diff options
author | Dan Timoney <dtimoney@att.com> | 2019-09-18 17:24:34 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-09-18 17:24:34 +0000 |
commit | e68e4afc65fe0b94515011d16d02c60dd92809b8 (patch) | |
tree | 905361ad8c1679b33ff38b628332b742655e18e8 | |
parent | a1f447c4398bf6edb1742a39193f1ac1d8925c7b (diff) | |
parent | e275dc8ea2986f582b3a4aea65c8ca8c0d9f05f3 (diff) |
Merge "SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, when doing SSL negotiation."
2 files changed, 10 insertions, 3 deletions
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt index 68672f227..1e6e23b86 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt @@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() { lateinit var keyStoreInstance: String // JKS, PKCS12 lateinit var sslTrust: String lateinit var sslTrustPassword: String + var sslTrustIgnoreHostname: Boolean = false var sslKey: String? = null var sslKeyPassword: String? = null } diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt index 2acf776ca..0ef1757e2 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt @@ -32,6 +32,7 @@ import java.io.File import java.io.FileInputStream import java.security.KeyStore import java.security.cert.X509Certificate +import org.apache.http.conn.ssl.NoopHostnameVerifier class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) : BlueprintWebClientService { @@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper val sslKeyPwd = restClientProperties.sslKeyPassword val sslTrust = restClientProperties.sslTrust val sslTrustPwd = restClientProperties.sslTrustPassword + val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String -> true @@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper } } - sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), - acceptingTrustStrategy) - val csf = SSLConnectionSocketFactory(sslContext.build()) + sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy) + var csf : SSLConnectionSocketFactory + if (sslTrustIgnoreHostname) { + csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier()) + } else { + csf = SSLConnectionSocketFactory(sslContext.build()) + } return HttpClients.custom() .addInterceptorFirst(WebClientUtils.logRequest()) .addInterceptorLast(WebClientUtils.logResponse()) |