gerrit.onap Code Review - dcaegen2/collectors/datafile.git/blob

   1 /*-
   2  * ============LICENSE_START======================================================================
   3  * Copyright (C) 2021 Nokia. All rights reserved.
   4  * ===============================================================================================
   5  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
   6  * in compliance with the License. You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software distributed under the License
  11  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  12  * or implied. See the License for the specific language governing permissions and limitations under
  13  * the License.
  14  * ============LICENSE_END========================================================================
  15  */
  16 package org.onap.dcaegen2.collectors.datafile.http;
  17
  18 import org.apache.http.config.Registry;
  19 import org.apache.http.config.RegistryBuilder;
  20 import org.apache.http.conn.socket.ConnectionSocketFactory;
  21 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
  22 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
  23 import org.apache.http.ssl.SSLContextBuilder;
  24 import org.apache.http.ssl.SSLContexts;
  25 import org.onap.dcaegen2.collectors.datafile.commons.SecurityUtil;
  26 import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException;
  27 import org.slf4j.Logger;
  28 import org.slf4j.LoggerFactory;
  29 import org.springframework.core.io.FileSystemResource;
  30
  31 import javax.net.ssl.SSLContext;
  32 import java.io.File;
  33 import java.io.IOException;
  34 import java.io.InputStream;
  35 import java.nio.file.Paths;
  36 import java.security.KeyStore;
  37 import java.security.KeyStoreException;
  38 import java.security.NoSuchAlgorithmException;
  39 import java.security.UnrecoverableKeyException;
  40 import java.security.cert.CertificateException;
  41
  42 /**
  43  * Utility class supplying connection manager for HTTPS protocol.
  44  *
  45  * @author <a href="mailto:krzysztof.gajewski@nokia.com">Krzysztof Gajewski</a>
  46  */
  47 public class HttpsClientConnectionManagerUtil {
  48
  49     private HttpsClientConnectionManagerUtil() {
  50     }
  51
  52     private static final Logger logger = LoggerFactory.getLogger(HttpsClientConnectionManagerUtil.class);
  53     //Be aware to be less than ScheduledTasks.NUMBER_OF_WORKER_THREADS
  54     private static final int MAX_NUMBER_OF_CONNECTIONS = 200;
  55     private static PoolingHttpClientConnectionManager connectionManager;
  56
  57     public static PoolingHttpClientConnectionManager instance() throws DatafileTaskException {
  58         if (connectionManager == null) {
  59             throw new DatafileTaskException("ConnectionManager has to be set or update first");
  60         }
  61         return connectionManager;
  62     }
  63
  64     public static void setupOrUpdate(String keyCertPath, String keyCertPasswordPath, String trustedCaPath,
  65             String trustedCaPasswordPath) throws DatafileTaskException {
  66         synchronized (HttpsClientConnectionManagerUtil.class) {
  67             if (connectionManager != null) {
  68                 connectionManager.close();
  69                 connectionManager = null;
  70             }
  71             setup(keyCertPath, keyCertPasswordPath, trustedCaPath, trustedCaPasswordPath);
  72         }
  73         logger.trace("HttpsConnectionManager setup or updated");
  74     }
  75
  76     private static void setup(String keyCertPath, String keyCertPasswordPath, String trustedCaPath,
  77           String trustedCaPasswordPath) throws DatafileTaskException {
  78         try {
  79             SSLContextBuilder sslBuilder = SSLContexts.custom();
  80             sslBuilder = supplyKeyInfo(keyCertPath, keyCertPasswordPath, sslBuilder);
  81             sslBuilder = supplyTrustInfo(trustedCaPath, trustedCaPasswordPath, sslBuilder);
  82
  83             SSLContext sslContext = sslBuilder.build();
  84
  85             SSLConnectionSocketFactory sslConnectionSocketFactory =
  86                 new SSLConnectionSocketFactory(sslContext, new String[] {"TLSv1.2"}, null,
  87                     (hostname, session) -> true);
  88
  89             Registry<ConnectionSocketFactory> socketFactoryRegistry =
  90                 RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslConnectionSocketFactory)
  91                     .build();
  92
  93             connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
  94             connectionManager.setMaxTotal(MAX_NUMBER_OF_CONNECTIONS);
  95
  96         } catch (Exception e) {
  97             throw new DatafileTaskException("Unable to prepare HttpsConnectionManager  : ", e);
  98         }
  99     }
 100
 101     private static SSLContextBuilder supplyKeyInfo(String keyCertPath, String keyCertPasswordPath,
 102             SSLContextBuilder sslBuilder)
 103             throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException,
 104             UnrecoverableKeyException {
 105         String keyPass = SecurityUtil.getKeystorePasswordFromFile(keyCertPasswordPath);
 106         KeyStore keyFile = createKeyStore(keyCertPath, keyPass);
 107         return sslBuilder.loadKeyMaterial(keyFile, keyPass.toCharArray());
 108     }
 109
 110     private static KeyStore createKeyStore(String trustedCaPath, String trustedCaPassword)
 111             throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
 112         logger.trace("Creating trust manager from file: {}", trustedCaPath);
 113         try (InputStream fis = createInputStream(trustedCaPath)) {
 114             KeyStore keyStore = KeyStore.getInstance("PKCS12");
 115             keyStore.load(fis, trustedCaPassword.toCharArray());
 116             return keyStore;
 117         }
 118     }
 119
 120     private static InputStream createInputStream(String localFileName) throws IOException {
 121         FileSystemResource realResource = new FileSystemResource(Paths.get(localFileName));
 122         return realResource.getInputStream();
 123     }
 124
 125     private static SSLContextBuilder supplyTrustInfo(String trustedCaPath, String trustedCaPasswordPath,
 126             SSLContextBuilder sslBuilder)
 127             throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
 128         String trustPass = SecurityUtil.getTruststorePasswordFromFile(trustedCaPasswordPath);
 129         File trustStoreFile = new File(trustedCaPath);
 130         return sslBuilder.loadTrustMaterial(trustStoreFile, trustPass.toCharArray());
 131     }
 132 }