*/\r
package org.openecomp.restclient.rest;\r
\r
-import com.sun.jersey.api.client.Client;\r
-import com.sun.jersey.api.client.config.ClientConfig;\r
-import com.sun.jersey.api.client.config.DefaultClientConfig;\r
-import com.sun.jersey.client.urlconnection.HTTPSProperties;\r
-\r
import java.io.FileInputStream;\r
import java.security.KeyStore;\r
import java.security.cert.X509Certificate;\r
import javax.net.ssl.TrustManager;\r
import javax.net.ssl.X509TrustManager;\r
\r
+import org.openecomp.restclient.enums.RestAuthenticationMode;\r
+\r
+import com.sun.jersey.api.client.Client;\r
+import com.sun.jersey.api.client.config.ClientConfig;\r
+import com.sun.jersey.api.client.config.DefaultClientConfig;\r
+import com.sun.jersey.client.urlconnection.HTTPSProperties;\r
+\r
/**\r
* This is a generic REST Client builder with flexible security validation. Sometimes it's nice to\r
* be able to disable server chain cert validation and hostname validation to work-around lab\r
* issues, but at the same time be able to provide complete validation with client cert + hostname +\r
- * server cert chain validation. \r
- * I used the ModelLoader REST client as a base and merged in the TSUI client I wrote which also\r
- * validates the server hostname and server certificate chain.\r
- * \r
- * @author DAVEA\r
- *\r
+ * server cert chain validation. I used the ModelLoader REST client as a base and merged in the TSUI\r
+ * client I wrote which also validates the server hostname and server certificate chain.\r
*/\r
public class RestClientBuilder {\r
\r
public static final String DEFAULT_TRUST_STORE_FILENAME = null;\r
public static final int DEFAULT_CONNECT_TIMEOUT_MS = 60000;\r
public static final int DEFAULT_READ_TIMEOUT_MS = 60000;\r
+ public static final RestAuthenticationMode DEFAULT_AUTH_MODE = RestAuthenticationMode.HTTP_NOAUTH;\r
+ public static final String DEFAULT_BASIC_AUTH_USERNAME = "";\r
+ public static final String DEFAULT_BASIC_AUTH_PASSWORD = "";\r
\r
private static final String SSL_PROTOCOL = "TLS";\r
private static final String KEYSTORE_ALGORITHM = "SunX509";\r
private static final String KEYSTORE_TYPE = "PKCS12";\r
\r
- /*\r
- * TODO: implement fluent interface?\r
- */\r
-\r
private boolean validateServerHostname;\r
private boolean validateServerCertChain;\r
private String clientCertFileName;\r
private String truststoreFilename;\r
private int connectTimeoutInMs;\r
private int readTimeoutInMs;\r
+ private RestAuthenticationMode authenticationMode;\r
+ private String basicAuthUsername;\r
+ private String basicAuthPassword;\r
\r
/**\r
* Rest Client Builder.\r
truststoreFilename = DEFAULT_TRUST_STORE_FILENAME;\r
connectTimeoutInMs = DEFAULT_CONNECT_TIMEOUT_MS;\r
readTimeoutInMs = DEFAULT_READ_TIMEOUT_MS;\r
+ authenticationMode = RestAuthenticationMode.HTTP_NOAUTH;\r
+ basicAuthUsername = DEFAULT_BASIC_AUTH_USERNAME;\r
+ basicAuthPassword = DEFAULT_BASIC_AUTH_PASSWORD;\r
}\r
\r
public boolean isValidateServerHostname() {\r
this.readTimeoutInMs = readTimeoutInMs;\r
}\r
\r
+\r
+\r
+ public RestAuthenticationMode getAuthenticationMode() {\r
+ return authenticationMode;\r
+ }\r
+\r
+ public void setAuthenticationMode(RestAuthenticationMode authenticationMode) {\r
