From a7df4e77c0439e0cce667982691f87a1205e0b87 Mon Sep 17 00:00:00 2001 From: s00370346 Date: Fri, 26 Apr 2019 17:20:30 +0530 Subject: Issue-ID: DCAEGEN2-1055 BBS bugfix(SSL disable by config) Change-Id: I93b740b64bd470c77b028e6ae779824ddc19e5c9 Signed-off-by: s00370346 --- src/main/java/org/onap/dcae/common/Constants.java | 1 + src/main/java/org/onap/dcae/common/Parameters.java | 1 + .../java/org/onap/dcae/common/RestapiCallNode.java | 74 +++++++++++----------- .../org/onap/dcae/common/RestapiCallNodeUtil.java | 1 + .../org/onap/dcae/controller/AccessController.java | 2 + .../onap/dcae/controller/ControllerConfigInfo.java | 15 ++++- .../dcae/controller/PersistentEventConnection.java | 1 + 7 files changed, 57 insertions(+), 38 deletions(-) (limited to 'src/main/java/org/onap/dcae') diff --git a/src/main/java/org/onap/dcae/common/Constants.java b/src/main/java/org/onap/dcae/common/Constants.java index 4c2c7b5..562fe99 100755 --- a/src/main/java/org/onap/dcae/common/Constants.java +++ b/src/main/java/org/onap/dcae/common/Constants.java @@ -45,4 +45,5 @@ public class Constants { public static final String KSETTING_TRUST_STORE_PASSWORD = "trustStorePassword"; public static final String KSETTING_KEY_STORE_FILENAME = "keyStoreFileName"; public static final String KSETTING_KEY_STORE_PASSWD = "keyStorePassword"; + public static final String KDEFAULT_DISABLE_SSL = "disableSsl"; } diff --git a/src/main/java/org/onap/dcae/common/Parameters.java b/src/main/java/org/onap/dcae/common/Parameters.java index 5bc85a5..00747ac 100755 --- a/src/main/java/org/onap/dcae/common/Parameters.java +++ b/src/main/java/org/onap/dcae/common/Parameters.java @@ -49,4 +49,5 @@ public class Parameters { public String oAuthVersion; public AuthType authtype; public Boolean returnRequestPayload; + public boolean disableSsl; } diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNode.java b/src/main/java/org/onap/dcae/common/RestapiCallNode.java index 6fb232c..4d1a776 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNode.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNode.java @@ -318,44 +318,46 @@ public class RestapiCallNode { protected HttpResponse sendHttpRequest(String request, Parameters p) throws Exception { /* Enable this code if external controller's keyStore file not availabale */ - /*Create a trust manager that does not validate certificate chains*/ -// TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { -// public java.security.cert.X509Certificate[] getAcceptedIssuers() { -// return null; -// } -// public void checkClientTrusted(X509Certificate[] certs, String authType) { -// } -// public void checkServerTrusted(X509Certificate[] certs, String authType) { -// } -// } -// }; -// -// // Install the all-trusting trust manager -// SSLContext sc = SSLContext.getInstance("SSL"); -// sc.init(null, trustAllCerts, new java.security.SecureRandom()); -// HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); -// -// // Create all-trusting host name verifier -// HostnameVerifier allHostsValid = new HostnameVerifier() { -// public boolean verify(String hostname, SSLSession session) { -// return true; -// } -// }; -// -// // Install the all-trusting host verifier -// log.info("Warning!!! No SSL handshake **************************************"); -// HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); - /*HELPER CODE END */ ClientConfig config = new DefaultClientConfig(); - SSLContext ssl = null; - if (p.ssl && p.restapiUrl.startsWith("https")) { - ssl = createSSLContext(p); - } - if (ssl != null) { - HostnameVerifier hostnameVerifier = (hostname, session) -> true; + if (!p.disableSsl) { + SSLContext ssl = null; + if (p.ssl && p.restapiUrl.startsWith("https")) { + ssl = createSSLContext(p); + } + if (ssl != null) { + HostnameVerifier hostnameVerifier = (hostname, session) -> true; + + config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, + new HTTPSProperties(hostnameVerifier, ssl)); + } + } else { + + /* Create a trust manager that does not validate certificate chains */ + TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted(X509Certificate[] certs, String authType) { + } + public void checkServerTrusted(X509Certificate[] certs, String authType) { + } + } + }; + + /* Install the all-trusting trust manager */ + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + + /* Create all-trusting host name verifier */ + HostnameVerifier allHostsValid = new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; - config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, - new HTTPSProperties(hostnameVerifier, ssl)); + /* Install the all-trusting host verifier*/ + HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } logProperties(config.getProperties()); diff --git a/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java b/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java index 1ff00dd..9566658 100755 --- a/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java +++ b/src/main/java/org/onap/dcae/common/RestapiCallNodeUtil.java @@ -84,6 +84,7 @@ public class RestapiCallNodeUtil { p.partner = parseParam(paramMap, "partner", false, null); p.dumpHeaders = Boolean.valueOf(parseParam(paramMap, "dumpHeaders", false, null)); p.returnRequestPayload = Boolean.valueOf(parseParam(paramMap, "returnRequestPayload", false, null)); + p.disableSsl = Boolean.valueOf(parseParam(paramMap, "disableSsl", false, "true")); log.info(p.toString()); return p; } diff --git a/src/main/java/org/onap/dcae/controller/AccessController.java b/src/main/java/org/onap/dcae/controller/AccessController.java index c2ed5e3..bd80d97 100644 --- a/src/main/java/org/onap/dcae/controller/AccessController.java +++ b/src/main/java/org/onap/dcae/controller/AccessController.java @@ -71,6 +71,7 @@ public class AccessController { .setController_subscriptionUrl(controller.get("controller_subscriptionUrl").toString()) .setController_accessTokenMethod(controller.get("controller_accessTokenMethod").toString()) .setController_subsMethod(controller.get("controller_subsMethod").toString()) + .setController_disableSsl(controller.get("controller_disableSsl").toString()) .createControllerConfigInfo(); this.properties = properties; this.ctx = new RestConfContext(); @@ -237,6 +238,7 @@ public class AccessController { String KeyPassword = getKeyStorePassword(toAbsolutePath(this.getProperties().keystorePasswordFileLocation())); paraMap.put(Constants.KSETTING_KEY_STORE_PASSWD, KeyPassword); + paraMap.put(Constants.KDEFAULT_DISABLE_SSL, "true"); } private Path toAbsolutePath(final String path) { diff --git a/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java b/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java index 52cfc83..68eb162 100644 --- a/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java +++ b/src/main/java/org/onap/dcae/controller/ControllerConfigInfo.java @@ -29,7 +29,7 @@ public class ControllerConfigInfo { private String controller_subscriptionUrl; private String controller_accessTokenMethod; private String controller_subsMethod; - + private String controller_disableSsl; public static class ControllerConfigInfoBuilder { @@ -42,6 +42,7 @@ public class ControllerConfigInfo { private String controller_subscriptionUrl; private String controller_accessTokenMethod; private String controller_subsMethod; + private String controller_disableSsl; public ControllerConfigInfoBuilder setController_name(String controller_name) { this.controller_name = controller_name; @@ -88,6 +89,11 @@ public class ControllerConfigInfo { return this; } + public ControllerConfigInfoBuilder setController_disableSsl(String controller_disableSsl) { + this.controller_disableSsl = controller_disableSsl; + return this; + } + public ControllerConfigInfo createControllerConfigInfo() { return new ControllerConfigInfo(this); } @@ -104,7 +110,7 @@ public class ControllerConfigInfo { this.controller_subscriptionUrl = controllerConfigInfoBuilder.controller_subscriptionUrl; this.controller_accessTokenMethod = controllerConfigInfoBuilder.controller_accessTokenMethod; this.controller_subsMethod = controllerConfigInfoBuilder.controller_subsMethod; - + this.controller_disableSsl = controllerConfigInfoBuilder.controller_disableSsl; } @@ -143,4 +149,9 @@ public class ControllerConfigInfo { public String getController_subscriptionUrl() { return controller_subscriptionUrl; } + + public String getController_disableSsl() { + return controller_disableSsl; + } + } \ No newline at end of file diff --git a/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java b/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java index c963129..2fb782f 100644 --- a/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java +++ b/src/main/java/org/onap/dcae/controller/PersistentEventConnection.java @@ -175,6 +175,7 @@ public class PersistentEventConnection implements Runnable { modifyEventParamMap(Constants.KSETTING_REST_UNAME, parentCtrllr.getCfgInfo().getController_restapiUser()); modifyEventParamMap(Constants.KSETTING_REST_PASSWD, parentCtrllr.getCfgInfo().getController_restapiPassword()); modifyEventParamMap(Constants.KSETTING_HTTP_METHOD, parentCtrllr.getCfgInfo().getController_subsMethod()); + modifyEventParamMap(Constants.KDEFAULT_DISABLE_SSL, parentCtrllr.getCfgInfo().getController_disableSsl()); parentCtrllr.getRestApiCallNode().sendRequest(eventParaMap, ctx, null); } catch (Exception e) { -- cgit 1.2.3-korg