2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017-2018 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.aai.sparky.security;
23 import java.io.ByteArrayInputStream;
25 import java.io.FileInputStream;
26 import java.io.IOException;
27 import java.nio.file.Files;
28 import java.security.KeyManagementException;
29 import java.security.KeyStore;
30 import java.security.KeyStoreException;
31 import java.security.NoSuchAlgorithmException;
32 import java.security.UnrecoverableKeyException;
33 import java.security.cert.CertificateException;
34 import java.security.cert.X509Certificate;
36 import javax.net.ssl.KeyManagerFactory;
37 import javax.net.ssl.SSLContext;
38 import javax.net.ssl.TrustManager;
39 import javax.net.ssl.X509TrustManager;
42 * The Class SecurityContextFactoryImpl.
44 public class SecurityContextFactoryImpl implements SecurityContextFactory {
46 protected String sslAlgorithm;
47 protected String keyManagerAlgortihm;
48 protected String keyStoreType;
49 protected boolean serverCertificationChainValidationEnabled;
50 protected String trustStoreFileName;
51 protected String clientCertPassword;
52 protected FileInputStream clientCertFileInputStream;
53 protected String clientCertFileName;
54 protected byte[] clientCertBytes;
57 * Instantiates a new security context factory impl.
59 public SecurityContextFactoryImpl() {
60 this.sslAlgorithm = "TLS";
61 this.keyManagerAlgortihm = "SunX509";
62 this.keyStoreType = "PKCS12";
63 this.serverCertificationChainValidationEnabled = false;
64 this.clientCertFileInputStream = null;
65 this.clientCertFileName = null;
69 public String getSslAlgorithm() {
74 public void setSslAlgorithm(String sslAlgorithm) {
75 this.sslAlgorithm = sslAlgorithm;
79 public String getKeyManagerAlgortihm() {
80 return keyManagerAlgortihm;
84 public void setKeyManagerAlgortihm(String keyManagerAlgortihm) {
85 this.keyManagerAlgortihm = keyManagerAlgortihm;
89 public String getKeyStoreType() {
94 public void setKeyStoreType(String keyStoreType) {
95 this.keyStoreType = keyStoreType;
99 public boolean isServerCertificationChainValidationEnabled() {
100 return serverCertificationChainValidationEnabled;
104 public void setServerCertificationChainValidationEnabled(
105 boolean serverCertificationChainValidationEnabled) {
106 this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled;
110 public void setClientCertFileName(String filename) throws IOException {
111 this.clientCertFileName = filename;
113 if (filename == null) {
114 this.clientCertBytes = null;
116 this.clientCertBytes = Files.readAllBytes(new File(filename).toPath());
121 public void setClientCertFileInputStream(FileInputStream fis) {
122 this.clientCertFileInputStream = fis;
126 public FileInputStream getClientCertFileInputStream() {
127 return this.clientCertFileInputStream;
131 public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException,
132 KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
134 TrustManager[] trustAllCerts = null;
136 if (serverCertificationChainValidationEnabled) {
138 System.setProperty("javax.net.ssl.trustStore", trustStoreFileName);
142 // Create a trust manager that does not validate certificate chains
143 trustAllCerts = new TrustManager[] {new X509TrustManager() {
145 public X509Certificate[] getAcceptedIssuers() {
150 public void checkClientTrusted(X509Certificate[] certs, String authType) {}
153 public void checkServerTrusted(X509Certificate[] certs, String authType) {}
157 KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm);
159 KeyStore ks = KeyStore.getInstance(keyStoreType);
162 if (clientCertPassword != null) {
163 pwd = clientCertPassword.toCharArray();
166 if (clientCertBytes != null) {
167 ks.load(new ByteArrayInputStream(clientCertBytes), pwd);
174 SSLContext ctx = SSLContext.getInstance(sslAlgorithm);
175 ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
182 public String getTrustStoreFileName() {
183 return this.trustStoreFileName;
187 public void setTrustStoreFileName(String filename) {
188 this.trustStoreFileName = filename;
192 public String getClientCertPassword() {
193 return this.clientCertPassword;
197 public void setClientCertPassword(String password) {
198 this.clientCertPassword = password;