Add a certificate in communication with VNFM

Issue-ID: SO-2979
Signed-off-by: Piotr Borelowski <p.borelowski@partner.samsung.com>
Change-Id: I7fa13c9371b7789950af315b7772a0ee409cc34b
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
index 411572f..38f7a0c 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
@@ -20,17 +20,44 @@
 
 package org.onap.so.adapters.vevnfm.configuration;
 
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider;
 import org.onap.so.configuration.rest.HttpHeadersProvider;
 import org.onap.so.rest.service.HttpRestServiceProvider;
 import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
 @Configuration
 public class ApplicationConfiguration {
 
+    private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class);
+
+    private final Resource clientKeyStore;
+    private final String clientKeyStorePassword;
+    private final Resource clientTrustStore;
+    private final String clientTrustStorePassword;
+
+    public ApplicationConfiguration(final ConfigProperties configProperties) {
+        clientKeyStore = configProperties.getClientKeyStore();
+        clientKeyStorePassword = configProperties.getClientKeyStorePassword();
+        clientTrustStore = configProperties.getClientTrustStore();
+        clientTrustStorePassword = configProperties.getClientTrustStorePassword();
+    }
+
     @Bean
     public AuthorizationHeadersProvider headersProvider() {
         return new AuthorizationHeadersProvider();
@@ -39,6 +66,35 @@
     @Bean
     public HttpRestServiceProvider restProvider(final RestTemplate restTemplate,
             final HttpHeadersProvider headersProvider) {
+        modify(restTemplate);
         return new HttpRestServiceProviderImpl(restTemplate, headersProvider);
     }
+
+    private void modify(final RestTemplate restTemplate) {
+
+        if (clientKeyStore == null || clientTrustStore == null) {
+            return;
+        }
+
+        try {
+            final KeyStore keystore = KeyStore.getInstance("PKCS12");
+            keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray());
+
+            final SSLContext sslContext = new SSLContextBuilder()
+                    .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray())
+                    .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build();
+
+            logger.info("Setting truststore: {}", clientTrustStore.getURL());
+
+            final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+            final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+            final HttpComponentsClientHttpRequestFactory factory =
+                    new HttpComponentsClientHttpRequestFactory(httpClient);
+
+            restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+                | IOException | UnrecoverableKeyException e) {
+            logger.error("Error reading truststore, TLS connection to VNFM will fail.", e);
+        }
+    }
 }
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
index d4ca5af..a8a436d 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
@@ -23,6 +23,7 @@
 import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
 
 @Configuration
 public class ConfigProperties {
@@ -72,6 +73,18 @@
     @Value("${spring.security.usercredentials[0].openpass}")
     private String springSecurityOpenpass;
 
+    @Value("${client.key-store:#{null}}")
+    private Resource clientKeyStore;
+
+    @Value("${client.key-store-password:#{null}}")
+    private String clientKeyStorePassword;
+
+    @Value("${client.trust-store:#{null}}")
+    private Resource clientTrustStore;
+
+    @Value("${client.trust-store-password:#{null}}")
+    private String clientTrustStorePassword;
+
     public String getVevnfmadapterVnfFilterJson() {
         return vevnfmadapterVnfFilterJson;
     }
@@ -131,4 +144,20 @@
     public String getSpringSecurityOpenpass() {
         return springSecurityOpenpass;
     }
+
+    public Resource getClientKeyStore() {
+        return clientKeyStore;
+    }
+
+    public String getClientKeyStorePassword() {
+        return clientKeyStorePassword;
+    }
+
+    public Resource getClientTrustStore() {
+        return clientTrustStore;
+    }
+
+    public String getClientTrustStorePassword() {
+        return clientTrustStorePassword;
+    }
 }
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
index c128275..eba1d08 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
@@ -28,7 +28,6 @@
 import org.onap.so.adapters.vevnfm.exception.VeVnfmException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.retry.annotation.Backoff;
 import org.springframework.retry.annotation.EnableRetry;
 import org.springframework.retry.annotation.Recover;
@@ -44,7 +43,6 @@
     private final String vnfmDefaultEndpoint;
     private final AaiConnection aaiConnection;
 
-    @Autowired
     public StartupService(final ConfigProperties configProperties, final AaiConnection aaiConnection) {
         this.vnfmDefaultEndpoint = configProperties.getVnfmDefaultEndpoint();
         this.aaiConnection = aaiConnection;
diff --git a/adapters/etsi-sol002-adapter/src/main/resources/application.yaml b/adapters/etsi-sol002-adapter/src/main/resources/application.yaml
index c69c951..f5b6bc3 100644
--- a/adapters/etsi-sol002-adapter/src/main/resources/application.yaml
+++ b/adapters/etsi-sol002-adapter/src/main/resources/application.yaml
@@ -19,17 +19,23 @@
 
 vevnfmadapter:
   vnf-filter-json: '{notificationTypes:[VnfLcmOperationOccurrenceNotification],operationStates:[COMPLETED]}'
-  endpoint: http://so-ve-vnfm-adapter.onap:9098
+  endpoint: http://so-ve-vnfm-adapter:9098
+
+client:
+  key-store: classpath:ve-vnfm-adapter.p12
+  key-store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
+  trust-store: classpath:org.onap.so.trust.jks
+  trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
 
 mso:
   key: 07a7159d3bf51a0e53be7a8f89699be7
 
 aai:
-  endpoint: https://aai.onap:30233
+  endpoint: https://aai:30233
   auth: 75C4483F9C05E2C33A8602635FA532397EC44AB667A2B64DED4FEE08DD932F2E3C1FEE
 
 vnfm:
-  default-endpoint: https://so-vnfm-simulator.onap:9093
+  default-endpoint: https://so-vnfm-simulator:9093
   subscription: /vnflcm/v1/subscriptions
   notification: /lcm/v1/vnf/instances/notifications
 
@@ -37,7 +43,7 @@
   vnf-filter-type: NONE
 
 dmaap:
-  endpoint: http://message-router.onap:30227
+  endpoint: http://message-router:30227
   topic: /events/unauthenticated.DCAE_CL_OUTPUT
   closed-loop:
     control:
diff --git a/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks b/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks
new file mode 100644
index 0000000..1f0d8a5
--- /dev/null
+++ b/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks
Binary files differ
diff --git a/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 b/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12
new file mode 100644
index 0000000..ae4fddc
--- /dev/null
+++ b/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12
Binary files differ