From a7df4e77c0439e0cce667982691f87a1205e0b87 Mon Sep 17 00:00:00 2001 From: s00370346 Date: Fri, 26 Apr 2019 17:20:30 +0530 Subject: Issue-ID: DCAEGEN2-1055 BBS bugfix(SSL disable by config) Change-Id: I93b740b64bd470c77b028e6ae779824ddc19e5c9 Signed-off-by: s00370346 --- src/main/java/org/onap/dcae/common/Constants.java | 1 + src/main/java/org/onap/dcae/common/Parameters.java | 1 + .../java/org/onap/dcae/common/RestapiCallNode.java | 74 +++++++++++----------- .../org/onap/dcae/common/RestapiCallNodeUtil.java | 1 + 4 files changed, 41 insertions(+), 36 deletions(-) (limited to 'src/main/java/org/onap/dcae/common') diff --git a/src/main/java/org/onap/dcae/common/Constants.java b/src/main/java/org/onap/dcae/common/Constants.java index 4c2c7b5..562fe99 100755 --- a/src/main/java/org/onap/dcae/common/Constants.java +++ b/src/main/java/org/onap/dcae/common/Constants.java @@ -45,4 +45,5 @@ public class Constants { public static final String KSETTING_TRUST_STORE_PASSWORD = "trustStorePassword"; public static final String KSETTING_KEY_STORE_FILENAME = "keyStoreFileName"; public static final String KSETTING_KEY_STORE_PASSWD = "keyStorePassword"; + public static final String KDEFAULT_DISABLE_SSL = "disableSsl"; } diff --git a/src/main/java/org/onap/dcae/common/Parameters.java b/src/main/java/org/onap/dcae/common/Parameters.java index 5bc85a5..00747ac 100755 --- a/src/main/java/org/onap/dcae/common/Parameters.java +++ b/src/main/java/org/onap/dcae/common/Parameters.java @@ -49,4 +49,5 @@ public class Parameters { public String oAuthVersion; public AuthType authtype; public Boolean returnRequestPayload; + public boolean disableSsl; } diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNode.java b/src/main/java/org/onap/dcae/common/RestapiCallNode.java index 6fb232c..4d1a776 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNode.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNode.java @@ -318,44 +318,46 @@ public class RestapiCallNode { protected HttpResponse sendHttpRequest(String request, Parameters p) throws Exception { /* Enable this code if external controller's keyStore file not availabale */ - /*Create a trust manager that does not validate certificate chains*/ -// TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { -// public java.security.cert.X509Certificate[] getAcceptedIssuers() { -// return null; -// } -// public void checkClientTrusted(X509Certificate[] certs, String authType) { -// } -// public void checkServerTrusted(X509Certificate[] certs, String authType) { -// } -// } -// }; -// -// // Install the all-trusting trust manager -// SSLContext sc = SSLContext.getInstance("SSL"); -// sc.init(null, trustAllCerts, new java.security.SecureRandom()); -// HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); -// -// // Create all-trusting host name verifier -// HostnameVerifier allHostsValid = new HostnameVerifier() { -// public boolean verify(String hostname, SSLSession session) { -// return true; -// } -// }; -// -// // Install the all-trusting host verifier -// log.info("Warning!!! No SSL handshake **************************************"); -// HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); - /*HELPER CODE END */ ClientConfig config = new DefaultClientConfig(); - SSLContext ssl = null; - if (p.ssl && p.restapiUrl.startsWith("https")) { - ssl = createSSLContext(p); - } - if (ssl != null) { - HostnameVerifier hostnameVerifier = (hostname, session) -> true; + if (!p.disableSsl) { + SSLContext ssl = null; + if (p.ssl && p.restapiUrl.startsWith("https")) { + ssl = createSSLContext(p); + } + if (ssl != null) { + HostnameVerifier hostnameVerifier = (hostname, session) -> true; + + config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, + new HTTPSProperties(hostnameVerifier, ssl)); + } + } else { + + /* Create a trust manager that does not validate certificate chains */ + TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted(X509Certificate[] certs, String authType) { + } + public void checkServerTrusted(X509Certificate[] certs, String authType) { + } + } + }; + + /* Install the all-trusting trust manager */ + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + + /* Create all-trusting host name verifier */ + HostnameVerifier allHostsValid = new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; - config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, - new HTTPSProperties(hostnameVerifier, ssl)); + /* Install the all-trusting host verifier*/ + HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } logProperties(config.getProperties()); diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java b/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java index 1ff00dd..9566658 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java @@ -84,6 +84,7 @@ public class RestapiCallNodeUtil { p.partner = parseParam(paramMap, "partner", false, null); p.dumpHeaders = Boolean.valueOf(parseParam(paramMap, "dumpHeaders", false, null)); p.returnRequestPayload = Boolean.valueOf(parseParam(paramMap, "returnRequestPayload", false, null)); + p.disableSsl = Boolean.valueOf(parseParam(paramMap, "disableSsl", false, "true")); log.info(p.toString()); return p; } -- cgit 1.2.3-korg