| Aharoni, Pavel (pa0916) | ca3cb01 | 2018-10-22 15:29:57 +0300 | [diff] [blame] | 1 | /*-
|
| 2 | * ============LICENSE_START=======================================================
|
| 3 | * OSAM
|
| 4 | * ================================================================================
|
| 5 | * Copyright (C) 2018 AT&T
|
| 6 | * ================================================================================
|
| 7 | * Licensed under the Apache License, Version 2.0 (the "License");
|
| 8 | * you may not use this file except in compliance with the License.
|
| 9 | * You may obtain a copy of the License at
|
| 10 | *
|
| 11 | * http://www.apache.org/licenses/LICENSE-2.0
|
| 12 | *
|
| 13 | * Unless required by applicable law or agreed to in writing, software
|
| 14 | * distributed under the License is distributed on an "AS IS" BASIS,
|
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 16 | * See the License for the specific language governing permissions and
|
| 17 | * limitations under the License.
|
| 18 | * ============LICENSE_END=========================================================
|
| 19 | */
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 | package org.onap.osam.aai.util;
|
| 24 |
|
| 25 |
|
| 26 | import org.glassfish.jersey.client.ClientConfig;
|
| 27 | import org.glassfish.jersey.client.HttpUrlConnectorProvider;
|
| 28 | import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
|
| 29 | import org.onap.osam.aai.exceptions.HttpClientBuilderException;
|
| 30 |
|
| 31 | import javax.net.ssl.HttpsURLConnection;
|
| 32 | import javax.ws.rs.client.Client;
|
| 33 | import javax.ws.rs.client.ClientBuilder;
|
| 34 | import java.io.IOException;
|
| 35 | import java.nio.file.FileSystems;
|
| 36 | import java.security.GeneralSecurityException;
|
| 37 |
|
| 38 | import static org.onap.osam.aai.util.HttpClientMode.WITH_KEYSTORE;
|
| 39 |
|
| 40 | public class HttpsAuthClient {
|
| 41 |
|
| 42 | private static final String SSL_TRUST_STORE = "javax.net.ssl.trustStore";
|
| 43 | private static final String SSL_TRUST_STORE_PASS_WORD = "javax.net.ssl.trustStorePassword";
|
| 44 |
|
| 45 | private final SystemPropertyHelper systemPropertyHelper;
|
| 46 | private final SSLContextProvider sslContextProvider;
|
| 47 |
|
| 48 | public HttpsAuthClient(String certFilePath, SystemPropertyHelper systemPropertyHelper, SSLContextProvider sslContextProvider) {
|
| 49 | this.certFilePath = certFilePath;
|
| 50 | this.systemPropertyHelper = systemPropertyHelper;
|
| 51 | this.sslContextProvider = sslContextProvider;
|
| 52 | }
|
| 53 |
|
| 54 | private final String certFilePath;
|
| 55 |
|
| 56 | static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsAuthClient.class);
|
| 57 |
|
| 58 |
|
| 59 | /**
|
| 60 | * Gets the client.
|
| 61 | *
|
| 62 | * @return the client
|
| 63 | */
|
| 64 | public Client getClient(HttpClientMode mode) throws GeneralSecurityException, IOException {
|
| 65 | ClientConfig config = prepareClientConfig(mode);
|
| 66 |
|
| 67 | try {
|
| 68 | setSystemProperties();
|
| 69 |
|
| 70 | ignoreHostname();
|
| 71 |
|
| 72 | return systemPropertyHelper.isClientCertEnabled() ?
|
| 73 | getTrustedClient(config, getKeystorePath(), systemPropertyHelper.getDecryptedKeystorePassword(), mode)
|
| 74 | : getUntrustedClient(config);
|
| 75 |
|
| 76 | } catch (Exception e) {
|
| 77 | logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up config", e);
|
| 78 | throw e;
|
| 79 | }
|
| 80 |
|
| 81 | }
|
| 82 |
|
| 83 | private void ignoreHostname() {
|
| 84 | HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
|
| 85 | }
|
| 86 |
|
| 87 | private Client getUntrustedClient(ClientConfig config) {
|
| 88 | return ClientBuilder.newBuilder().withConfig(config).build().register(CustomJacksonJaxBJsonProvider.class);
|
| 89 | }
|
| 90 |
|
| 91 | private Client getTrustedClient(ClientConfig config, String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws HttpClientBuilderException {
|
| 92 | return ClientBuilder.newBuilder()
|
| 93 | .sslContext(sslContextProvider.getSslContext(keystorePath, keystorePassword, httpClientMode))
|
| 94 | .hostnameVerifier((s, sslSession) -> true)
|
| 95 | .withConfig(config)
|
| 96 | .build()
|
| 97 | .register(CustomJacksonJaxBJsonProvider.class);
|
| 98 | }
|
| 99 |
|
| 100 | private String getKeystorePath() {
|
| 101 | return getCertificatesPath() + FileSystems.getDefault().getSeparator() + systemPropertyHelper.getAAIKeystoreFilename();
|
| 102 | }
|
| 103 |
|
| 104 | private void setSystemProperties() {
|
| 105 | System.setProperty(SSL_TRUST_STORE, getCertificatesPath() + FileSystems.getDefault().getSeparator() +
|
| 106 | systemPropertyHelper.getAAITruststoreFilename().orElse(""));
|
| 107 | System.setProperty(SSL_TRUST_STORE_PASS_WORD, systemPropertyHelper.getDecryptedTruststorePassword());
|
| 108 | }
|
| 109 |
|
| 110 | private ClientConfig prepareClientConfig(HttpClientMode mode) {
|
| 111 | ClientConfig config = new ClientConfig();
|
| 112 | if (mode.equals(WITH_KEYSTORE)) {
|
| 113 | config.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, Boolean.TRUE);
|
| 114 | config.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
|
| 115 | }
|
| 116 | return config;
|
| 117 | }
|
| 118 |
|
| 119 | private String getCertificatesPath() {
|
| 120 | return certFilePath;
|
| 121 | }
|
| 122 |
|
| 123 | }
|