X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=policy-agent%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fpolicyagent%2Fclients%2FAsyncRestClient.java;h=3df59bf5e1e53864498b3159ebb7b549ac15ad0e;hb=8319eeb737417730a41234f8acc73530fcfb9e71;hp=cefc7ca8eae16d7c8a9c8342a1f343f65644f614;hpb=6d503afd38bdf9823bda3dfe3d307adaeb6f7eee;p=nonrtric.git

diff --git a/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java b/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java
index cefc7ca8..3df59bf5 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java
@@ -67,6 +67,7 @@ public class AsyncRestClient {
     private final String baseUrl;
     private static final AtomicInteger sequenceNumber = new AtomicInteger();
     private final WebClientConfig clientConfig;
+    static KeyStore clientTrustStore = null;
 
     public AsyncRestClient(String baseUrl) {
         this(baseUrl,
@@ -222,12 +223,20 @@ public class AsyncRestClient {
         }
     }
 
-    SslContext createSslContextSecure(String trustStorePath, String trustStorePass)
+    private static synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
         throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
+        if (clientTrustStore == null) {
+            KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
+            store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
+            clientTrustStore = store;
+        }
+        return clientTrustStore;
+    }
 
-        final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        trustStore.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
+    private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass)
+        throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
 
+        final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
         List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
             .filter(alias -> isCertificateEntry(trustStore, alias)) //
             .map(alias -> getCertificate(trustStore, alias)) //
@@ -242,8 +251,10 @@ public class AsyncRestClient {
     private SslContext createSslContext()
         throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
         if (this.clientConfig.isTrustStoreUsed()) {
-            return createSslContextSecure(this.clientConfig.trustStore(), this.clientConfig.trustStorePassword());
+            return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
+                this.clientConfig.trustStorePassword());
         } else {
+            // Trust anyone
             return SslContextBuilder.forClient() //
                 .trustManager(InsecureTrustManagerFactory.INSTANCE) //
                 .build();