2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017-2018 European Software Marketing Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.aai.schemaif.json;
24 import java.io.FileInputStream;
25 import java.io.IOException;
26 import java.net.HttpURLConnection;
27 import java.security.KeyStore;
28 import java.security.cert.X509Certificate;
30 import javax.net.ssl.HostnameVerifier;
31 import javax.net.ssl.HttpsURLConnection;
32 import javax.net.ssl.KeyManagerFactory;
33 import javax.net.ssl.SSLContext;
34 import javax.net.ssl.SSLSession;
35 import javax.net.ssl.TrustManager;
36 import javax.net.ssl.X509TrustManager;
38 import org.springframework.http.client.SimpleClientHttpRequestFactory;
40 public class SecureClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
42 private static final String SSL_PROTOCOL = "TLS";
43 private static final String KEYSTORE_ALGORITHM = "SunX509";
44 private static final String KEYSTORE_TYPE = "PKCS12";
45 private JsonSchemaProviderConfig config;
47 public SecureClientHttpRequestFactory(JsonSchemaProviderConfig config) {
53 protected void prepareConnection(final HttpURLConnection connection, final String httpMethod) throws IOException {
54 if (connection instanceof HttpsURLConnection) {
55 ((HttpsURLConnection) connection).setSSLSocketFactory(getSSLContext().getSocketFactory());
56 ((HttpsURLConnection) connection).setHostnameVerifier(new HostnameVerifier() {
58 public boolean verify(String str, SSLSession sslSession) {
64 throw new IOException();
66 super.prepareConnection(connection, httpMethod);
69 protected SSLContext getSSLContext() throws IOException {
71 TrustManager[] trustAllCerts = null;
73 // We aren't validating certificates, so create a trust manager that
75 // not validate certificate chains.
76 trustAllCerts = new TrustManager[] {new X509TrustManager() {
77 public X509Certificate[] getAcceptedIssuers() {
81 public void checkClientTrusted(X509Certificate[] certs, String authType) {
84 public void checkServerTrusted(X509Certificate[] certs, String authType) {
88 SSLContext ctx = SSLContext.getInstance(SSL_PROTOCOL);
89 KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEYSTORE_ALGORITHM);
90 KeyStore ks = KeyStore.getInstance(KEYSTORE_TYPE);
93 if (config.getSchemaServiceCertPwd() != null) {
94 pwd = config.getSchemaServiceCertPwd().toCharArray();
97 if (config.getSchemaServiceCertFile() != null) {
98 try (FileInputStream fin = new FileInputStream(config.getSchemaServiceCertFile())) {
99 // Load the keystore and initialize the key manager factory.
103 ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
106 ctx.init(null, trustAllCerts, null);
110 } catch (Exception e) {
111 throw new IOException("Problem with getting the SSL Context::" + e.getMessage(), e);