X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FSecurityInfo.java;fp=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FSecurityInfo.java;h=60c757194ddc8caf70704a09d06207fa597f37c9;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=8dbc38e1ea49bcb65c594df4ddb9d3148d261770;hpb=bdce7667a6e272e2fa32e298d957a0d9090c5bc9;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java index 8dbc38e1..60c75719 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -64,7 +64,7 @@ public class SecurityInfo { private static final String LOADED_FROM_SYSTEM_PROPERTIES = "%s loaded from System Properties"; public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM; - + private SSLSocketFactory socketFactory; private X509KeyManager[] x509KeyManager; private X509TrustManager[] x509TrustManager; @@ -83,21 +83,21 @@ public class SecurityInfo { SSL_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; } } - + public SecurityInfo(final Access access) throws CadiException { String msgHelp = ""; try { this.access = access; // reuse DME2 Properties for convenience if specific Properties don't exist - + String str = access.getProperty(Config.CADI_ALIAS, null); if(str==null || str.isEmpty()) { defaultAlias = null; } else { defaultAlias = str; } - + str = access.getProperty(Config.CADI_CLIENT_ALIAS, null); if(str==null) { defaultClientAlias = defaultAlias; @@ -110,17 +110,17 @@ public class SecurityInfo { msgHelp = String.format(INITIALIZING_ERR_FMT,"Keystore", access.getProperty(Config.CADI_KEYSTORE, "")); initializeKeyManager(); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Truststore", access.getProperty(Config.CADI_TRUSTSTORE, "")); initializeTrustManager(); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Trustmasks", access.getProperty(Config.CADI_TRUST_MASKS, "")); initializeTrustMasks(); msgHelp = String.format(INITIALIZING_ERR_FMT,"HTTP Protocols", "access properties"); setHTTPProtocols(access); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Context", "TLS"); context = SSLContext.getInstance("TLS"); context.init(x509KeyManager, x509TrustManager, null); @@ -146,7 +146,7 @@ public class SecurityInfo { // This needs to be set when people do not. System.setProperty(HTTPS_PROTOCOLS, httpsProtocols); } - String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null); + String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null); if(httpsClientProtocols!=null) { access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, JDK_TLS_CLIENT_PROTOCOLS); } else { @@ -197,7 +197,7 @@ public class SecurityInfo { hsuc.setHostnameVerifier(maskHV); } } - + protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException { String keyStore = access.getProperty(Config.CADI_KEYSTORE, null); if(keyStore==null) { @@ -208,7 +208,7 @@ public class SecurityInfo { String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD, null); keyStorePasswd = (keyStorePasswd == null) ? null : access.decrypt(keyStorePasswd, false); - if (keyStore == null || keyStorePasswd == null) { + if (keyStore == null || keyStorePasswd == null) { x509KeyManager = new X509KeyManager[0]; return; } @@ -240,7 +240,7 @@ public class SecurityInfo { } } } - + StringBuilder sb = null; for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509KeyManager) { @@ -263,12 +263,12 @@ public class SecurityInfo { } x509KeyManager = new X509KeyManager[keyManagers.size()]; keyManagers.toArray(x509KeyManager); - + if(sb!=null) { access.log(Level.INIT, sb); } } - + private void x509Info(StringBuilder sb, X509Certificate[] chain) { if(chain!=null) { int i=0; @@ -290,7 +290,7 @@ public class SecurityInfo { protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException { String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null); if(trustStore==null) { - return; + return; } else if(!new File(trustStore).exists()) { throw new CadiException(trustStore + " does not exist"); } @@ -307,7 +307,7 @@ public class SecurityInfo { try { KeyStore ts = KeyStore.getInstance("JKS"); ts.load(fis, trustStorePasswd.toCharArray()); - trustManagerFactory.init(ts); + trustManagerFactory.init(ts); } finally { fis.close(); } @@ -328,7 +328,7 @@ public class SecurityInfo { } } } - + protected void initializeTrustMasks() throws AccessException { String tips = access.getProperty(Config.CADI_TRUST_MASKS, null); if (tips == null) { @@ -345,7 +345,7 @@ public class SecurityInfo { throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e); } } - + final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier(); maskHV = new HostnameVerifier() { @Override @@ -366,5 +366,5 @@ public class SecurityInfo { }; HttpsURLConnection.setDefaultHostnameVerifier(maskHV); } - + }