(baseUrl)
-                .addConverterFactory(JacksonConverterFactory.create())
-                .build();
+            .baseUrl(baseUrl)
+            .addConverterFactory(JacksonConverterFactory.create())
+            .build();
         return retrofit.create(clazz);
     }
 
     public static <T> T create(Class<T> clazz) {
         //Set the interface response time
-    	final OkHttpClient client = new OkHttpClient.Builder().
-    	        connectTimeout(300, TimeUnit.SECONDS).
-    	        readTimeout(300, TimeUnit.SECONDS).
-    	        writeTimeout(300, TimeUnit.SECONDS).build();
+
+        OkHttpClient okHttpClient = new OkHttpClient.Builder()
+            .connectTimeout(300, TimeUnit.SECONDS)
+            .readTimeout(300, TimeUnit.SECONDS)
+            .sslSocketFactory(getSSLSocketFactory(), new CustomTrustManager())
+            .hostnameVerifier(getHostnameVerifier())
+            .build();
+
         String msbUrl = getMsbAddress();
         Retrofit retrofit = new Retrofit.Builder()
-                .baseUrl("http://" + msbUrl + "/")
-        		.client(client)
-                .addConverterFactory(JacksonConverterFactory.create())
-                .build();
+            .baseUrl("https://" + msbUrl + "/")
+            .client(okHttpClient)
+            .addConverterFactory(JacksonConverterFactory.create())
+            .build();
+
         return retrofit.create(clazz);
     }
 
@@ -70,25 +91,48 @@ public class RestfulServices {
     }
 
     public static RequestBody extractBody(HttpServletRequest request) throws IOException {
-      	 BufferedReader br = null;
-       	 StringBuilder sb = new StringBuilder("");
-       	 try {
-       		 br = request.getReader();
-                String str;
-                while ((str = br.readLine()) != null)
-                {
-                    sb.append(str);
-                }
+        BufferedReader br = null;
+        StringBuilder sb = new StringBuilder("");
+        try {
+            br = request.getReader();
+            String str;
+            while ((str = br.readLine()) != null) {
+                sb.append(str);
+            }
+            br.close();
+            logger.info("The request body content is: " + sb.toString());
+            return RequestBody.create(MediaType.parse("application/json"), sb.toString());
+        } catch (Exception e) {
+            logger.info("RestfulServices occur exection,this content is: " + e.getMessage());
+            return RequestBody.create(MediaType.parse("application/json"), sb.toString());
+        } finally {
+            if (null != br) {
                 br.close();
-                logger.info("The request body content is: "+sb.toString());
-                return RequestBody.create(MediaType.parse("application/json"),sb.toString());
-    		}catch(Exception e){
-    			 logger.info("RestfulServices occur exection,this content is: "+e.getMessage());
-    			 return RequestBody.create(MediaType.parse("application/json"),sb.toString());
-    		}finally {
-               if (null != br) {
-               	 br.close();
-               }
-    		}
+            }
         }
+    }
+
+    public static SSLSocketFactory getSSLSocketFactory() {
+        SSLSocketFactory ssfFactory = null;
+
+        try {
+            SSLContext sc = SSLContext.getInstance("TLS");
+            sc.init(null, new TrustManager[]{new CustomTrustManager()}, new SecureRandom());
+
+            ssfFactory = sc.getSocketFactory();
+        } catch (Exception e) {
+        }
+
+        return ssfFactory;
+    }
+
+    public static HostnameVerifier getHostnameVerifier() {
+        HostnameVerifier   hostnameVerifier= new HostnameVerifier() {
+            public boolean verify(String hostname, SSLSession session) {
+                return true;
+            }
+        };
+        return hostnameVerifier;
+    }
 }
+
diff --git a/server/src/main/resources/application.properties b/server/src/main/resources/application.properties
index 48fb0e7b..a742294c 100644
--- a/server/src/main/resources/application.properties
+++ b/server/src/main/resources/application.properties
@@ -39,3 +39,8 @@ logging.level.*=ERROR
 #enable shutdown
 endpoints.shutdown.enabled=true
 endpoints.shutdown.sensitive=false
+
+server.ssl.protocol=TLS
+server.ssl.key-store=classpath:keystore/uuiServer.jks
+server.ssl.key-store-password=Aa123456
+server.ssl.key-store-type=JKS
+\ No newline at end of file
diff --git a/server/src/main/resources/keystore/README.txt b/server/src/main/resources/keystore/README.txt
new file mode 100644
index 00000000..45380d22
--- /dev/null
+++ b/server/src/main/resources/keystore/README.txt
@@ -0,0 +1,12 @@
+keytool -genkeypair -keystore uuiServer.jks -alias uuiServer -keypass Aa123456 -storepass Aa123456  -keyalg RSA -keysize 2048  -validity 3650 -dname "CN=Usecaseui Server, OU=Development, O=ChinaMobile, L=Beijing, C=cn"
+
+
+3650 – 10 years validity
+Development – Organization unit
+ChinaMobile – Organization
+Beijing- City
+cn – Country code
+
+
+uuiServer.jks – name of keystore
+Aa123456 - password
diff --git a/server/src/main/resources/keystore/uuiServer.jks b/server/src/main/resources/keystore/uuiServer.jks
new file mode 100644
index 00000000..eb2ad75e
--- /dev/null
+++ b/server/src/main/resources/keystore/uuiServer.jks
author	hekeguang <hekeguang@chinamobile.com>	2020-02-24 17:00:51 +0800
committer	hekeguang <hekeguang@chinamobile.com>	2020-02-24 17:01:24 +0800
commit	bd93a470b669b2876f69fa569455a315151107f0 (patch)
tree	13f4c49a664684f14f61582455c245da055005ee
parent	a74579806cfd480ca1c38147b71cfe1440a2f9c9 (diff)