diff options
Diffstat (limited to 'src/main/java/org/onap/dcae/common/RestapiCallNode.java')
-rwxr-xr-x | src/main/java/org/onap/dcae/common/RestapiCallNode.java | 86 |
1 files changed, 76 insertions, 10 deletions
diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNode.java b/src/main/java/org/onap/dcae/common/RestapiCallNode.java index 387fa98..4152db9 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNode.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNode.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * org.onap.dcaegen2.collectors.restconf * ================================================================================ - * Copyright (C) 2018-2019 Huawei. All rights reserved. + * Copyright (C) 2018-2021 Huawei. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,6 +43,7 @@ import java.net.SocketException; import java.nio.file.Files; import java.nio.file.Paths; import java.security.KeyStore; +import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.*; @@ -325,14 +326,21 @@ public class RestapiCallNode { ssl = createSSLContext(p); } if (ssl != null) { - HostnameVerifier hostnameVerifier = (hostname, session) -> true; - + // HostnameVerifier hostnameVerifier = (hostname, session) -> true; + HostnameVerifier hostnameVerifier = new HostnameVerifier() { + @Override + public boolean verify(String hostname,SSLSession session) { + HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier(); + return hv.verify(hostname, session); + } + }; + config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hostnameVerifier, ssl)); } } else { - /* Create a trust manager that does not validate certificate chains */ + /* Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; @@ -344,20 +352,70 @@ public class RestapiCallNode { } }; - /* Install the all-trusting trust manager */ + Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - /* Create all-trusting host name verifier */ + Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; - /* Install the all-trusting host verifier*/ - HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); + Install the all-trusting host verifier + HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);*/ + + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + + //Using null here initialises the tmf with default trust store + tmf.init((KeyStore)null); + + //Get hold of default trust manager + X509TrustManager x509Tm = null; + for(TrustManager tm: tmf.getTrustManagers()) + { + if(tm instanceof X509TrustManager) { + x509Tm = (X509TrustManager) tm; + break; + } + } + + //Wrap it in your own class + final X509TrustManager finalTm = x509Tm; + X509TrustManager customTm = new X509TrustManager() { + + @Override + public X509Certificate[] getAcceptedIssuers() { + return finalTm.getAcceptedIssuers(); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + finalTm.checkServerTrusted(chain, authType); + + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + finalTm.checkClientTrusted(chain, authType); + + }}; + + SSLContext sc = SSLContext.getInstance("TLS"); + sc.init(null,new TrustManager[]{customTm},new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + + HostnameVerifier hostnameverifier = new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier(); + return hv.verify(hostname, session); + + }}; + + HttpsURLConnection.setDefaultHostnameVerifier(hostnameverifier); } logProperties(config.getProperties()); @@ -448,8 +506,16 @@ public class RestapiCallNode { System.setProperty("javax.net.ssl.trustStore", p.trustStoreFileName); System.setProperty("javax.net.ssl.trustStorePassword", p.trustStorePassword); - HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); - + // HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); + HostnameVerifier hostnameVerifier = new HostnameVerifier() { + @Override + public boolean verify(String hostname,SSLSession session) { + HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier(); + return hv.verify(hostname, session); + } + }; + HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("PKCS12"); char[] pwd = p.keyStorePassword.toCharArray(); |