huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/openo/nfvo/vnfmadapter/service/csm/connect/AbstractSslContext.java

   1 /*
   2  * Copyright 2016-2017 Huawei Technologies Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.openo.nfvo.vnfmadapter.service.csm.connect;
  18
  19 import net.sf.json.JSONObject;
  20 import org.apache.http.conn.ssl.SSLContextBuilder;
  21 import org.openo.baseservice.util.impl.SystemEnvVariablesFactory;
  22 import org.openo.nfvo.vnfmadapter.service.constant.Constant;
  23 import org.slf4j.Logger;
  24 import org.slf4j.LoggerFactory;
  25 import org.springframework.http.HttpRequest;
  26
  27 import java.io.*;
  28 import java.security.*;
  29 import java.security.cert.CertificateException;
  30 import java.security.cert.X509Certificate;
  31
  32 import javax.net.ssl.*;
  33
  34 /**
  35  * SSL context
  36  * .</br>
  37  *
  38  * @author
  39  * @version     NFVO 0.5  Sep 14, 2016
  40  */
  41 public class AbstractSslContext {
  42     private static final Logger LOG = LoggerFactory.getLogger(AbstractSslContext.class);
  43     protected AbstractSslContext(){
  44         //constructor
  45     }
  46
  47     private static SSLContext getSSLContext() throws NoSuchAlgorithmException {
  48         return SSLContext.getInstance("TLSv1.2");
  49     }
  50
  51     protected static SSLContext getAnonymousSSLContext() throws GeneralSecurityException {
  52         SSLContext sslContext = getSSLContext();
  53         sslContext.init(null, new TrustManager[] {new TrustAnyTrustManager()}, new SecureRandom());
  54         return sslContext;
  55     }
  56     protected static SSLContext getCertificateSSLContext() throws GeneralSecurityException {
  57         SSLContext sslContext = getSSLContext();
  58         JSONObject   sslConf = null;
  59         try {
  60              sslConf = readSSLConfToJson();
  61         } catch (Exception e) {
  62             LOG.error("readSSLConfToJson error",e);
  63         }
  64         sslContext.init(createKeyManager(sslConf), createTrustManager(sslConf), new SecureRandom());
  65         return sslContext;
  66     }
  67
  68     protected  static KeyManager[] createKeyManager(JSONObject sslConf) {
  69         KeyManager[] kms = null;
  70         try {
  71             String CERT_STORE="etc/conf/server.p12";
  72             String CERT_STORE_PASSWORD="Changeme_123";
  73             String KEY_STORE_TYPE = "PKCS12";
  74             if(sslConf != null){
  75                 CERT_STORE = sslConf.getString("keyStore");
  76                 CERT_STORE_PASSWORD = sslConf.getString("keyStorePass");
  77                 KEY_STORE_TYPE = sslConf.getString("keyStoreType");
  78             }
  79             // load jks file
  80             FileInputStream f_certStore=new FileInputStream(CERT_STORE);
  81             KeyStore ks = KeyStore.getInstance(KEY_STORE_TYPE);
  82             ks.load(f_certStore, CERT_STORE_PASSWORD.toCharArray());
  83             f_certStore.close();
  84
  85             // init and create
  86             String alg= KeyManagerFactory.getDefaultAlgorithm();
  87             KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
  88             kmFact.init(ks, CERT_STORE_PASSWORD.toCharArray());
  89
  90             kms = kmFact.getKeyManagers();
  91         }  catch (Exception e) {
  92            LOG.error("create KeyManager fail!",e);
  93         }
  94         return kms;
  95     }
  96     protected  static TrustManager[] createTrustManager(JSONObject sslConf){
  97         TrustManager[] tms = null;
  98         try {
  99
 100         String TRUST_STORE="etc/conf/trust.jks";
 101         String TRUST_STORE_PASSWORD="Changeme_123";
 102         String TRUST_STORE_TYPE = "jks";
 103         if(sslConf != null){
 104             TRUST_STORE = sslConf.getString("trustStore");
 105             TRUST_STORE_PASSWORD    = sslConf.getString("trustStorePass");
 106             TRUST_STORE_TYPE    = sslConf.getString("trustStoreType");
 107         }
 108         FileInputStream f_trustStore=new FileInputStream(TRUST_STORE);
 109         KeyStore ks = KeyStore.getInstance(TRUST_STORE_TYPE);
 110         ks.load(f_trustStore, TRUST_STORE_PASSWORD.toCharArray());
 111         f_trustStore.close();
 112
 113         String alg=TrustManagerFactory.getDefaultAlgorithm();
 114         TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
 115         tmFact.init(ks);
 116         tms=tmFact.getTrustManagers();
 117
 118         } catch (Exception e){
 119             LOG.error("create TrustManager fail!",e);
 120         }
 121         return  tms;
 122     }
 123
 124     /**readSSLConfToJson
 125      * @return
 126      * @throws IOException
 127      * @since NFVO 0.5
 128      */
 129     public static JSONObject readSSLConfToJson() throws IOException {
 130         JSONObject  sslJson= null;
 131         InputStream ins = null;
 132         BufferedInputStream bins = null;
 133         String fileContent = "";
 134
 135         String fileName = SystemEnvVariablesFactory.getInstance().getAppRoot() + System.getProperty("file.separator")
 136                 + "etc" + System.getProperty("file.separator") + "conf" + System.getProperty("file.separator")
 137                 + "sslconf.json";
 138
 139         try {
 140             ins = new FileInputStream(fileName);
 141             bins = new BufferedInputStream(ins);
 142
 143             byte[] contentByte = new byte[ins.available()];
 144             int num = bins.read(contentByte);
 145
 146             if(num > 0) {
 147                 fileContent = new String(contentByte);
 148             }
 149             sslJson = JSONObject.fromObject(fileContent);
 150         } catch(FileNotFoundException e) {
 151             LOG.error(fileName + "is not found!", e);
 152         } catch (Exception e){
 153             LOG.error("read sslconf file fail.please check if the 'sslconf.json' is exist.");
 154         }finally {
 155             if(ins != null) {
 156                 ins.close();
 157             }
 158             if(bins != null) {
 159                 bins.close();
 160             }
 161         }
 162
 163         return sslJson;
 164     }
 165     private static class TrustAnyTrustManager implements X509TrustManager {
 166
 167         @Override
 168         public X509Certificate[] getAcceptedIssuers() {
 169             return new X509Certificate[] {};
 170         }
 171
 172         @Override
 173         public void checkServerTrusted(X509Certificate[] certs, String authType) {
 174             //NOSONAR
 175         }
 176
 177         @Override
 178         public void checkClientTrusted(X509Certificate[] certs, String authType) {
 179             //NOSONAR
 180         }
 181     }
 182 }