Support disabling host verification in naming service

As a workaround for an issue found in processing SAN certificates, allow for hostname verification to be diabled by setting the environment variable DISABLE_HOST_VERIFICATION=true. By default, host name verification remains enabled ... it must be explicitly disabled for this environment variable setting. Issue-ID: CCSDK-3501 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I0e3260cc5b8640814dd2f092aee20bca183dc34b
author: Dan Timoney <dtimoney@att.com> 2021-10-25 08:42:33 -0400
committer: Dan Timoney <dtimoney@att.com> 2021-10-25 08:43:16 -0400
commit: d042a3e7d532e1fd46c6d6248ab824aab9376a0f (patch)
tree: 9af569613564edf3ae3aa7cc55ed5da0fd4314f3 /ms/neng
parent: a04860a403ea83012a07d7b0e86dd23e9a935e0f (diff)
9 files changed, 53 insertions, 6 deletions
diff --git a/ms/neng/opt/etc/config/application-dbless.properties b/ms/neng/opt/etc/config/application-dbless.properties
index 3ac94d18..cafb33ac 100644
--- a/ms/neng/opt/etc/config/application-dbless.properties
+++ b/ms/neng/opt/etc/config/application-dbless.properties
@@ -35,6 +35,7 @@ policymgr.basicAuth=Basic TBD
 policymgr.url=https://TBD/pdp/api/getConfig
 policymgr.environment=TEST
 policymgr.ecompRequestId=xx
+policymgr.disableHostVerification=${DISABLE_HOST_VERIFICATION}
 
 aai.certPassword=TBD
 aai.cert=opt/aai/keystore/TBD
diff --git a/ms/neng/opt/etc/config/application-live.properties b/ms/neng/opt/etc/config/application-live.properties
index 7b919afb..16bfd868 100644
--- a/ms/neng/opt/etc/config/application-live.properties
+++ b/ms/neng/opt/etc/config/application-live.properties
@@ -35,6 +35,7 @@ policymgr.basicAuth=Basic ${pol_basic_auth}
 policymgr.url=${pol_url}
 policymgr.environment=${pol_env}
 policymgr.ecompRequestId=${pol_req_id}
+policymgr.disableHostVerification=${DISABLE_HOST_VERIFICATION}
  
 #Interface with A&AI
 aai.certPassword=${aai_cert_pass}
diff --git a/ms/neng/opt/etc/config/application-standalone.properties b/ms/neng/opt/etc/config/application-standalone.properties
index 07ad0ee2..cef8b317 100644
--- a/ms/neng/opt/etc/config/application-standalone.properties
+++ b/ms/neng/opt/etc/config/application-standalone.properties
@@ -36,6 +36,8 @@ policymgr.basicAuth=Basic TBD
 policymgr.url=${policymgr_url}
 policymgr.environment=TEST
 policymgr.ecompRequestId=xx
+policymgr.disableHostVerification=${DISABLE_HOST_VERIFICATION}
+
 
 aai.certPassword=${aai_cert_pass}
 aai.cert=opt/aai/keystore/TBD
diff --git a/ms/neng/pom.xml b/ms/neng/pom.xml
index 9dca2df2..effb5f8f 100644
--- a/ms/neng/pom.xml
+++ b/ms/neng/pom.xml
@@ -41,13 +41,13 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <sdk.java.rest>6.2.0.11</sdk.java.rest>
         <serviceArtifactName>ms-networkelementnamegen</serviceArtifactName>
-        <ccsdk.distribution.version>0.2.4</ccsdk.distribution.version>
+        <ccsdk.distribution.version>1.2.2</ccsdk.distribution.version>
         <docker.buildArg.https_proxy>${https_proxy}</docker.buildArg.https_proxy>
         <docker.push.phase>deploy</docker.push.phase>
         <docker.verbose>true</docker.verbose>
         <ccsdk.project.version>${project.version}</ccsdk.project.version>
         <base.image.name>onap/ccsdk-alpine-j11-image</base.image.name>
-        <base.image.version>1.1.1</base.image.version>
+        <base.image.version>1.2.2</base.image.version>
         <image.name>onap/ccsdk-apps-ms-neng</image.name>
         <timestamp>${maven.build.timestamp}</timestamp>
         <maven.build.timestamp.format>yyyyMMddHHmmss</maven.build.timestamp.format>    
diff --git a/ms/neng/src/main/compose/docker-compose.yaml b/ms/neng/src/main/compose/docker-compose.yaml
index 09c588a0..2a9f373c 100644
--- a/ms/neng/src/main/compose/docker-compose.yaml
+++ b/ms/neng/src/main/compose/docker-compose.yaml
@@ -30,4 +30,17 @@ services:
        NENG_DB_URL: "jdbc:mysql://mariadb-galera:3306/neng"
        NENG_DB_USER: "${NENG_DB_USER}"
        NENG_DB_PASS: "${NENG_DB_PASS}"
+       POL_CLIENT_AUTH: "${POL_CLIENT_AUTH}"
+       POL_BASIC_AUTH_USER: "${POL_BASIC_AUTH_USER}"
+       POL_BASIC_AUTH_PASSWORD: "${POL_BASIC_AUTH_PASSWORD}"
+       POL_URL: "${POL_URL}"
+       POL_ENV: "${POL_ENV}"
+       POL_REQ_ID: "${POL_REQ_ID}"
+       AAI_CERT_PASS: "${AAI_CERT_PASS}"
+       AAI_CERT_PATH: "${AAI_CERT_PATH}"
+       AAI_URI: "${AAI_URI}"
+       AAI_AUTH: "${AAI_AUTH}"
+       DISABLE_HOST_VERIFICATION: "${DISABLE_HOST_VERIFICATION:-false}"
+
+
 
