| Aharoni, Pavel (pa0916) | ca3cb01 | 2018-10-22 15:29:57 +0300 | [diff] [blame] | 1 | /*-
|
| 2 | * ============LICENSE_START=======================================================
|
| 3 | * OSAM
|
| 4 | * ================================================================================
|
| 5 | * Copyright (C) 2018 AT&T
|
| 6 | * ================================================================================
|
| 7 | * Licensed under the Apache License, Version 2.0 (the "License");
|
| 8 | * you may not use this file except in compliance with the License.
|
| 9 | * You may obtain a copy of the License at
|
| 10 | *
|
| 11 | * http://www.apache.org/licenses/LICENSE-2.0
|
| 12 | *
|
| 13 | * Unless required by applicable law or agreed to in writing, software
|
| 14 | * distributed under the License is distributed on an "AS IS" BASIS,
|
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 16 | * See the License for the specific language governing permissions and
|
| 17 | * limitations under the License.
|
| 18 | * ============LICENSE_END=========================================================
|
| 19 | */
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 | package org.onap.osam.aai.util;
|
| 24 |
|
| 25 | import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
| 26 | import org.apache.http.conn.ssl.SSLContextBuilder;
|
| 27 | import org.apache.http.impl.client.CloseableHttpClient;
|
| 28 | import org.apache.http.impl.client.HttpClients;
|
| 29 | import org.eclipse.jetty.util.security.Password;
|
| 30 | import org.onap.osam.exceptions.GenericUncheckedException;
|
| 31 | import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
|
| 32 | import org.onap.portalsdk.core.util.SystemProperties;
|
| 33 |
|
| 34 | import javax.net.ssl.SSLContext;
|
| 35 | import java.io.FileInputStream;
|
| 36 | import java.security.GeneralSecurityException;
|
| 37 | import java.security.KeyManagementException;
|
| 38 | import java.security.KeyStore;
|
| 39 |
|
| 40 |
|
| 41 | public class HttpsComponentsClient{
|
| 42 |
|
| 43 | static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsComponentsClient.class);
|
| 44 |
|
| 45 | public static CloseableHttpClient getClient(String certFilePath) {
|
| 46 | CloseableHttpClient httpclient = null;
|
| 47 | try {
|
| 48 |
|
| 49 | String truststore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_TRUSTSTORE_FILENAME);
|
| 50 | String truststore_password = SystemProperties.getProperty(AAIProperties.AAI_TRUSTSTORE_PASSWD_X);
|
| 51 | String decrypted_truststore_password = Password.deobfuscate(truststore_password);
|
| 52 | String keystore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_FILENAME);
|
| 53 | String keystore_password = SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_PASSWD_X);
|
| 54 | String decrypted_keystore_password = Password.deobfuscate(keystore_password);
|
| 55 |
|
| 56 | SSLContextBuilder sslContextB = new SSLContextBuilder();
|
| 57 |
|
| 58 | KeyStore ks = KeyStore.getInstance("PKCS12");
|
| 59 | char[] pwd = decrypted_keystore_password.toCharArray();
|
| 60 |
|
| 61 | try(FileInputStream fin = new FileInputStream(keystore_path)) {
|
| 62 | ks.load(fin, pwd);
|
| 63 | }
|
| 64 | catch (Exception e) {
|
| 65 | logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up keystore");
|
| 66 | logger.error(EELFLoggerDelegate.errorLogger, "Error loading keystore materials: (keystore path: {}, obfuascated keystore password: {})", keystore_path, keystore_password);
|
| 67 | throw new GenericUncheckedException(e);
|
| 68 | }
|
| 69 |
|
| 70 | sslContextB.loadKeyMaterial(ks, pwd);
|
| 71 |
|
| 72 | KeyStore ts = KeyStore.getInstance("JKS");
|
| 73 | char[] pwd1 = decrypted_truststore_password.toCharArray();
|
| 74 |
|
| 75 | try(FileInputStream fin1 = new FileInputStream(truststore_path)) {
|
| 76 | ts.load(fin1, pwd1);
|
| 77 | }
|
| 78 | catch (Exception e) {
|
| 79 | logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up truststore");
|
| 80 | logger.error(EELFLoggerDelegate.errorLogger, "Error loading truststore materials: (truststore path: {}, obfuascated truststore password: {})", truststore_path, truststore_password);
|
| 81 | throw new GenericUncheckedException(e);
|
| 82 | }
|
| 83 |
|
| 84 | sslContextB.loadTrustMaterial(ts);
|
| 85 | sslContextB.loadKeyMaterial(ks, pwd);
|
| 86 | sslContextB.useTLS();
|
| 87 |
|
| 88 | SSLContext sslcontext = sslContextB.build();
|
| 89 |
|
| 90 | SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(
|
| 91 | sslcontext,
|
| 92 | new String[] { "TLSv1.1", "TLSv1.2" },
|
| 93 | null,
|
| 94 | SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER );
|
| 95 |
|
| 96 | httpclient = HttpClients.custom()
|
| 97 | .setSSLSocketFactory(sslFactory)
|
| 98 | .build();
|
| 99 |
|
| 100 |
|
| 101 | } catch (GeneralSecurityException e) {
|
| 102 | throw new GenericUncheckedException(e);
|
| 103 | }
|
| 104 | return httpclient;
|
| 105 | }
|
| 106 |
|
| 107 |
|
| 108 |
|
| 109 | }
|