X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Fcore%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Fconfig%2FSecurityInfo.java;h=60c757194ddc8caf70704a09d06207fa597f37c9;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=5d1d23fa78fcb13f5a4aa684987b57adb0dc0a4c;hpb=078325f8ef05a6216292f5331ef0805a5bdd9ef1;p=aaf%2Fauthz.git diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java index 5d1d23fa..60c75719 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -56,15 +56,15 @@ import org.onap.aaf.cadi.util.NetMask; import org.onap.aaf.cadi.util.Split; public class SecurityInfo { - private static final String SECURITY_ALGO = "RSA"; + private static final String SECURITY_ALGO = "RSA"; private static final String HTTPS_PROTOCOLS = "https.protocols"; private static final String JDK_TLS_CLIENT_PROTOCOLS = "jdk.tls.client.protocols"; private static final String INITIALIZING_ERR_FMT = "Error initializing %s: %s"; - private static final String LOADED_FROM_CADI_PROPERTIES = "%s loaded from CADI Properties"; - private static final String LOADED_FROM_SYSTEM_PROPERTIES = "%s loaded from System Properties"; + private static final String LOADED_FROM_CADI_PROPERTIES = "%s loaded from CADI Properties"; + private static final String LOADED_FROM_SYSTEM_PROPERTIES = "%s loaded from System Properties"; public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM; - + private SSLSocketFactory socketFactory; private X509KeyManager[] x509KeyManager; private X509TrustManager[] x509TrustManager; @@ -83,44 +83,44 @@ public class SecurityInfo { SSL_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509"; } } - + public SecurityInfo(final Access access) throws CadiException { - String msgHelp = ""; + String msgHelp = ""; try { this.access = access; // reuse DME2 Properties for convenience if specific Properties don't exist - + String str = access.getProperty(Config.CADI_ALIAS, null); if(str==null || str.isEmpty()) { - defaultAlias = null; + defaultAlias = null; } else { - defaultAlias = str; + defaultAlias = str; } - + str = access.getProperty(Config.CADI_CLIENT_ALIAS, null); if(str==null) { - defaultClientAlias = defaultAlias; + defaultClientAlias = defaultAlias; } else if(str.isEmpty()) { - // intentionally off, i.e. cadi_client_alias= - defaultClientAlias = null; + // intentionally off, i.e. cadi_client_alias= + defaultClientAlias = null; } else { - defaultClientAlias = str; + defaultClientAlias = str; } msgHelp = String.format(INITIALIZING_ERR_FMT,"Keystore", access.getProperty(Config.CADI_KEYSTORE, "")); initializeKeyManager(); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Truststore", access.getProperty(Config.CADI_TRUSTSTORE, "")); initializeTrustManager(); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Trustmasks", access.getProperty(Config.CADI_TRUST_MASKS, "")); initializeTrustMasks(); msgHelp = String.format(INITIALIZING_ERR_FMT,"HTTP Protocols", "access properties"); setHTTPProtocols(access); - + msgHelp = String.format(INITIALIZING_ERR_FMT,"Context", "TLS"); context = SSLContext.getInstance("TLS"); context.init(x509KeyManager, x509TrustManager, null); @@ -134,34 +134,34 @@ public class SecurityInfo { public static void setHTTPProtocols(Access access) { String httpsProtocols = System.getProperty(Config.HTTPS_PROTOCOLS); if(httpsProtocols!=null) { - access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, HTTPS_PROTOCOLS); + access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, HTTPS_PROTOCOLS); } else { - httpsProtocols = access.getProperty(Config.HTTPS_PROTOCOLS,null); - if(httpsProtocols!=null) { - access.printf(Level.INIT, LOADED_FROM_CADI_PROPERTIES, HTTPS_PROTOCOLS); - } else { - httpsProtocols = access.getProperty(HTTPS_PROTOCOLS, Config.HTTPS_PROTOCOLS_DEFAULT); - access.printf(Level.INIT, "%s set by %s in CADI Properties",Config.HTTPS_PROTOCOLS,Config.CADI_PROTOCOLS); - } - // This needs to be set when people do not. + httpsProtocols = access.getProperty(Config.HTTPS_PROTOCOLS,null); + if(httpsProtocols!=null) { + access.printf(Level.INIT, LOADED_FROM_CADI_PROPERTIES, HTTPS_PROTOCOLS); + } else { + httpsProtocols = access.getProperty(HTTPS_PROTOCOLS, Config.HTTPS_PROTOCOLS_DEFAULT); + access.printf(Level.INIT, "%s set by %s in CADI Properties",Config.HTTPS_PROTOCOLS,Config.CADI_PROTOCOLS); + } + // This needs to be set when people do not. System.setProperty(HTTPS_PROTOCOLS, httpsProtocols); } - String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null); + String httpsClientProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS,null); if(httpsClientProtocols!