diff --git a/ms/neng/src/main/compose/env b/ms/neng/src/main/compose/env
new file mode 100644
index 00000000..94c73841
--- /dev/null
+++ b/ms/neng/src/main/compose/env
@@ -0,0 +1,18 @@
+export NENG_DB_PORT=13306
+export NENG_DB_USER=neng
+export NENG_DB_ROOT=itsASecret
+export NENG_DB_PASSWORD=neng1234
+export NENG_DB_PASS=neng1234
+export NENG_SERV_PORT=16606
+export POL_CLIENT_AUTH="cHl0aG9uOnRlc3Q="
+export POL_BASIC_AUTH_USER=healthcheck
+export POL_BASIC_AUTH_PASSWORD="zb!XztG34"
+export POL_URL="https://policy-xacml-pdp:6969/policy/pdpx/v1/decision"
+export POL_ENV=TEST
+export POL_REQ_ID=xx
+export AAI_CERT_PASS=changeit
+export AAI_CERT_PATH=/opt/etc/config/aai_keystore
+export AAI_URI=https://aai:8443/aai/v14/
+export AAI_AUTH="QUFJOkFBSQ=="
+
+
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java
index e84d5b69..56a6da2c 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java
@@ -35,6 +35,7 @@ public class PolicyManagerProps {
     String version;
     String environment;
     String ecompRequestId;
+    Boolean disableHostVerification = Boolean.FALSE;
 
     /**
      * Property passed to policy manager in the ClientAuth header.
@@ -54,6 +55,7 @@ public class PolicyManagerProps {
         return basicAuth;
     }
 
+
     public void setBasicAuth(String basicAuth) {
         this.basicAuth = basicAuth;
     }
@@ -102,4 +104,14 @@ public class PolicyManagerProps {
         this.version = version;
     }
 
+    /**
+     * Disable host name verification
+     */
+    public Boolean getDisableHostVerification() {
+        return disableHostVerification;
+    }
+
+    public void setDisableHostVerification(Boolean disableHostVerification) {
+        this.disableHostVerification = disableHostVerification;
+    }
 }
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java
index 33510332..6ae3c204 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java
@@ -141,7 +141,7 @@ public class PolicyFinderServiceImpl implements PolicyFinder {
         RequestEntity<T> re = RequestEntity.post(new URI(policManProps.getUrl()))
                         .accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).body(request);
         try {
-            ResponseEntity<Object> resp = getRestTemplate().exchange(re, Object.class);
+            ResponseEntity<Object> resp = getRestTemplate(policManProps.getDisableHostVerification()).exchange(re, Object.class);
             if (HttpStatus.OK.equals(resp.getStatusCode())) {
                 ObjectMapper objectmapper = new ObjectMapper();
                 String bodyStr = objectmapper.writeValueAsString(resp.getBody());
@@ -227,14 +227,14 @@ public class PolicyFinderServiceImpl implements PolicyFinder {
         }
     }
 
-    RestTemplate getRestTemplate() throws Exception {
+    RestTemplate getRestTemplate(Boolean disableHostVerification) throws Exception {
         if (restTemplate != null) {
             return restTemplate;
         }
         TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
         SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                         .loadTrustMaterial(null, acceptingTrustStrategy).build();
-        HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier();
+        HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier(disableHostVerification);
         SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, verifier);
         CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
         HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
diff --git a/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java b/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java
index 7ce03cc5..e31c0987 100644
--- a/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java
+++ b/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java
@@ -130,7 +130,7 @@ public class PolicyFinderServiceImplTest {
 
         assertNotNull(service.getPolicyMgrRestTempBuilder());
         assertNotNull(service.getAuthInt());
-        assertNotNull(service.getRestTemplate());
+        assertNotNull(service.getRestTemplate(Boolean.FALSE));
     }
 
     @Test
author	Dan Timoney <dtimoney@att.com>	2021-10-25 08:42:33 -0400
committer	Dan Timoney <dtimoney@att.com>	2021-10-25 08:43:16 -0400
commit	d042a3e7d532e1fd46c6d6248ab824aab9376a0f (patch)
tree	9af569613564edf3ae3aa7cc55ed5da0fd4314f3 /ms/neng
parent	a04860a403ea83012a07d7b0e86dd23e9a935e0f (diff)