aboutsummaryrefslogtreecommitdiffstats
path: root/datafile-app-server/src/main
diff options
context:
space:
mode:
authorKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2021-03-09 11:08:21 +0100
committerKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2021-03-09 15:52:53 +0100
commitb6f233f5ab3fae789e463af78e5360114ae9da3d (patch)
tree019e8319852f9a62a2566f1941e8386cad3ddc62 /datafile-app-server/src/main
parent9c88f794dcbd9dafef93544c1607c555e0eed840 (diff)
Fix server hostname verification1.5.5
- make it configurable - some small another sonar issues resolved Issue-ID: DCAEGEN2-2656 Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com> Change-Id: I3012b60dbdfdb463d5adfd790df53953fe1f027f
Diffstat (limited to 'datafile-app-server/src/main')
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java15
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java5
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java9
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/DfcHttpsClient.java4
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java14
5 files changed, 34 insertions, 13 deletions
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
index b381c021..f11a85a0 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
@@ -39,7 +39,6 @@ import javax.validation.constraints.NotNull;
import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException;
import org.onap.dcaegen2.collectors.datafile.http.HttpsClientConnectionManagerUtil;
-import org.onap.dcaegen2.collectors.datafile.model.logging.MappedDiagnosticContext;
import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsClient;
import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsClientFactory;
import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsRequests;
@@ -94,17 +93,16 @@ public class AppConfig {
*/
public void initialize() {
stop();
- Map<String, String> context = MappedDiagnosticContext.initializeTraceContext();
loadConfigurationFromFile();
- refreshConfigTask = createRefreshTask(context) //
+ refreshConfigTask = createRefreshTask() //
.subscribe(e -> logger.info("Refreshed configuration data"),
throwable -> logger.error("Configuration refresh terminated due to exception", throwable),
() -> logger.error("Configuration refresh terminated"));
}
- Flux<AppConfig> createRefreshTask(Map<String, String> context) {
+ Flux<AppConfig> createRefreshTask() {
return createCbsClientConfiguration()
.flatMap(this::createCbsClient)
.flatMapMany(this::periodicConfigurationUpdates) //
@@ -173,8 +171,9 @@ public class AppConfig {
return sftpConfiguration;
}
- private <R> Mono<R> onErrorResume(Throwable trowable) {
- logger.error("Could not refresh application configuration {}", trowable.toString());
+ private <R> Mono<R> onErrorResume(Throwable throwable) {
+ String throwableString = throwable.toString();
+ logger.error("Could not refresh application configuration {}", throwableString);
return Mono.empty();
}
@@ -234,8 +233,10 @@ public class AppConfig {
this.publishingConfigurations = publisherConfiguration;
this.certificateConfiguration = certificateConfig;
this.sftpConfiguration = sftpConfig;
+
HttpsClientConnectionManagerUtil.setupOrUpdate(certificateConfig.keyCert(), certificateConfig.keyPasswordPath(),
- certificateConfig.trustedCa(), certificateConfig.trustedCaPasswordPath());
+ certificateConfig.trustedCa(), certificateConfig.trustedCaPasswordPath(),
+ certificateConfig.httpsHostnameVerify());
}
JsonElement getJsonElement(InputStream inputStream) {
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
index 1d8b6143..78be36d3 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
@@ -1,6 +1,6 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2018 NOKIA Intellectual Property, 2019 Nordix Foundation. All rights reserved.
