From c72d565bb58226b20625b2bce5f0019046bee649 Mon Sep 17 00:00:00 2001
From: "Sonsino, Ofir (os0695)" <os0695@intl.att.com>
Date: Tue, 10 Jul 2018 14:20:54 +0300
Subject: Merge 1806 code of vid-common

Change-Id: I75d52abed4a24dfe3827d79edc4a2938726aa87a
Issue-ID: VID-208
Signed-off-by: Sonsino, Ofir (os0695) <os0695@intl.att.com>
---
 .../org/onap/vid/aai/util/HttpsAuthClient.java     | 253 ++++++++++++---------
 1 file changed, 142 insertions(+), 111 deletions(-)

(limited to 'vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java')

diff --git a/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java b/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java
index 3bc8e4a35..f1eafe42a 100644
--- a/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java
+++ b/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,120 +21,151 @@
 package org.onap.vid.aai.util;
 
 
-import java.io.FileInputStream;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.ClientBuilder;
-
 import org.eclipse.jetty.util.security.Password;
 import org.glassfish.jersey.client.ClientConfig;
+import org.glassfish.jersey.client.ClientProperties;
 import org.glassfish.jersey.client.HttpUrlConnectorProvider;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.util.SystemProperties;
+
+import javax.net.ssl.*;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
 /**
  * The Class HttpsAuthClient.
  */
-public class HttpsAuthClient{
-	/** The logger. */
-	static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsAuthClient.class);
-	
-	/**
-	 * Gets the client.
-	 *
-	 * @param certFilePath the cert file path
-	 * @return the client
-	 * @throws KeyManagementException the key management exception
-	 */
-	public static Client getClient(String certFilePath) throws KeyManagementException {
-
-		ClientConfig config = new ClientConfig();
-		//config.getFeatures().put(JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE);
-		//config.getClasses().add(org.onap.aai.util.CustomJacksonJaxBJsonProvider.class);
-
-		try {
-			
-		    config.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, Boolean.TRUE );
-			
-			config.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
-			String truststore_path = certFilePath + org.onap.vid.aai.util.AAIProperties.FILESEPARTOR + SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_TRUSTSTORE_FILENAME);
-			String truststore_password = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_TRUSTSTORE_PASSWD_X);
-			String decrypted_truststore_password = Password.deobfuscate(truststore_password);
-			
-			boolean useClientCert = false;
-			
-			String keystore_path = certFilePath + org.onap.vid.aai.util.AAIProperties.FILESEPARTOR + SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_KEYSTORE_FILENAME);
-			String keystore_password = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_KEYSTORE_PASSWD_X);
-			String decrypted_keystore_password = Password.deobfuscate(keystore_password);
-			
-			String clientCert = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_USE_CLIENT_CERT);
-			
-			if (clientCert != null && 
-					SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_USE_CLIENT_CERT).equalsIgnoreCase("true")) {
-				useClientCert = true;
-			}
-			
-  		    System.setProperty("javax.net.ssl.trustStore", truststore_path);
-		    System.setProperty("javax.net.ssl.trustStorePassword", decrypted_truststore_password);
-			HttpsURLConnection.setDefaultHostnameVerifier( new HostnameVerifier(){
-			    public boolean verify(String string,SSLSession ssls) {
-			        return true;
-			    }
-			});
-	
-			final SSLContext ctx = SSLContext.getInstance("TLS");
-			
-			KeyManagerFactory kmf = null;
-			if (useClientCert) {
-			
-				try {
-					kmf = KeyManagerFactory.getInstance("SunX509");
-					FileInputStream fin = new FileInputStream(keystore_path);
-					KeyStore ks = KeyStore.getInstance("PKCS12");
-					char[] pwd = decrypted_keystore_password.toCharArray();
-					ks.load(fin, pwd);
-					kmf.init(ks, pwd);
-				} catch (Exception e) {
-					//System.out.println("Error setting up kmf: exiting");
-					logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up kmf: exiting");
-					e.printStackTrace();
-					return null;
-				}
-				ctx.init(kmf.getKeyManagers(), null, null);
-			
-				return ClientBuilder.newBuilder()
-						.sslContext(ctx)
-						.hostnameVerifier(new HostnameVerifier() {
-							@Override
-							public boolean verify( String s, SSLSession sslSession ) {
-								return true;
-							}
-						}).withConfig(config)
-						.build()
-						.register(org.onap.vid.aai.util.CustomJacksonJaxBJsonProvider.class);
-			} else { 
-				return ClientBuilder.newBuilder()
-						.hostnameVerifier(new HostnameVerifier() {
-							@Override
-							public boolean verify( String s, SSLSession sslSession ) {
-								return true;
-							}
-						}).withConfig(config)
-						.build()
-						.register(org.onap.vid.aai.util.CustomJacksonJaxBJsonProvider.class);
-			}
-		} catch (Exception e) {
-			logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up config: exiting");
-			//System.out.println("Error setting up config: exiting");
-			e.printStackTrace();
-			System.exit(1);
-			return null;
-		}
-	}
-}  
+public class HttpsAuthClient {
+
+
+    public HttpsAuthClient(String certFilePath) {
+        this.certFilePath = certFilePath;
+    }
+
+    private final String certFilePath;
