import static org.openecomp.core.utilities.file.FileUtils.getFileExtension;
import static org.openecomp.core.utilities.file.FileUtils.getNetworkPackageName;
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.inject.Named;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.Response;
import org.onap.config.api.ConfigurationManager;
+import org.onap.config.api.JettySSLUtils;
import org.openecomp.core.utilities.orchestration.OnboardingTypesEnum;
import org.openecomp.sdc.common.errors.CoreException;
import org.openecomp.sdc.common.errors.ErrorCode;
private static Client trustSSLClient() {
try {
- SSLContext sslcontext = SSLContext.getInstance("TLS");
- sslcontext.init(null, new TrustManager[]{new MyTrustManager()}, new java.security.SecureRandom());
+ SSLContext sslcontext = JettySSLUtils.getSslContext();
return ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifier((requestedHost, remoteServerSession)
-> requestedHost.equalsIgnoreCase(remoteServerSession.getPeerHost())).build();
- } catch (NoSuchAlgorithmException | KeyManagementException e) {
- LOGGER.error("Failed to initialize SSL unsecure context", e);
+ } catch (IOException | GeneralSecurityException e) {
+ LOGGER.error("Failed to initialize SSL context", e);
}
return ClientBuilder.newClient();
}
- private static class MyTrustManager implements X509TrustManager {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- private MyTrustManager() throws NoSuchAlgorithmException {
- }
-
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[] {};
- }
-
- @Override
- public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
- X509TrustManager x509Tm = getDefaultTrustManager(tmf);
- if(x509Tm == null) {
- throw new CertificateException("No X509TrustManager found");
- }
- x509Tm.checkServerTrusted(certs, authType);
- }
-
- @Override
- public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
- X509TrustManager x509Tm = getDefaultTrustManager(tmf);
- if(x509Tm == null) {
- throw new CertificateException("No X509TrustManager found");
- }
- x509Tm.checkClientTrusted(certs, authType);
- }
-
- private X509TrustManager getDefaultTrustManager(TrustManagerFactory tmf) {
- try {
- tmf.init((KeyStore)null);
- } catch (KeyStoreException e) {
- throw new IllegalStateException(e);
- }
- X509TrustManager x509Tm = null;
- for(TrustManager tm: tmf.getTrustManagers())
- {
- if(tm instanceof X509TrustManager) {
- x509Tm = (X509TrustManager) tm;
- break;
- }
- }
- return x509Tm;
- }
- }
private final Configuration config;
Code Review / sdc.git / blobdiff