Merge "Fix weak crypto issue in restconf adaptor"

author: KAPIL SINGAL <ks220y@att.com> 2021-07-21 13:55:15 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2021-07-21 13:55:15 +0000
commit: 6c419f4b9ab0bffff4b56d4c4115551b41199858 (patch)
tree: e38ac264d8defae6fca7c4c670ea3c9334aed9ae /plugins/restconf-client/provider
parent: ec15710c693074865c04d546fe994d7861791089 (diff)
parent: afb648cbb6e69725f5f0857f5429cf710c8a0243 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java
index 5b47cf5b6..d6b93f744 100644
--- a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java
+++ b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java
@@ -24,6 +24,7 @@ import org.glassfish.jersey.media.sse.EventSource;
 import org.glassfish.jersey.media.sse.SseFeature;
 import org.onap.ccsdk.sli.core.sli.SvcLogicContext;
 import org.onap.ccsdk.sli.core.sli.SvcLogicException;
+import org.onap.ccsdk.sli.core.utils.common.AcceptIpAddressHostNameVerifier;
 import org.onap.ccsdk.sli.plugins.restapicall.Parameters;
 import org.onap.ccsdk.sli.plugins.restapicall.RestapiCallNode;
 import org.onap.ccsdk.sli.plugins.restconfapicall.RestconfApiCallNode;
@@ -142,7 +143,7 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin {
             try {
                 RestapiCallNode restapi = restconfApiCallNode.getRestapiCallNode();
                 p = RestapiCallNode.getParameters(paramMap, new Parameters());
-                Client client =  ignoreSslClient().register(SseFeature.class);
+                Client client =  ignoreSslClient(p.disableHostVerification).register(SseFeature.class);
                 target = restapi.addAuthType(client, p).target(url);
             } catch (SvcLogicException e) {
                 log.error("Exception occured!", e);
@@ -170,7 +171,7 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin {
         // Note: Sonar complains about host name verification being 
         // disabled here.  This is necessary to handle devices using self-signed
         // certificates (where CA would be unknown) - so we are leaving this code as is.
-        private Client ignoreSslClient() {
+        private Client ignoreSslClient(boolean disableHostVerification) {
             SSLContext sslcontext = null;
 
             try {
@@ -193,7 +194,7 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin {
                 throw new IllegalStateException(e);
             }
 
-            return ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifier((s1, s2) -> true).build();
+            return ClientBuilder.newBuilder().sslContext(sslcontext).hostnameVerifier(new AcceptIpAddressHostNameVerifier(disableHostVerification)).build();
         }
     }
author	KAPIL SINGAL <ks220y@att.com>	2021-07-21 13:55:15 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2021-07-21 13:55:15 +0000
commit	6c419f4b9ab0bffff4b56d4c4115551b41199858 (patch)
tree	e38ac264d8defae6fca7c4c670ea3c9334aed9ae /plugins/restconf-client/provider
parent	ec15710c693074865c04d546fe994d7861791089 (diff)
parent	afb648cbb6e69725f5f0857f5429cf710c8a0243 (diff)