+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * Copyright © 2017-2018 Amdocs
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.sparky.security;
-
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.KeyManagementException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
-import javax.net.ssl.SSLContext;
-
-/**
- * A factory for creating SecurityContext objects.
- */
-public interface SecurityContextFactory {
-
- public String getSslAlgorithm();
-
- public void setSslAlgorithm(String sslAlgorithm);
-
- public String getKeyManagerAlgortihm();
-
- public void setKeyManagerAlgortihm(String keyManagerAlgortihm);
-
- public String getKeyStoreType();
-
- public void setKeyStoreType(String keyStoreType);
-
- public boolean isServerCertificationChainValidationEnabled();
-
- public void setServerCertificationChainValidationEnabled(
- boolean serverCertificationChainValidationEnabled);
-
- public String getTrustStoreFileName();
-
- public void setTrustStoreFileName(String filename);
-
- public String getClientCertPassword();
-
- public void setClientCertPassword(String password);
-
- public void setClientCertFileInputStream(FileInputStream fis);
-
- public void setClientCertFileName(String filename) throws IOException;
-
- public FileInputStream getClientCertFileInputStream();
-
- public SSLContext getSecureContext()
- throws KeyManagementException, NoSuchAlgorithmException, FileNotFoundException,
- KeyStoreException, CertificateException, IOException, UnrecoverableKeyException;
-
-}
+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * Copyright © 2017-2018 Amdocs
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.sparky.security;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.nio.file.Files;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-/**
- * The Class SecurityContextFactoryImpl.
- */
-public class SecurityContextFactoryImpl implements SecurityContextFactory {
-
- protected String sslAlgorithm;
- protected String keyManagerAlgortihm;
- protected String keyStoreType;
- protected boolean serverCertificationChainValidationEnabled;
- protected String trustStoreFileName;
- protected String clientCertPassword;
- protected FileInputStream clientCertFileInputStream;
- protected String clientCertFileName;
- protected byte[] clientCertBytes;
-
- /**
- * Instantiates a new security context factory impl.
- */
- public SecurityContextFactoryImpl() {
- this.sslAlgorithm = "TLS";
- this.keyManagerAlgortihm = "SunX509";
- this.keyStoreType = "PKCS12";
- this.serverCertificationChainValidationEnabled = false;
- this.clientCertFileInputStream = null;
- this.clientCertFileName = null;
- }
-
- @Override
- public String getSslAlgorithm() {
- return sslAlgorithm;
- }
-
- @Override
- public void setSslAlgorithm(String sslAlgorithm) {
- this.sslAlgorithm = sslAlgorithm;
- }
-
- @Override
- public String getKeyManagerAlgortihm() {
- return keyManagerAlgortihm;
- }
-
- @Override
- public void setKeyManagerAlgortihm(String keyManagerAlgortihm) {
- this.keyManagerAlgortihm = keyManagerAlgortihm;
- }
-
- @Override
- public String getKeyStoreType() {
- return keyStoreType;
- }
-
- @Override
- public void setKeyStoreType(String keyStoreType) {
- this.keyStoreType = keyStoreType;
- }
-
- @Override
- public boolean isServerCertificationChainValidationEnabled() {
- return serverCertificationChainValidationEnabled;
- }
-
- @Override
- public void setServerCertificationChainValidationEnabled(
- boolean serverCertificationChainValidationEnabled) {
- this.serverCertificationChainValidationEnabled = serverCertificationChainValidationEnabled;
- }
-
- @Override
- public void setClientCertFileName(String filename) throws IOException {
- this.clientCertFileName = filename;
-
- if (filename == null) {
- this.clientCertBytes = null;
- } else {
- this.clientCertBytes = Files.readAllBytes(new File(filename).toPath());
- }
- }
-
- @Override
- public void setClientCertFileInputStream(FileInputStream fis) {
- this.clientCertFileInputStream = fis;
- }
-
- @Override
- public FileInputStream getClientCertFileInputStream() {
- return this.clientCertFileInputStream;
- }
-
- @Override
- public SSLContext getSecureContext() throws KeyManagementException, NoSuchAlgorithmException,
- KeyStoreException, CertificateException, IOException, UnrecoverableKeyException {
-
- TrustManager[] trustAllCerts = null;
-
- if (serverCertificationChainValidationEnabled) {
-
- System.setProperty("javax.net.ssl.trustStore", trustStoreFileName);
-
- } else {
-
- // Create a trust manager that does not validate certificate chains
- trustAllCerts = new TrustManager[] {new X509TrustManager() {
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- @Override
- public void checkClientTrusted(X509Certificate[] certs, String authType) {}
-
- @Override
- public void checkServerTrusted(X509Certificate[] certs, String authType) {}
- } };
- }
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerAlgortihm);
-
- KeyStore ks = KeyStore.getInstance(keyStoreType);
-
- char[] pwd = null;
- if (clientCertPassword != null) {
- pwd = clientCertPassword.toCharArray();
- }
-
- if (clientCertBytes != null) {
- ks.load(new ByteArrayInputStream(clientCertBytes), pwd);
- } else {
- ks.load(null, pwd);
- }
-
- kmf.init(ks, pwd);
-
- SSLContext ctx = SSLContext.getInstance(sslAlgorithm);
- ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
-
- return ctx;
-
- }
-
- @Override
- public String getTrustStoreFileName() {
- return this.trustStoreFileName;
- }
-
- @Override
- public void setTrustStoreFileName(String filename) {
- this.trustStoreFileName = filename;
- }
-
- @Override
- public String getClientCertPassword() {
- return this.clientCertPassword;
- }
-
- @Override
- public void setClientCertPassword(String password) {
- this.clientCertPassword = password;
- }
-
-}
+++ /dev/null
-/**
- * ============LICENSE_START===================================================
- * SPARKY (AAI UI service)
- * ============================================================================
- * Copyright © 2017 AT&T Intellectual Property.
