2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * Copyright (C) 2018 Nokia. All rights reserved.s
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.dcae.common.configuration;
24 import static java.nio.file.Files.readAllBytes;
26 import java.io.FileInputStream;
27 import java.io.IOException;
28 import java.io.InputStream;
29 import java.nio.file.Path;
30 import java.nio.file.Paths;
31 import java.security.GeneralSecurityException;
32 import java.security.KeyStore;
33 import java.security.KeyStoreException;
34 import org.onap.dcae.ApplicationException;
35 import org.onap.dcae.ApplicationSettings;
36 import org.onap.dcae.common.SSLContextCreator;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39 import org.springframework.boot.web.server.Ssl;
40 import org.springframework.boot.web.server.Ssl.ClientAuth;
42 public class SslContextCreator {
44 private static final Logger log = LoggerFactory.getLogger(SslContextCreator.class);
45 private final ApplicationSettings properties;
47 public SslContextCreator(ApplicationSettings properties) {
48 this.properties = properties;
51 public Ssl httpsContextWithTlsAuthentication(ClientAuth clientAuth) {
52 final SSLContextCreator sslContextCreator = simpleHttpsContextBuilder();
54 log.info("Enabling TLS client authorization");
56 final Path trustStore = toAbsolutePath(properties.truststoreFileLocation());
57 log.info("Using trustStore path: " + trustStore);
59 final Path trustPasswordFileLocation = toAbsolutePath(properties.truststorePasswordFileLocation());
60 final String trustStorePassword = getKeyStorePassword(trustPasswordFileLocation);
61 log.info("Using trustStore password from: " + trustPasswordFileLocation);
63 return sslContextCreator.withTlsClientAuthentication(trustStore, trustStorePassword, clientAuth).build();
66 public Ssl simpleHttpsContext(){
67 return simpleHttpsContextBuilder().build();
70 private SSLContextCreator simpleHttpsContextBuilder() {
71 log.info("Enabling SSL");
73 final Path keyStorePath = toAbsolutePath(properties.keystoreFileLocation());
74 log.info("Using keyStore path: " + keyStorePath);
76 final Path keyStorePasswordLocation = toAbsolutePath(properties.keystorePasswordFileLocation());
77 final String keyStorePassword = getKeyStorePassword(keyStorePasswordLocation);
78 log.info("Using keyStore password from: " + keyStorePasswordLocation);
79 return SSLContextCreator.create(keyStorePath, getKeyStoreAlias(keyStorePath, keyStorePassword), keyStorePassword);
82 private String getKeyStoreAlias(Path keyStorePath, String keyStorePassword) {
83 KeyStore keyStore = getKeyStore();
84 try(InputStream keyStoreData = new FileInputStream(keyStorePath.toString())){
85 keyStore.load(keyStoreData, keyStorePassword.toCharArray());
86 String alias = keyStore.aliases().nextElement();
87 log.info("Actual key store alias is: " + alias);
89 } catch (IOException | GeneralSecurityException ex) {
90 log.error("Cannot load Key Store alias cause: " + ex);
91 throw new ApplicationException(ex);
95 private KeyStore getKeyStore() {
97 return KeyStore.getInstance(KeyStore.getDefaultType());
98 } catch (KeyStoreException ex) {
99 log.error("Cannot create Key Store instance cause: " + ex);
100 throw new ApplicationException(ex);
104 private Path toAbsolutePath(final String path) {
105 return Paths.get(path).toAbsolutePath();
108 private String getKeyStorePassword(final Path location) {
110 return new String(readAllBytes(location));
111 } catch (IOException e) {
112 log.error("Could not read keystore password from: '" + location + "'.", e);
113 throw new ApplicationException(e);