diff options
| author |   Dan Timoney <dtimoney@att.com> | 2021-07-09 10:20:56 -0400 |
|---|---|---|
| committer |   KAPIL SINGAL <ks220y@att.com> | 2021-07-09 17:22:17 +0000 |
| commit | 4e4988af6aa561d4950711322941cab8c2d2c895 (patch) | |
| tree | 65c6190636ffa13092badc58b5f1d16dc56db65c /plugins | |
| parent | 2ab339240c1d0bd8246bebb75d12c4849dd9e4c5 (diff) | |
Add host name verifier that accepts IP addresses
Add a host name verifier that handles IP addresses as special cases,
so that they can be safely ignored in lab environments
Issue-ID: CCSDK-3196
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I83cec989102620b52a227b7ca71efb92227d834c
Diffstat (limited to 'plugins')
2 files changed, 7 insertions, 3 deletions
diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java index ad74b02de..f1aa2b266 100755 --- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java +++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java @@ -81,6 +81,7 @@ import org.glassfish.jersey.media.multipart.file.FileDataBodyPart; import org.onap.ccsdk.sli.core.sli.SvcLogicContext; import org.onap.ccsdk.sli.core.sli.SvcLogicException; import org.onap.ccsdk.sli.core.sli.SvcLogicJavaPlugin; +import org.onap.ccsdk.sli.core.utils.common.AcceptIpAddressHostNameVerifier; import org.onap.ccsdk.sli.core.utils.common.EnvProperties; import org.onap.logging.filter.base.HttpURLConnectionMetricUtil; import org.onap.logging.filter.base.MetricLogClientFilter; @@ -795,9 +796,9 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { Client client; if (ssl != null) { HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory()); - client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier((s, sslSession) -> true).build(); + client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier(new AcceptIpAddressHostNameVerifier()).build(); } else { - client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build(); + client = ClientBuilder.newBuilder().hostnameVerifier(new AcceptIpAddressHostNameVerifier()).build(); } setClientTimeouts(client); @@ -924,7 +925,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { protected SSLContext createSSLContext(Parameters p) { try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) { - HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); + HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("PKCS12"); char[] pwd = p.keyStorePassword.toCharArray(); diff --git a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java index cf69d7a3c..5b47cf5b6 100644 --- a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java +++ b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java @@ -167,6 +167,9 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin { log.info("Closed connection to SSE source"); } + // Note: Sonar complains about host name verification being + // disabled here. This is necessary to handle devices using self-signed + // certificates (where CA would be unknown) - so we are leaving this code as is. private Client ignoreSslClient() { SSLContext sslcontext = null; |