enrichment-coordinator-service/src/main/java/org/oransc/enrichment/clients/AsyncRestClientFactory.java

   1 /*-
   2  * ========================LICENSE_START=================================
   3  * O-RAN-SC
   4  * %%
   5  * Copyright (C) 2020 Nordix Foundation
   6  * %%
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ========================LICENSE_END===================================
  19  */
  20
  21 package org.oransc.enrichment.clients;
  22
  23 import io.netty.handler.ssl.SslContext;
  24 import io.netty.handler.ssl.SslContextBuilder;
  25 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
  26
  27 import java.io.FileInputStream;
  28 import java.io.IOException;
  29 import java.io.InputStream;
  30 import java.lang.invoke.MethodHandles;
  31 import java.security.KeyStore;
  32 import java.security.KeyStoreException;
  33 import java.security.NoSuchAlgorithmException;
  34 import java.security.UnrecoverableKeyException;
  35 import java.security.cert.Certificate;
  36 import java.security.cert.CertificateException;
  37 import java.security.cert.X509Certificate;
  38 import java.util.Collections;
  39 import java.util.List;
  40 import java.util.stream.Collectors;
  41
  42 import javax.net.ssl.KeyManagerFactory;
  43
  44 import org.oransc.enrichment.configuration.WebClientConfig;
  45 import org.slf4j.Logger;
  46 import org.slf4j.LoggerFactory;
  47 import org.springframework.util.ResourceUtils;
  48
  49 /**
  50  * Factory for a generic reactive REST client.
  51  */
  52 public class AsyncRestClientFactory {
  53     private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
  54
  55     private final SslContextFactory sslContextFactory;
  56
  57     public AsyncRestClientFactory(WebClientConfig clientConfig) {
  58         if (clientConfig != null) {
  59             this.sslContextFactory = new CachingSslContextFactory(clientConfig);
  60         } else {
  61             this.sslContextFactory = null;
  62         }
  63     }
  64
  65     public AsyncRestClient createRestClient(String baseUrl) {
  66         if (this.sslContextFactory != null) {
  67             try {
  68                 return new AsyncRestClient(baseUrl, this.sslContextFactory.createSslContext());
  69             } catch (Exception e) {
  70                 String exceptionString = e.toString();
  71                 logger.error("Could not init SSL context, reason: {}", exceptionString);
  72             }
  73         }
  74         return new AsyncRestClient(baseUrl);
  75     }
  76
  77     private class SslContextFactory {
  78         private final WebClientConfig clientConfig;
  79
  80         public SslContextFactory(WebClientConfig clientConfig) {
  81             this.clientConfig = clientConfig;
  82         }
  83
  84         public SslContext createSslContext() throws UnrecoverableKeyException, NoSuchAlgorithmException,
  85             CertificateException, KeyStoreException, IOException {
  86             return this.createSslContext(createKeyManager());
  87         }
  88
  89         private SslContext createSslContext(KeyManagerFactory keyManager)
  90             throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
  91             if (this.clientConfig.isTrustStoreUsed()) {
  92                 return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
  93                     this.clientConfig.trustStorePassword(), keyManager);
  94             } else {
  95                 // Trust anyone
  96                 return SslContextBuilder.forClient() //
  97                     .keyManager(keyManager) //
  98                     .trustManager(InsecureTrustManagerFactory.INSTANCE) //
  99                     .build();
 100             }
 101         }
 102
 103         private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass,
 104             KeyManagerFactory keyManager)
 105             throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
 106
 107             final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
 108             List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
 109                 .filter(alias -> isCertificateEntry(trustStore, alias)) //
 110                 .map(alias -> getCertificate(trustStore, alias)) //
 111                 .collect(Collectors.toList());
 112             final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
 113
 114             return SslContextBuilder.forClient() //
 115                 .keyManager(keyManager) //
 116                 .trustManager(certificates) //
 117                 .build();
 118         }
 119
 120         private boolean isCertificateEntry(KeyStore trustStore, String alias) {
 121             try {
 122                 return trustStore.isCertificateEntry(alias);
 123             } catch (KeyStoreException e) {
 124                 logger.error("Error reading truststore {}", e.getMessage());
 125                 return false;
 126             }
 127         }
 128
 129         private Certificate getCertificate(KeyStore trustStore, String alias) {
 130             try {
 131                 return trustStore.getCertificate(alias);
 132             } catch (KeyStoreException e) {
 133                 logger.error("Error reading truststore {}", e.getMessage());
 134                 return null;
 135             }
 136         }
 137
 138         private KeyManagerFactory createKeyManager() throws NoSuchAlgorithmException, CertificateException, IOException,
 139             UnrecoverableKeyException, KeyStoreException {
 140             final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
 141             final KeyStore keyStore = KeyStore.getInstance(this.clientConfig.keyStoreType());
 142             final String keyStoreFile = this.clientConfig.keyStore();
 143             final String keyStorePassword = this.clientConfig.keyStorePassword();
 144             final String keyPassword = this.clientConfig.keyPassword();
 145             try (final InputStream inputStream = new FileInputStream(keyStoreFile)) {
 146                 keyStore.load(inputStream, keyStorePassword.toCharArray());
 147             }
 148             keyManager.init(keyStore, keyPassword.toCharArray());
 149             return keyManager;
 150         }
 151
 152         private synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
 153             throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
 154
 155             KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
 156             store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
 157             return store;
 158         }
 159     }
 160
 161     public class CachingSslContextFactory extends SslContextFactory {
 162         private SslContext cachedContext = null;
 163
 164         public CachingSslContextFactory(WebClientConfig clientConfig) {
 165             super(clientConfig);
 166         }
 167
 168         @Override
 169         public SslContext createSslContext() throws UnrecoverableKeyException, NoSuchAlgorithmException,
 170             CertificateException, KeyStoreException, IOException {
 171             if (this.cachedContext == null) {
 172                 this.cachedContext = super.createSslContext();
 173             }
 174             return this.cachedContext;
 175
 176         }
 177     }
 178
 179 }