2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.vid.aai.util;
23 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
24 import org.apache.http.conn.ssl.SSLContextBuilder;
25 import org.apache.http.impl.client.CloseableHttpClient;
26 import org.apache.http.impl.client.HttpClients;
27 import org.eclipse.jetty.util.security.Password;
28 import org.onap.vid.exceptions.GenericUncheckedException;
29 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
30 import org.onap.portalsdk.core.util.SystemProperties;
32 import javax.net.ssl.SSLContext;
33 import java.io.FileInputStream;
34 import java.security.GeneralSecurityException;
35 import java.security.KeyManagementException;
36 import java.security.KeyStore;
40 * The Class HttpsComponentsClient.
42 public class HttpsComponentsClient{
44 static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsComponentsClient.class);
49 * @param certFilePath the cert file path
51 * @throws KeyManagementException the key management exception
53 public static CloseableHttpClient getClient(String certFilePath) {
54 CloseableHttpClient httpclient = null;
57 String truststore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_TRUSTSTORE_FILENAME);
58 String truststore_password = SystemProperties.getProperty(AAIProperties.AAI_TRUSTSTORE_PASSWD_X);
59 String decrypted_truststore_password = Password.deobfuscate(truststore_password);
60 String keystore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_FILENAME);
61 String keystore_password = SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_PASSWD_X);
62 String decrypted_keystore_password = Password.deobfuscate(keystore_password);
64 SSLContextBuilder sslContextB = new SSLContextBuilder();
66 KeyStore ks = KeyStore.getInstance("PKCS12");
67 char[] pwd = decrypted_keystore_password.toCharArray();
69 try(FileInputStream fin = new FileInputStream(keystore_path)) {
73 logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up keystore");
74 logger.error(EELFLoggerDelegate.errorLogger, "Error loading keystore materials: (keystore path: {}, obfuascated keystore password: {})", keystore_path, keystore_password);
75 throw new GenericUncheckedException(e);
78 sslContextB.loadKeyMaterial(ks, pwd);
80 KeyStore ts = KeyStore.getInstance("JKS");
81 char[] pwd1 = decrypted_truststore_password.toCharArray();
83 try(FileInputStream fin1 = new FileInputStream(truststore_path)) {
87 logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up truststore");
88 logger.error(EELFLoggerDelegate.errorLogger, "Error loading truststore materials: (truststore path: {}, obfuascated truststore password: {})", truststore_path, truststore_password);
89 throw new GenericUncheckedException(e);
92 sslContextB.loadTrustMaterial(ts);
93 sslContextB.loadKeyMaterial(ks, pwd);
96 SSLContext sslcontext = sslContextB.build();
98 SSLConnectionSocketFactory sslFactory = new SSLConnectionSocketFactory(
100 new String[] { "TLSv1.1", "TLSv1.2" },
102 SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER );
104 httpclient = HttpClients.custom()
105 .setSSLSocketFactory(sslFactory)
109 } catch (GeneralSecurityException e) {
110 throw new GenericUncheckedException(e);