diff options
author | Jim Hahn <jrh3@att.com> | 2021-03-25 13:52:02 -0400 |
---|---|---|
committer | Jim Hahn <jrh3@att.com> | 2021-03-25 14:00:55 -0400 |
commit | 8ebb34d51adc48d94c2ceb5a32d3341b076b8207 (patch) | |
tree | ad31fe3f008904e20e72536bfb7432040ede19cc | |
parent | 760d81ae99aa1efce122304047a2e677c0b48074 (diff) |
Use self-signed-cert property for HTTP clients
Currently, the HttpClient code sets self-signed-certs to true whenever
https is specified. This is insecure. Modified the code to set the
value based on the property, defaulting to false.
Issue-ID: POLICY-3145
Change-Id: Ie88cf2411ae44a7c53bc8943f615a74c5b87d1aa
Signed-off-by: Jim Hahn <jrh3@att.com>
-rw-r--r-- | policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java index edf8ff6f..5c3f52d3 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -95,13 +95,12 @@ class IndexedHttpClientFactory implements HttpClientFactory { return; } - boolean https = props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false); - try { HttpClient client = this.build(BusTopicParams.builder() .clientName(clientName) - .useHttps(https) - .allowSelfSignedCerts(https) + .useHttps(props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false)) + .allowSelfSignedCerts( + props.getBoolean(PolicyEndPointProperties.PROPERTY_ALLOW_SELF_SIGNED_CERTIFICATES_SUFFIX, false)) .hostname(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_HOST_SUFFIX, null)) .port(port) .basePath(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_URL_SUFFIX, null)) |