diff options
author | Dan Timoney <dtimoney@att.com> | 2021-10-25 08:42:33 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2021-10-25 08:43:16 -0400 |
commit | d042a3e7d532e1fd46c6d6248ab824aab9376a0f (patch) | |
tree | 9af569613564edf3ae3aa7cc55ed5da0fd4314f3 /ms/neng/src/main | |
parent | a04860a403ea83012a07d7b0e86dd23e9a935e0f (diff) |
Support disabling host verification in naming service
As a workaround for an issue found in processing SAN certificates,
allow for hostname verification to be diabled by setting the
environment variable DISABLE_HOST_VERIFICATION=true. By default,
host name verification remains enabled ... it must be explicitly
disabled for this environment variable setting.
Issue-ID: CCSDK-3501
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I0e3260cc5b8640814dd2f092aee20bca183dc34b
Diffstat (limited to 'ms/neng/src/main')
4 files changed, 46 insertions, 3 deletions
diff --git a/ms/neng/src/main/compose/docker-compose.yaml b/ms/neng/src/main/compose/docker-compose.yaml index 09c588a0..2a9f373c 100644 --- a/ms/neng/src/main/compose/docker-compose.yaml +++ b/ms/neng/src/main/compose/docker-compose.yaml @@ -30,4 +30,17 @@ services: NENG_DB_URL: "jdbc:mysql://mariadb-galera:3306/neng" NENG_DB_USER: "${NENG_DB_USER}" NENG_DB_PASS: "${NENG_DB_PASS}" + POL_CLIENT_AUTH: "${POL_CLIENT_AUTH}" + POL_BASIC_AUTH_USER: "${POL_BASIC_AUTH_USER}" + POL_BASIC_AUTH_PASSWORD: "${POL_BASIC_AUTH_PASSWORD}" + POL_URL: "${POL_URL}" + POL_ENV: "${POL_ENV}" + POL_REQ_ID: "${POL_REQ_ID}" + AAI_CERT_PASS: "${AAI_CERT_PASS}" + AAI_CERT_PATH: "${AAI_CERT_PATH}" + AAI_URI: "${AAI_URI}" + AAI_AUTH: "${AAI_AUTH}" + DISABLE_HOST_VERIFICATION: "${DISABLE_HOST_VERIFICATION:-false}" + + diff --git a/ms/neng/src/main/compose/env b/ms/neng/src/main/compose/env new file mode 100644 index 00000000..94c73841 --- /dev/null +++ b/ms/neng/src/main/compose/env @@ -0,0 +1,18 @@ +export NENG_DB_PORT=13306 +export NENG_DB_USER=neng +export NENG_DB_ROOT=itsASecret +export NENG_DB_PASSWORD=neng1234 +export NENG_DB_PASS=neng1234 +export NENG_SERV_PORT=16606 +export POL_CLIENT_AUTH="cHl0aG9uOnRlc3Q=" +export POL_BASIC_AUTH_USER=healthcheck +export POL_BASIC_AUTH_PASSWORD="zb!XztG34" +export POL_URL="https://policy-xacml-pdp:6969/policy/pdpx/v1/decision" +export POL_ENV=TEST +export POL_REQ_ID=xx +export AAI_CERT_PASS=changeit +export AAI_CERT_PATH=/opt/etc/config/aai_keystore +export AAI_URI=https://aai:8443/aai/v14/ +export AAI_AUTH="QUFJOkFBSQ==" + + diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java index e84d5b69..56a6da2c 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java @@ -35,6 +35,7 @@ public class PolicyManagerProps { String version; String environment; String ecompRequestId; + Boolean disableHostVerification = Boolean.FALSE; /** * Property passed to policy manager in the ClientAuth header. @@ -54,6 +55,7 @@ public class PolicyManagerProps { return basicAuth; } + public void setBasicAuth(String basicAuth) { this.basicAuth = basicAuth; } @@ -102,4 +104,14 @@ public class PolicyManagerProps { this.version = version; } + /** + * Disable host name verification + */ + public Boolean getDisableHostVerification() { + return disableHostVerification; + } + + public void setDisableHostVerification(Boolean disableHostVerification) { + this.disableHostVerification = disableHostVerification; + } } diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java index 33510332..6ae3c204 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java @@ -141,7 +141,7 @@ public class PolicyFinderServiceImpl implements PolicyFinder { RequestEntity<T> re = RequestEntity.post(new URI(policManProps.getUrl())) .accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).body(request); try { - ResponseEntity<Object> resp = getRestTemplate().exchange(re, Object.class); + ResponseEntity<Object> resp = getRestTemplate(policManProps.getDisableHostVerification()).exchange(re, Object.class); if (HttpStatus.OK.equals(resp.getStatusCode())) { ObjectMapper objectmapper = new ObjectMapper(); String bodyStr = objectmapper.writeValueAsString(resp.getBody()); @@ -227,14 +227,14 @@ public class PolicyFinderServiceImpl implements PolicyFinder { } } - RestTemplate getRestTemplate() throws Exception { + RestTemplate getRestTemplate(Boolean disableHostVerification) throws Exception { if (restTemplate != null) { return restTemplate; } TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true; SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom() .loadTrustMaterial(null, acceptingTrustStrategy).build(); - HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier(); + HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier(disableHostVerification); SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, verifier); CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); |