huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java

   1 /*
   2  * Copyright 2016-2017 Huawei Technologies Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.csm.connect;
  18
  19 import java.io.BufferedInputStream;
  20 import java.io.FileInputStream;
  21 import java.io.FileNotFoundException;
  22 import java.io.IOException;
  23 import java.io.InputStream;
  24 import java.security.GeneralSecurityException;
  25 import java.security.KeyStore;
  26 import java.security.NoSuchAlgorithmException;
  27 import java.security.SecureRandom;
  28 import java.security.cert.X509Certificate;
  29
  30 import javax.net.ssl.KeyManager;
  31 import javax.net.ssl.KeyManagerFactory;
  32 import javax.net.ssl.SSLContext;
  33 import javax.net.ssl.TrustManager;
  34 import javax.net.ssl.TrustManagerFactory;
  35 import javax.net.ssl.X509TrustManager;
  36
  37 import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.common.restclient.SystemEnvVariablesFactory;
  38 import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.constant.Constant;
  39 import org.slf4j.Logger;
  40 import org.slf4j.LoggerFactory;
  41
  42 import net.sf.json.JSONObject;
  43
  44 /**
  45  * SSL context
  46  * .</br>
  47  *
  48  * @author
  49  * @version VFC 1.0 Sep 14, 2016
  50  */
  51 public class AbstractSslContext {
  52
  53     private static final Logger LOG = LoggerFactory.getLogger(AbstractSslContext.class);
  54
  55     protected AbstractSslContext() {
  56         // constructor
  57     }
  58
  59     private static SSLContext getSSLContext() throws NoSuchAlgorithmException {
  60         return SSLContext.getInstance("TLSv1.2");
  61     }
  62
  63     protected static SSLContext getAnonymousSSLContext() throws GeneralSecurityException {
  64         SSLContext sslContext = getSSLContext();
  65         sslContext.init(null, new TrustManager[] {new TrustAnyTrustManager()}, new SecureRandom());
  66         return sslContext;
  67     }
  68
  69     protected static SSLContext getCertificateSSLContext() throws GeneralSecurityException {
  70         SSLContext sslContext = getSSLContext();
  71         JSONObject sslConf = null;
  72         try {
  73             sslConf = readSSLConfToJson();
  74         } catch(Exception e) {
  75             LOG.error("readSSLConfToJson error", e);
  76         }
  77         sslContext.init(createKeyManager(sslConf), createTrustManager(sslConf), new SecureRandom());
  78         return sslContext;
  79     }
  80
  81     protected static KeyManager[] createKeyManager(JSONObject sslConf) {
  82         KeyManager[] kms = null;
  83         try {
  84             String CERT_STORE = "etc/conf/server.p12";
  85             String CERT_STORE_PASSWORD = "Changeme_123";
  86             String KEY_STORE_TYPE = "PKCS12";
  87             if(sslConf != null) {
  88                 CERT_STORE = sslConf.getString("keyStore");
  89                 CERT_STORE_PASSWORD = sslConf.getString("keyStorePass");
  90                 KEY_STORE_TYPE = sslConf.getString("keyStoreType");
  91             }
  92             // load jks file
  93             FileInputStream f_certStore = new FileInputStream(CERT_STORE);
  94             KeyStore ks = KeyStore.getInstance(KEY_STORE_TYPE);
  95             ks.load(f_certStore, CERT_STORE_PASSWORD.toCharArray());
  96             f_certStore.close();
  97
  98             // init and create
  99             String alg = KeyManagerFactory.getDefaultAlgorithm();
 100             KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
 101             kmFact.init(ks, CERT_STORE_PASSWORD.toCharArray());
 102
 103             kms = kmFact.getKeyManagers();
 104         } catch(Exception e) {
 105             LOG.error("create KeyManager fail!", e);
 106         }
 107         return kms;
 108     }
 109
 110     protected static TrustManager[] createTrustManager(JSONObject sslConf) {
 111         TrustManager[] tms = null;
 112         try {
 113
 114             String TRUST_STORE = "etc/conf/trust.jks";
 115             String TRUST_STORE_PASSWORD = "Changeme_123";
 116             String TRUST_STORE_TYPE = "jks";
 117             if(sslConf != null) {
 118                 TRUST_STORE = sslConf.getString("trustStore");
 119                 TRUST_STORE_PASSWORD = sslConf.getString("trustStorePass");
 120                 TRUST_STORE_TYPE = sslConf.getString("trustStoreType");
 121             }
 122             FileInputStream f_trustStore = new FileInputStream(TRUST_STORE);
 123             KeyStore ks = KeyStore.getInstance(TRUST_STORE_TYPE);
 124             ks.load(f_trustStore, TRUST_STORE_PASSWORD.toCharArray());
 125             f_trustStore.close();
 126
 127             String alg = TrustManagerFactory.getDefaultAlgorithm();
 128             TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
 129             tmFact.init(ks);
 130             tms = tmFact.getTrustManagers();
 131
 132         } catch(Exception e) {
 133             LOG.error("create TrustManager fail!", e);
 134         }
 135         return tms;
 136     }
 137
 138     /**
 139      * readSSLConfToJson
 140      *
 141      * @return
 142      * @throws IOException
 143      * @since VFC 1.0
 144      */
 145     public static JSONObject readSSLConfToJson() throws IOException {
 146         JSONObject sslJson = null;
 147         InputStream ins = null;
 148         BufferedInputStream bins = null;
 149         String fileContent = "";
 150
 151         String fileName = SystemEnvVariablesFactory.getInstance().getAppRoot()
 152                 + System.getProperty(Constant.FILE_SEPARATOR) + "etc" + System.getProperty(Constant.FILE_SEPARATOR)
 153                 + "conf" + System.getProperty(Constant.FILE_SEPARATOR) + "sslconf.json";
 154
 155         try {
 156             ins = new FileInputStream(fileName);
 157             bins = new BufferedInputStream(ins);
 158
 159             byte[] contentByte = new byte[ins.available()];
 160             int num = bins.read(contentByte);
 161
 162             if(num > 0) {
 163                 fileContent = new String(contentByte);
 164             }
 165             sslJson = JSONObject.fromObject(fileContent);
 166         } catch(FileNotFoundException e) {
 167             LOG.error(fileName + "is not found!", e);
 168         } catch(Exception e) {
 169             LOG.error("read sslconf file fail.please check if the 'sslconf.json' is exist.");
 170         } finally {
 171             if(ins != null) {
 172                 ins.close();
 173             }
 174             if(bins != null) {
 175                 bins.close();
 176             }
 177         }
 178
 179         return sslJson;
 180     }
 181
 182     private static class TrustAnyTrustManager implements X509TrustManager {
 183
 184         @Override
 185         public X509Certificate[] getAcceptedIssuers() {
 186             return new X509Certificate[] {};
 187         }
 188
 189         @Override
 190         public void checkServerTrusted(X509Certificate[] certs, String authType) {
 191             // NOSONAR
 192         }
 193
 194         @Override
 195         public void checkClientTrusted(X509Certificate[] certs, String authType) {
 196             // NOSONAR
 197         }
 198     }
 199 }