--- /dev/null
+/**
+ * ============LICENSE_START===================================================
+ * SPARKY (AAI UI service)
+ * ============================================================================
+ * Copyright © 2017 AT&T Intellectual Property.
+ * Copyright © 2017 Amdocs
+ * All rights reserved.
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ *
+ * ECOMP and OpenECOMP are trademarks
+ * and service marks of AT&T Intellectual Property.
+ */
+
+package org.openecomp.sparky.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * The Class SecurityContextFactoryImpl.
+ */
+public class SecurityContextFactoryImpl implements SecurityContextFactory {
+
+ protected String sslAlgorithm;
+ protected String keyManagerAlgortihm;
+ protected String keyStoreType;
+ protected boolean serverCertificationChainValidationEnabled;
+ protected String trustStoreFileName;
+ protected String clientCertPassword;
+ protected FileInputStream clientCertFileInputStream;
+ protected String clientCertFileName;
+ protected byte[] clientCertBytes;
+
+ /**
+ * Instantiates a new security context factory impl.
+ */
+ public SecurityContextFactoryImpl() {
+ this.sslAlgorithm = "TLS";
+ this.keyManagerAlgortihm = "SunX509";
+ this.keyStoreType = "PKCS12";
+ this.serverCertificationChainValidationEnabled = false;
+ this.clientCertFileInputStream = null;
+ this.clientCertFileName = null;
+ }
+
+ @Override
+ public String getSslAlgorithm() {
+ return sslAlgorithm;
+ }
+
+ @Override
+ public void setSslAlgorithm(String sslAlgorithm) {
+ this.sslAlgorithm = sslAlgorithm;
+ }
+
+ @Override
+ public String getKeyManagerAlgortihm() {
+ return keyManagerAlgortihm;
+ }
+
+ @Override
+ public void setKeyManagerAlgortihm(String keyManagerAlgortihm) {
+ this.keyManagerAlgortihm = keyManagerAlgortihm;
+ }
+
+ @Override
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ @Override
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ @Override
+ public boolean isServerCertificationChainValidationEnabled() {
+ return serverCertificationChainValidationEnabled;
+ }
+
+ @Override
+ public void setServerCertificationChainValidationEnabled(
+ boolean serverCertificationChainValidationEnabled) {
+ this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled;
+ }
+
+ @Override
+ public void setClientCertFileName(String filename) throws IOException {
+ this.clientCertFileName = filename;
+
+ if (filename == null) {
+ this.clientCertBytes = null;
+ } else {
+ this.clientCertBytes = Files.readAllBytes(new File(filename).toPath());
+ }
+ }
+
+ @Override
+ public void setClientCertFileInputStream(FileInputStream fis) {
+ this.clientCertFileInputStream = fis;
+ }
+
+ @Override
+ public FileInputStream getClientCertFileInputStream() {
+ return this.clientCertFileInputStream;
+ }
+
+ @Override
+ public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException,
+ KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
+
+ TrustManager[] trustAllCerts = null;
+
+ if (serverCertificationChainValidationEnabled) {
+
+ System.setProperty("javax.net.ssl.trustStore", trustStoreFileName);
+
+ } else {
+
+ // Create a trust manager that does not validate certificate chains
+ trustAllCerts = new TrustManager[] {new X509TrustManager() {
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] certs, String authType) {}
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] certs, String authType) {}
+ } };
+ }
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm);
+
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
+
+ char[] pwd = null;
+ if (clientCertPassword != null) {
+ pwd = clientCertPassword.toCharArray();
+ }
+
+ if (clientCertBytes != null) {
+ ks.load(new ByteArrayInputStream(clientCertBytes), pwd);
+ } else {
+ ks.load(null, pwd);
+ }
+
+ kmf.init(ks, pwd);
+
+ SSLContext ctx = SSLContext.getInstance(sslAlgorithm);
+ ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
+
+ return ctx;
+
+ }
+
+ @Override
+ public String getTrustStoreFileName() {
+ return this.trustStoreFileName;
+ }
+
+ @Override
+ public void setTrustStoreFileName(String filename) {
+ this.trustStoreFileName = filename;
+ }
+
+ @Override
+ public String getClientCertPassword() {
+ return this.clientCertPassword;
+ }
+
+ @Override
+ public void setClientCertPassword(String password) {
+ this.clientCertPassword = password;
+ }
+
+}
Code Review / aai / sparky-be.git / blobdiff