diff options
Diffstat (limited to 'src')
9 files changed, 61 insertions, 42 deletions
diff --git a/src/main/java/org/onap/dcae/common/Constants.java b/src/main/java/org/onap/dcae/common/Constants.java index 4c2c7b5..562fe99 100755 --- a/src/main/java/org/onap/dcae/common/Constants.java +++ b/src/main/java/org/onap/dcae/common/Constants.java @@ -45,4 +45,5 @@ public class Constants { public static final String KSETTING_TRUST_STORE_PASSWORD = "trustStorePassword"; public static final String KSETTING_KEY_STORE_FILENAME = "keyStoreFileName"; public static final String KSETTING_KEY_STORE_PASSWD = "keyStorePassword"; + public static final String KDEFAULT_DISABLE_SSL = "disableSsl"; } diff --git a/src/main/java/org/onap/dcae/common/Parameters.java b/src/main/java/org/onap/dcae/common/Parameters.java index 5bc85a5..00747ac 100755 --- a/src/main/java/org/onap/dcae/common/Parameters.java +++ b/src/main/java/org/onap/dcae/common/Parameters.java @@ -49,4 +49,5 @@ public class Parameters { public String oAuthVersion; public AuthType authtype; public Boolean returnRequestPayload; + public boolean disableSsl; } diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNode.java b/src/main/java/org/onap/dcae/common/RestapiCallNode.java index 6fb232c..4d1a776 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNode.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNode.java @@ -318,44 +318,46 @@ public class RestapiCallNode { protected HttpResponse sendHttpRequest(String request, Parameters p) throws Exception { /* Enable this code if external controller's keyStore file not availabale */ - /*Create a trust manager that does not validate certificate chains*/ -// TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { -// public java.security.cert.X509Certificate[] getAcceptedIssuers() { -// return null; -// } -// public void checkClientTrusted(X509Certificate[] certs, String authType) { -// } -// public void checkServerTrusted(X509Certificate[] certs, String authType) { -// } -// } -// }; -// -// // Install the all-trusting trust manager -// SSLContext sc = SSLContext.getInstance("SSL"); -// sc.init(null, trustAllCerts, new java.security.SecureRandom()); -// HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); -// -// // Create all-trusting host name verifier -// HostnameVerifier allHostsValid = new HostnameVerifier() { -// public boolean verify(String hostname, SSLSession session) { -// return true; -// } -// }; -// -// // Install the all-trusting host verifier -// log.info("Warning!!! No SSL handshake **************************************"); -// HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); - /*HELPER CODE END */ ClientConfig config = new DefaultClientConfig(); - SSLContext ssl = null; - if (p.ssl && p.restapiUrl.startsWith("https")) { - ssl = createSSLContext(p); - } - if (ssl != null) { - HostnameVerifier hostnameVerifier = (hostname, session) -> true; + if (!p.disableSsl) { + SSLContext ssl = null; + if (p.ssl && p.restapiUrl.startsWith("https")) { + ssl = createSSLContext(p); + } + if (ssl != null) { + HostnameVerifier hostnameVerifier = (hostname, session) -> true; + + config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, + new HTTPSProperties(hostnameVerifier, ssl)); + } + } else { + + /* Create a trust manager that does not validate certificate chains */ + TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted(X509Certificate[] certs, String authType) { + } + public void checkServerTrusted(X509Certificate[] certs, String authType) { + } + } + }; + + /* Install the all-trusting trust manager */ + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + + /* Create all-trusting host name verifier */ + HostnameVerifier allHostsValid = new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; - config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, - new HTTPSProperties(hostnameVerifier, ssl)); + /* Install the all-trusting host verifier*/ + HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } logProperties(config.getProperties()); diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java b/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java index 1ff00dd..9566658 