2 * Copyright 2016-2017 Huawei Technologies Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.openo.nfvo.vnfmadapter.service.csm.connect;
19 import net.sf.json.JSONObject;
20 import org.apache.http.conn.ssl.SSLContextBuilder;
21 import org.openo.baseservice.util.impl.SystemEnvVariablesFactory;
22 import org.openo.nfvo.vnfmadapter.service.constant.Constant;
23 import org.slf4j.Logger;
24 import org.slf4j.LoggerFactory;
25 import org.springframework.http.HttpRequest;
28 import java.security.*;
29 import java.security.cert.CertificateException;
30 import java.security.cert.X509Certificate;
32 import javax.net.ssl.*;
39 * @version NFVO 0.5 Sep 14, 2016
41 public class AbstractSslContext {
42 private static final Logger LOG = LoggerFactory.getLogger(AbstractSslContext.class);
43 protected AbstractSslContext(){
47 private static SSLContext getSSLContext() throws NoSuchAlgorithmException {
48 return SSLContext.getInstance("TLSv1.2");
51 protected static SSLContext getAnonymousSSLContext() throws GeneralSecurityException {
52 SSLContext sslContext = getSSLContext();
53 sslContext.init(null, new TrustManager[] {new TrustAnyTrustManager()}, new SecureRandom());
56 protected static SSLContext getCertificateSSLContext() throws GeneralSecurityException {
57 SSLContext sslContext = getSSLContext();
58 JSONObject sslConf = null;
60 sslConf = readSSLConfToJson();
61 } catch (Exception e) {
62 LOG.error("readSSLConfToJson error",e);
64 sslContext.init(createKeyManager(sslConf), createTrustManager(sslConf), new SecureRandom());
68 protected static KeyManager[] createKeyManager(JSONObject sslConf) {
69 KeyManager[] kms = null;
71 String CERT_STORE="etc/conf/server.p12";
72 String CERT_STORE_PASSWORD="Changeme_123";
73 String KEY_STORE_TYPE = "PKCS12";
75 CERT_STORE = sslConf.getString("keyStore");
76 CERT_STORE_PASSWORD = sslConf.getString("keyStorePass");
77 KEY_STORE_TYPE = sslConf.getString("keyStoreType");
80 FileInputStream f_certStore=new FileInputStream(CERT_STORE);
81 KeyStore ks = KeyStore.getInstance(KEY_STORE_TYPE);
82 ks.load(f_certStore, CERT_STORE_PASSWORD.toCharArray());
86 String alg= KeyManagerFactory.getDefaultAlgorithm();
87 KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
88 kmFact.init(ks, CERT_STORE_PASSWORD.toCharArray());
90 kms = kmFact.getKeyManagers();
91 } catch (Exception e) {
92 LOG.error("create KeyManager fail!",e);
96 protected static TrustManager[] createTrustManager(JSONObject sslConf){
97 TrustManager[] tms = null;
100 String TRUST_STORE="etc/conf/trust.jks";
101 String TRUST_STORE_PASSWORD="Changeme_123";
102 String TRUST_STORE_TYPE = "jks";
104 TRUST_STORE = sslConf.getString("trustStore");
105 TRUST_STORE_PASSWORD = sslConf.getString("trustStorePass");
106 TRUST_STORE_TYPE = sslConf.getString("trustStoreType");
108 FileInputStream f_trustStore=new FileInputStream(TRUST_STORE);
109 KeyStore ks = KeyStore.getInstance(TRUST_STORE_TYPE);
110 ks.load(f_trustStore, TRUST_STORE_PASSWORD.toCharArray());
111 f_trustStore.close();
113 String alg=TrustManagerFactory.getDefaultAlgorithm();
114 TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
116 tms=tmFact.getTrustManagers();
118 } catch (Exception e){
119 LOG.error("create TrustManager fail!",e);
126 * @throws IOException
129 public static JSONObject readSSLConfToJson() throws IOException {
130 JSONObject sslJson= null;
131 InputStream ins = null;
132 BufferedInputStream bins = null;
133 String fileContent = "";
135 String fileName = SystemEnvVariablesFactory.getInstance().getAppRoot() + System.getProperty("file.separator")
136 + "etc" + System.getProperty("file.separator") + "conf" + System.getProperty("file.separator")
140 ins = new FileInputStream(fileName);
141 bins = new BufferedInputStream(ins);
143 byte[] contentByte = new byte[ins.available()];
144 int num = bins.read(contentByte);
147 fileContent = new String(contentByte);
149 sslJson = JSONObject.fromObject(fileContent);
150 } catch(FileNotFoundException e) {
151 LOG.error(fileName + "is not found!", e);
152 } catch (Exception e){
153 LOG.error("read sslconf file fail.please check if the 'sslconf.json' is exist.");
165 private static class TrustAnyTrustManager implements X509TrustManager {
168 public X509Certificate[] getAcceptedIssuers() {
169 return new X509Certificate[] {};
173 public void checkServerTrusted(X509Certificate[] certs, String authType) {
178 public void checkClientTrusted(X509Certificate[] certs, String authType) {