From e275dc8ea2986f582b3a4aea65c8ca8c0d9f05f3 Mon Sep 17 00:00:00 2001 From: Serge Simard Date: Mon, 16 Sep 2019 17:06:58 -0400 Subject: SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, when doing SSL negotiation. Issue-ID: CCSDK-1732 Signed-off-by: Serge Simard Change-Id: I6e8d63b1f24abcd0098db471d18d2a55e45de3f9 Signed-off-by: Serge Simard --- .../cds/blueprintsprocessor/rest/BluePrintRestLibData.kt | 1 + .../blueprintsprocessor/rest/service/SSLRestClientService.kt | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt index 68672f227..1e6e23b86 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt @@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() { lateinit var keyStoreInstance: String // JKS, PKCS12 lateinit var sslTrust: String lateinit var sslTrustPassword: String + var sslTrustIgnoreHostname: Boolean = false var sslKey: String? = null var sslKeyPassword: String? = null } diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt index 2acf776ca..0ef1757e2 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt @@ -32,6 +32,7 @@ import java.io.File import java.io.FileInputStream import java.security.KeyStore import java.security.cert.X509Certificate +import org.apache.http.conn.ssl.NoopHostnameVerifier class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) : BlueprintWebClientService { @@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper val sslKeyPwd = restClientProperties.sslKeyPassword val sslTrust = restClientProperties.sslTrust val sslTrustPwd = restClientProperties.sslTrustPassword + val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname val acceptingTrustStrategy = { _: Array, _: String -> true @@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper } } - sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), - acceptingTrustStrategy) - val csf = SSLConnectionSocketFactory(sslContext.build()) + sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy) + var csf : SSLConnectionSocketFactory + if (sslTrustIgnoreHostname) { + csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier()) + } else { + csf = SSLConnectionSocketFactory(sslContext.build()) + } return HttpClients.custom() .addInterceptorFirst(WebClientUtils.logRequest()) .addInterceptorLast(WebClientUtils.logResponse()) -- cgit 1.2.3-korg