From bd93a470b669b2876f69fa569455a315151107f0 Mon Sep 17 00:00:00 2001
From: hekeguang <hekeguang@chinamobile.com>
Date: Mon, 24 Feb 2020 17:00:51 +0800
Subject: [PATCH] SECCOM HTTPS communication vs. HTTP(TSC must havve)

Issue-ID: USECASEUI-356
Change-Id: I5793e959535824cabf5929c30c911d486fa392b0
Signed-off-by: hekeguang <hekeguang@chinamobile.com>
---
 .../usecaseui/server/util/CustomTrustManager.java  |  38 ++++++++
 .../usecaseui/server/util/RestfulServices.java     | 106 +++++++++++++++------
 server/src/main/resources/application.properties   |   5 +
 server/src/main/resources/keystore/README.txt      |  12 +++
 server/src/main/resources/keystore/uuiServer.jks   | Bin 0 -> 2589 bytes
 5 files changed, 130 insertions(+), 31 deletions(-)
 create mode 100644 server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java
 create mode 100644 server/src/main/resources/keystore/README.txt
 create mode 100644 server/src/main/resources/keystore/uuiServer.jks

diff --git a/server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java b/server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java
new file mode 100644
index 00000000..7d4e2311
--- /dev/null
+++ b/server/src/main/java/org/onap/usecaseui/server/util/CustomTrustManager.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2019 CMCC, Inc. and others. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onap.usecaseui.server.util;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509TrustManager;
+
+public class CustomTrustManager implements X509TrustManager {
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+    }
+}
diff --git a/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java b/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java
index 1b3a5ec1..e2fe11a2 100644
--- a/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java
+++ b/server/src/main/java/org/onap/usecaseui/server/util/RestfulServices.java
@@ -18,11 +18,27 @@ package org.onap.usecaseui.server.util;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 
+import javax.naming.Context;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import org.glassfish.jersey.client.ClientConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -36,28 +52,33 @@ import retrofit2.converter.jackson.JacksonConverterFactory;
 
 public class RestfulServices {
 
-	private static final Logger logger = LoggerFactory.getLogger(RestfulServices.class);
+    private static final Logger logger = LoggerFactory.getLogger(RestfulServices.class);
 
     public static <T> T create(String baseUrl, Class<T> clazz) {
         Retrofit retrofit = new Retrofit.Builder()
-                .baseUrl(baseUrl)
-                .addConverterFactory(JacksonConverterFactory.create())
-                .build();
+            .baseUrl(baseUrl)
+            .addConverterFactory(JacksonConverterFactory.create())
+            .build();
         return retrofit.create(clazz);
     }
 
     public static <T> T create(Class<T> clazz) {
         //Set the interface response time
-    	final OkHttpClient client = new OkHttpClient.Builder().
-    	        connectTimeout(300, TimeUnit.SECONDS).
-    	        readTimeout(300, TimeUnit.SECONDS).
-    	        writeTimeout(300, TimeUnit.SECONDS).build();
+
+        OkHttpClient okHttpClient = new OkHttpClient.Builder()
+            .connectTimeout(300, TimeUnit.SECONDS)
+            .readTimeout(300, TimeUnit.SECONDS)
+            .sslSocketFactory(getSSLSocketFactory(), new CustomTrustManager())
+            .hostnameVerifier(getHostnameVerifier())
+            .build();
+
         String msbUrl = getMsbAddress();
         Retrofit retrofit = new Retrofit.Builder()
-                .baseUrl("http://" + msbUrl + "/")
-        		.client(client)
-                .addConverterFactory(JacksonConverterFactory.create())
-                .build();
+            .baseUrl("https://" + msbUrl + "/")
+            .client(okHttpClient)
+            .addConverterFactory(JacksonConverterFactory.create())
+            .build();
+
         return retrofit.create(clazz);
     }
 
