2 * ============LICENSE_START===================================================
3 * SPARKY (AAI UI service)
4 * ============================================================================
5 * Copyright © 2017 AT&T Intellectual Property.
6 * Copyright © 2017 Amdocs
8 * ============================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=====================================================
22 * ECOMP and OpenECOMP are trademarks
23 * and service marks of AT&T Intellectual Property.
25 package org.onap.aai.sparky.security;
27 import java.io.ByteArrayInputStream;
29 import java.io.FileInputStream;
30 import java.io.IOException;
31 import java.nio.file.Files;
32 import java.security.KeyManagementException;
33 import java.security.KeyStore;
34 import java.security.KeyStoreException;
35 import java.security.NoSuchAlgorithmException;
36 import java.security.UnrecoverableKeyException;
37 import java.security.cert.CertificateException;
38 import java.security.cert.X509Certificate;
40 import javax.net.ssl.KeyManagerFactory;
41 import javax.net.ssl.SSLContext;
42 import javax.net.ssl.TrustManager;
43 import javax.net.ssl.X509TrustManager;
46 * The Class SecurityContextFactoryImpl.
48 public class SecurityContextFactoryImpl implements SecurityContextFactory {
50 protected String sslAlgorithm;
51 protected String keyManagerAlgortihm;
52 protected String keyStoreType;
53 protected boolean serverCertificationChainValidationEnabled;
54 protected String trustStoreFileName;
55 protected String clientCertPassword;
56 protected FileInputStream clientCertFileInputStream;
57 protected String clientCertFileName;
58 protected byte[] clientCertBytes;
61 * Instantiates a new security context factory impl.
63 public SecurityContextFactoryImpl() {
64 this.sslAlgorithm = "TLS";
65 this.keyManagerAlgortihm = "SunX509";
66 this.keyStoreType = "PKCS12";
67 this.serverCertificationChainValidationEnabled = false;
68 this.clientCertFileInputStream = null;
69 this.clientCertFileName = null;
73 public String getSslAlgorithm() {
78 public void setSslAlgorithm(String sslAlgorithm) {
79 this.sslAlgorithm = sslAlgorithm;
83 public String getKeyManagerAlgortihm() {
84 return keyManagerAlgortihm;
88 public void setKeyManagerAlgortihm(String keyManagerAlgortihm) {
89 this.keyManagerAlgortihm = keyManagerAlgortihm;
93 public String getKeyStoreType() {
98 public void setKeyStoreType(String keyStoreType) {
99 this.keyStoreType = keyStoreType;
103 public boolean isServerCertificationChainValidationEnabled() {
104 return serverCertificationChainValidationEnabled;
108 public void setServerCertificationChainValidationEnabled(
109 boolean serverCertificationChainValidationEnabled) {
110 this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled;
114 public void setClientCertFileName(String filename) throws IOException {
115 this.clientCertFileName = filename;
117 if (filename == null) {
118 this.clientCertBytes = null;
120 this.clientCertBytes = Files.readAllBytes(new File(filename).toPath());
125 public void setClientCertFileInputStream(FileInputStream fis) {
126 this.clientCertFileInputStream = fis;
130 public FileInputStream getClientCertFileInputStream() {
131 return this.clientCertFileInputStream;
135 public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException,
136 KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
138 TrustManager[] trustAllCerts = null;
140 if (serverCertificationChainValidationEnabled) {
142 System.setProperty("javax.net.ssl.trustStore", trustStoreFileName);
146 // Create a trust manager that does not validate certificate chains
147 trustAllCerts = new TrustManager[] {new X509TrustManager() {
149 public X509Certificate[] getAcceptedIssuers() {
154 public void checkClientTrusted(X509Certificate[] certs, String authType) {}
157 public void checkServerTrusted(X509Certificate[] certs, String authType) {}
161 KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm);
163 KeyStore ks = KeyStore.getInstance(keyStoreType);
166 if (clientCertPassword != null) {
167 pwd = clientCertPassword.toCharArray();
170 if (clientCertBytes != null) {
171 ks.load(new ByteArrayInputStream(clientCertBytes), pwd);
178 SSLContext ctx = SSLContext.getInstance(sslAlgorithm);
179 ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
186 public String getTrustStoreFileName() {
187 return this.trustStoreFileName;
191 public void setTrustStoreFileName(String filename) {
192 this.trustStoreFileName = filename;
196 public String getClientCertPassword() {
197 return this.clientCertPassword;
201 public void setClientCertPassword(String password) {
202 this.clientCertPassword = password;