2 * ============LICENSE_START===================================================
3 * SPARKY (AAI UI service)
4 * ============================================================================
5 * Copyright © 2017 AT&T Intellectual Property.
6 * Copyright © 2017 Amdocs
8 * ============================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=====================================================
22 * ECOMP and OpenECOMP are trademarks
23 * and service marks of AT&T Intellectual Property.
26 package org.openecomp.sparky.security;
28 import java.io.ByteArrayInputStream;
30 import java.io.FileInputStream;
31 import java.io.IOException;
32 import java.nio.file.Files;
33 import java.security.KeyManagementException;
34 import java.security.KeyStore;
35 import java.security.KeyStoreException;
36 import java.security.NoSuchAlgorithmException;
37 import java.security.UnrecoverableKeyException;
38 import java.security.cert.CertificateException;
39 import java.security.cert.X509Certificate;
41 import javax.net.ssl.KeyManagerFactory;
42 import javax.net.ssl.SSLContext;
43 import javax.net.ssl.TrustManager;
44 import javax.net.ssl.X509TrustManager;
47 * The Class SecurityContextFactoryImpl.
49 public class SecurityContextFactoryImpl implements SecurityContextFactory {
51 protected String sslAlgorithm;
52 protected String keyManagerAlgortihm;
53 protected String keyStoreType;
54 protected boolean serverCertificationChainValidationEnabled;
55 protected String trustStoreFileName;
56 protected String clientCertPassword;
57 protected FileInputStream clientCertFileInputStream;
58 protected String clientCertFileName;
59 protected byte[] clientCertBytes;
62 * Instantiates a new security context factory impl.
64 public SecurityContextFactoryImpl() {
65 this.sslAlgorithm = "TLS";
66 this.keyManagerAlgortihm = "SunX509";
67 this.keyStoreType = "PKCS12";
68 this.serverCertificationChainValidationEnabled = false;
69 this.clientCertFileInputStream = null;
70 this.clientCertFileName = null;
74 public String getSslAlgorithm() {
79 public void setSslAlgorithm(String sslAlgorithm) {
80 this.sslAlgorithm = sslAlgorithm;
84 public String getKeyManagerAlgortihm() {
85 return keyManagerAlgortihm;
89 public void setKeyManagerAlgortihm(String keyManagerAlgortihm) {
90 this.keyManagerAlgortihm = keyManagerAlgortihm;
94 public String getKeyStoreType() {
99 public void setKeyStoreType(String keyStoreType) {
100 this.keyStoreType = keyStoreType;
104 public boolean isServerCertificationChainValidationEnabled() {
105 return serverCertificationChainValidationEnabled;
109 public void setServerCertificationChainValidationEnabled(
110 boolean serverCertificationChainValidationEnabled) {
111 this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled;
115 public void setClientCertFileName(String filename) throws IOException {
116 this.clientCertFileName = filename;
118 if (filename == null) {
119 this.clientCertBytes = null;
121 this.clientCertBytes = Files.readAllBytes(new File(filename).toPath());
126 public void setClientCertFileInputStream(FileInputStream fis) {
127 this.clientCertFileInputStream = fis;
131 public FileInputStream getClientCertFileInputStream() {
132 return this.clientCertFileInputStream;
136 public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException,
137 KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
139 TrustManager[] trustAllCerts = null;
141 if (serverCertificationChainValidationEnabled) {
143 System.setProperty("javax.net.ssl.trustStore", trustStoreFileName);
147 // Create a trust manager that does not validate certificate chains
148 trustAllCerts = new TrustManager[] {new X509TrustManager() {
150 public X509Certificate[] getAcceptedIssuers() {
155 public void checkClientTrusted(X509Certificate[] certs, String authType) {}
158 public void checkServerTrusted(X509Certificate[] certs, String authType) {}
162 KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm);
164 KeyStore ks = KeyStore.getInstance(keyStoreType);
167 if (clientCertPassword != null) {
168 pwd = clientCertPassword.toCharArray();
171 if (clientCertBytes != null) {
172 ks.load(new ByteArrayInputStream(clientCertBytes), pwd);
179 SSLContext ctx = SSLContext.getInstance(sslAlgorithm);
180 ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
187 public String getTrustStoreFileName() {
188 return this.trustStoreFileName;
192 public void setTrustStoreFileName(String filename) {
193 this.trustStoreFileName = filename;
197 public String getClientCertPassword() {
198 return this.clientCertPassword;
202 public void setClientCertPassword(String password) {
203 this.clientCertPassword = password;