@@ -70,25 +91,48 @@ public class RestfulServices {
     }
 
     public static RequestBody extractBody(HttpServletRequest request) throws IOException {
-      	 BufferedReader br = null;
-       	 StringBuilder sb = new StringBuilder("");
-       	 try {
-       		 br = request.getReader();
-                String str;
-                while ((str = br.readLine()) != null)
-                {
-                    sb.append(str);
-                }
+        BufferedReader br = null;
+        StringBuilder sb = new StringBuilder("");
+        try {
+            br = request.getReader();
+            String str;
+            while ((str = br.readLine()) != null) {
+                sb.append(str);
+            }
+            br.close();
+            logger.info("The request body content is: " + sb.toString());
+            return RequestBody.create(MediaType.parse("application/json"), sb.toString());
+        } catch (Exception e) {
+            logger.info("RestfulServices occur exection,this content is: " + e.getMessage());
+            return RequestBody.create(MediaType.parse("application/json"), sb.toString());
+        } finally {
+            if (null != br) {
                 br.close();
-                logger.info("The request body content is: "+sb.toString());
-                return RequestBody.create(MediaType.parse("application/json"),sb.toString());
-    		}catch(Exception e){
-    			 logger.info("RestfulServices occur exection,this content is: "+e.getMessage());
-    			 return RequestBody.create(MediaType.parse("application/json"),sb.toString());
-    		}finally {
-               if (null != br) {
-               	 br.close();
-               }
-    		}
+            }
         }
+    }
+
+    public static SSLSocketFactory getSSLSocketFactory() {
+        SSLSocketFactory ssfFactory = null;
+
+        try {
+            SSLContext sc = SSLContext.getInstance("TLS");
+            sc.init(null, new TrustManager[]{new CustomTrustManager()}, new SecureRandom());
+
+            ssfFactory = sc.getSocketFactory();
+        } catch (Exception e) {
+        }
+
+        return ssfFactory;
+    }
+
+    public static HostnameVerifier getHostnameVerifier() {
+        HostnameVerifier   hostnameVerifier= new HostnameVerifier() {
+            public boolean verify(String hostname, SSLSession session) {
+                return true;
+            }
+        };
+        return hostnameVerifier;
