2 * Copyright 2016-2017 Huawei Technologies Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.csm.connect;
19 import java.io.BufferedInputStream;
20 import java.io.FileInputStream;
21 import java.io.FileNotFoundException;
22 import java.io.IOException;
23 import java.io.InputStream;
24 import java.security.GeneralSecurityException;
25 import java.security.KeyStore;
26 import java.security.NoSuchAlgorithmException;
27 import java.security.SecureRandom;
28 import java.security.cert.X509Certificate;
30 import javax.net.ssl.KeyManager;
31 import javax.net.ssl.KeyManagerFactory;
32 import javax.net.ssl.SSLContext;
33 import javax.net.ssl.TrustManager;
34 import javax.net.ssl.TrustManagerFactory;
35 import javax.net.ssl.X509TrustManager;
37 import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.common.restclient.SystemEnvVariablesFactory;
38 import org.onap.vfc.nfvo.vnfm.svnfm.vnfmadapter.service.constant.Constant;
39 import org.slf4j.Logger;
40 import org.slf4j.LoggerFactory;
42 import net.sf.json.JSONObject;
49 * @version VFC 1.0 Sep 14, 2016
51 public class AbstractSslContext {
53 private static final Logger LOG = LoggerFactory.getLogger(AbstractSslContext.class);
55 protected AbstractSslContext() {
59 private static SSLContext getSSLContext() throws NoSuchAlgorithmException {
60 return SSLContext.getInstance("TLSv1.2");
63 protected static SSLContext getAnonymousSSLContext() throws GeneralSecurityException {
64 SSLContext sslContext = getSSLContext();
65 sslContext.init(null, new TrustManager[] {new TrustAnyTrustManager()}, new SecureRandom());
69 protected static SSLContext getCertificateSSLContext() throws GeneralSecurityException {
70 SSLContext sslContext = getSSLContext();
71 JSONObject sslConf = null;
73 sslConf = readSSLConfToJson();
74 } catch(Exception e) {
75 LOG.error("readSSLConfToJson error", e);
77 sslContext.init(createKeyManager(sslConf), createTrustManager(sslConf), new SecureRandom());
81 protected static KeyManager[] createKeyManager(JSONObject sslConf) {
82 KeyManager[] kms = null;
84 String CERT_STORE = "etc/conf/server.p12";
85 String CERT_STORE_PASSWORD = "Changeme_123";
86 String KEY_STORE_TYPE = "PKCS12";
88 CERT_STORE = sslConf.getString("keyStore");
89 CERT_STORE_PASSWORD = sslConf.getString("keyStorePass");
90 KEY_STORE_TYPE = sslConf.getString("keyStoreType");
93 FileInputStream f_certStore = new FileInputStream(CERT_STORE);
94 KeyStore ks = KeyStore.getInstance(KEY_STORE_TYPE);
95 ks.load(f_certStore, CERT_STORE_PASSWORD.toCharArray());
99 String alg = KeyManagerFactory.getDefaultAlgorithm();
100 KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
101 kmFact.init(ks, CERT_STORE_PASSWORD.toCharArray());
103 kms = kmFact.getKeyManagers();
104 } catch(Exception e) {
105 LOG.error("create KeyManager fail!", e);
110 protected static TrustManager[] createTrustManager(JSONObject sslConf) {
111 TrustManager[] tms = null;
114 String TRUST_STORE = "etc/conf/trust.jks";
115 String TRUST_STORE_PASSWORD = "Changeme_123";
116 String TRUST_STORE_TYPE = "jks";
117 if(sslConf != null) {
118 TRUST_STORE = sslConf.getString("trustStore");
119 TRUST_STORE_PASSWORD = sslConf.getString("trustStorePass");
120 TRUST_STORE_TYPE = sslConf.getString("trustStoreType");
122 FileInputStream f_trustStore = new FileInputStream(TRUST_STORE);
123 KeyStore ks = KeyStore.getInstance(TRUST_STORE_TYPE);
124 ks.load(f_trustStore, TRUST_STORE_PASSWORD.toCharArray());
125 f_trustStore.close();
127 String alg = TrustManagerFactory.getDefaultAlgorithm();
128 TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
130 tms = tmFact.getTrustManagers();
132 } catch(Exception e) {
133 LOG.error("create TrustManager fail!", e);
142 * @throws IOException
145 public static JSONObject readSSLConfToJson() throws IOException {
146 JSONObject sslJson = null;
147 InputStream ins = null;
148 BufferedInputStream bins = null;
149 String fileContent = "";
151 String fileName = SystemEnvVariablesFactory.getInstance().getAppRoot()
152 + System.getProperty(Constant.FILE_SEPARATOR) + "etc" + System.getProperty(Constant.FILE_SEPARATOR)
153 + "conf" + System.getProperty(Constant.FILE_SEPARATOR) + "sslconf.json";
156 ins = new FileInputStream(fileName);
157 bins = new BufferedInputStream(ins);
159 byte[] contentByte = new byte[ins.available()];
160 int num = bins.read(contentByte);
163 fileContent = new String(contentByte);
165 sslJson = JSONObject.fromObject(fileContent);
166 } catch(FileNotFoundException e) {
167 LOG.error(fileName + "is not found!", e);
168 } catch(Exception e) {
169 LOG.error("read sslconf file fail.please check if the 'sslconf.json' is exist.");
182 private static class TrustAnyTrustManager implements X509TrustManager {
185 public X509Certificate[] getAcceptedIssuers() {
186 return new X509Certificate[] {};
190 public void checkServerTrusted(X509Certificate[] certs, String authType) {
195 public void checkClientTrusted(X509Certificate[] certs, String authType) {