/** * ============LICENSE_START=================================================== * SPARKY (AAI UI service) * ============================================================================ * Copyright © 2017 AT&T Intellectual Property. * Copyright © 2017 Amdocs * All rights reserved. * ============================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END===================================================== * * ECOMP and OpenECOMP are trademarks * and service marks of AT&T Intellectual Property. */ package org.openecomp.sparky.security; import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.nio.file.Files; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; /** * The Class SecurityContextFactoryImpl. */ public class SecurityContextFactoryImpl implements SecurityContextFactory { protected String sslAlgorithm; protected String keyManagerAlgortihm; protected String keyStoreType; protected boolean serverCertificationChainValidationEnabled; protected String trustStoreFileName; protected String clientCertPassword; protected FileInputStream clientCertFileInputStream; protected String clientCertFileName; protected byte[] clientCertBytes; /** * Instantiates a new security context factory impl. */ public SecurityContextFactoryImpl() { this.sslAlgorithm = "TLS"; this.keyManagerAlgortihm = "SunX509"; this.keyStoreType = "PKCS12"; this.serverCertificationChainValidationEnabled = false; this.clientCertFileInputStream = null; this.clientCertFileName = null; } @Override public String getSslAlgorithm() { return sslAlgorithm; } @Override public void setSslAlgorithm(String sslAlgorithm) { this.sslAlgorithm = sslAlgorithm; } @Override public String getKeyManagerAlgortihm() { return keyManagerAlgortihm; } @Override public void setKeyManagerAlgortihm(String keyManagerAlgortihm) { this.keyManagerAlgortihm = keyManagerAlgortihm; } @Override public String getKeyStoreType() { return keyStoreType; } @Override public void setKeyStoreType(String keyStoreType) { this.keyStoreType = keyStoreType; } @Override public boolean isServerCertificationChainValidationEnabled() { return serverCertificationChainValidationEnabled; } @Override public void setServerCertificationChainValidationEnabled( boolean serverCertificationChainValidationEnabled) { this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled; } @Override public void setClientCertFileName(String filename) throws IOException { this.clientCertFileName = filename; if (filename == null) { this.clientCertBytes = null; } else { this.clientCertBytes = Files.readAllBytes(new File(filename).toPath()); } } @Override public void setClientCertFileInputStream(FileInputStream fis) { this.clientCertFileInputStream = fis; } @Override public FileInputStream getClientCertFileInputStream() { return this.clientCertFileInputStream; } @Override public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { TrustManager[] trustAllCerts = null; if (serverCertificationChainValidationEnabled) { System.setProperty("javax.net.ssl.trustStore", trustStoreFileName); } else { // Create a trust manager that does not validate certificate chains trustAllCerts = new TrustManager[] {new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] certs, String authType) {} @Override public void checkServerTrusted(X509Certificate[] certs, String authType) {} } }; } KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm); KeyStore ks = KeyStore.getInstance(keyStoreType); char[] pwd = null; if (clientCertPassword != null) { pwd = clientCertPassword.toCharArray(); } if (clientCertBytes != null) { ks.load(new ByteArrayInputStream(clientCertBytes), pwd); } else { ks.load(null, pwd); } kmf.init(ks, pwd); SSLContext ctx = SSLContext.getInstance(sslAlgorithm); ctx.init(kmf.getKeyManagers(), trustAllCerts, null); return ctx; } @Override public String getTrustStoreFileName() { return this.trustStoreFileName; } @Override public void setTrustStoreFileName(String filename) { this.trustStoreFileName = filename; } @Override public String getClientCertPassword() { return this.clientCertPassword; } @Override public void setClientCertPassword(String password) { this.clientCertPassword = password; } }