diff options
author | Chris Ramstad <cramstad@ciena.com> | 2020-03-04 13:10:18 -0800 |
---|---|---|
committer | Chris Ramstad <cramstad@ciena.com> | 2020-03-04 13:12:48 -0800 |
commit | 41c956dcca4315fe0f396c684b5f6f0da49fb4b0 (patch) | |
tree | 6f3c469437233ce951bb1aafcd95e007aee84d7d | |
parent | 157ece6ced7b093701bd10f3a3cd42c5559529a0 (diff) |
SONAR: Resolving server hostnames should be verified
Per Jorge Hernandez, we don't want to fix this as
it falls under the selfSignedCert clause which is
used in testing and non-production environments.
Marking as //NOSONAR
Issue-ID: POLICY-2389
Signed-off-by: Chris Ramstad <cramstad@ciena.com>
Change-Id: Iaf47e19dc8450607b1dc3aa260370e9c0d7d491d
-rw-r--r-- | policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java index c6a4fa41..ccbed5d9 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/internal/JerseyClient.java @@ -131,8 +131,14 @@ public class JerseyClient implements HttpClient { SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); if (this.selfSignedCerts) { sslContext.init(null, NetworkUtil.getAlwaysTrustingManager(), new SecureRandom()); + + // This falls under self signed certs which is used for non-production testing environments where + // the hostname in the cert is unlikely to be crafted properly. We always return true for the + // hostname verifier. This causes a sonar vuln but we ignore it as it could cause problems in some + // testing environments. clientBuilder = - ClientBuilder.newBuilder().sslContext(sslContext).hostnameVerifier((host, session) -> true); + ClientBuilder.newBuilder().sslContext(sslContext).hostnameVerifier( + (host, session) -> true); //NOSONAR } else { sslContext.init(null, null, null); clientBuilder = ClientBuilder.newBuilder().sslContext(sslContext); |