2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017-2018 European Software Marketing Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.aai.schemaif.json;
25 import java.io.FileInputStream;
26 import java.io.IOException;
27 import java.net.HttpURLConnection;
28 import java.security.KeyStore;
29 import java.security.cert.X509Certificate;
31 import javax.net.ssl.HostnameVerifier;
32 import javax.net.ssl.HttpsURLConnection;
33 import javax.net.ssl.KeyManagerFactory;
34 import javax.net.ssl.SSLContext;
35 import javax.net.ssl.SSLSession;
36 import javax.net.ssl.TrustManager;
37 import javax.net.ssl.X509TrustManager;
39 import org.springframework.http.client.SimpleClientHttpRequestFactory;
42 public class SecureClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
44 private static final String SSL_PROTOCOL = "TLS";
45 private static final String KEYSTORE_ALGORITHM = "SunX509";
46 private static final String KEYSTORE_TYPE = "PKCS12";
47 private JsonSchemaProviderConfig config;
50 public SecureClientHttpRequestFactory(JsonSchemaProviderConfig config) {
56 protected void prepareConnection(final HttpURLConnection connection, final String httpMethod)
58 if (connection instanceof HttpsURLConnection) {
59 ((HttpsURLConnection) connection)
60 .setSSLSocketFactory(getSSLContext().getSocketFactory());
61 ((HttpsURLConnection) connection).setHostnameVerifier(new HostnameVerifier() {
63 public boolean verify(String str, SSLSession sslSession) {
69 throw new IOException();
71 super.prepareConnection(connection, httpMethod);
74 protected SSLContext getSSLContext() throws IOException {
76 TrustManager[] trustAllCerts = null;
78 // We aren't validating certificates, so create a trust manager that
80 // not validate certificate chains.
81 trustAllCerts = new TrustManager[] {new X509TrustManager() {
82 public X509Certificate[] getAcceptedIssuers() {
86 public void checkClientTrusted(X509Certificate[] certs, String authType) {
89 public void checkServerTrusted(X509Certificate[] certs, String authType) {
93 SSLContext ctx = SSLContext.getInstance(SSL_PROTOCOL);
94 KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEYSTORE_ALGORITHM);
95 KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE);
98 if (config.getSchemaServiceCertPwd()!= null) {
99 pwd = config.getSchemaServiceCertPwd().toCharArray();
102 if (config.getSchemaServiceCertFile() != null) {
103 FileInputStream fin =null;
105 fin = new FileInputStream(config.getSchemaServiceCertFile());
107 // Load the keystore and initialize the key manager factory.
111 ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
116 ctx.init(null, trustAllCerts, null);
120 } catch (Exception e) {
121 throw new IOException("Problem with getting the SSL Context::" + e.getMessage(), e);