From 8319eeb737417730a41234f8acc73530fcfb9e71 Mon Sep 17 00:00:00 2001 From: PatrikBuhr Date: Fri, 15 May 2020 08:49:21 +0200 Subject: [PATCH] Added test of validation of trusted peer Also, loading trust store is done only once instead of for each connection. Change-Id: I673015d8129e5b69d3abbf351d1d4079f7839f41 Issue-ID: NONRTRIC-195 Signed-off-by: PatrikBuhr --- .../oransc/policyagent/clients/AsyncRestClient.java | 19 +++++++++++++++---- .../java/org/oransc/policyagent/ApplicationTest.java | 19 +++++++++++++++++-- 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java b/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java index cefc7ca8..3df59bf5 100644 --- a/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java +++ b/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java @@ -67,6 +67,7 @@ public class AsyncRestClient { private final String baseUrl; private static final AtomicInteger sequenceNumber = new AtomicInteger(); private final WebClientConfig clientConfig; + static KeyStore clientTrustStore = null; public AsyncRestClient(String baseUrl) { this(baseUrl, @@ -222,12 +223,20 @@ public class AsyncRestClient { } } - SslContext createSslContextSecure(String trustStorePath, String trustStorePass) + private static synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException { + if (clientTrustStore == null) { + KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType()); + store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray()); + clientTrustStore = store; + } + return clientTrustStore; + } - final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - trustStore.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray()); + private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass) + throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException { + final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass); List certificateList = Collections.list(trustStore.aliases()).stream() // .filter(alias -> isCertificateEntry(trustStore, alias)) // .map(alias -> getCertificate(trustStore, alias)) // @@ -242,8 +251,10 @@ public class AsyncRestClient { private SslContext createSslContext() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { if (this.clientConfig.isTrustStoreUsed()) { - return createSslContextSecure(this.clientConfig.trustStore(), this.clientConfig.trustStorePassword()); + return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(), + this.clientConfig.trustStorePassword()); } else { + // Trust anyone return SslContextBuilder.forClient() // .trustManager(InsecureTrustManagerFactory.INSTANCE) // .build(); diff --git a/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java b/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java index 09662575..a8fc6e15 100644 --- a/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java +++ b/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java @@ -46,7 +46,9 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.oransc.policyagent.clients.AsyncRestClient; import org.oransc.policyagent.configuration.ApplicationConfig; import org.oransc.policyagent.configuration.ImmutableRicConfig; +import org.oransc.policyagent.configuration.ImmutableWebClientConfig; import org.oransc.policyagent.configuration.RicConfig; +import org.oransc.policyagent.configuration.WebClientConfig; import org.oransc.policyagent.controllers.PolicyInfo; import org.oransc.policyagent.controllers.ServiceRegistrationInfo; import org.oransc.policyagent.controllers.ServiceStatus; @@ -211,7 +213,9 @@ public class ApplicationTest { addRic("ric2"); this.addPolicyType("", "ric2"); url = "/rics?policyType="; - rsp = restClient().get(url).block(); + + // This tests also validation of trusted certs restClient(true) + rsp = restClient(true).get(url).block(); assertThat(rsp).contains("ric2"); assertThat(rsp).doesNotContain("ric1"); assertThat(rsp).contains("AVAILABLE"); @@ -725,8 +729,19 @@ public class ApplicationTest { logger.info("Concurrency test took " + Duration.between(startTime, Instant.now())); } + private AsyncRestClient restClient(boolean useTrustValidation) { + WebClientConfig config = this.applicationConfig.getWebClientConfig(); + config = ImmutableWebClientConfig.builder() // + .isTrustStoreUsed(useTrustValidation) // + .trustStore(config.trustStore()) // + .trustStorePassword(config.trustStorePassword()) // + .build(); + + return new AsyncRestClient(baseUrl(), config); + } + private AsyncRestClient restClient() { - return new AsyncRestClient(baseUrl(), this.applicationConfig.getWebClientConfig()); + return restClient(false); } private void testErrorCode(Mono request, HttpStatus expStatus) { -- 2.16.6