07f23e9ea38f6edb59a9046db974fe0e948bdfde
[nonrtric.git] / enrichment-coordinator-service / src / main / java / org / oransc / enrichment / clients / AsyncRestClientFactory.java
1 /*-
2  * ========================LICENSE_START=================================
3  * O-RAN-SC
4  * %%
5  * Copyright (C) 2020 Nordix Foundation
6  * %%
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ========================LICENSE_END===================================
19  */
20
21 package org.oransc.enrichment.clients;
22
23 import io.netty.handler.ssl.SslContext;
24 import io.netty.handler.ssl.SslContextBuilder;
25 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
26
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.io.InputStream;
30 import java.lang.invoke.MethodHandles;
31 import java.security.KeyStore;
32 import java.security.KeyStoreException;
33 import java.security.NoSuchAlgorithmException;
34 import java.security.UnrecoverableKeyException;
35 import java.security.cert.Certificate;
36 import java.security.cert.CertificateException;
37 import java.security.cert.X509Certificate;
38 import java.util.Collections;
39 import java.util.List;
40 import java.util.stream.Collectors;
41
42 import javax.net.ssl.KeyManagerFactory;
43
44 import org.oransc.enrichment.configuration.WebClientConfig;
45 import org.slf4j.Logger;
46 import org.slf4j.LoggerFactory;
47 import org.springframework.util.ResourceUtils;
48
49 /**
50  * Factory for a generic reactive REST client.
51  */
52 public class AsyncRestClientFactory {
53     private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
54
55     private final SslContextFactory sslContextFactory;
56
57     public AsyncRestClientFactory(WebClientConfig clientConfig) {
58         if (clientConfig != null) {
59             this.sslContextFactory = new CachingSslContextFactory(clientConfig);
60         } else {
61             this.sslContextFactory = null;
62         }
63     }
64
65     public AsyncRestClient createRestClient(String baseUrl) {
66         if (this.sslContextFactory != null) {
67             try {
68                 return new AsyncRestClient(baseUrl, this.sslContextFactory.createSslContext());
69             } catch (Exception e) {
70                 String exceptionString = e.toString();
71                 logger.error("Could not init SSL context, reason: {}", exceptionString);
72             }
73         }
74         return new AsyncRestClient(baseUrl);
75     }
76
77     private class SslContextFactory {
78         private final WebClientConfig clientConfig;
79
80         public SslContextFactory(WebClientConfig clientConfig) {
81             this.clientConfig = clientConfig;
82         }
83
84         public SslContext createSslContext() throws UnrecoverableKeyException, NoSuchAlgorithmException,
85             CertificateException, KeyStoreException, IOException {
86             return this.createSslContext(createKeyManager());
87         }
88
89         private SslContext createSslContext(KeyManagerFactory keyManager)
90             throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
91             if (this.clientConfig.isTrustStoreUsed()) {
92                 return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
93                     this.clientConfig.trustStorePassword(), keyManager);
94             } else {
95                 // Trust anyone
96                 return SslContextBuilder.forClient() //
97                     .keyManager(keyManager) //
98                     .trustManager(InsecureTrustManagerFactory.INSTANCE) //
99                     .build();
100             }
101         }
102
103         private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass,
104             KeyManagerFactory keyManager)
105             throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
106
107             final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
108             List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
109                 .filter(alias -> isCertificateEntry(trustStore, alias)) //
110                 .map(alias -> getCertificate(trustStore, alias)) //
111                 .collect(Collectors.toList());
112             final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
113
114             return SslContextBuilder.forClient() //
115                 .keyManager(keyManager) //
116                 .trustManager(certificates) //
117                 .build();
118         }
119
120         private boolean isCertificateEntry(KeyStore trustStore, String alias) {
121             try {
122                 return trustStore.isCertificateEntry(alias);
123             } catch (KeyStoreException e) {
124                 logger.error("Error reading truststore {}", e.getMessage());
125                 return false;
126             }
127         }
128
129         private Certificate getCertificate(KeyStore trustStore, String alias) {
130             try {
131                 return trustStore.getCertificate(alias);
132             } catch (KeyStoreException e) {
133                 logger.error("Error reading truststore {}", e.getMessage());
134                 return null;
135             }
136         }
137
138         private KeyManagerFactory createKeyManager() throws NoSuchAlgorithmException, CertificateException, IOException,
139             UnrecoverableKeyException, KeyStoreException {
140             final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
141             final KeyStore keyStore = KeyStore.getInstance(this.clientConfig.keyStoreType());
142             final String keyStoreFile = this.clientConfig.keyStore();
143             final String keyStorePassword = this.clientConfig.keyStorePassword();
144             final String keyPassword = this.clientConfig.keyPassword();
145             try (final InputStream inputStream = new FileInputStream(keyStoreFile)) {
146                 keyStore.load(inputStream, keyStorePassword.toCharArray());
147             }
148             keyManager.init(keyStore, keyPassword.toCharArray());
149             return keyManager;
150         }
151
152         private synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
153             throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
154
155             KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
156             store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
157             return store;
158         }
159     }
160
161     public class CachingSslContextFactory extends SslContextFactory {
162         private SslContext cachedContext = null;
163
164         public CachingSslContextFactory(WebClientConfig clientConfig) {
165             super(clientConfig);
166         }
167
168         @Override
169         public SslContext createSslContext() throws UnrecoverableKeyException, NoSuchAlgorithmException,
170             CertificateException, KeyStoreException, IOException {
171             if (this.cachedContext == null) {
172                 this.cachedContext = super.createSslContext();
173             }
174             return this.cachedContext;
175
176         }
177     }
178
179 }