import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Optional;
-
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPReply;
import org.apache.commons.net.ftp.FTPSClient;
-import org.apache.commons.net.util.KeyManagerUtils;
import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException;
import org.onap.dcaegen2.collectors.datafile.exceptions.NonRetryableDatafileTaskException;
import org.slf4j.Logger;
FTPSClient realFtpsClient = new FTPSClient();
private final FileServerData fileServerData;
private static TrustManager theTrustManager = null;
+ private static KeyManager theKeyManager = null;
- private final String keyCertPath;
+ private final Path keyCertPath;
private final String keyCertPasswordPath;
private final Path trustedCaPath;
private final String trustedCaPasswordPath;
* @param trustedCaPath path to the PNF's trusted keystore.
* @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore.
*/
- public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath,
+ public FtpsClient(FileServerData fileServerData, Path keyCertPath, String keyCertPasswordPath, Path trustedCaPath,
String trustedCaPasswordPath) {
this.fileServerData = fileServerData;
this.keyCertPath = keyCertPath;
public void open() throws DatafileTaskException {
try {
realFtpsClient.setNeedClientAuth(true);
- realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath));
+ realFtpsClient.setKeyManager(getKeyManager(keyCertPath, keyCertPasswordPath));
realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath));
setUpConnection();
} catch (DatafileTaskException e) {
}
}
- protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath)
+ protected KeyManager getKeyManager(Path keyCertPath, String keyCertPasswordPath)
throws IOException, GeneralSecurityException {
String keyCertPassword = "";
try {
e.printStackTrace();
}
- return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword);
+ synchronized (FtpsClient.class) {
+ if (theKeyManager == null) {
+ theKeyManager = createKeyManager(keyCertPath, keyCertPassword);
+ }
+ return theKeyManager;
+ }
+ }
+
+ private KeyManager createKeyManager(Path keyCertPath, String keyCertPassword)
+ throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+ logger.trace("Creating key manager from file: {}", keyCertPath);
+ try (InputStream fis = createInputStream(keyCertPath)) {
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(fis, keyCertPassword.toCharArray());
+ KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509");
+ factory.init(keyStore, keyCertPassword.toCharArray());
+ return factory.getKeyManagers()[0];
+ }
}
}
protected FtpsClient createFtpsClient(FileData fileData) {
FtpesConfig config = datafileAppConfig.getFtpesConfiguration();
- return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(),
+ return new FtpsClient(fileData.fileServerData(), Paths.get(config.keyCert()), config.keyPasswordPath(),
Paths.get(config.trustedCa()), config.trustedCaPasswordPath());
}
}
@BeforeEach
protected void setUp() throws Exception {
- clientUnderTestSpy = spy(new FtpsClient(createFileServerData(), FTP_KEY_PATH, FTP_KEY_PASSWORD, TRUSTED_CA_PATH,
+ clientUnderTestSpy = spy(new FtpsClient(createFileServerData(), Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD, TRUSTED_CA_PATH,
TRUSTED_CA_PASSWORD));
clientUnderTestSpy.realFtpsClient = ftpsClientMock;
}
@Test
public void collectFile_allOk() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
@Test
public void collectFileFaultTrustedCA_shouldFail_no_trustedCA_file() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doThrow(new IOException("problem")).when(clientUnderTestSpy).createInputStream(TRUSTED_CA_PATH);
assertThatThrownBy(() -> clientUnderTestSpy.open())
@Test
public void collectFileFaultTrustedCA_shouldFail_empty_trustedCA_file() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doReturn(inputStreamMock).when(clientUnderTestSpy).createInputStream(TRUSTED_CA_PATH);
assertThatThrownBy(() -> clientUnderTestSpy.open())
@Test
public void collectFileFaultyLogin_shouldFail() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
doReturn(false).when(ftpsClientMock).login(USERNAME, PASSWORD);
@Test
public void collectFileBadRequestResponse_shouldFail() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
@Test
public void collectFile_shouldFail() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
@Test
public void collectFile_shouldFail_ioexception() throws Exception {
- doReturn(keyManagerMock).when(clientUnderTestSpy).createKeyManager(FTP_KEY_PATH, FTP_KEY_PASSWORD);
+ doReturn(keyManagerMock).when(clientUnderTestSpy).getKeyManager(Paths.get(FTP_KEY_PATH), FTP_KEY_PASSWORD);
doReturn(trustManagerMock).when(clientUnderTestSpy).getTrustManager(TRUSTED_CA_PATH, TRUSTED_CA_PASSWORD);
doReturn(outputStreamMock).when(clientUnderTestSpy).createOutputStream(LOCAL_FILE_PATH);
doReturn(true).when(ftpsClientMock).login(USERNAME, PASSWORD);
Code Review / dcaegen2 / collectors / datafile.git / commitdiff