summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2021-03-25 13:52:02 -0400
committerJim Hahn <jrh3@att.com>2021-03-25 14:00:55 -0400
commit8ebb34d51adc48d94c2ceb5a32d3341b076b8207 (patch)
treead31fe3f008904e20e72536bfb7432040ede19cc
parent760d81ae99aa1efce122304047a2e677c0b48074 (diff)
Use self-signed-cert property for HTTP clients
Currently, the HttpClient code sets self-signed-certs to true whenever https is specified. This is insecure. Modified the code to set the value based on the property, defaulting to false. Issue-ID: POLICY-3145 Change-Id: Ie88cf2411ae44a7c53bc8943f615a74c5b87d1aa Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r--policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java9
1 files changed, 4 insertions, 5 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java
index edf8ff6f..5c3f52d3 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP
* ================================================================================
- * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019, 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -95,13 +95,12 @@ class IndexedHttpClientFactory implements HttpClientFactory {
return;
}
- boolean https = props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false);
-
try {
HttpClient client = this.build(BusTopicParams.builder()
.clientName(clientName)
- .useHttps(https)
- .allowSelfSignedCerts(https)
+ .useHttps(props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false))
+ .allowSelfSignedCerts(
+ props.getBoolean(PolicyEndPointProperties.PROPERTY_ALLOW_SELF_SIGNED_CERTIFICATES_SUFFIX, false))
.hostname(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_HOST_SUFFIX, null))
.port(port)
.basePath(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_URL_SUFFIX, null))