sxp-integration/groupbasedpolicy-ise-adapter/src/main/java/org/opendaylight/groupbasedpolicy/gbp_ise_adapter/impl/util/RestClientFactory.java

   1 /*
   2  * Copyright (c) 2016 Cisco Systems, Inc. and others.  All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.groupbasedpolicy.gbp_ise_adapter.impl.util;
  10
  11 import com.sun.jersey.api.client.Client;
  12 import com.sun.jersey.api.client.config.ClientConfig;
  13 import com.sun.jersey.api.client.config.DefaultClientConfig;
  14 import com.sun.jersey.client.urlconnection.HTTPSProperties;
  15 import java.security.GeneralSecurityException;
  16 import java.security.KeyManagementException;
  17 import java.security.NoSuchAlgorithmException;
  18 import javax.net.ssl.SSLContext;
  19 import javax.net.ssl.TrustManager;
  20 import org.apache.commons.net.util.TrustManagerUtils;
  21 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.controller.config.groupbasedpolicy.gbp.ise.adapter.model.rev160630.gbp.ise.adapter.ise.harvest.config.ConnectionConfig;
  22
  23 /**
  24  * Purpose: setup ise-ready jersey {@link Client}
  25  */
  26 public class RestClientFactory {
  27
  28     private RestClientFactory() {
  29         throw new IllegalAccessError("factory class - no instances supported");
  30     }
  31
  32     /**
  33      * @param connectionConfig config provided
  34      * @return initiated jersey client - ready to talk to ise
  35      *
  36      * @throws GeneralSecurityException in case when insecure certificate hack fails
  37      */
  38     public static Client createIseClient(final ConnectionConfig connectionConfig) throws GeneralSecurityException {
  39         final DefaultClientConfig clientConfig = new DefaultClientConfig();
  40         clientConfig.getProperties()
  41                 .put(ClientConfig.PROPERTY_CONNECT_TIMEOUT, connectionConfig.getConnectionTimeout());
  42         clientConfig.getProperties()
  43                 .put(ClientConfig.PROPERTY_READ_TIMEOUT, connectionConfig.getReadTimeout());
  44
  45         hackInsecureCertificate(clientConfig);
  46         return Client.create(clientConfig);
  47     }
  48
  49     private static void hackInsecureCertificate(final ClientConfig clientConfigArg)
  50             throws NoSuchAlgorithmException, KeyManagementException {
  51         final TrustManager[] trustAllCerts = new TrustManager[]{TrustManagerUtils.getAcceptAllTrustManager()};
  52
  53         SSLContext sslContext = SSLContext.getInstance("SSL");
  54         sslContext.init(null, trustAllCerts, null);
  55
  56         clientConfigArg.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(
  57                 (s, sslSession) -> true,
  58                 sslContext
  59         ));
  60     }
  61 }