2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 * ECOMP is a trademark and service mark of AT&T Intellectual Property.
23 package org.onap.aai.sparky.security;
25 import java.io.ByteArrayInputStream;
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.nio.file.Files;
30 import java.security.KeyManagementException;
31 import java.security.KeyStore;
32 import java.security.KeyStoreException;
33 import java.security.NoSuchAlgorithmException;
34 import java.security.UnrecoverableKeyException;
35 import java.security.cert.CertificateException;
36 import java.security.cert.X509Certificate;
38 import javax.net.ssl.KeyManagerFactory;
39 import javax.net.ssl.SSLContext;
40 import javax.net.ssl.TrustManager;
41 import javax.net.ssl.X509TrustManager;
44 * The Class SecurityContextFactoryImpl.
46 public class SecurityContextFactoryImpl implements SecurityContextFactory {
48 protected String sslAlgorithm;
49 protected String keyManagerAlgortihm;
50 protected String keyStoreType;
51 protected boolean serverCertificationChainValidationEnabled;
52 protected String trustStoreFileName;
53 protected String clientCertPassword;
54 protected FileInputStream clientCertFileInputStream;
55 protected String clientCertFileName;
56 protected byte[] clientCertBytes;
59 * Instantiates a new security context factory impl.
61 public SecurityContextFactoryImpl() {
62 this.sslAlgorithm = "TLS";
63 this.keyManagerAlgortihm = "SunX509";
64 this.keyStoreType = "PKCS12";
65 this.serverCertificationChainValidationEnabled = false;
66 this.clientCertFileInputStream = null;
67 this.clientCertFileName = null;
71 public String getSslAlgorithm() {
76 public void setSslAlgorithm(String sslAlgorithm) {
77 this.sslAlgorithm = sslAlgorithm;
81 public String getKeyManagerAlgortihm() {
82 return keyManagerAlgortihm;
86 public void setKeyManagerAlgortihm(String keyManagerAlgortihm) {
87 this.keyManagerAlgortihm = keyManagerAlgortihm;
91 public String getKeyStoreType() {
96 public void setKeyStoreType(String keyStoreType) {
97 this.keyStoreType = keyStoreType;
101 public boolean isServerCertificationChainValidationEnabled() {
102 return serverCertificationChainValidationEnabled;
106 public void setServerCertificationChainValidationEnabled(
107 boolean serverCertificationChainValidationEnabled) {
108 this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled;
112 public void setClientCertFileName(String filename) throws IOException {
113 this.clientCertFileName = filename;
115 if (filename == null) {
116 this.clientCertBytes = null;
118 this.clientCertBytes = Files.readAllBytes(new File(filename).toPath());
123 public void setClientCertFileInputStream(FileInputStream fis) {
124 this.clientCertFileInputStream = fis;
128 public FileInputStream getClientCertFileInputStream() {
129 return this.clientCertFileInputStream;
133 public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException,
134 KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
136 TrustManager[] trustAllCerts = null;
138 if (serverCertificationChainValidationEnabled) {
140 System.setProperty("javax.net.ssl.trustStore", trustStoreFileName);
144 // Create a trust manager that does not validate certificate chains
145 trustAllCerts = new TrustManager[] {new X509TrustManager() {
147 public X509Certificate[] getAcceptedIssuers() {
152 public void checkClientTrusted(X509Certificate[] certs, String authType) {}
155 public void checkServerTrusted(X509Certificate[] certs, String authType) {}
159 KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm);
161 KeyStore ks = KeyStore.getInstance(keyStoreType);
164 if (clientCertPassword != null) {
165 pwd = clientCertPassword.toCharArray();
168 if (clientCertBytes != null) {
169 ks.load(new ByteArrayInputStream(clientCertBytes), pwd);
176 SSLContext ctx = SSLContext.getInstance(sslAlgorithm);
177 ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
184 public String getTrustStoreFileName() {
185 return this.trustStoreFileName;
189 public void setTrustStoreFileName(String filename) {
190 this.trustStoreFileName = filename;
194 public String getClientCertPassword() {
195 return this.clientCertPassword;
199 public void setClientCertPassword(String password) {
200 this.clientCertPassword = password;