+    }
 }
+
diff --git a/server/src/main/resources/application.properties b/server/src/main/resources/application.properties
index 48fb0e7b..a742294c 100644
--- a/server/src/main/resources/application.properties
+++ b/server/src/main/resources/application.properties
@@ -39,3 +39,8 @@ logging.level.*=ERROR
 #enable shutdown
 endpoints.shutdown.enabled=true
 endpoints.shutdown.sensitive=false
+
+server.ssl.protocol=TLS
+server.ssl.key-store=classpath:keystore/uuiServer.jks
+server.ssl.key-store-password=Aa123456
+server.ssl.key-store-type=JKS
\ No newline at end of file
diff --git a/server/src/main/resources/keystore/README.txt b/server/src/main/resources/keystore/README.txt
new file mode 100644
index 00000000..45380d22
--- /dev/null
+++ b/server/src/main/resources/keystore/README.txt
@@ -0,0 +1,12 @@
+keytool -genkeypair -keystore uuiServer.jks -alias uuiServer -keypass Aa123456 -storepass Aa123456  -keyalg RSA -keysize 2048  -validity 3650 -dname "CN=Usecaseui Server, OU=Development, O=ChinaMobile, L=Beijing, C=cn"
+
+
+3650 – 10 years validity
+Development – Organization unit
+ChinaMobile – Organization
+Beijing- City
+cn – Country code
+
+
+uuiServer.jks – name of keystore
+Aa123456 - password
diff --git a/server/src/main/resources/keystore/uuiServer.jks b/server/src/main/resources/keystore/uuiServer.jks
new file mode 100644
index 0000000000000000000000000000000000000000..eb2ad75e609f78b5a02a03fd3c52fb7348be6002
GIT binary patch
literal 2589
zcmY+Ec{~(~7RP6^3??pPt&r^Nj3rx^LSw!5eHX)AYnB*B7>zYdmh4-ikRl>W$S4Xk
z1`&n~LYHijN_g)3ym#NbpYu8Ad_KS5Iln)@2s{fv2na^tp<|3t=_JFX0~nAASb>L<
zAb4ocsoaUcGX(#`V(@_A8C*_fhtsxUWc|+<8w(IrfrlI-@Q?$96eG)j<<s!95crn*
zv5msZwnwAmAqz<xnc_D)#Zy3F0LcP^hYY6GX|ljpCs^;JzTKd7hzu<lkO6PlKb#01
z&t?V<Vi&Vsjis?w>6drSSb1+t#av_T$96Nm2-J7>mkz5%M~CoauCuqrO6tY~eZ|MK
zn<nn+^nz)>?FRy=MZ(J=3R5K3`nUEweK(dY$_pgzWghs~pFAKIcRdCCX*I;aGV^qy
zr}Rygmi9Y+js=ZE8s{HS@|mlN6(!pB6T8Us++nP<co!c;%~6`G0fEox7g+%&e(hb5
znY(t3SEf&<Om%|Pb@ghl)eUHVz3$_@k%2YgHd=vH`Z~G7dkf_?9#87utO?9UCDATE
z8JT`syzpoM$7D02ObEBD>GJ&gVC_x{rmxqtNjQ?Mm!izcYBbDM`?wkrVLfD7x`SqT
zWs#WVa({k70(iynWo7jI*aBhM2ULglfM7JJjc!~j`bN4l-{%$Mb#uw1a*>7B)dgCB
zW>fOMuVUyzywTCa-@44aE@Z}Plh$9xz|4(<@r>y>fA$aK?0`j;=lf05hSTcq>cna-
znpuUQBfgoKOJDpBRL(JNEbjpEac2|&9u2@seFU9VbIS_fJkp$4wlI#7Yf9Aw?|hp~
z&2|6fdtiB8IU}{)&iSzO^^k2ti%t*SJzZDlGx9dLfG^q2uxir=H`U5-MeiN?(`jOr
zNv=?3jm<rW%Y1mrPlIadXKs1*S^zh-aj?_1mR8w`KhHia)OH{_x>w$F@!j15OdBh5
