From afb648cbb6e69725f5f0857f5429cf710c8a0243 Mon Sep 17 00:00:00 2001
From: Dan Timoney <dtimoney@att.com>
Date: Tue, 20 Jul 2021 16:29:15 -0400
Subject: Fix weak crypto issue in restconf adaptor

Added new capability to disable host name verification on a per-connection
basis in restapi-call-node and restconf adaptors, and use custom
hostname verifier to handle IP addresses and localhost as exception
cases.

Issue-ID: CCSDK-3196
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I379f3b5093b5ff46433a33821127670747e8efa6
---
 .../main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java   | 1 +
 .../java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java   | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'plugins/restapi-call-node/provider/src')

diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java
index 9b542af91..6e84a9c02 100755
--- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java
+++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java
@@ -53,4 +53,5 @@ public class Parameters {
     public boolean multipartFormData;
     public String multipartFile;
     public String targetEntity;
+    public boolean disableHostVerification;
 }
diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
index f1aa2b266..e3192562d 100755
--- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
+++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java
@@ -238,6 +238,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
         p.multipartFormData = valueOf(parseParam(paramMap, "multipartFormData", false, "false"));
         p.multipartFile = parseParam(paramMap, "multipartFile", false, null);
         p.targetEntity = parseParam(paramMap, "targetEntity", false, null);
+        p.disableHostVerification = valueOf(parseParam(paramMap, "disableHostVerification", false, "true"));
         return p;
     }
 
@@ -925,7 +926,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin {
 
     protected SSLContext createSSLContext(Parameters p) {
         try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) {
-            HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier());
+            HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier(p.disableHostVerification));
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             KeyStore ks = KeyStore.getInstance("PKCS12");
             char[] pwd = p.keyStorePassword.toCharArray();
-- 
cgit 1.2.3-korg