package org.onap.so.adapters.vevnfm.configuration;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider;
import org.onap.so.configuration.rest.HttpHeadersProvider;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
@Configuration
public class ApplicationConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class);
+
+ private final Resource clientKeyStore;
+ private final String clientKeyStorePassword;
+ private final Resource clientTrustStore;
+ private final String clientTrustStorePassword;
+
+ public ApplicationConfiguration(final ConfigProperties configProperties) {
+ clientKeyStore = configProperties.getClientKeyStore();
+ clientKeyStorePassword = configProperties.getClientKeyStorePassword();
+ clientTrustStore = configProperties.getClientTrustStore();
+ clientTrustStorePassword = configProperties.getClientTrustStorePassword();
+ }
+
@Bean
public AuthorizationHeadersProvider headersProvider() {
return new AuthorizationHeadersProvider();
@Bean
public HttpRestServiceProvider restProvider(final RestTemplate restTemplate,
final HttpHeadersProvider headersProvider) {
+ modify(restTemplate);
return new HttpRestServiceProviderImpl(restTemplate, headersProvider);
}
+
+ private void modify(final RestTemplate restTemplate) {
+
+ if (clientKeyStore == null || clientTrustStore == null) {
+ return;
+ }
+
+ try {
+ final KeyStore keystore = KeyStore.getInstance("PKCS12");
+ keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray());
+
+ final SSLContext sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray())
+ .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build();
+
+ logger.info("Setting truststore: {}", clientTrustStore.getURL());
+
+ final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ final HttpComponentsClientHttpRequestFactory factory =
+ new HttpComponentsClientHttpRequestFactory(httpClient);
+
+ restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+ | IOException | UnrecoverableKeyException e) {
+ logger.error("Error reading truststore, TLS connection to VNFM will fail.", e);
+ }
+ }
}
import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
@Configuration
public class ConfigProperties {
@Value("${spring.security.usercredentials[0].openpass}")
private String springSecurityOpenpass;
+ @Value("${client.key-store:#{null}}")
+ private Resource clientKeyStore;
+
+ @Value("${client.key-store-password:#{null}}")
+ private String clientKeyStorePassword;
+
+ @Value("${client.trust-store:#{null}}")
+ private Resource clientTrustStore;
+
+ @Value("${client.trust-store-password:#{null}}")
+ private String clientTrustStorePassword;
+
public String getVevnfmadapterVnfFilterJson() {
return vevnfmadapterVnfFilterJson;
}
public String getSpringSecurityOpenpass() {
return springSecurityOpenpass;
}
+
+ public Resource getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ public Resource getClientTrustStore() {
+ return clientTrustStore;
+ }
+
+ public String getClientTrustStorePassword() {
+ return clientTrustStorePassword;
+ }
}
vevnfmadapter:
vnf-filter-json: '{notificationTypes:[VnfLcmOperationOccurrenceNotification],operationStates:[COMPLETED]}'
- endpoint: http://so-ve-vnfm-adapter.onap:9098
+ endpoint: http://so-ve-vnfm-adapter:9098
+
+client:
+ key-store: classpath:ve-vnfm-adapter.p12
+ key-store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
+ trust-store: classpath:org.onap.so.trust.jks
+ trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
aai:
- endpoint: https://aai.onap:30233
+ endpoint: https://aai:30233
auth: 75C4483F9C05E2C33A8602635FA532397EC44AB667A2B64DED4FEE08DD932F2E3C1FEE
vnfm:
- default-endpoint: https://so-vnfm-simulator.onap:9093
+ default-endpoint: https://so-vnfm-simulator:9093
subscription: /vnflcm/v1/subscriptions
notification: /lcm/v1/vnf/instances/notifications
vnf-filter-type: NONE
dmaap:
- endpoint: http://message-router.onap:30227
+ endpoint: http://message-router:30227
topic: /events/unauthenticated.DCAE_CL_OUTPUT
closed-loop:
control: