private final String baseUrl;
private static final AtomicInteger sequenceNumber = new AtomicInteger();
private final WebClientConfig clientConfig;
+ static KeyStore clientTrustStore = null;
public AsyncRestClient(String baseUrl) {
this(baseUrl,
}
}
- SslContext createSslContextSecure(String trustStorePath, String trustStorePass)
+ private static synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
+ if (clientTrustStore == null) {
+ KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
+ store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
+ clientTrustStore = store;
+ }
+ return clientTrustStore;
+ }
- final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- trustStore.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
+ private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass)
+ throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
+ final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
.filter(alias -> isCertificateEntry(trustStore, alias)) //
.map(alias -> getCertificate(trustStore, alias)) //
private SslContext createSslContext()
throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
if (this.clientConfig.isTrustStoreUsed()) {
- return createSslContextSecure(this.clientConfig.trustStore(), this.clientConfig.trustStorePassword());
+ return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
+ this.clientConfig.trustStorePassword());
} else {
+ // Trust anyone
return SslContextBuilder.forClient() //
.trustManager(InsecureTrustManagerFactory.INSTANCE) //
.build();
import org.oransc.policyagent.clients.AsyncRestClient;
import org.oransc.policyagent.configuration.ApplicationConfig;
import org.oransc.policyagent.configuration.ImmutableRicConfig;
+import org.oransc.policyagent.configuration.ImmutableWebClientConfig;
import org.oransc.policyagent.configuration.RicConfig;
+import org.oransc.policyagent.configuration.WebClientConfig;
import org.oransc.policyagent.controllers.PolicyInfo;
import org.oransc.policyagent.controllers.ServiceRegistrationInfo;
import org.oransc.policyagent.controllers.ServiceStatus;
addRic("ric2");
this.addPolicyType("", "ric2");
url = "/rics?policyType=";
- rsp = restClient().get(url).block();
+
+ // This tests also validation of trusted certs restClient(true)
+ rsp = restClient(true).get(url).block();
assertThat(rsp).contains("ric2");
assertThat(rsp).doesNotContain("ric1");
assertThat(rsp).contains("AVAILABLE");
logger.info("Concurrency test took " + Duration.between(startTime, Instant.now()));
}
+ private AsyncRestClient restClient(boolean useTrustValidation) {
+ WebClientConfig config = this.applicationConfig.getWebClientConfig();
+ config = ImmutableWebClientConfig.builder() //
+ .isTrustStoreUsed(useTrustValidation) //
+ .trustStore(config.trustStore()) //
+ .trustStorePassword(config.trustStorePassword()) //
+ .build();
+
+ return new AsyncRestClient(baseUrl(), config);
+ }
+
private AsyncRestClient restClient() {
- return new AsyncRestClient(baseUrl(), this.applicationConfig.getWebClientConfig());
+ return restClient(false);
}
private void testErrorCode(Mono<?> request, HttpStatus expStatus) {