+ * Copyright (C) 2018-2021 NOKIA Intellectual Property, 2019 Nordix Foundation. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -47,4 +47,7 @@ public abstract class CertificateConfig implements Serializable {
@Value.Parameter
@Value.Redacted
public abstract String trustedCaPasswordPath();
+
+ @Value.Parameter
+ public abstract Boolean httpsHostnameVerify();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
index d6b86433..025166c2 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
@@ -194,6 +194,7 @@ public class CloudConfigParser {
.keyPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath"))
.trustedCa(getAsString(jsonObject, "dmaap.certificateConfig.trustedCa"))
.trustedCaPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath")) //
+ .httpsHostnameVerify(getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify", Boolean.TRUE))
.build();
}
@@ -222,6 +223,14 @@ public class CloudConfigParser {
return get(obj, memberName).getAsBoolean();
}
+ private static @NotNull Boolean getAsBooleanOrDefault(JsonObject obj, String memberName, Boolean def) {
+ try {
+ return get(obj, memberName).getAsBoolean();
+ } catch (DatafileTaskException e) {
+ return def;
+ }
+ }
+
private static @NotNull JsonObject getAsJson(JsonObject obj, String memberName) throws DatafileTaskException {
return get(obj, memberName).getAsJsonObject();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/DfcHttpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/DfcHttpsClient.java
index c2d72f67..9bb01183 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/DfcHttpsClient.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/DfcHttpsClient.java
@@ -36,6 +36,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLPeerUnverifiedException;
import java.io.IOException;
import java.io.InputStream;
import java.net.UnknownHostException;
@@ -138,7 +139,8 @@ public class DfcHttpsClient implements FileCollectClient {
throw new NonRetryableDatafileTaskException(HttpUtils.retryableResponse(getResponseCode(httpResponse)));
}
throw new DatafileTaskException(HttpUtils.nonRetryableResponse(getResponseCode(httpResponse)));
- } catch (ConnectTimeoutException | UnknownHostException | HttpHostConnectException | SSLHandshakeException e) {
+ } catch (ConnectTimeoutException | UnknownHostException | HttpHostConnectException | SSLHandshakeException
+ | SSLPeerUnverifiedException e) {
throw new NonRetryableDatafileTaskException(
"Unable to get file from xNF. No retry attempts will be done.", e);
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java
index e60ec0f4..25638562 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/http/HttpsClientConnectionManagerUtil.java
@@ -18,6 +18,8 @@ package org.onap.dcaegen2.collectors.datafile.http;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
@@ -28,6 +30,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.FileSystemResource;
+import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.IOException;
@@ -62,19 +65,19 @@ public class HttpsClientConnectionManagerUtil {
}
public static void setupOrUpdate(String keyCertPath, String keyCertPasswordPath, String trustedCaPath,
- String trustedCaPasswordPath) throws DatafileTaskException {
+ String trustedCaPasswordPath, Boolean useHostnameVerifier) throws DatafileTaskException {
synchronized (HttpsClientConnectionManagerUtil.class) {
if (connectionManager != null) {
connectionManager.close();
connectionManager = null;
}
- setup(keyCertPath, keyCertPasswordPath, trustedCaPath, trustedCaPasswordPath);
+ setup(keyCertPath, keyCertPasswordPath, trustedCaPath, trustedCaPasswordPath, useHostnameVerifier);
}
logger.trace("HttpsConnectionManager setup or updated");
}
private static void setup(String keyCertPath, String keyCertPasswordPath, String trustedCaPath,
- String trustedCaPasswordPath) throws DatafileTaskException {
+ String trustedCaPasswordPath, Boolean useHostnameVerifier) throws DatafileTaskException {
try {
SSLContextBuilder sslBuilder = SSLContexts.custom();
sslBuilder = supplyKeyInfo(keyCertPath, keyCertPasswordPath, sslBuilder);
@@ -82,9 +85,12 @@ public class HttpsClientConnectionManagerUtil {
SSLContext sslContext = sslBuilder.build();
+ HostnameVerifier hostnameVerifier = (Boolean.TRUE.equals(useHostnameVerifier)) ? new DefaultHostnameVerifier() :
+ NoopHostnameVerifier.INSTANCE;
+
SSLConnectionSocketFactory sslConnectionSocketFactory =
new SSLConnectionSocketFactory(sslContext, new String[] {"TLSv1.2"}, null,
- (hostname, session) -> true);
+ hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslConnectionSocketFactory)