aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2019-09-18 18:05:08 +0000
committerGerrit Code Review <gerrit@onap.org>2019-09-18 18:05:08 +0000
commita0f6c9c1fd5add3df3f0dc17ec1237d1e7bf6ff6 (patch)
treeadfc911d5a776f531346707f57c4094b144c2be5
parent30de50df362e9c8147383de11c8fce22f9627091 (diff)
parenta7a177685f6a625d772cf033f19ccc74bca176ef (diff)
Merge "SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, when doing SSL negotiation." into elalto
-rw-r--r--ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt1
-rw-r--r--ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt12
2 files changed, 10 insertions, 3 deletions
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
index 68672f227..1e6e23b86 100644
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
@@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() {
lateinit var keyStoreInstance: String // JKS, PKCS12
lateinit var sslTrust: String
lateinit var sslTrustPassword: String
+ var sslTrustIgnoreHostname: Boolean = false
var sslKey: String? = null
var sslKeyPassword: String? = null
}
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
index 2acf776ca..0ef1757e2 100644
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
@@ -32,6 +32,7 @@ import java.io.File
import java.io.FileInputStream
import java.security.KeyStore
import java.security.cert.X509Certificate
+import org.apache.http.conn.ssl.NoopHostnameVerifier
class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) :
BlueprintWebClientService {
@@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
val sslKeyPwd = restClientProperties.sslKeyPassword
val sslTrust = restClientProperties.sslTrust
val sslTrustPwd = restClientProperties.sslTrustPassword
+ val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname
val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String ->
true
@@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
}
}
- sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(),
- acceptingTrustStrategy)
- val csf = SSLConnectionSocketFactory(sslContext.build())
+ sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy)
+ var csf : SSLConnectionSocketFactory
+ if (sslTrustIgnoreHostname) {
+ csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier())
+ } else {
+ csf = SSLConnectionSocketFactory(sslContext.build())
+ }
return HttpClients.custom()
.addInterceptorFirst(WebClientUtils.logRequest())
.addInterceptorLast(WebClientUtils.logResponse())