+
+    /** The logger. */
+    static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsAuthClient.class);
+
+    /**
+     * Gets the client.
+     *
+     * @return the client
+     * @throws KeyManagementException the key management exception
+     */
+    public Client getClient(HttpClientMode mode) throws GeneralSecurityException, IOException {
+        ClientConfig config = new ClientConfig();
+        SSLContext ctx;
+
+        try {
+            String truststorePath = getCertificatesPath() + org.onap.vid.aai.util.AAIProperties.FILESEPARTOR + SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_TRUSTSTORE_FILENAME);
+            String truststorePassword = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_TRUSTSTORE_PASSWD_X);
+            String decryptedTruststorePassword = Password.deobfuscate(truststorePassword);
+
+            System.setProperty("javax.net.ssl.trustStore", truststorePath);
+            System.setProperty("javax.net.ssl.trustStorePassword", decryptedTruststorePassword);
+
+            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
+                public boolean verify(String string, SSLSession ssls) {
+                    return true;
+                }
+            });
+            ctx = SSLContext.getInstance("TLSv1.2");
+            KeyManager[] keyManagers = null;
+            TrustManager[] trustManagers = getTrustManager(mode);
+
+            switch (mode) {
+                case WITH_KEYSTORE:
+                    String aaiKeystorePath = getCertificatesPath() + org.onap.vid.aai.util.AAIProperties.FILESEPARTOR + SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_KEYSTORE_FILENAME);
+                    String aaiKeystorePassword = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_KEYSTORE_PASSWD_X);
+                    config.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, Boolean.TRUE);
+                    config.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
+                    KeyManagerFactory kmf = getKeyManagerFactory(aaiKeystorePath, aaiKeystorePassword);
+                    keyManagers = kmf.getKeyManagers();
+                    break;
+
+                case WITHOUT_KEYSTORE:
+                    config.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
+                    break;
+
+                default:
+                    logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up config. HttpClientMode is " + mode);
+            }
+
+            ctx.init(keyManagers, trustManagers, null);
+            return ClientBuilder.newBuilder()
+                    .sslContext(ctx)
+                    .hostnameVerifier(new HostnameVerifier() {
+                        @Override
+                        public boolean verify(String s, SSLSession sslSession) {
+                            return true;
+                        }
+                    }).withConfig(config)
+                    .build()
+                    .register(org.onap.vid.aai.util.CustomJacksonJaxBJsonProvider.class);
+        } catch (Exception e) {
+            logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up config", e);
+            throw e;
+        }
+
+    }
+
+    /**
+     * @param aaiKeystorePath
+     * @param aaiKeystorePassword - in OBF format
+     * @return
+     * @throws NoSuchAlgorithmException
+     * @throws KeyStoreException
+     * @throws IOException
+     * @throws CertificateException
+     * @throws UnrecoverableKeyException
+     */
+    private KeyManagerFactory getKeyManagerFactory(String aaiKeystorePath, String aaiKeystorePassword) throws IOException, GeneralSecurityException {
+        String aaiDecryptedKeystorePassword = Password.deobfuscate(aaiKeystorePassword);
+        KeyManagerFactory kmf = null;
+        try (FileInputStream fin = new FileInputStream(aaiKeystorePath)) {
+            kmf = KeyManagerFactory.getInstance("SunX509");
+            KeyStore ks = KeyStore.getInstance("PKCS12");
+            char[] pwd = aaiDecryptedKeystorePassword.toCharArray();
+            ks.load(fin, pwd);
+            kmf.init(ks, pwd);
+        } catch (Exception e) {
+            logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up kmf");
+            logger.error(EELFLoggerDelegate.errorLogger, "Error setting up kmf (keystore path: {}, obfuascated keystore password: {})", aaiKeystorePath, aaiKeystorePassword, e);
+            throw e;
+        }
+        return kmf;
+    }
+
+    private String getCertificatesPath() {
+        return certFilePath;
+    }
+
+    private TrustManager[] getTrustManager(HttpClientMode httpClientMode) {
+        //Creating a trustManager that will accept all certificates.
+        //TODO - remove this one the POMBA certificate is added to the tomcat_keystore file
+        TrustManager[] trustAllCerts = null;
+        if (httpClientMode == HttpClientMode.UNSECURE) {
+
+            trustAllCerts = new TrustManager[]{new X509TrustManager() {
+                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                    return null;
+                }
+
+                public void checkClientTrusted(X509Certificate[] certs, String authType) {
+                }
+
+                public void checkServerTrusted(X509Certificate[] certs, String authType) {
+                }
+            }};
+        }
+        return trustAllCerts;
+    }
+
+
+}
-- 
cgit 1.2.3-korg