=null) { - access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, JDK_TLS_CLIENT_PROTOCOLS); + access.printf(Level.INIT, LOADED_FROM_SYSTEM_PROPERTIES, JDK_TLS_CLIENT_PROTOCOLS); } else { - httpsClientProtocols = access.getProperty(Config.HTTPS_CLIENT_PROTOCOLS, null); - if(httpsClientProtocols!=null) { - access.printf(Level.INIT, LOADED_FROM_CADI_PROPERTIES, Config.HTTPS_CLIENT_PROTOCOLS); - } else { - httpsClientProtocols = Config.HTTPS_PROTOCOLS_DEFAULT; - access.printf(Level.INIT, "%s set from %s",Config.HTTPS_CLIENT_PROTOCOLS, "Default Protocols"); - } - System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsClientProtocols); + httpsClientProtocols = access.getProperty(Config.HTTPS_CLIENT_PROTOCOLS, null); + if(httpsClientProtocols!=null) { + access.printf(Level.INIT, LOADED_FROM_CADI_PROPERTIES, Config.HTTPS_CLIENT_PROTOCOLS); + } else { + httpsClientProtocols = Config.HTTPS_PROTOCOLS_DEFAULT; + access.printf(Level.INIT, "%s set from %s",Config.HTTPS_CLIENT_PROTOCOLS, "Default Protocols"); + } + System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsClientProtocols); } - } + } - /** + /** * @return the scf */ public SSLSocketFactory getSSLSocketFactory() { @@ -197,18 +197,18 @@ public class SecurityInfo { hsuc.setHostnameVerifier(maskHV); } } - + protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException { String keyStore = access.getProperty(Config.CADI_KEYSTORE, null); if(keyStore==null) { - return; + return; } else if (!new File(keyStore).exists()) { throw new CadiException(keyStore + " does not exist"); } String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD, null); keyStorePasswd = (keyStorePasswd == null) ? null : access.decrypt(keyStorePasswd, false); - if (keyStore == null || keyStorePasswd == null) { + if (keyStore == null || keyStorePasswd == null) { x509KeyManager = new X509KeyManager[0]; return; } @@ -240,57 +240,57 @@ public class SecurityInfo { } } } - + StringBuilder sb = null; for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) { if (keyManager instanceof X509KeyManager) { - X509KeyManager xkm = (X509KeyManager)keyManager; + X509KeyManager xkm = (X509KeyManager)keyManager; keyManagers.add(xkm); if(defaultAlias!=null) { - sb=new StringBuilder("X509 Chain\n"); - x509Info(sb,xkm.getCertificateChain(defaultAlias)); + sb=new StringBuilder("X509 Chain\n"); + x509Info(sb,xkm.getCertificateChain(defaultAlias)); } if(defaultClientAlias!=null && !defaultClientAlias.equals(defaultAlias)) { - if(sb==null) { - sb = new StringBuilder(); - } else { - sb.append('\n'); - } - sb.append("X509 Client Chain\n"); - x509Info(sb,xkm.getCertificateChain(defaultAlias)); + if(sb==null) { + sb = new StringBuilder(); + } else { + sb.append('\n'); + } + sb.append("X509 Client Chain\n"); + x509Info(sb,xkm.getCertificateChain(defaultAlias)); } } } x509KeyManager = new X509KeyManager[keyManagers.size()]; keyManagers.toArray(x509KeyManager); - + if(sb!=null) { - access.log(Level.INIT, sb); + access.log(Level.INIT, sb); } } - + private void x509Info(StringBuilder sb, X509Certificate[] chain) { - if(chain!=null) { - int i=0; - for(X509Certificate x : chain) { - sb.append(" "); - sb.append(i++); - sb.append(')'); - sb.append("\n Subject: "); - sb.append(x.getSubjectDN()); - sb.append("\n Issuer : "); - sb.append(x.getIssuerDN()); - sb.append("\n Expires: "); - sb.append(x.getNotAfter()); - sb.append('\n'); - } - } + if(chain!=null) { + int i=0; + for(X509Certificate x : chain) { + sb.append(" "); + sb.append(i++); + sb.append(')'); + sb.append("\n Subject: "); + sb.append(x.getSubjectDN()); + sb.append("\n Issuer : "); + sb.append(x.getIssuerDN()); + sb.append("\n Expires: "); + sb.append(x.getNotAfter()); + sb.append('\n'); + } + } } protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException { String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null); if(trustStore==null) { - return; + return; } else if(!new File(trustStore).exists()) { throw new CadiException(trustStore + " does not exist"); } @@ -307,7 +307,7 @@ public class SecurityInfo { try { KeyStore ts = KeyStore.getInstance("JKS"); ts.load(fis, trustStorePasswd.toCharArray()); - trustManagerFactory.init(ts); + trustManagerFactory.init(ts); } finally { fis.close(); } @@ -328,7 +328,7 @@ public class SecurityInfo { } } } - + protected void initializeTrustMasks() throws AccessException { String tips = access.getProperty(Config.CADI_TRUST_MASKS, null); if (tips == null) { @@ -345,7 +345,7 @@ public class SecurityInfo { throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e); } } - + final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier(); maskHV = new HostnameVerifier() { @Override @@ -366,5 +366,5 @@ public class SecurityInfo { }; HttpsURLConnection.setDefaultHostnameVerifier(maskHV); } - + }