Gitiles
Code Review Sign In
gerrit.nordix.org / oransc / nonrtric / e01af69c31f9a9dfebb591af0b35f420c247c8e7^! / . / sdnc-a1-controller / northbound / nonrt-ric-api
commite01af69c31f9a9dfebb591af0b35f420c247c8e7[log] [tgz]
authorRehanRaza <muhammad.rehan.raza@est.tech>Thu Apr 30 14:04:57 2020 +0200
committerRehanRaza <muhammad.rehan.raza@est.tech>Thu Apr 30 16:31:13 2020 +0200
tree60375dab324bed98e994f58c233691123e117e7f
parent3134679dec4f273afbb768c8ff71a5f50f5a6a4c [diff]
Add https support in A1 controller

Add self-signed cert for NBI and SBI
Remove ONAP signed certs

Change-Id: I733cb48bf37cb124a330f9a2734920fda010de57
Issue-ID: NONRTRIC-196
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
index da53f92..02e32e7 100644
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml

@@ -116,6 +116,10 @@
             <artifactId>commons-lang3</artifactId>
         </dependency>
         <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
+        <dependency>
             <groupId>org.onap.ccsdk.sli.core</groupId>
             <artifactId>sli-common</artifactId>
         </dependency>

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
index 6580983..d317e56 100644
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java

@@ -20,11 +20,33 @@
 
 package org.o_ran_sc.nonrtric.sdnc_a1.northbound.restadapter;
 
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Properties;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.ResourceUtils;
 import org.springframework.web.client.RestTemplate;
 
 /**
@@ -36,10 +58,44 @@
 
 public class RestAdapterImpl implements RestAdapter {
 
-  private RestTemplate restTemplate;
+  private static final String PROPERTIES_FILE = "nonrt-ric-api-provider.properties";
+  private final Logger log = LoggerFactory.getLogger(RestAdapterImpl.class);
+
+  private RestTemplate restTemplateHttp;
+  private RestTemplate restTemplateHttps;
 
   public RestAdapterImpl() {
-    restTemplate = new RestTemplate();
+      restTemplateHttp = new RestTemplate();
+      try {
+          restTemplateHttps = createRestTemplateForHttps();
+      } catch (IOException | UnrecoverableKeyException | KeyManagementException | CertificateException
+              | NoSuchAlgorithmException | KeyStoreException ex) {
+        log.error("Caught exception when trying to create restTemplateHttps: {}", ex.getMessage());
+      }
+  }
+
+  private RestTemplate createRestTemplateForHttps() throws IOException, UnrecoverableKeyException, CertificateException,
+              NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+      InputStream inputStream = RestAdapterImpl.class.getClassLoader().getResourceAsStream(PROPERTIES_FILE);
+      if (inputStream == null) {
+          throw new FileNotFoundException("properties file not found in classpath");
+      } else {
+          Properties properties = new Properties();
+          properties.load(inputStream);
+          final String keystorePassword = properties.getProperty("key-store-password");
+          SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
+                  SSLContexts.custom()
+                             .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")),
+                                     keystorePassword.toCharArray(), keystorePassword.toCharArray())
+                             .loadTrustMaterial(null, new TrustSelfSignedStrategy())
+                             .build(),
+                  NoopHostnameVerifier.INSTANCE);
+          HttpClient client = HttpClients.custom().setSSLSocketFactory(scsf).build();
+          HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+          requestFactory.setHttpClient(client);
+          inputStream.close();
+          return new RestTemplate(requestFactory);
+      }
   }
 
   private HttpEntity<?> getHttpEntity(final Object object) {
@@ -69,6 +125,19 @@
   @SuppressWarnings("unchecked")
   private <T> ResponseEntity<T> invokeHttpRequest(String uri, HttpMethod httpMethod, Class<?> clazz,
       HttpEntity<?> entity) {
-    return (ResponseEntity<T>) restTemplate.exchange(uri, httpMethod, entity, clazz);
+    try {
+        URL url = new URL(uri);
+        if (url.getProtocol().equals("https")) {
+            return (ResponseEntity<T>) restTemplateHttps.exchange(uri, httpMethod, entity, clazz);
+        } else if (url.getProtocol().equals("http")) {
+            return (ResponseEntity<T>) restTemplateHttp.exchange(uri, httpMethod, entity, clazz);
+        } else {
+            log.error("Invalid protocol in URL");
+            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+        }
+    } catch (MalformedURLException ex) {
+        log.error("URL is not valid, exception: {}", ex.getMessage());
+        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+    }
   }
-}
+}
\ No newline at end of file

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
new file mode 100644
index 0000000..6a066a6
--- /dev/null
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties

@@ -0,0 +1,20 @@
+# ========================LICENSE_START=================================
+# O-RAN-SC
+# %%
+# Copyright (C) 2020 Nordix Foundation
+# %%
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ========================LICENSE_END===================================
+
+key-store-password = sdnc-a1-controller
+key-store = /etc/ssl/certs/java/keystore.jks
\ No newline at end of file