Make certs in A1 controller configurable

[nonrtric.git] / sdnc-a1-controller / northbound / nonrt-ric-api / provider / src / main / java / org / o_ran_sc / nonrtric / sdnc_a1 / northbound / restadapter / RestAdapterImpl.java

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
index 6580983..d2e602f 100644 (file)
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
@@ -20,11 +20,34 @@
 
 package org.o_ran_sc.nonrtric.sdnc_a1.northbound.restadapter;
 
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Properties;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.ResourceUtils;
 import org.springframework.web.client.RestTemplate;
 
 /**
@@ -36,10 +59,45 @@ import org.springframework.web.client.RestTemplate;
 
 public class RestAdapterImpl implements RestAdapter {
 
-  private RestTemplate restTemplate;
+  private final Logger log = LoggerFactory.getLogger(RestAdapterImpl.class);
+
+  private RestTemplate restTemplateHttp;
+  private RestTemplate restTemplateHttps;
 
   public RestAdapterImpl() {
-    restTemplate = new RestTemplate();
+      restTemplateHttp = new RestTemplate();
+      try {
+          restTemplateHttps = createRestTemplateForHttps();
+      } catch (IOException | UnrecoverableKeyException | KeyManagementException | CertificateException
+              | NoSuchAlgorithmException | KeyStoreException ex) {
+        log.error("Caught exception when trying to create restTemplateHttps: {}", ex.getMessage());
+      }
+  }
+
+  private RestTemplate createRestTemplateForHttps() throws IOException, UnrecoverableKeyException, CertificateException,
+              NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+      try (InputStream inputStream = new FileInputStream(ResourceUtils.getFile("/opt/onap/sdnc/data/properties/https-props.properties"))) {
+          Properties properties = new Properties();
+          properties.load(inputStream);
+          final String keyPassword = properties.getProperty("key-password");
+          final String keystorePassword = properties.getProperty("keystore-password");
+          final String truststorePassword = properties.getProperty("truststore-password");
+          final boolean isTrustStoreUsed = Boolean.parseBoolean(properties.getProperty("isTrustStoreUsed"));
+          SSLContextBuilder builder = SSLContexts.custom()
+                                                 .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")),
+                                                         keystorePassword.toCharArray(), keyPassword.toCharArray());
+          if (isTrustStoreUsed) {
+              builder.loadTrustMaterial(ResourceUtils.getFile(properties.getProperty("trust-store")),
+                              truststorePassword.toCharArray());
+          } else {
+              builder.loadTrustMaterial(null, new TrustAllStrategy());
+          }
+          SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
+          HttpClient client = HttpClients.custom().setSSLSocketFactory(scsf).build();
+          HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+          requestFactory.setHttpClient(client);
+          return new RestTemplate(requestFactory);
+      }
   }
 
   private HttpEntity<?> getHttpEntity(final Object object) {
@@ -69,6 +127,19 @@ public class RestAdapterImpl implements RestAdapter {
   @SuppressWarnings("unchecked")
   private <T> ResponseEntity<T> invokeHttpRequest(String uri, HttpMethod httpMethod, Class<?> clazz,
       HttpEntity<?> entity) {
-    return (ResponseEntity<T>) restTemplate.exchange(uri, httpMethod, entity, clazz);
+    try {
+        URL url = new URL(uri);
+        if (url.getProtocol().equals("https")) {
+            return (ResponseEntity<T>) restTemplateHttps.exchange(uri, httpMethod, entity, clazz);
+        } else if (url.getProtocol().equals("http")) {
+            return (ResponseEntity<T>) restTemplateHttp.exchange(uri, httpMethod, entity, clazz);
+        } else {
+            log.error("Invalid protocol in URL");
+            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+        }
+    } catch (MalformedURLException ex) {
+        log.error("URL is not valid, exception: {}", ex.getMessage());
+        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+    }
   }
-}
+}
\ No newline at end of file