2 * ========================LICENSE_START=================================
5 * Copyright (C) 2019 Nordix Foundation
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ========================LICENSE_END===================================
21 package org.oransc.policyagent.clients;
23 import io.netty.channel.ChannelOption;
24 import io.netty.handler.ssl.SslContext;
25 import io.netty.handler.ssl.SslContextBuilder;
26 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
27 import io.netty.handler.timeout.ReadTimeoutHandler;
28 import io.netty.handler.timeout.WriteTimeoutHandler;
30 import java.io.FileInputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.lang.invoke.MethodHandles;
34 import java.security.KeyStore;
35 import java.security.KeyStoreException;
36 import java.security.NoSuchAlgorithmException;
37 import java.security.cert.Certificate;
38 import java.security.cert.CertificateException;
39 import java.security.cert.X509Certificate;
40 import java.util.Collections;
41 import java.util.List;
42 import java.util.concurrent.atomic.AtomicInteger;
43 import java.util.stream.Collectors;
45 import javax.net.ssl.KeyManagerFactory;
47 import org.oransc.policyagent.configuration.WebClientConfig;
48 import org.slf4j.Logger;
49 import org.slf4j.LoggerFactory;
50 import org.springframework.http.MediaType;
51 import org.springframework.http.ResponseEntity;
52 import org.springframework.http.client.reactive.ReactorClientHttpConnector;
53 import org.springframework.lang.Nullable;
54 import org.springframework.util.ResourceUtils;
55 import org.springframework.web.reactive.function.client.ExchangeStrategies;
56 import org.springframework.web.reactive.function.client.WebClient;
57 import org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec;
58 import org.springframework.web.reactive.function.client.WebClientResponseException;
60 import reactor.core.publisher.Mono;
61 import reactor.netty.http.client.HttpClient;
62 import reactor.netty.resources.ConnectionProvider;
63 import reactor.netty.tcp.TcpClient;
66 * Generic reactive REST client.
68 public class AsyncRestClient {
69 private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
70 private WebClient webClient = null;
71 private final String baseUrl;
72 private static final AtomicInteger sequenceNumber = new AtomicInteger();
73 private final WebClientConfig clientConfig;
74 static KeyStore clientTrustStore = null;
75 private boolean sslEnabled = true;
77 public AsyncRestClient(String baseUrl) {
79 this.sslEnabled = false;
82 public AsyncRestClient(String baseUrl, WebClientConfig config) {
83 this.baseUrl = baseUrl;
84 this.clientConfig = config;
87 public Mono<ResponseEntity<String>> postForEntity(String uri, @Nullable String body) {
88 Object traceTag = createTraceTag();
89 logger.debug("{} POST uri = '{}{}''", traceTag, baseUrl, uri);
90 logger.trace("{} POST body: {}", traceTag, body);
91 Mono<String> bodyProducer = body != null ? Mono.just(body) : Mono.empty();
92 return getWebClient() //
94 RequestHeadersSpec<?> request = client.post() //
96 .contentType(MediaType.APPLICATION_JSON) //
97 .body(bodyProducer, String.class);
98 return retrieve(traceTag, request);
102 public Mono<String> post(String uri, @Nullable String body) {
103 return postForEntity(uri, body) //
104 .flatMap(this::toBody);
107 public Mono<String> postWithAuthHeader(String uri, String body, String username, String password) {
108 Object traceTag = createTraceTag();
109 logger.debug("{} POST (auth) uri = '{}{}''", traceTag, baseUrl, uri);
110 logger.trace("{} POST body: {}", traceTag, body);
111 return getWebClient() //
113 RequestHeadersSpec<?> request = client.post() //
115 .headers(headers -> headers.setBasicAuth(username, password)) //
116 .contentType(MediaType.APPLICATION_JSON) //
118 return retrieve(traceTag, request) //
119 .flatMap(this::toBody);
123 public Mono<ResponseEntity<String>> putForEntity(String uri, String body) {
124 Object traceTag = createTraceTag();
125 logger.debug("{} PUT uri = '{}{}''", traceTag, baseUrl, uri);
126 logger.trace("{} PUT body: {}", traceTag, body);
127 return getWebClient() //
129 RequestHeadersSpec<?> request = client.put() //
131 .contentType(MediaType.APPLICATION_JSON) //
133 return retrieve(traceTag, request);
137 public Mono<ResponseEntity<String>> putForEntity(String uri) {
138 Object traceTag = createTraceTag();
139 logger.debug("{} PUT uri = '{}{}''", traceTag, baseUrl, uri);
140 logger.trace("{} PUT body: <empty>", traceTag);
141 return getWebClient() //
143 RequestHeadersSpec<?> request = client.put() //
145 return retrieve(traceTag, request);
149 public Mono<String> put(String uri, String body) {
150 return putForEntity(uri, body) //
151 .flatMap(this::toBody);
154 public Mono<ResponseEntity<String>> getForEntity(String uri) {
155 Object traceTag = createTraceTag();
156 logger.debug("{} GET uri = '{}{}''", traceTag, baseUrl, uri);
157 return getWebClient() //
159 RequestHeadersSpec<?> request = client.get().uri(uri);
160 return retrieve(traceTag, request);
164 public Mono<String> get(String uri) {
165 return getForEntity(uri) //
166 .flatMap(this::toBody);
169 public Mono<ResponseEntity<String>> deleteForEntity(String uri) {
170 Object traceTag = createTraceTag();
171 logger.debug("{} DELETE uri = '{}{}''", traceTag, baseUrl, uri);
172 return getWebClient() //
