* VID
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2018 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
package org.onap.vid.aai.util;
-import java.io.FileInputStream;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.glassfish.jersey.client.ClientConfig;
+import org.glassfish.jersey.client.HttpUrlConnectorProvider;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.vid.aai.exceptions.HttpClientBuilderException;
+import org.onap.vid.properties.Features;
+import org.togglz.core.manager.FeatureManager;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
+import java.io.IOException;
+import java.nio.file.FileSystems;
+import java.security.GeneralSecurityException;
+
+import static org.onap.vid.aai.util.HttpClientMode.WITH_KEYSTORE;
-import org.eclipse.jetty.util.security.Password;
-import org.glassfish.jersey.client.ClientConfig;
-import org.glassfish.jersey.client.HttpUrlConnectorProvider;
-import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.openecomp.portalsdk.core.util.SystemProperties;
/**
* The Class HttpsAuthClient.
*/
-public class HttpsAuthClient{
- /** The logger. */
- static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsAuthClient.class);
-
- /**
- * Gets the client.
- *
- * @param certFilePath the cert file path
- * @return the client
- * @throws KeyManagementException the key management exception
- */
- public static Client getClient(String certFilePath) throws KeyManagementException {
-
- ClientConfig config = new ClientConfig();
- //config.getFeatures().put(JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE);
- //config.getClasses().add(org.openecomp.aai.util.CustomJacksonJaxBJsonProvider.class);
-
- try {
-
- config.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, Boolean.TRUE );
-
- config.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
- String truststore_path = certFilePath + org.onap.vid.aai.util.AAIProperties.FILESEPARTOR + SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_TRUSTSTORE_FILENAME);
- String truststore_password = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_TRUSTSTORE_PASSWD_X);
- String decrypted_truststore_password = Password.deobfuscate(truststore_password);
-
- boolean useClientCert = false;
-
- String keystore_path = certFilePath + org.onap.vid.aai.util.AAIProperties.FILESEPARTOR + SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_KEYSTORE_FILENAME);
- String keystore_password = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_KEYSTORE_PASSWD_X);
- String decrypted_keystore_password = Password.deobfuscate(keystore_password);
-
- String clientCert = SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_USE_CLIENT_CERT);
-
- if (clientCert != null &&
- SystemProperties.getProperty(org.onap.vid.aai.util.AAIProperties.AAI_USE_CLIENT_CERT).equalsIgnoreCase("true")) {
- useClientCert = true;
- }
-
- System.setProperty("javax.net.ssl.trustStore", truststore_path);
- System.setProperty("javax.net.ssl.trustStorePassword", decrypted_truststore_password);
- HttpsURLConnection.setDefaultHostnameVerifier( new HostnameVerifier(){
- public boolean verify(String string,SSLSession ssls) {
- return true;
- }
- });
-
- final SSLContext ctx = SSLContext.getInstance("TLS");
-
- KeyManagerFactory kmf = null;
- if (useClientCert) {
-
- try {
- kmf = KeyManagerFactory.getInstance("SunX509");
- FileInputStream fin = new FileInputStream(keystore_path);
- KeyStore ks = KeyStore.getInstance("PKCS12");
- char[] pwd = decrypted_keystore_password.toCharArray();
- ks.load(fin, pwd);
- kmf.init(ks, pwd);
- } catch (Exception e) {
- //System.out.println("Error setting up kmf: exiting");
- logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up kmf: exiting");
- e.printStackTrace();
- return null;
- }
- ctx.init(kmf.getKeyManagers(), null, null);
-
- return ClientBuilder.newBuilder()
- .sslContext(ctx)
- .hostnameVerifier(new HostnameVerifier() {
- @Override
- public boolean verify( String s, SSLSession sslSession ) {
