diff options
author | Dan Timoney <dtimoney@att.com> | 2021-10-25 08:42:33 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2021-10-25 08:43:16 -0400 |
commit | d042a3e7d532e1fd46c6d6248ab824aab9376a0f (patch) | |
tree | 9af569613564edf3ae3aa7cc55ed5da0fd4314f3 /ms | |
parent | a04860a403ea83012a07d7b0e86dd23e9a935e0f (diff) |
Support disabling host verification in naming service
As a workaround for an issue found in processing SAN certificates,
allow for hostname verification to be diabled by setting the
environment variable DISABLE_HOST_VERIFICATION=true. By default,
host name verification remains enabled ... it must be explicitly
disabled for this environment variable setting.
Issue-ID: CCSDK-3501
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I0e3260cc5b8640814dd2f092aee20bca183dc34b
Diffstat (limited to 'ms')
10 files changed, 55 insertions, 8 deletions
diff --git a/ms/neng/opt/etc/config/application-dbless.properties b/ms/neng/opt/etc/config/application-dbless.properties index 3ac94d18..cafb33ac 100644 --- a/ms/neng/opt/etc/config/application-dbless.properties +++ b/ms/neng/opt/etc/config/application-dbless.properties @@ -35,6 +35,7 @@ policymgr.basicAuth=Basic TBD policymgr.url=https://TBD/pdp/api/getConfig policymgr.environment=TEST policymgr.ecompRequestId=xx +policymgr.disableHostVerification=${DISABLE_HOST_VERIFICATION} aai.certPassword=TBD aai.cert=opt/aai/keystore/TBD diff --git a/ms/neng/opt/etc/config/application-live.properties b/ms/neng/opt/etc/config/application-live.properties index 7b919afb..16bfd868 100644 --- a/ms/neng/opt/etc/config/application-live.properties +++ b/ms/neng/opt/etc/config/application-live.properties @@ -35,6 +35,7 @@ policymgr.basicAuth=Basic ${pol_basic_auth} policymgr.url=${pol_url} policymgr.environment=${pol_env} policymgr.ecompRequestId=${pol_req_id} +policymgr.disableHostVerification=${DISABLE_HOST_VERIFICATION} #Interface with A&AI aai.certPassword=${aai_cert_pass} diff --git a/ms/neng/opt/etc/config/application-standalone.properties b/ms/neng/opt/etc/config/application-standalone.properties index 07ad0ee2..cef8b317 100644 --- a/ms/neng/opt/etc/config/application-standalone.properties +++ b/ms/neng/opt/etc/config/application-standalone.properties @@ -36,6 +36,8 @@ policymgr.basicAuth=Basic TBD policymgr.url=${policymgr_url} policymgr.environment=TEST policymgr.ecompRequestId=xx +policymgr.disableHostVerification=${DISABLE_HOST_VERIFICATION} + aai.certPassword=${aai_cert_pass} aai.cert=opt/aai/keystore/TBD diff --git a/ms/neng/pom.xml b/ms/neng/pom.xml index 9dca2df2..effb5f8f 100644 --- a/ms/neng/pom.xml +++ b/ms/neng/pom.xml @@ -41,13 +41,13 @@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <sdk.java.rest>6.2.0.11</sdk.java.rest> <serviceArtifactName>ms-networkelementnamegen</serviceArtifactName> - <ccsdk.distribution.version>0.2.4</ccsdk.distribution.version> + <ccsdk.distribution.version>1.2.2</ccsdk.distribution.version> <docker.buildArg.https_proxy>${https_proxy}</docker.buildArg.https_proxy> <docker.push.phase>deploy</docker.push.phase> <docker.verbose>true</docker.verbose> <ccsdk.project.version>${project.version}</ccsdk.project.version> <base.image.name>onap/ccsdk-alpine-j11-image</base.image.name> - <base.image.version>1.1.1</base.image.version> + <base.image.version>1.2.2</base.image.version> <image.name>onap/ccsdk-apps-ms-neng</image.name> <timestamp>${maven.build.timestamp}</timestamp> <maven.build.timestamp.format>yyyyMMddHHmmss</maven.build.timestamp.format> diff --git a/ms/neng/src/main/compose/docker-compose.yaml b/ms/neng/src/main/compose/docker-compose.yaml index 09c588a0..2a9f373c 100644 --- a/ms/neng/src/main/compose/docker-compose.yaml +++ b/ms/neng/src/main/compose/docker-compose.yaml @@ -30,4 +30,17 @@ services: NENG_DB_URL: "jdbc:mysql://mariadb-galera:3306/neng" NENG_DB_USER: "${NENG_DB_USER}" NENG_DB_PASS: "${NENG_DB_PASS}" + POL_CLIENT_AUTH: "${POL_CLIENT_AUTH}" + POL_BASIC_AUTH_USER: "${POL_BASIC_AUTH_USER}" + POL_BASIC_AUTH_PASSWORD: "${POL_BASIC_AUTH_PASSWORD}" + POL_URL: "${POL_URL}" + POL_ENV: "${POL_ENV}" + POL_REQ_ID: "${POL_REQ_ID}" + AAI_CERT_PASS: "${AAI_CERT_PASS}" + AAI_CERT_PATH: "${AAI_CERT_PATH}" + AAI_URI: "${AAI_URI}" + AAI_AUTH: "${AAI_AUTH}" + DISABLE_HOST_VERIFICATION: "${DISABLE_HOST_VERIFICATION:-false}" + + diff --git a/ms/neng/src/main/compose/env b/ms/neng/src/main/compose/env new file mode 100644 index 00000000..94c73841 --- /dev/null +++ b/ms/neng/src/main/compose/env @@ -0,0 +1,18 @@ +export NENG_DB_PORT=13306 +export NENG_DB_USER=neng +export NENG_DB_ROOT=itsASecret +export NENG_DB_PASSWORD=neng1234 +export NENG_DB_PASS=neng1234 +export NENG_SERV_PORT=16606 +export POL_CLIENT_AUTH="cHl0aG9uOnRlc3Q=" +export POL_BASIC_AUTH_USER=healthcheck +export POL_BASIC_AUTH_PASSWORD="zb!XztG34" +export POL_URL="https://policy-xacml-pdp:6969/policy/pdpx/v1/decision" +export POL_ENV=TEST +export POL_REQ_ID=xx +export AAI_CERT_PASS=changeit +export AAI_CERT_PATH=/opt/etc/config/aai_keystore +export AAI_URI=https://aai:8443/aai/v14/ +export AAI_AUTH="QUFJOkFBSQ==" + + diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java index e84d5b69..56a6da2c 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/PolicyManagerProps.java @@ -35,6 +35,7 @@ public class PolicyManagerProps { String version; String environment; String ecompRequestId; + Boolean disableHostVerification = Boolean.FALSE; /** * Property passed to policy manager in the ClientAuth header. @@ -54,6 +55,7 @@ public class PolicyManagerProps { return basicAuth; } + public void setBasicAuth(String basicAuth) { this.basicAuth = basicAuth; } @@ -102,4 +104,14 @@ public class PolicyManagerProps { this.version = version; } + /** + * Disable host name verification + */ + public Boolean getDisableHostVerification() { + return disableHostVerification; + } + + public void setDisableHostVerification(Boolean disableHostVerification) { + this.disableHostVerification = disableHostVerification; + } } diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java index 33510332..6ae3c204 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImpl.java @@ -141,7 +141,7 @@ public class PolicyFinderServiceImpl implements PolicyFinder { RequestEntity<T> re = RequestEntity.post(new URI(policManProps.getUrl())) .accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).body(request); try { - ResponseEntity<Object> resp = getRestTemplate().exchange(re, Object.class); + ResponseEntity<Object> resp = getRestTemplate(policManProps.getDisableHostVerification()).exchange(re, Object.class); if (HttpStatus.OK.equals(resp.getStatusCode())) { ObjectMapper objectmapper = new ObjectMapper(); String bodyStr = objectmapper.writeValueAsString(resp.getBody()); @@ -227,14 +227,14 @@ public class PolicyFinderServiceImpl implements PolicyFinder { } } - RestTemplate getRestTemplate() throws Exception { + RestTemplate getRestTemplate(Boolean disableHostVerification) throws Exception { if (restTemplate != null) { return restTemplate; } TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true; SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom() .loadTrustMaterial(null, acceptingTrustStrategy).build(); - HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier(); + HostnameVerifier verifier = new AcceptIpAddressHostNameVerifier(disableHostVerification); SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, verifier); CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); diff --git a/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java b/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java index 7ce03cc5..e31c0987 100644 --- a/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java +++ b/ms/neng/src/test/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/PolicyFinderServiceImplTest.java @@ -130,7 +130,7 @@ public class PolicyFinderServiceImplTest { assertNotNull(service.getPolicyMgrRestTempBuilder()); assertNotNull(service.getAuthInt()); - assertNotNull(service.getRestTemplate()); + assertNotNull(service.getRestTemplate(Boolean.FALSE)); } @Test diff --git a/ms/sliboot/pom.xml b/ms/sliboot/pom.xml index d2863e61..6eed66e4 100644 --- a/ms/sliboot/pom.xml +++ b/ms/sliboot/pom.xml @@ -20,10 +20,10 @@ <start-class>org.onap.ccsdk.apps.ms.sliboot.SlibootApp</start-class> <aaf.cadi.version>2.1.21</aaf.cadi.version> <base.image.name>onap/ccsdk-alpine-j11-image</base.image.name> - <base.image.version>1.1.1</base.image.version> + <base.image.version>1.2.2</base.image.version> <image.name>onap/ccsdk-sliboot-alpine-image</image.name> <ccsdk.project.version>${project.version}</ccsdk.project.version> - <ccsdk.distribution.version>1.1.0</ccsdk.distribution.version> + <ccsdk.distribution.version>1.2.2</ccsdk.distribution.version> <ccsdk.build.timestamp>${maven.build.timestamp}</ccsdk.build.timestamp> <maven.build.timestamp.format>yyyyMMdd'T'HHmmss'Z'</maven.build.timestamp.format> <ccsdk.sliboot.jar>${project.artifactId}-${project.version}-exec.jar</ccsdk.sliboot.jar> |