174 RequestHeadersSpec<?> request = client.delete().uri(uri);
175 return retrieve(traceTag, request);
179 public Mono<String> delete(String uri) {
180 return deleteForEntity(uri) //
181 .flatMap(this::toBody);
184 private Mono<ResponseEntity<String>> retrieve(Object traceTag, RequestHeadersSpec<?> request) {
185 final Class<String> clazz = String.class;
186 return request.retrieve() //
188 .doOnNext(entity -> logger.trace("{} Received: {}", traceTag, entity.getBody())) //
189 .doOnError(throwable -> onHttpError(traceTag, throwable));
192 private static Object createTraceTag() {
193 return sequenceNumber.incrementAndGet();
196 private void onHttpError(Object traceTag, Throwable t) {
197 if (t instanceof WebClientResponseException) {
198 WebClientResponseException exception = (WebClientResponseException) t;
199 logger.debug("{} HTTP error status = '{}', body '{}'", traceTag, exception.getStatusCode(),
200 exception.getResponseBodyAsString());
202 logger.debug("{} HTTP error", traceTag, t);
206 private Mono<String> toBody(ResponseEntity<String> entity) {
207 if (entity.getBody() == null) {
208 return Mono.just("");
210 return Mono.just(entity.getBody());
214 private boolean isCertificateEntry(KeyStore trustStore, String alias) {
216 return trustStore.isCertificateEntry(alias);
217 } catch (KeyStoreException e) {
218 logger.error("Error reading truststore {}", e.getMessage());
223 private Certificate getCertificate(KeyStore trustStore, String alias) {
225 return trustStore.getCertificate(alias);
226 } catch (KeyStoreException e) {
227 logger.error("Error reading truststore {}", e.getMessage());
232 private static synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
233 throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
234 if (clientTrustStore == null) {
235 KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
236 store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
237 clientTrustStore = store;
239 return clientTrustStore;
242 private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass,
243 KeyManagerFactory keyManager)
244 throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
246 final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
247 List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
248 .filter(alias -> isCertificateEntry(trustStore, alias)) //
249 .map(alias -> getCertificate(trustStore, alias)) //
250 .collect(Collectors.toList());
251 final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
253 return SslContextBuilder.forClient() //
254 .keyManager(keyManager) //
255 .trustManager(certificates) //
259 private SslContext createSslContext(KeyManagerFactory keyManager)
260 throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
261 if (this.clientConfig.isTrustStoreUsed()) {
262 return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
263 this.clientConfig.trustStorePassword(), keyManager);
266 return SslContextBuilder.forClient() //
267 .keyManager(keyManager) //
268 .trustManager(InsecureTrustManagerFactory.INSTANCE) //
273 private TcpClient createTcpClientSecure(SslContext sslContext) {
274 return TcpClient.create(ConnectionProvider.newConnection()) //
275 .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10_000) //
276 .secure(c -> c.sslContext(sslContext)) //
277 .doOnConnected(connection -> {
278 connection.addHandlerLast(new ReadTimeoutHandler(30));
279 connection.addHandlerLast(new WriteTimeoutHandler(30));
283 private TcpClient createTcpClientInsecure() {
284 return TcpClient.create(ConnectionProvider.newConnection()) //
285 .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10_000) //
286 .doOnConnected(connection -> {
287 connection.addHandlerLast(new ReadTimeoutHandler(30));
288 connection.addHandlerLast(new WriteTimeoutHandler(30));
292 private WebClient createWebClient(String baseUrl, TcpClient tcpClient) {
293 HttpClient httpClient = HttpClient.from(tcpClient);
294 ReactorClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
295 ExchangeStrategies exchangeStrategies = ExchangeStrategies.builder() //
296 .codecs(configurer -> configurer.defaultCodecs().maxInMemorySize(-1)) //
298 return WebClient.builder() //
299 .clientConnector(connector) //
301 .exchangeStrategies(exchangeStrategies) //
305 private Mono<WebClient> getWebClient() {
306 if (this.webClient == null) {
308 if (this.sslEnabled) {
309 final KeyManagerFactory keyManager =
310 KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
311 final KeyStore keyStore = KeyStore.getInstance(this.clientConfig.keyStoreType());
312 final String keyStoreFile = this.clientConfig.keyStore();
313 final String keyStorePassword = this.clientConfig.keyStorePassword();
314 final String keyPassword = this.clientConfig.keyPassword();
315 try (final InputStream inputStream = new FileInputStream(keyStoreFile)) {
316 keyStore.load(inputStream, keyStorePassword.toCharArray());
318 keyManager.init(keyStore, keyPassword.toCharArray());
319 SslContext sslContext = createSslContext(keyManager);
320 TcpClient tcpClient = createTcpClientSecure(sslContext);
321 this.webClient = createWebClient(this.baseUrl, tcpClient);
323 TcpClient tcpClient = createTcpClientInsecure();
324 this.webClient = createWebClient(this.baseUrl, tcpClient);
326 } catch (Exception e) {
327 logger.error("Could not create WebClient {}", e.getMessage());
328 return Mono.error(e);
331 return Mono.just(this.webClient);