z)BVKkmm7*MTa)kwjtcfjaUXk#wMtwaT*(g~S!{Q#33|3qm&*Ub-tKjB>%;1&2>JbU
zM1BrSAPERjK5Tccr{GCHl;n}h8a!l*v|08#H6ZRfSyjD2vO#8;2EcT<Qk4>meul5v
z*?uHORSqid_7h3Y6&i6<A8Rj;%V;y_r=-Kv^d*aeaRAx<yzg*<6N{hgt%}yXOAsxv
zL$iA3WD8jVZ9HEb6{jq|G#US4yY_L!lD>2pHjoL;bd9=K`9!GoI7;^y)UK)-UA#*l
z@rV3*bm>uni<f>5Y!HPNH8Ae=oLAtC1r?t^d;dsc;-;`KqHo3hP%%vE=c=muROEJv
z?bEaK4YI8+Qei1-nHx{;4UF<;l_`m-)lBguMAf?6d6p%ocyk$)0vSqEG?|Lvo492a
zo8ms%YxyG>v11e}cF1cgPm51G?ZdZ<*7lwx8?>Iq%3gik`Y!vSOx|o$NmeKGOp*zd
zy7{|LuD(~O`Epkf4(!d>eds8?7PO<I;$YSPv9h)PnLoX{M^~u1OX(z87UofNE4U`F
z&nER5&s7>>T@DMajQ>IPsFSUk`dpLc`UBT+A^1>dr}-YndO=GdzQgF<dnaofZ|pF^
zd5*S)PoLJnDj4;}ozvjvu<zF{E4Gg?QHH=KI13GC4{36B0k)!UTDbDbpHarJuMC5|
z+mrbG&Ib$4+1h}x`|btoU%Wf_oSR=}JAL!uos`$suTz!slP}{Q7e0_7T?uLNq4M)8
zevU&Xva*@q)nOi&8gDC!X-N0Gss^>qnzxA0*m?!W`h`}cnebY_P$%fhyu+CR8A&WO
zC7^E<IDaHZN&Ly0^TWOM*K|oUYgQZga-@*yIlXv!Z`kj!pjlJGU|i$fkjo~`_xnPT
z*AN%}MkN%EgbQ*4B2Ehf2m|;4LIF4bn*V>ojf6uuZ7_j8!blZWHB}WwRTZS_rAwy>
z)&Dz(iSd-GDyI?>1O%Ke>Hj&ve{h!ZFV5-&4atd$Pfxl>UzQE{L)0#-K}hD`oQ=nW
zx3whd&|Il?k8^oD#$x?@mjn$&nuzTeJ}PvMk;i`RastoP^3UFsFk#bahbs|;v#wuh
z&+{H#U1SzX?!~qwx-}N5ekZzmYjD?_IO!DSl<;Q5oplYxf*j$<j|XbPQ3=ukHigP>
zg%W{<M|-3Z)gPwH#J&=q>5V&=mV;HvgG9Nbz!Q>hs6F)FA!K^1Z){X#L+?pdU#4_7
zY3Jnk1T}*8Rnm)O%$d>UX6pGSgIsO+W%Y0&A*7sH$z*gsib*X`N$<@X7<H)5`04gH
zk%Kh~Fk4ScaZF&drJ-r?a0Tr(&TQp4o1fEpfP$M&yfV&-v2XOyu<`|1`3_GceSQye
zPoGnglTPhdRd32dKh5<MEh(bB#?;lgY+j`MhAKq_aSvGzv1qE|jlN3`+`<(g<5hZ0
zS11Wd1v%jfFxfa>cn1L}HstFVY0Jl9BswjKun1PB!Ey`Kr+(W=wc>fEO{frJ)Y8`j
z@Qal2eR?Buc*@A14n0wdiunQ2fp=QMxeX^JjL^L%lwC}O^waZ`u;V$A2+?UVke0w!
z#K>C)rif83;w=TphMQ%9c)!_!=G*z7ED5M7X|;L@&EYWd_VW@Cofaak7mlng(B9LE
zY0aTnr)nxM8^SP<!-;6fQKr^Y(RA+XB?p#xlYy46)3vb=mP+qa4PR$B;QaP2gCcz9
z2#rqINX3+H&f7ehQJAT7?3nI-?%wweWobZu<}jPK+y=D=OpVj)#WyljgNXr2nZ~*X
z`^WV1gyKYGVA==h=J<+^Zj<~Qza;XB<N8<66APq5$u3A#QCia3pG2U8a+wkmg!7Xx
zbJ*eJ>htIu&9>nKUf?6KL5U%hEq_=9(<)~rD_>e)b7A#$*^K8NeHp@<iJN8hf>~=8
zRgrgWkwMv?(`TQ*E@Ydj_n1dzvvDqe!I!kV&e5fOp5LVy#`LkK$%a>_th~fhsKax#
zo^=h%qV7F`Iw^Yc#`x`EX=&5qe2SE?>Ao1|?W36iw1VNov!2V_9daSTCvj%6E-GAG
zx6p)C&F(2bu?+<r`1aYsyU|_uLi8QGR%!#qD!tOtD*V749kQb5WUj3!DDhItLED|Q
zUIx$gtTn5S?eSepR(-Q>FAMu9T(|DWv;E9xF4h%RWq8R%-@0)mu;@ei>SAEWAhP>{
zgO=f%A4!M5Wh+lHj&MjW^#PRvg7SX+$`JIXJ6k<ze7_hBCfMQHPnLd`zb6sW41mXh
zwMw0oR}dWs9PdQr@u!`G{@b5pIPk@}Qg+(!p{_GM-&+&>4-;q1=9Jxtnjp7l^3OZk
zUOXnZc*jRYn&&?k2zizzdhZyajkth-GBU`V0fPh>01!C6SSk9Y9@azH^kHn7pHnxN
i`5)~NI3<dKK<YWy28`Pi*o=eg`Ra{?gTTO~ihlvQG`XMv

literal 0
HcmV?d00001

-- 
2.16.6