2 * ============LICENSE_START=======================================================
3 * Copyright (C) 2022 Nordix Foundation.
4 * ================================================================================
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 * SPDX-License-Identifier: Apache-2.0
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.datarouter.provisioning.utils;
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
25 import java.io.FileInputStream;
26 import java.io.IOException;
27 import java.security.KeyManagementException;
28 import java.security.KeyStore;
29 import java.security.KeyStoreException;
30 import java.security.NoSuchAlgorithmException;
31 import java.security.UnrecoverableKeyException;
32 import java.security.cert.CertificateException;
33 import java.util.Properties;
34 import org.apache.http.conn.ssl.SSLSocketFactory;
35 import org.eclipse.jetty.util.ssl.SslContextFactory;
37 public class ProvTlsManager {
39 private static final EELFLogger eelfLogger = EELFManager.getInstance().getLogger(ProvTlsManager.class);
41 private final String keyStoreType;
42 private final String keyStorefile;
43 private final String keyStorePassword;
44 private final String keyManagerPassword;
45 private KeyStore keyStore;
47 private final String trustStoreType;
48 private final String trustStoreFile;
49 private final String trustStorePassword;
50 private KeyStore trustStore;
52 private final String[] enabledProtocols;
55 * Utility class to handle Provisioning server SSL configuration
57 * @param properties DR provisioning server properties
58 * @throws Exception for any unrecoverable problem
60 public ProvTlsManager(Properties properties, boolean preLoadCerts) throws Exception {
62 keyStoreType = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystoretype", "PKCS12");
63 keyStorefile = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystorepath");
64 keyStorePassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.keystorepassword");
65 keyManagerPassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.keymanagerpassword");
67 trustStoreType = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststoretype", "jks");
68 trustStoreFile = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststorepath");
69 trustStorePassword = properties.getProperty("org.onap.dmaap.datarouter.provserver.truststorepassword");
72 eelfLogger.debug("ProvTlsManager: Attempting to pre load certificate data from config.");
77 enabledProtocols = properties.getProperty(
78 "org.onap.dmaap.datarouter.provserver.https.include.protocols",
79 "TLSv1.1|TLSv1.2").trim().split("\\|");
83 * Gets an SSLSocketFactory instance constructed using the relevant SSL properties
85 * @return SSLSocketFactory
86 * @throws KeyStoreException if SSL config is invalid
88 public SSLSocketFactory getSslSocketFactory()
89 throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
90 eelfLogger.debug("ProvTlsManager.getSslSocketFactory: Setting up SSLSocketFactory");
91 if (this.trustStoreFile == null) {
92 eelfLogger.warn("Warning: No trust store available.");
93 return new SSLSocketFactory(this.keyStore, this.keyStorePassword);
95 return new SSLSocketFactory(this.keyStore, this.keyStorePassword, this.trustStore);
99 * Gets an SslContextFactory.Server instance constructed using the relevant SSL properties
101 * @return SslContextFactory.Server
103 public SslContextFactory.Server getSslContextFactoryServer() {
104 eelfLogger.debug("ProvTlsManager.getSslContextFactoryServer: Setting up getSslContextFactoryServer");
105 SslContextFactory.Server sslContextFactoryServer = new SslContextFactory.Server();
106 sslContextFactoryServer.setKeyStoreType(this.keyStoreType);
107 sslContextFactoryServer.setKeyStorePath(this.keyStorefile);
108 sslContextFactoryServer.setKeyStorePassword(this.keyStorePassword);
109 sslContextFactoryServer.setKeyManagerPassword(this.keyManagerPassword);
110 if (this.trustStoreFile != null) {
111 sslContextFactoryServer.setTrustStoreType(this.trustStoreType);
112 sslContextFactoryServer.setTrustStorePath(this.trustStoreFile);
113 sslContextFactoryServer.setTrustStorePassword(this.trustStorePassword);
115 sslContextFactoryServer.setIncludeProtocols(this.enabledProtocols);
116 return sslContextFactoryServer;
120 * Get the trust store file path from dr config
124 public String getTrustStoreFile() {
125 return trustStoreFile;
129 * Get the trust store password from dr config
133 public String getTrustStorePassword() {
134 return trustStorePassword;
137 private void setUpKeyStore()
138 throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
139 eelfLogger.debug("ProvTlsManager.setUpKeyStore: Attempting to load keyStore {}", keyStorefile);
140 keyStore = readKeyStore(keyStorefile, keyStorePassword, keyStoreType);
143 private void setUpTrustStore()
144 throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
145 if (trustStoreFile != null && trustStorePassword != null) {
146 eelfLogger.debug("ProvTlsManager.setUpTrustStore: Attempting to load trustStore {}", trustStoreFile);
147 trustStore = readKeyStore(trustStoreFile, trustStorePassword, trustStoreType);
149 eelfLogger.warn("No truststore provided from properties. Skipping.");
153 private KeyStore readKeyStore(String keyStore, String pass, String type)
154 throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
155 eelfLogger.debug("ProvTlsManager.readKeyStore: Verifying load of keystore {}", keyStore);
156 KeyStore ks = KeyStore.getInstance(type);
157 try (FileInputStream stream = new FileInputStream(keyStore)) {
158 ks.load(stream, pass.toCharArray());