diff options
| author |   Dan Timoney <dtimoney@att.com> | 2019-09-18 18:05:08 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2019-09-18 18:05:08 +0000 |
| commit | a0f6c9c1fd5add3df3f0dc17ec1237d1e7bf6ff6 (patch) | |
| tree | adfc911d5a776f531346707f57c4094b144c2be5 | |
| parent | 30de50df362e9c8147383de11c8fce22f9627091 (diff) | |
| parent | a7a177685f6a625d772cf033f19ccc74bca176ef (diff) | |
Merge "SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, when doing SSL negotiation." into elalto
2 files changed, 10 insertions, 3 deletions
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt index 68672f227..1e6e23b86 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt @@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() { lateinit var keyStoreInstance: String // JKS, PKCS12 lateinit var sslTrust: String lateinit var sslTrustPassword: String + var sslTrustIgnoreHostname: Boolean = false var sslKey: String? = null var sslKeyPassword: String? = null } diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt index 2acf776ca..0ef1757e2 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt @@ -32,6 +32,7 @@ import java.io.File import java.io.FileInputStream import java.security.KeyStore import java.security.cert.X509Certificate +import org.apache.http.conn.ssl.NoopHostnameVerifier class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) : BlueprintWebClientService { @@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper val sslKeyPwd = restClientProperties.sslKeyPassword val sslTrust = restClientProperties.sslTrust val sslTrustPwd = restClientProperties.sslTrustPassword + val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String -> true @@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper } } - sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), - acceptingTrustStrategy) - val csf = SSLConnectionSocketFactory(sslContext.build()) + sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy) + var csf : SSLConnectionSocketFactory + if (sslTrustIgnoreHostname) { + csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier()) + } else { + csf = SSLConnectionSocketFactory(sslContext.build()) + } return HttpClients.custom() .addInterceptorFirst(WebClientUtils.logRequest()) .addInterceptorLast(WebClientUtils.logResponse()) |