aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrenealr <reneal.rogers@amdocs.com>2018-11-12 12:23:28 -0500
committerrenealr <reneal.rogers@amdocs.com>2018-11-12 12:24:40 -0500
commitef858ed661134e651082675c091db056f8add98d (patch)
tree9220866bd9ee06b5382bdbfe96c4f3d8452f5fad
parente7be95cd0a245e6b7a7cb520c1a3f94b5604b964 (diff)
remove ability to disable cert chain validation
Remove the ability to disbale certificate chain validation Issue-ID: AAI-1908 Change-Id: I5803cec657594bfbc814be1e0122a67206d28cc4 Signed-off-by: renealr <reneal.rogers@amdocs.com>
Diffstat
-rw-r--r--src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java16
-rw-r--r--src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java1
-rw-r--r--src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java27
3 files changed, 7 insertions, 37 deletions
diff --git a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java
index 310a059..26c5fdf 100644
--- a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java
+++ b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java
@@ -201,28 +201,12 @@ public class RestClientBuilder {
// Check to see if we need to perform proper validation of
// the certificate chains.
TrustManager[] trustAllCerts = null;
- if (validateServerCertChain) {
if (truststoreFilename != null) {
System.setProperty(TRUST_STORE_PROPERTY, truststoreFilename);
} else {
throw new IllegalArgumentException("Trust store filename must be set!");
}
- } else {
-
- // We aren't validating certificates, so create a trust manager that does
- // not validate certificate chains.
- trustAllCerts = new TrustManager[] {new X509TrustManager() {
- public X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(X509Certificate[] certs, String authType) {}
-
- public void checkServerTrusted(X509Certificate[] certs, String authType) {}
- }};
- }
-
// Set up the SSL context, keystore, etc. to use for our connection
// to the AAI.
SSLContext ctx = SSLContext.getInstance(sslProtocol);
diff --git a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java
index e2a728d..5eb7f1f 100644
--- a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java
+++ b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java
@@ -342,6 +342,7 @@ public class RestfulClientTest {
public void testGetClient() throws Exception {
RestClientBuilder restClientBuilder= new RestClientBuilder();
restClientBuilder.setAuthenticationMode(RestAuthenticationMode.SSL_BASIC);
+ restClientBuilder.setTruststoreFilename("truststore");
assertTrue(restClientBuilder.getClient() instanceof Client);
}
diff --git a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java
index 5e7d8c1..7155f9a 100644
--- a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java
+++ b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java
@@ -141,6 +141,7 @@ public class RestClientBuilderTest {
restClientBuilder.setReadTimeoutInMs(54321);
restClientBuilder.setBasicAuthUsername("username");
restClientBuilder.setBasicAuthPassword("password");
+ restClientBuilder.setTruststoreFilename("truststore");
Client client = restClientBuilder.getClient();
@@ -155,7 +156,7 @@ public class RestClientBuilderTest {
}
- @Test
+ @Test (expected=IllegalArgumentException.class)
public void validateSslCertClient_noHostOrCertChainValidation() throws Exception {
RestClientBuilder restClientBuilder = new RestClientBuilder();
@@ -166,18 +167,10 @@ public class RestClientBuilderTest {
restClientBuilder.setValidateServerCertChain(false);
restClientBuilder.setValidateServerHostname(false);
- Client client = restClientBuilder.getClient();
-
- Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES);
- HTTPSProperties sslProps = null;
- if ( sslPropertiesObj instanceof HTTPSProperties ) {
- sslProps = (HTTPSProperties)sslPropertiesObj;
- assertNotNull(sslProps.getHostnameVerifier());
- } else {
- fail("Unexpected value for https properties object");
- } }
+ Client client = restClientBuilder.getClient();
+ }
- @Test
+ @Test (expected=IllegalArgumentException.class)
public void validateSslCertClient_hostOnlyValidation() throws Exception {
RestClientBuilder restClientBuilder = new RestClientBuilder();
@@ -190,15 +183,7 @@ public class RestClientBuilderTest {
Client client = restClientBuilder.getClient();
- Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES);
- HTTPSProperties sslProps = null;
- if ( sslPropertiesObj instanceof HTTPSProperties ) {
- sslProps = (HTTPSProperties)sslPropertiesObj;
- assertNull(sslProps.getHostnameVerifier());
- } else {
- fail("Unexpected value for https properties object");
- }
- }
+ }
@Test
public void validateSslCertClient_certChainOnlyValidation() throws Exception {