- * Copyright © 2017 Amdocs
- * All rights reserved.
- * ============================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=====================================================
- *
- * ECOMP and OpenECOMP are trademarks
- * and service marks of AT&T Intellectual Property.
- */
-
-package org.onap.aai.sparky.security;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.FileInputStream;
-
-import javax.net.ssl.SSLContext;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-
-/**
- * The Class SecurityContextFactoryImplTest.
- */
-public class SecurityContextFactoryImplTest {
-
-
- /**
- * Inits the.
- *
- * @throws Exception the exception
- */
- @Before
- public void init() throws Exception {
- }
-
- /**
- * Basic construction test.
- *
- * @throws Exception the exception
- */
- @Test
- public void basicConstructionTest() throws Exception {
-
- SecurityContextFactory sslContextFactory = new SecurityContextFactoryImpl();
-
- assertEquals("TLS", sslContextFactory.getSslAlgorithm());
- assertEquals("SunX509", sslContextFactory.getKeyManagerAlgortihm());
- assertEquals("PKCS12", sslContextFactory.getKeyStoreType());
- assertEquals(false, sslContextFactory.isServerCertificationChainValidationEnabled());
- assertEquals(null, sslContextFactory.getClientCertFileInputStream());
- }
-
- /**
- * Validate secure context.
- *
- * @throws Exception the exception
- */
- @Test
- public void validateSecureContext() throws Exception {
-
- SecurityContextFactory sslContextFactory = new SecurityContextFactoryImpl();
-
- SSLContext sslContext = sslContextFactory.getSecureContext();
-
- assertNotNull(sslContext);
- }
-
- /**
- * Validate secure context with server cert chain validation.
- *
- * @throws Exception the exception
- */
- @Test
- public void validateSecureContext_withServerCertChainValidation() throws Exception {
-
- SecurityContextFactory sslContextFactory = new SecurityContextFactoryImpl();
- sslContextFactory.setServerCertificationChainValidationEnabled(true);
- sslContextFactory.setTrustStoreFileName("filename");
-
- sslContextFactory.setClientCertFileName(null);
-
- SSLContext sslContext = sslContextFactory.getSecureContext();
-
- assertNotNull(sslContext);
- }
-
- /**
- * Validate accessors.
- *
- * @throws Exception the exception
- */
- @Test
- public void validateAccessors() throws Exception {
-
- SecurityContextFactory sslContextFactory = new SecurityContextFactoryImpl();
-
- FileInputStream mockInputStream = Mockito.mock(FileInputStream.class);
-
- sslContextFactory.setSslAlgorithm("sslAlgorithm");
- sslContextFactory.setKeyManagerAlgortihm("keyManagerAlgorithm");
- sslContextFactory.setKeyStoreType("keyStoreType");
- sslContextFactory.setClientCertFileInputStream(mockInputStream);
- sslContextFactory.setServerCertificationChainValidationEnabled(true);
- sslContextFactory.setTrustStoreFileName("truststoreFileName");
- sslContextFactory.setClientCertPassword("password");
-
- assertEquals("sslAlgorithm", sslContextFactory.getSslAlgorithm());
- assertEquals("keyManagerAlgorithm", sslContextFactory.getKeyManagerAlgortihm());
- assertEquals("keyStoreType", sslContextFactory.getKeyStoreType());
- assertEquals(mockInputStream, sslContextFactory.getClientCertFileInputStream());
- assertEquals(true, sslContextFactory.isServerCertificationChainValidationEnabled());
- assertEquals("truststoreFileName", sslContextFactory.getTrustStoreFileName());
- assertEquals("password", sslContextFactory.getClientCertPassword());
-
- }
-
-}
Code Review / aai / sparky-be.git / commitdiff