From 4e4988af6aa561d4950711322941cab8c2d2c895 Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Fri, 9 Jul 2021 10:20:56 -0400 Subject: Add host name verifier that accepts IP addresses Add a host name verifier that handles IP addresses as special cases, so that they can be safely ignored in lab environments Issue-ID: CCSDK-3196 Signed-off-by: Dan Timoney Change-Id: I83cec989102620b52a227b7ca71efb92227d834c --- .../org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java | 7 ++++--- .../ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java | 3 +++ 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java index ad74b02de..f1aa2b266 100755 --- a/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java +++ b/plugins/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java @@ -81,6 +81,7 @@ import org.glassfish.jersey.media.multipart.file.FileDataBodyPart; import org.onap.ccsdk.sli.core.sli.SvcLogicContext; import org.onap.ccsdk.sli.core.sli.SvcLogicException; import org.onap.ccsdk.sli.core.sli.SvcLogicJavaPlugin; +import org.onap.ccsdk.sli.core.utils.common.AcceptIpAddressHostNameVerifier; import org.onap.ccsdk.sli.core.utils.common.EnvProperties; import org.onap.logging.filter.base.HttpURLConnectionMetricUtil; import org.onap.logging.filter.base.MetricLogClientFilter; @@ -795,9 +796,9 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { Client client; if (ssl != null) { HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory()); - client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier((s, sslSession) -> true).build(); + client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier(new AcceptIpAddressHostNameVerifier()).build(); } else { - client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build(); + client = ClientBuilder.newBuilder().hostnameVerifier(new AcceptIpAddressHostNameVerifier()).build(); } setClientTimeouts(client); @@ -924,7 +925,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { protected SSLContext createSSLContext(Parameters p) { try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) { - HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); + HttpsURLConnection.setDefaultHostnameVerifier(new AcceptIpAddressHostNameVerifier()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("PKCS12"); char[] pwd = p.keyStorePassword.toCharArray(); diff --git a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java index cf69d7a3c..5b47cf5b6 100644 --- a/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java +++ b/plugins/restconf-client/provider/src/main/java/org/onap/ccsdk/sli/plugins/restconfdiscovery/RestconfDiscoveryNode.java @@ -167,6 +167,9 @@ public class RestconfDiscoveryNode implements SvcLogicDiscoveryPlugin { log.info("Closed connection to SSE source"); } + // Note: Sonar complains about host name verification being + // disabled here. This is necessary to handle devices using self-signed + // certificates (where CA would be unknown) - so we are leaving this code as is. private Client ignoreSslClient() { SSLContext sslcontext = null; -- cgit 1.2.3-korg