summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2019-09-18 18:05:08 +0000
committerGerrit Code Review <gerrit@onap.org>2019-09-18 18:05:08 +0000
commita0f6c9c1fd5add3df3f0dc17ec1237d1e7bf6ff6 (patch)
treeadfc911d5a776f531346707f57c4094b144c2be5
parent30de50df362e9c8147383de11c8fce22f9627091 (diff)
parenta7a177685f6a625d772cf033f19ccc74bca176ef (diff)
Merge "SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, when doing SSL negotiation." into elalto
Diffstat
-rw-r--r--ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt1
-rw-r--r--ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt12
2 files changed, 10 insertions, 3 deletions
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
index 68672f227..1e6e23b86 100644
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
@@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() {
lateinit var keyStoreInstance: String // JKS, PKCS12
lateinit var sslTrust: String
lateinit var sslTrustPassword: String
+ var sslTrustIgnoreHostname: Boolean = false
var sslKey: String? = null
var sslKeyPassword: String? = null
}
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
index 2acf776ca..0ef1757e2 100644
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
@@ -32,6 +32,7 @@ import java.io.File
import java.io.FileInputStream
import java.security.KeyStore
import java.security.cert.X509Certificate
+import org.apache.http.conn.ssl.NoopHostnameVerifier
class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) :
BlueprintWebClientService {
@@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
val sslKeyPwd = restClientProperties.sslKeyPassword
val sslTrust = restClientProperties.sslTrust
val sslTrustPwd = restClientProperties.sslTrustPassword
+ val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname
val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String ->
true
@@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
}
}
- sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(),
- acceptingTrustStrategy)
- val csf = SSLConnectionSocketFactory(sslContext.build())
+ sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy)
+ var csf : SSLConnectionSocketFactory
+ if (sslTrustIgnoreHostname) {
+ csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier())
+ } else {
+ csf = SSLConnectionSocketFactory(sslContext.build())
+ }
return HttpClients.custom()
.addInterceptorFirst(WebClientUtils.logRequest())
.addInterceptorLast(WebClientUtils.logResponse())
iteral.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
#!/bin/bash
#
# ============LICENSE_START=======================================================
#  Copyright (C) 2019 Nordix Foundation.
#  Modifications Copyright (C) 2019 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#

JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk/
KEYSTORE="${POLICY_HOME}/etc/ssl/policy-keystore"
KEYSTORE_PASSWD="Pol1cy_0nap"
TRUSTSTORE="${POLICY_HOME}/etc/ssl/policy-truststore"
TRUSTSTORE_PASSWD="Pol1cy_0nap"


if [ "$#" -ge 1 ]; then
    CONFIG_FILE=$1
else
    CONFIG_FILE=${CONFIG_FILE}
fi

if [ -z "$CONFIG_FILE" ]
  then
    CONFIG_FILE="${POLICY_HOME}/etc/defaultConfig.json"
fi

echo "Policy pap config file: $CONFIG_FILE"

$JAVA_HOME/bin/java -cp "${POLICY_HOME}/etc:${POLICY_HOME}/lib/*" -Djavax.net.ssl.keyStore="$KEYSTORE" -Djavax.net.ssl.keyStorePassword="$KEYSTORE_PASSWD" -Djavax.net.ssl.trustStore="$TRUSTSTORE" -Djavax.net.ssl.trustStorePassword="$TRUSTSTORE_PASSWD" org.onap.policy.pap.main.startstop.Main -c $CONFIG_FILE