From: Kevin Smokowski <kevin.smokowski@att.com>
Date: Mon, 31 Aug 2020 13:33:39 +0000 (+0000)
Subject: Restapi-call-node: Fix setting truststore, should not set system properties
X-Git-Tag: 1.0.1~3
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=ccsdk%2Fsli%2Fplugins.git;a=commitdiff_plain;h=e0906b672c7a43b3a724da8426e8860f69221e97

Restapi-call-node: Fix setting truststore, should not set system properties

Issue-ID: CCSDK-2637
Change-Id: Ie677cca90d9ed946768e6d93187b20c29ecc2166
Signed-off-by: Smokowski, Kevin (ks6305) <kevin.smokowski@att.com>
---

diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java
index 2a2bc6d3..9b542af9 100755
--- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java
+++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java
@@ -36,6 +36,9 @@ public class Parameters {
     public Set<String> listNameList;
     public boolean skipSending;
     public boolean convertResponse;
+    public String keyStoreFileName;
+    public String keyStorePassword;
+    public boolean ssl;
     public String customHttpHeaders;
     public String partner;
     public Boolean dumpHeaders;
diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
index 04f53c8b..3d704249 100755
--- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
+++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
@@ -38,6 +38,7 @@ import java.net.URI;
 import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Collections;
@@ -52,6 +53,8 @@ import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
 import javax.ws.rs.ProcessingException;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
@@ -222,6 +225,9 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
         String skipSendingStr = paramMap.get(skipSendingMessage);
         p.skipSending = "true".equalsIgnoreCase(skipSendingStr);
         p.convertResponse = valueOf(parseParam(paramMap, "convertResponse", false, "true"));
+        p.keyStoreFileName = parseParam(paramMap, "keyStoreFileName", false, null);
+        p.keyStorePassword = parseParam(paramMap, "keyStorePassword", false, null);
+        p.ssl = p.keyStoreFileName != null && p.keyStorePassword != null;
         p.customHttpHeaders = parseParam(paramMap, "customHttpHeaders", false, null);
         p.partner = parseParam(paramMap, "partner", false, null);
         p.dumpHeaders = valueOf(parseParam(paramMap, "dumpHeaders", false, null));
@@ -781,9 +787,18 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
      */
     public HttpResponse sendHttpRequest(String request, Parameters p) throws SvcLogicException {
 
-        HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true);
+        SSLContext ssl = null;
+        if (p.ssl && p.restapiUrl.startsWith("https")) {
+            ssl = createSSLContext(p);
+        }
+        Client client;
+        if (ssl != null) {
+            HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
+            client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier((s, sslSession) -> true).build();
+        } else {
+            client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build();
+        }
 
-        Client client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build();
         setClientTimeouts(client);
         // Needed to support additional HTTP methods such as PATCH
         client.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, true);
@@ -906,6 +921,23 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
         return r;
     }
 
+    protected SSLContext createSSLContext(Parameters p) {
+        try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) {
+            HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true);
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            KeyStore ks = KeyStore.getInstance("PKCS12");
+            char[] pwd = p.keyStorePassword.toCharArray();
+            ks.load(in, pwd);
+            kmf.init(ks, pwd);
+            SSLContext ctx = SSLContext.getInstance("TLS");
+            ctx.init(kmf.getKeyManagers(), null, null);
+            return ctx;
+        } catch (Exception e) {
+            log.error("Error creating SSLContext: {}", e.getMessage(), e);
+        }
+        return null;
+    }
+
     protected void setFailureResponseStatus(SvcLogicContext ctx, String prefix, String errorMessage,
         HttpResponse resp) {
         resp.code = 500;