NONRTRIC - Enrichment Coordinator Service, making type availability subscriptions...
[nonrtric.git] / enrichment-coordinator-service / src / main / java / org / oransc / enrichment / clients / AsyncRestClientFactory.java
1 /*-
2  * ========================LICENSE_START=================================
3  * O-RAN-SC
4  * %%
5  * Copyright (C) 2020 Nordix Foundation
6  * %%
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ========================LICENSE_END===================================
19  */
20
21 package org.oransc.enrichment.clients;
22
23 import io.netty.handler.ssl.SslContext;
24 import io.netty.handler.ssl.SslContextBuilder;
25 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
26
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.io.InputStream;
30 import java.lang.invoke.MethodHandles;
31 import java.security.KeyStore;
32 import java.security.KeyStoreException;
33 import java.security.NoSuchAlgorithmException;
34 import java.security.UnrecoverableKeyException;
35 import java.security.cert.Certificate;
36 import java.security.cert.CertificateException;
37 import java.security.cert.X509Certificate;
38 import java.util.Collections;
39 import java.util.List;
40 import java.util.stream.Collectors;
41
42 import javax.net.ssl.KeyManagerFactory;
43
44 import org.oransc.enrichment.configuration.WebClientConfig;
45 import org.oransc.enrichment.configuration.WebClientConfig.HttpProxyConfig;
46 import org.slf4j.Logger;
47 import org.slf4j.LoggerFactory;
48 import org.springframework.util.ResourceUtils;
49
50 /**
51  * Factory for a generic reactive REST client.
52  */
53 public class AsyncRestClientFactory {
54     private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
55
56     private final SslContextFactory sslContextFactory;
57     private final HttpProxyConfig httpProxyConfig;
58
59     public AsyncRestClientFactory(WebClientConfig clientConfig) {
60         if (clientConfig != null) {
61             this.sslContextFactory = new CachingSslContextFactory(clientConfig);
62             this.httpProxyConfig = clientConfig.httpProxyConfig();
63         } else {
64             logger.warn("No configuration for web client defined, HTTPS will not work");
65             this.sslContextFactory = null;
66             this.httpProxyConfig = null;
67         }
68     }
69
70     public AsyncRestClient createRestClientNoHttpProxy(String baseUrl) {
71         return createRestClient(baseUrl, false);
72     }
73
74     public AsyncRestClient createRestClientUseHttpProxy(String baseUrl) {
75         return createRestClient(baseUrl, true);
76     }
77
78     private AsyncRestClient createRestClient(String baseUrl, boolean useHttpProxy) {
79         if (this.sslContextFactory != null) {
80             try {
81                 return new AsyncRestClient(baseUrl, this.sslContextFactory.createSslContext(),
82                     useHttpProxy ? httpProxyConfig : null);
83             } catch (Exception e) {
84                 String exceptionString = e.toString();
85                 logger.error("Could not init SSL context, reason: {}", exceptionString);
86             }
87         }
88         return new AsyncRestClient(baseUrl, null, httpProxyConfig);
89     }
90
91     private class SslContextFactory {
92         private final WebClientConfig clientConfig;
93
94         public SslContextFactory(WebClientConfig clientConfig) {
95             this.clientConfig = clientConfig;
96         }
97
98         public SslContext createSslContext() throws UnrecoverableKeyException, NoSuchAlgorithmException,
99             CertificateException, KeyStoreException, IOException {
100             return this.createSslContext(createKeyManager());
101         }
102
103         private SslContext createSslContext(KeyManagerFactory keyManager)
104             throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
105             if (this.clientConfig.isTrustStoreUsed()) {
106                 return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
107                     this.clientConfig.trustStorePassword(), keyManager);
108             } else {
109                 // Trust anyone
110                 return SslContextBuilder.forClient() //
111                     .keyManager(keyManager) //
112                     .trustManager(InsecureTrustManagerFactory.INSTANCE) //
113                     .build();
114             }
115         }
116
117         private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass,
118             KeyManagerFactory keyManager)
119             throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
120
121             final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
122             List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
123                 .filter(alias -> isCertificateEntry(trustStore, alias)) //
124                 .map(alias -> getCertificate(trustStore, alias)) //
125                 .collect(Collectors.toList());
126             final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
127
128             return SslContextBuilder.forClient() //
129                 .keyManager(keyManager) //
130                 .trustManager(certificates) //
131                 .build();
132         }
133
134         private boolean isCertificateEntry(KeyStore trustStore, String alias) {
135             try {
136                 return trustStore.isCertificateEntry(alias);
137             } catch (KeyStoreException e) {
138                 logger.error("Error reading truststore {}", e.getMessage());
139                 return false;
140             }
141         }
142
143         private Certificate getCertificate(KeyStore trustStore, String alias) {
144             try {
145                 return trustStore.getCertificate(alias);
146             } catch (KeyStoreException e) {
147                 logger.error("Error reading truststore {}", e.getMessage());
148                 return null;
149             }
150         }
151
152         private KeyManagerFactory createKeyManager() throws NoSuchAlgorithmException, CertificateException, IOException,
153             UnrecoverableKeyException, KeyStoreException {
154             final KeyManagerFactory keyManager = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
155             final KeyStore keyStore = KeyStore.getInstance(this.clientConfig.keyStoreType());
156             final String keyStoreFile = this.clientConfig.keyStore();
157             final String keyStorePassword = this.clientConfig.keyStorePassword();
158             final String keyPassword = this.clientConfig.keyPassword();
159             try (final InputStream inputStream = new FileInputStream(keyStoreFile)) {
160                 keyStore.load(inputStream, keyStorePassword.toCharArray());
161             }
162             keyManager.init(keyStore, keyPassword.toCharArray());
163             return keyManager;
164         }
165
166         private synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
167             throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
168
169             KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
170             store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
171             return store;
172         }
173     }
174
175     public class CachingSslContextFactory extends SslContextFactory {
176         private SslContext cachedContext = null;
177
178         public CachingSslContextFactory(WebClientConfig clientConfig) {
179             super(clientConfig);
180         }
181
182         @Override
183         public SslContext createSslContext() throws UnrecoverableKeyException, NoSuchAlgorithmException,
184             CertificateException, KeyStoreException, IOException {
185             if (this.cachedContext == null) {
186                 this.cachedContext = super.createSslContext();
187             }
188             return this.cachedContext;
189
190         }
191     }
192 }