diff options
author | renealr <reneal.rogers@amdocs.com> | 2018-11-12 12:23:28 -0500 |
---|---|---|
committer | renealr <reneal.rogers@amdocs.com> | 2018-11-12 12:24:40 -0500 |
commit | ef858ed661134e651082675c091db056f8add98d (patch) | |
tree | 9220866bd9ee06b5382bdbfe96c4f3d8452f5fad | |
parent | e7be95cd0a245e6b7a7cb520c1a3f94b5604b964 (diff) |
remove ability to disable cert chain validation
Remove the ability to disbale certificate chain validation
Issue-ID: AAI-1908
Change-Id: I5803cec657594bfbc814be1e0122a67206d28cc4
Signed-off-by: renealr <reneal.rogers@amdocs.com>
3 files changed, 7 insertions, 37 deletions
diff --git a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java index 310a059..26c5fdf 100644 --- a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java +++ b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java @@ -201,28 +201,12 @@ public class RestClientBuilder { // Check to see if we need to perform proper validation of
// the certificate chains.
TrustManager[] trustAllCerts = null;
- if (validateServerCertChain) {
if (truststoreFilename != null) {
System.setProperty(TRUST_STORE_PROPERTY, truststoreFilename);
} else {
throw new IllegalArgumentException("Trust store filename must be set!");
}
- } else {
-
- // We aren't validating certificates, so create a trust manager that does
- // not validate certificate chains.
- trustAllCerts = new TrustManager[] {new X509TrustManager() {
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(X509Certificate[] certs, String authType) {}
-
- public void checkServerTrusted(X509Certificate[] certs, String authType) {}
- }};
- }
-
// Set up the SSL context, keystore, etc. to use for our connection
// to the AAI.
SSLContext ctx = SSLContext.getInstance(sslProtocol);
diff --git a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java index e2a728d..5eb7f1f 100644 --- a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java +++ b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java @@ -342,6 +342,7 @@ public class RestfulClientTest { public void testGetClient() throws Exception { RestClientBuilder restClientBuilder= new RestClientBuilder(); restClientBuilder.setAuthenticationMode(RestAuthenticationMode.SSL_BASIC); + restClientBuilder.setTruststoreFilename("truststore"); assertTrue(restClientBuilder.getClient() instanceof Client); } diff --git a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java index 5e7d8c1..7155f9a 100644 --- a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java +++ b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java @@ -141,6 +141,7 @@ public class RestClientBuilderTest { restClientBuilder.setReadTimeoutInMs(54321);
restClientBuilder.setBasicAuthUsername("username");
restClientBuilder.setBasicAuthPassword("password");
+ restClientBuilder.setTruststoreFilename("truststore");
Client client = restClientBuilder.getClient();
@@ -155,7 +156,7 @@ public class RestClientBuilderTest { }
- @Test
+ @Test (expected=IllegalArgumentException.class)
public void validateSslCertClient_noHostOrCertChainValidation() throws Exception {
RestClientBuilder restClientBuilder = new RestClientBuilder();
@@ -166,18 +167,10 @@ public class RestClientBuilderTest { restClientBuilder.setValidateServerCertChain(false);
restClientBuilder.setValidateServerHostname(false);
- Client client = restClientBuilder.getClient();
-
- Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES);
- HTTPSProperties sslProps = null;
- if ( sslPropertiesObj instanceof HTTPSProperties ) {
- sslProps = (HTTPSProperties)sslPropertiesObj;
- assertNotNull(sslProps.getHostnameVerifier());
- } else {
- fail("Unexpected value for https properties object");
- } }
+ Client client = restClientBuilder.getClient();
+ }
- @Test
+ @Test (expected=IllegalArgumentException.class)
public void validateSslCertClient_hostOnlyValidation() throws Exception {
RestClientBuilder restClientBuilder = new RestClientBuilder();
@@ -190,15 +183,7 @@ public class RestClientBuilderTest { Client client = restClientBuilder.getClient();
- Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES);
- HTTPSProperties sslProps = null;
- if ( sslPropertiesObj instanceof HTTPSProperties ) {
- sslProps = (HTTPSProperties)sslPropertiesObj;
- assertNull(sslProps.getHostnameVerifier());
- } else {
- fail("Unexpected value for https properties object");
- }
- }
+ }
@Test
public void validateSslCertClient_certChainOnlyValidation() throws Exception {
|