aboutsummaryrefslogtreecommitdiffstats
path: root/ms/neng/src/main
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2021-10-25 08:42:33 -0400
committerDan Timoney <dtimoney@att.com>2021-10-25 12:44:09 +0000
commit45ae8909ab6d12df5f61f9279568bef938932298 (patch)
tree4e12fc2b5bda4cf4a9edba17da3c82e156f2f301 /ms/neng/src/main
parent558001d751194692cdfc582daf6f916df3a45df6 (diff)
Support disabling host verification in naming service1.2.1
As a workaround for an issue found in processing SAN certificates, allow for hostname verification to be diabled by setting the environment variable DISABLE_HOST_VERIFICATION=true. By default, host name verification remains enabled ... it must be explicitly disabled for this environment variable setting. Issue-ID: CCSDK-3501 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I0e3260cc5b8640814dd2f092aee20bca183dc34b
Diffstat (limited to 'ms/neng/src/main')
-rw-r--r--ms/neng/src/main/compose/docker-compose.yaml13
-rw-r--r--ms/neng/src/main/compose/env18
-rw-r--r--ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java12
-rw-r--r--ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java6
4 files changed, 46 insertions, 3 deletions
diff --git a/ms/neng/src/main/compose/docker-compose.yaml b/ms/neng/src/main/compose/docker-compose.yaml
index 09c588a0..2a9f373c 100644
--- a/ms/neng/src/main/compose/docker-compose.yaml
+++ b/ms/neng/src/main/compose/docker-compose.yaml
@@ -30,4 +30,17 @@ services:
NENG_DB_URL: "jdbc:mysql://mariadb-galera:3306/neng"
NENG_DB_USER: "${NENG_DB_USER}"
NENG_DB_PASS: "${NENG_DB_PASS}"
+ POL_CLIENT_AUTH: "${POL_CLIENT_AUTH}"
+ POL_BASIC_AUTH_USER: "${POL_BASIC_AUTH_USER}"
+ POL_BASIC_AUTH_PASSWORD: "${POL_BASIC_AUTH_PASSWORD}"
+ POL_URL: "${POL_URL}"
+ POL_ENV: "${POL_ENV}"
+ POL_REQ_ID: "${POL_REQ_ID}"
+ AAI_CERT_PASS: "${AAI_CERT_PASS}"
+ AAI_CERT_PATH: "${AAI_CERT_PATH}"
+ AAI_URI: "${AAI_URI}"
+ AAI_AUTH: "${AAI_AUTH}"
+ DISABLE_HOST_VERIFICATION: "${DISABLE_HOST_VERIFICATION:-false}"
+
+
diff --git a/ms/neng/src/main/compose/env b/ms/neng/src/main/compose/env
new file mode 100644
index 00000000..94c73841
--- /dev/null
+++ b/ms/neng/src/main/compose/env
@@ -0,0 +1,18 @@
+export NENG_DB_PORT=13306
+export NENG_DB_USER=neng
+export NENG_DB_ROOT=itsASecret
+export NENG_DB_PASSWORD=neng1234
+export NENG_DB_PASS=neng1234
+export NENG_SERV_PORT=16606
+export POL_CLIENT_AUTH="cHl0aG9uOnRlc3Q="
+export POL_BASIC_AUTH_USER=healthcheck
+export POL_BASIC_AUTH_PASSWORD="zb!XztG34"
+export POL_URL="https://policy-xacml-pdp:6969/policy/pdpx/v1/decision"
+export POL_ENV=TEST
+export POL_REQ_ID=xx
+export AAI_CERT_PASS=changeit
+export AAI_CERT_PATH=/opt/etc/config/aai_keystore
+export AAI_URI=https://aai:8443/aai/v14/
+export AAI_AUTH="QUFJOkFBSQ=="
+
+
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java
index e84d5b69..56a6da2c 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java
@@ -35,6 +35,7 @@ public class PolicyManagerProps {
String version;
String environment;
String ecompRequestId;
+ Boolean disableHostVerification = Boolean.FALSE;
/**
* Property passed to policy manager in the ClientAuth header.
@@ -54,6 +55,7 @@ public class PolicyManagerProps {
return basicAuth;
}
+
public void setBasicAuth(String basicAuth) {
this.basicAuth = basicAuth;
}
@@ -102,4 +104,14 @@ public class PolicyManagerProps {
this.version = version;
}
+ /**
+ * Disable host name verification
+ */
+ public Boolean getDisableHostVerification() {
+ return disableHostVerification;
+ }
+
+ public void setDisableHostVerification(Boolean disableHostVerification) {
+ this.disableHostVerification = disableHostVerification;
+ }
}
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java
index 33510332..6ae3c204 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java
@@ -141,7 +141,7 @@ public class PolicyFinderServiceImpl implements PolicyFinder {
RequestEntity<T> re = RequestEntity.post(new URI(policManProps.getUrl()))
.accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).body(request);
try {
- ResponseEntity<Object> resp = getRestTemplate().exchange(re, Object.class);
+ ResponseEntity<Object> resp = getRestTemplate(policManProps.getDisableHostVerification()).exchange(re, Object.class);
if (HttpStatus.OK.equals(resp.getStatusCode())) {
ObjectMapper objectmapper = new ObjectMapper();
String bodyStr = objectmapper.writeValueAsString(resp.getBody());
@@ -227,14 +227,14 @@ public class PolicyFinderServiceImpl implements PolicyFinder {
}
}
- RestTemplate getRestTemplate() throws Exception {
+ RestTemplate getRestTemplate(Boolean disableHostVerification) throws Exception {
if (restTemplate != null) {
return restTemplate;
}
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy).build();
- HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier();
+ HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier(disableHostVerification);
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, verifier);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();