Code Review / vfc / nfvo / driver / vnfm / svnfm.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Removing jackson to mitigate cve-2017-4995
[vfc/nfvo/driver/vnfm/svnfm.git] / nokiav2 / driver / src / main / java / org / onap / vfc / nfvo / driver / vnfm / svnfm / nokia / util / StoreLoader.java
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/util/StoreLoader.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/util/StoreLoader.java
index faa436e..7ff44ea 100644 (file)
--- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/util/StoreLoader.java
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/util/StoreLoader.java
@@ -16,24 +16,25 @@
 
 package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util;
 
-import org.apache.commons.codec.binary.Base64;
-
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.KeyStore.TrustedCertificateEntry;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
-import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Optional;
 import java.util.Set;
+import org.apache.commons.codec.binary.Base64;
 
+import static java.util.Optional.empty;
+import static java.util.Optional.of;
+
+import static org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.CbamUtils.buildFatalFailure;
 import static org.slf4j.LoggerFactory.getLogger;
 
 /**
@@ -41,7 +42,7 @@ import static org.slf4j.LoggerFactory.getLogger;
  */
 public final class StoreLoader {
 
-    public static final String PASSWORD = "password";
+    public static final String PASS_ALIAS = "password";
     private static final String RSA = "RSA";
     private static final String X_509 = "X.509";
     private static final String SUN = "SUN";
@@ -59,8 +60,7 @@ public final class StoreLoader {
         if (rindex == -1 || lindex == -1) {
             return "";
         }
-        String substring = content.substring(rindex, lindex) + end(scope);
-        return substring;
+        return content.substring(rindex, lindex) + end(scope);
     }
 
     /**
@@ -105,27 +105,27 @@ public final class StoreLoader {
      */
     public static KeyStore loadStore(String pem, String storePassword, String keyPassword) {
         Optional<PrivateKey> privateKey = generatePrivateKey(pem);
-        Certificate[] certs = createCertificates(pem);
+        Optional<Certificate[]> certs = createCertificates(pem);
         try {
             KeyStore ks = KeyStore.getInstance(JKS, SUN);
             ks.load(null, storePassword.toCharArray());
             if (privateKey.isPresent()) {
-                ks.setKeyEntry(PASSWORD, privateKey.get(), keyPassword.toCharArray(), certs);
-            } else if (certs != null) {
+                ks.setKeyEntry(PASS_ALIAS, privateKey.get(), keyPassword.toCharArray(), certs.orElse(null));
+            } else if (certs.isPresent()) {
                 int index = 0;
-                for (Certificate cert : certs) {
+                for (Certificate cert : certs.get()) {
                     TrustedCertificateEntry ts = new TrustedCertificateEntry(cert);
-                    ks.setEntry(PASSWORD + index, ts, null);
+                    ks.setEntry(PASS_ALIAS + index, ts, null);
                     index++;
                 }
             }
             return ks;
         } catch (Exception e) {
-            throw new RuntimeException("Unable to create keystore", e);
+            throw new UserInvisibleError("Unable to create keystore", e);
         }
     }
 
-    private static Certificate[] createCertificates(String pem) {
+    private static Optional<Certificate[]> createCertificates(String pem) {
         Set<Certificate> certificates = new HashSet<>();
         try {
             for (String certificate : getCertifacates(pem)) {
@@ -136,14 +136,13 @@ public final class StoreLoader {
                 certificates.addAll(c);
             }
         } catch (Exception e) {
-            logger.error(e.getMessage(), e);
-            throw new RuntimeException("Unable to load certificates", e);
+            throw buildFatalFailure(logger, "Unable to load certificates", e);
         }
 
-        if (certificates.size() > 0) {
-            return certificates.toArray(new Certificate[certificates.size()]);
+        if (!certificates.isEmpty()) {
+            return of(certificates.toArray(new Certificate[certificates.size()]));
         } else {
-            return null;
+            return empty();
         }
     }
 
@@ -153,12 +152,11 @@ public final class StoreLoader {
             if (!key.isEmpty()) {
                 KeyFactory keyFactory = KeyFactory.getInstance(RSA);
                 PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(toDer(key, RSA_PRIVATE_KEY));
-                return Optional.of(keyFactory.generatePrivate(keySpec));
+                return of(keyFactory.generatePrivate(keySpec));
             }
-            return Optional.empty();
-        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-            logger.error("Unable to load key", e);
-            throw new RuntimeException("Unable to load key", e);
+            return empty();
+        } catch (Exception e) {
+            throw buildFatalFailure(logger, "Unable to load key", e);
         }
     }
 
Specific VNFM drivers