aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerge Simard <serge@agilitae.com>2019-09-16 17:06:58 -0400
committerDan Timoney <dtimoney@att.com>2019-09-18 17:22:53 +0000
commite275dc8ea2986f582b3a4aea65c8ca8c0d9f05f3 (patch)
tree75653b645160d114082e38d6eb0eef9e6969f768
parent828311059c00f50dc76e3fc370968ff377dfd2de (diff)
SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate,
when doing SSL negotiation. Issue-ID: CCSDK-1732 Signed-off-by: Serge Simard <serge@agilitae.com> Change-Id: I6e8d63b1f24abcd0098db471d18d2a55e45de3f9 Signed-off-by: Serge Simard <serge@agilitae.com>
-rw-r--r--ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt1
-rw-r--r--ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt12
2 files changed, 10 insertions, 3 deletions
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
index 68672f227..1e6e23b86 100644
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
@@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() {
lateinit var keyStoreInstance: String // JKS, PKCS12
lateinit var sslTrust: String
lateinit var sslTrustPassword: String
+ var sslTrustIgnoreHostname: Boolean = false
var sslKey: String? = null
var sslKeyPassword: String? = null
}
diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
index 2acf776ca..0ef1757e2 100644
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
@@ -32,6 +32,7 @@ import java.io.File
import java.io.FileInputStream
import java.security.KeyStore
import java.security.cert.X509Certificate
+import org.apache.http.conn.ssl.NoopHostnameVerifier
class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) :
BlueprintWebClientService {
@@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
val sslKeyPwd = restClientProperties.sslKeyPassword
val sslTrust = restClientProperties.sslTrust
val sslTrustPwd = restClientProperties.sslTrustPassword
+ val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname
val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String ->
true
@@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
}
}
- sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(),
- acceptingTrustStrategy)
- val csf = SSLConnectionSocketFactory(sslContext.build())
+ sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy)
+ var csf : SSLConnectionSocketFactory
+ if (sslTrustIgnoreHostname) {
+ csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier())
+ } else {
+ csf = SSLConnectionSocketFactory(sslContext.build())
+ }
return HttpClients.custom()
.addInterceptorFirst(WebClientUtils.logRequest())
.addInterceptorLast(WebClientUtils.logResponse())