+ this.authenticationMode = authenticationMode;\r
+ }\r
+\r
+ public String getBasicAuthUsername() {\r
+ return basicAuthUsername;\r
+ }\r
+\r
+ public void setBasicAuthUsername(String basicAuthUsername) {\r
+ this.basicAuthUsername = basicAuthUsername;\r
+ }\r
+\r
+ public String getBasicAuthPassword() {\r
+ return basicAuthPassword;\r
+ }\r
+\r
+ public void setBasicAuthPassword(String basicAuthPassword) {\r
+ this.basicAuthPassword = basicAuthPassword;\r
+ }\r
+\r
/**\r
- * Returns Client.\r
+ * Returns Client configured for SSL\r
*/\r
public Client getClient() throws Exception {\r
\r
- ClientConfig clientConfig = new DefaultClientConfig();\r
+ switch (authenticationMode) {\r
+ case SSL_BASIC:\r
+ case SSL_CERT:\r
+ return getClient(true);\r
\r
+ default:\r
+ // return basic non-authenticating HTTP client\r
+ return getClient(false);\r
+ }\r
+\r
+ }\r
+\r
+ protected void setupSecureSocketLayerClientConfig(ClientConfig clientConfig) throws Exception {\r
// Check to see if we need to perform proper validation of\r
// the certificate chains.\r
TrustManager[] trustAllCerts = null;\r
ctx.init(null, trustAllCerts, null);\r
}\r
\r
-\r
// Are we performing validation of the server host name?\r
if (validateServerHostname) {\r
clientConfig.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,\r
}\r
}, ctx));\r
}\r
+ }\r
+\r
+\r
+ /**\r
+ * Returns client instance\r
+ * \r
+ * @param useSsl - used to configure the client with an ssl-context or just plain http\r
+ */\r
+ protected Client getClient(boolean useSsl) throws Exception {\r
+\r
+ ClientConfig clientConfig = new DefaultClientConfig();\r
+\r
+ if (useSsl) {\r
+ setupSecureSocketLayerClientConfig(clientConfig);\r
+ }\r
\r
// Finally, create and initialize our client...\r
Client client = null;\r
// ...and return it to the caller.\r
return client;\r
}\r
+\r
+ public String getBasicAuthenticationCredentials() {\r
+\r
+ String usernameAndPassword = getBasicAuthUsername() + ":" + getBasicAuthPassword();\r
+ return "Basic " + java.util.Base64.getEncoder().encodeToString(usernameAndPassword.getBytes());\r
+ }\r
+\r
+ /* \r
+ * Added a little bit of logic to obfuscate passwords that could be logged out\r
+ * (non-Javadoc)\r
+ * @see java.lang.Object#toString()\r
+ */\r
+ @Override\r
+ public String toString() {\r
+ return "RestClientBuilder [validateServerHostname=" + validateServerHostname\r
+ + ", validateServerCertChain=" + validateServerCertChain + ", "\r
+ + (clientCertFileName != null ? "clientCertFileName=" + clientCertFileName + ", " : "")\r
+ + (clientCertPassword != null\r
+ ? "clientCertPassword="\r
+ + java.util.Base64.getEncoder().encodeToString(clientCertPassword.getBytes()) + ", "\r
+ : "")\r
+ + (truststoreFilename != null ? "truststoreFilename=" + truststoreFilename + ", " : "")\r
+ + "connectTimeoutInMs=" + connectTimeoutInMs + ", readTimeoutInMs=" + readTimeoutInMs + ", "\r
+ + (authenticationMode != null ? "authenticationMode=" + authenticationMode + ", " : "")\r
+ + (basicAuthUsername != null ? "basicAuthUsername=" + basicAuthUsername + ", " : "")\r
+ + (basicAuthPassword != null ? "basicAuthPassword="\r
+ + java.util.Base64.getEncoder().encodeToString(basicAuthPassword.getBytes()) : "")\r
+ + "]";\r
+ }\r
+\r
}\r