- return true;
- }
- }).withConfig(config)
- .build()
- .register(org.onap.vid.aai.util.CustomJacksonJaxBJsonProvider.class);
- } else {
- return ClientBuilder.newBuilder()
- .hostnameVerifier(new HostnameVerifier() {
- @Override
- public boolean verify( String s, SSLSession sslSession ) {
- return true;
- }
- }).withConfig(config)
- .build()
- .register(org.onap.vid.aai.util.CustomJacksonJaxBJsonProvider.class);
- }
- } catch (Exception e) {
- logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up config: exiting");
- //System.out.println("Error setting up config: exiting");
- e.printStackTrace();
- System.exit(1);
- return null;
- }
- }
-}
+public class HttpsAuthClient {
+
+ private static final String SSL_TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String SSL_TRUST_STORE_PASS_WORD = "javax.net.ssl.trustStorePassword";
+
+ private final SystemPropertyHelper systemPropertyHelper;
+ private final SSLContextProvider sslContextProvider;
+
+ public HttpsAuthClient(String certFilePath, SystemPropertyHelper systemPropertyHelper, SSLContextProvider sslContextProvider, FeatureManager featureManager) {
+ this.certFilePath = certFilePath;
+ this.systemPropertyHelper = systemPropertyHelper;
+ this.sslContextProvider = sslContextProvider;
+ this.featureManager = featureManager;
+ }
+
+ private final String certFilePath;
+
+ FeatureManager featureManager;
+
+ /** The logger. */
+ static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(org.onap.vid.aai.util.HttpsAuthClient.class);
+
+
+ /**
+ * Gets the client.
+ *
+ * @return the client
+ */
+ public Client getClient(HttpClientMode mode) throws GeneralSecurityException, IOException {
+ ClientConfig config = prepareClientConfig(mode);
+
+ try {
+ setSystemProperties();
+
+ optionallyVerifyHostname();
+
+ return systemPropertyHelper.isClientCertEnabled() ?
+ getTrustedClient(config, getKeystorePath(), systemPropertyHelper.getDecryptedKeystorePassword(), mode)
+ : getUntrustedClient(config);
+
+ } catch (Exception e) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "Error setting up config", e);
+ throw e;
+ }
+
+ }
+
+ private void optionallyVerifyHostname() {
+ HttpsURLConnection.setDefaultHostnameVerifier(getHostnameVerifier());
+ }
+
+ private Client getUntrustedClient(ClientConfig config) {
+ return ClientBuilder.newBuilder().withConfig(config).build().register(CustomJacksonJaxBJsonProvider.class);
+ }
+
+ private Client getTrustedClient(ClientConfig config, String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws HttpClientBuilderException {
+ return ClientBuilder.newBuilder()
+ .sslContext(sslContextProvider.getSslContext(keystorePath, keystorePassword, httpClientMode))
+ .hostnameVerifier(getHostnameVerifier())
+ .withConfig(config)
+ .build()
+ .register(CustomJacksonJaxBJsonProvider.class);
+ }
+
+ protected HostnameVerifier getHostnameVerifier() {
+ if(featureManager.isActive(Features.FLAG_EXP_USE_DEFAULT_HOST_NAME_VERIFIER)){
+ return new DefaultHostnameVerifier();
+ }
+
+ return new NoopHostnameVerifier();
+ }
+
+ private String getKeystorePath() {
+ return getCertificatesPath() + FileSystems.getDefault().getSeparator() + systemPropertyHelper.getAAIKeystoreFilename();
+ }
+
+ private void setSystemProperties() {
+ System.setProperty(SSL_TRUST_STORE, getCertificatesPath() + FileSystems.getDefault().getSeparator() +
+ systemPropertyHelper.getAAITruststoreFilename().orElse(""));
+ System.setProperty(SSL_TRUST_STORE_PASS_WORD, systemPropertyHelper.getDecryptedTruststorePassword());
+ }
+
+ private ClientConfig prepareClientConfig(HttpClientMode mode) {
+ ClientConfig config = new ClientConfig();
+ if (mode.equals(WITH_KEYSTORE)) {
+ config.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, Boolean.TRUE);
+ config.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
+ }
+ return config;
+ }
+
+ private String getCertificatesPath() {
+ return certFilePath;
+ }
+
+}