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java @@ -84,6 +84,7 @@ public class RestapiCallNodeUtil { p.partner = parseParam(paramMap, "partner", false, null); p.dumpHeaders = Boolean.valueOf(parseParam(paramMap, "dumpHeaders", false, null)); p.returnRequestPayload = Boolean.valueOf(parseParam(paramMap, "returnRequestPayload", false, null)); + p.disableSsl = Boolean.valueOf(parseParam(paramMap, "disableSsl", false, "true")); log.info(p.toString()); return p; } diff --git a/src/main/java/org/onap/dcae/controller/AccessController.java b/src/main/java/org/onap/dcae/controller/AccessController.java index c2ed5e3..bd80d97 100644 --- a/src/main/java/org/onap/dcae/controller/AccessController.java +++ b/src/main/java/org/onap/dcae/controller/AccessController.java @@ -71,6 +71,7 @@ public class AccessController { .setController_subscriptionUrl(controller.get("controller_subscriptionUrl").toString()) .setController_accessTokenMethod(controller.get("controller_accessTokenMethod").toString()) .setController_subsMethod(controller.get("controller_subsMethod").toString()) + .setController_disableSsl(controller.get("controller_disableSsl").toString()) .createControllerConfigInfo(); this.properties = properties; this.ctx = new RestConfContext(); @@ -237,6 +238,7 @@ public class AccessController { String KeyPassword = getKeyStorePassword(toAbsolutePath(this.getProperties().keystorePasswordFileLocation())); paraMap.put(Constants.KSETTING_KEY_STORE_PASSWD, KeyPassword); + paraMap.put(Constants.KDEFAULT_DISABLE_SSL, "true"); } private Path toAbsolutePath(final String path) { diff --git a/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java b/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java index 52cfc83..68eb162 100644 --- a/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java +++ b/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java @@ -29,7 +29,7 @@ public class ControllerConfigInfo { private String controller_subscriptionUrl; private String controller_accessTokenMethod; private String controller_subsMethod; - + private String controller_disableSsl; public static class ControllerConfigInfoBuilder { @@ -42,6 +42,7 @@ public class ControllerConfigInfo { private String controller_subscriptionUrl; private String controller_accessTokenMethod; private String controller_subsMethod; + private String controller_disableSsl; public ControllerConfigInfoBuilder setController_name(String controller_name) { this.controller_name = controller_name; @@ -88,6 +89,11 @@ public class ControllerConfigInfo { return this; } + public ControllerConfigInfoBuilder setController_disableSsl(String controller_disableSsl) { + this.controller_disableSsl = controller_disableSsl; + return this; + } + public ControllerConfigInfo createControllerConfigInfo() { return new ControllerConfigInfo(this); } @@ -104,7 +110,7 @@ public class ControllerConfigInfo { this.controller_subscriptionUrl = controllerConfigInfoBuilder.controller_subscriptionUrl; this.controller_accessTokenMethod = controllerConfigInfoBuilder.controller_accessTokenMethod; this.controller_subsMethod = controllerConfigInfoBuilder.controller_subsMethod; - + this.controller_disableSsl = controllerConfigInfoBuilder.controller_disableSsl; } @@ -143,4 +149,9 @@ public class ControllerConfigInfo { public String getController_subscriptionUrl() { return controller_subscriptionUrl; } + + public String getController_disableSsl() { + return controller_disableSsl; + } + }
\ No newline at end of file diff --git a/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java b/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java index c963129..2fb782f 100644 --- a/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java +++ b/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java @@ -175,6 +175,7 @@ public class PersistentEventConnection implements Runnable { modifyEventParamMap(Constants.KSETTING_REST_UNAME, parentCtrllr.getCfgInfo().getController_restapiUser()); modifyEventParamMap(Constants.KSETTING_REST_PASSWD, parentCtrllr.getCfgInfo().getController_restapiPassword()); modifyEventParamMap(Constants.KSETTING_HTTP_METHOD, parentCtrllr.getCfgInfo().getController_subsMethod()); + modifyEventParamMap(Constants.KDEFAULT_DISABLE_SSL, parentCtrllr.getCfgInfo().getController_disableSsl()); parentCtrllr.getRestApiCallNode().sendRequest(eventParaMap, ctx, null); } catch (Exception e) { diff --git a/src/test/java/org/onap/dcae/AccessControllerTest.java b/src/test/java/org/onap/dcae/AccessControllerTest.java index 5469d89..1e01340 100644 --- a/src/test/java/org/onap/dcae/AccessControllerTest.java +++ b/src/test/java/org/onap/dcae/AccessControllerTest.java @@ -70,7 +70,7 @@ public class AccessControllerTest { try { when(readAllBytes(null)).thenReturn("colletor".getBytes()); } catch (Exception e){} - JSONObject controller = new JSONObject("{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}"); + JSONObject controller = new JSONObject("{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"controller_disableSsl\":\"true\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}"); try { AccessController acClr = new AccessController(controller, properties); @@ -91,7 +91,7 @@ public class AccessControllerTest { when(properties.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString()); when(properties.rccKeystoreFileLocation()).thenReturn(RCC_KEYSTORE.toString()); when(properties.rccKeystorePasswordFileLocation()).thenReturn(RCC_KEYSTORE_PASSWORD_FILE.toString()); - when(properties.rccPolicy()).thenReturn("[{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}]"); + when(properties.rccPolicy()).thenReturn("[{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"controller_disableSsl\":\"true\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}]"); when(ctx.getAttribute("responsePrefix.httpResponse")).thenReturn("{\"accessSession\" : \"1234567890\",\"result\" : \"Ok\"}"); try { @@ -103,7 +103,7 @@ public class AccessControllerTest { PersistentEventConnection conn = mock(PersistentEventConnection.class); Mockito.doNothing().when(conn).run(); when(properties.authorizationEnabled()).thenReturn(true); - JSONObject controller = new JSONObject("{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}"); + JSONObject controller = new JSONObject("{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"controller_disableSsl\":\"true\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}"); AccessController acClr = new AccessController(controller, properties); AccessController acClr2 = new AccessController(controller, diff --git a/src/test/java/org/onap/dcae/common/EventProcessorTest.java b/src/test/java/org/onap/dcae/common/EventProcessorTest.java index 575443f..671cad0 100644 --- a/src/test/java/org/onap/dcae/common/EventProcessorTest.java +++ b/src/test/java/org/onap/dcae/common/EventProcessorTest.java @@ -88,7 +88,7 @@ public class EventProcessorTest { when(properties.rccKeystorePasswordFileLocation()).thenReturn(RCC_KEYSTORE_PASSWORD_FILE.toString()); when(properties.controllerConfigFileLocation()).thenReturn(Paths.get("etc/ont_config.json").toAbsolutePath().toString()); JSONObject controller = new JSONObject( - "{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}"); + "{\"controller_name\":\"AccessM&C\",\"controller_restapiUrl\":\"10.118.191.43:26335\",\"controller_restapiUser\":\"access\",\"controller_restapiPassword\":\"Huawei@123\",\"controller_accessTokenUrl\":\"/rest/plat/smapp/v1/oauth/token\",\"controller_accessTokenFile\":\"./etc/access-token.json\",\"controller_accessTokenMethod\":\"put\",\"controller_subsMethod\":\"post\",\"controller_subscriptionUrl\":\"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription\",\"controller_disableSsl\":\"true\",\"event_details\":[{\"event_name\":\"ONT_registration\",\"event_description\":\"ONTregistartionevent\",\"event_sseventUrlEmbed\":\"true\",\"event_sseventsField\":\"output.url\",\"event_sseventsUrl\":\"null\",\"event_subscriptionTemplate\":\"./etc/ont_registartion_subscription_template.json\",\"event_unSubscriptionTemplate\":\"./etc/ont_registartion_unsubscription_template.json\",\"event_ruleId\":\"777777777\"}]}"); AccessController acClr = new AccessController(controller, properties); PersistentEventConnection p = new PersistentEventConnection.PersistentEventConnectionBuilder().setEventName("") |