summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2021-07-09 10:20:56 -0400
committerKAPIL SINGAL <ks220y@att.com>2021-07-09 17:22:17 +0000
commit4e4988af6aa561d4950711322941cab8c2d2c895 (patch)
tree65c6190636ffa13092badc58b5f1d16dc56db65c /plugins
parent2ab339240c1d0bd8246bebb75d12c4849dd9e4c5 (diff)
Add host name verifier that accepts IP addresses
Add a host name verifier that handles IP addresses as special cases, so that they can be safely ignored in lab environments Issue-ID: CCSDK-3196 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I83cec989102620b52a227b7ca71efb92227d834c
Diffstat (limited to 'plugins')
-rwxr-xr-xplugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java7
-rw-r--r--plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java3
2 files changed, 7 insertions, 3 deletions
diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
index ad74b02de..f1aa2b266 100755
--- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
+++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
@@ -81,6 +81,7 @@ import org.glassfish.jersey.media.multipart.file.FileDataBodyPart;
import org.onap.ccsdk.sli.core.sli.SvcLogicContext;
import org.onap.ccsdk.sli.core.sli.SvcLogicException;
import org.onap.ccsdk.sli.core.sli.SvcLogicJavaPlugin;
+import org.onap.ccsdk.sli.core.utils.common.AcceptIpAddressHostNameVerifier;
import org.onap.ccsdk.sli.core.utils.common.EnvProperties;
import org.onap.logging.filter.base.HttpURLConnectionMetricUtil;
import org.onap.logging.filter.base.MetricLogClientFilter;
@@ -795,9 +796,9 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
Client client;
if (ssl != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory());
- client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier((s, sslSession) -> true).build();
+ client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier(new AcceptIpAddressHostNameVerifier()).build();
} else {
- client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build();
+ client = ClientBuilder.newBuilder().hostnameVerifier(new AcceptIpAddressHostNameVerifier()).build();
}
setClientTimeouts(client);
@@ -924,7 +925,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
protected SSLContext createSSLContext(Parameters p) {
try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) {
- HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true);
+ HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] pwd = p.keyStorePassword.toCharArray();
diff --git a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java
index cf69d7a3c..5b47cf5b6 100644
--- a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java
+++ b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java
@@ -167,6 +167,9 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin {
log.info("Closed connection to SSE source");
}
+ // Note: Sonar complains about host name verification being
+ // disabled here. This is necessary to handle devices using self-signed
+ // certificates (where CA would be unknown) - so we are leaving this code as is.
private Client ignoreSslClient() {
SSLContext sslcontext = null;