diff options
author | KAPIL SINGAL <ks220y@att.com> | 2021-07-21 13:55:15 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-07-21 13:55:15 +0000 |
commit | 6c419f4b9ab0bffff4b56d4c4115551b41199858 (patch) | |
tree | e38ac264d8defae6fca7c4c670ea3c9334aed9ae | |
parent | ec15710c693074865c04d546fe994d7861791089 (diff) | |
parent | afb648cbb6e69725f5f0857f5429cf710c8a0243 (diff) |
Merge "Fix weak crypto issue in restconf adaptor"
3 files changed, 7 insertions, 4 deletions
diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java index 9b542af91..6e84a9c02 100755 --- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java +++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java @@ -53,4 +53,5 @@ public class Parameters { public boolean multipartFormData; public String multipartFile; public String targetEntity; + public boolean disableHostVerification; } diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java index f1aa2b266..e3192562d 100755 --- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java +++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java @@ -238,6 +238,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { p.multipartFormData = valueOf(parseParam(paramMap, "multipartFormData", false, "false")); p.multipartFile = parseParam(paramMap, "multipartFile", false, null); p.targetEntity = parseParam(paramMap, "targetEntity", false, null); + p.disableHostVerification = valueOf(parseParam(paramMap, "disableHostVerification", false, "true")); return p; } @@ -925,7 +926,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { protected SSLContext createSSLContext(Parameters p) { try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) { - HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier()); + HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier(p.disableHostVerification)); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("PKCS12"); char[] pwd = p.keyStorePassword.toCharArray(); diff --git a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java index 5b47cf5b6..d6b93f744 100644 --- a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java +++ b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java @@ -24,6 +24,7 @@ import org.glassfish.jersey.media.sse.EventSource; import org.glassfish.jersey.media.sse.SseFeature; import org.onap.ccsdk.sli.core.sli.SvcLogicContext; import org.onap.ccsdk.sli.core.sli.SvcLogicException; +import org.onap.ccsdk.sli.core.utils.common.AcceptIpAddressHostNameVerifier; import org.onap.ccsdk.sli.plugins.restapicall.Parameters; import org.onap.ccsdk.sli.plugins.restapicall.RestapiCallNode; import org.onap.ccsdk.sli.plugins.restconfapicall.RestconfApiCallNode; @@ -142,7 +143,7 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin { try { RestapiCallNode restapi = restconfApiCallNode.getRestapiCallNode(); p = RestapiCallNode.getParameters(paramMap, new Parameters()); - Client client = ignoreSslClient().register(SseFeature.class); + Client client = ignoreSslClient(p.disableHostVerification).register(SseFeature.class); target = restapi.addAuthType(client, p).target(url); } catch (SvcLogicException e) { log.error("Exception occured!", e); @@ -170,7 +171,7 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin { // Note: Sonar complains about host name verification being // disabled here. This is necessary to handle devices using self-signed // certificates (where CA would be unknown) - so we are leaving this code as is. - private Client ignoreSslClient() { + private Client ignoreSslClient(boolean disableHostVerification) { SSLContext sslcontext = null; try { @@ -193,7 +194,7 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin { throw new IllegalStateException(e); } - return ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifier((s1, s2) -> true).build(); + return ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifier(new AcceptIpAddressHostNameVerifier(disableHostVerification)).build(); } } |