summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Hahn <jrh3@att.com>2020-06-30 09:14:51 -0400
committerJim Hahn <jrh3@att.com>2020-06-30 09:21:35 -0400
commitd3e074c0010cce39ed4ca0071f5a78aadc8d6496 (patch)
tree0cfa86f2cab0961f9f805f028492fa94f795b2a0
parentf71f3fcb8c1e3138f92a3c773f19bf3280572def (diff)
Fix sonar about always-trust-manager
This trust manager is not secure and should be avoided. However, it is only used when the configuration explicitly says to allow self-signed certificates. Modified the code to use an apache trust manager, thus avoid the sonar complaint. Issue-ID: POLICY-2650 Change-Id: Iaf4c72689916ed5ed5e6864666f3f54b2c5e0f12 Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r--utils/pom.xml5
-rw-r--r--utils/src/main/java/org/onap/policy/common/utils/network/NetworkUtil.java27
2 files changed, 7 insertions, 25 deletions
diff --git a/utils/pom.xml b/utils/pom.xml
index 846d6871..95ea2c39 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -61,6 +61,11 @@
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
+ <groupId>commons-net</groupId>
+ <artifactId>commons-net</artifactId>
+ <version>3.6</version>
+ </dependency>
+ <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
diff --git a/utils/src/main/java/org/onap/policy/common/utils/network/NetworkUtil.java b/utils/src/main/java/org/onap/policy/common/utils/network/NetworkUtil.java
index 4b823fdc..a2fb5a8b 100644
--- a/utils/src/main/java/org/onap/policy/common/utils/network/NetworkUtil.java
+++ b/utils/src/main/java/org/onap/policy/common/utils/network/NetworkUtil.java
@@ -26,9 +26,8 @@ import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
-import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import org.apache.commons.net.util.TrustManagerUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -48,29 +47,7 @@ public class NetworkUtil {
/**
* A trust manager that always trusts certificates.
*/
- // @formatter:off
- private static final TrustManager[] ALWAYS_TRUST_MANAGER = new TrustManager[] {
- new X509TrustManager() {
-
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
-
- @Override
- public void checkClientTrusted(final java.security.cert.X509Certificate[] certs,
- final String authType) {
- // always trust
- }
-
- @Override
- public void checkServerTrusted(final java.security.cert.X509Certificate[] certs,
- final String authType) {
- // always trust
- }
- }
- };
- // @formatter:on
+ private static final TrustManager[] ALWAYS_TRUST_MANAGER = { TrustManagerUtils.getAcceptAllTrustManager() };
private NetworkUtil() {
// Empty constructor