2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019, Nordix Foundation. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.openecomp.sdc.vendorsoftwareproduct.security;
22 import com.google.common.collect.ImmutableSet;
23 import org.openecomp.sdc.logging.api.Logger;
24 import org.openecomp.sdc.logging.api.LoggerFactory;
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.io.InputStream;
30 import java.security.cert.Certificate;
31 import java.security.cert.CertificateException;
32 import java.security.cert.CertificateFactory;
33 import java.util.HashSet;
37 * This is temporary solution. When AAF provides functionality for verifying certificates, this class should be reviewed
38 * Class is responsible for providing root certificates from configured location in onboarding container.
40 public class SecurityManager {
41 private static final String CERTIFICATE_DEFAULT_LOCATION = "/root/cert";
43 private Logger logger = LoggerFactory.getLogger(SecurityManager.class);
44 private Set<Certificate> certificates = new HashSet<>();
45 private File certificateDirectory;
48 public SecurityManager(){
49 certificateDirectory = this.getcertDirectory();
52 private void processCertificateDir() {
53 if(!certificateDirectory.exists() || !certificateDirectory.isDirectory()){
54 logger.error("Issue with certificate directory, check if exists!");
58 File [] files = certificateDirectory.listFiles();
60 logger.error("Certificate directory is empty!");
64 certificates.add(loadCertificate(f));
68 private File getcertDirectory() {
69 String certDirLocation = System.getenv("SDC_CERT_DIR");
70 if(certDirLocation == null){
71 certDirLocation = CERTIFICATE_DEFAULT_LOCATION;
73 return new File(certDirLocation);
76 private Certificate loadCertificate(File certFile){
77 try (InputStream fileInputStream = new FileInputStream(certFile)){
78 CertificateFactory factory = CertificateFactory.getInstance("X.509");
79 return factory.generateCertificate(fileInputStream);
80 } catch (CertificateException|IOException e) {
81 throw new SecurityManagerException("Error during loading Certificate file!", e);
86 * Checks the configured location for available certificates
87 * @return set of certificates
89 public Set<Certificate> getCertificates() {
90 //if file number in certificate directory changed reload certs
91 String[] certFiles = certificateDirectory.list();
92 if(certFiles == null){
93 logger.error("Certificate directory is empty!");
94 return ImmutableSet.copyOf(new HashSet<>());
96 if(certificates.size() != certFiles.length){
97 certificates = new HashSet<>();
98 processCertificateDir();
100 return ImmutableSet.copyOf(certificates);