From 8ebb34d51adc48d94c2ceb5a32d3341b076b8207 Mon Sep 17 00:00:00 2001 From: Jim Hahn Date: Thu, 25 Mar 2021 13:52:02 -0400 Subject: Use self-signed-cert property for HTTP clients Currently, the HttpClient code sets self-signed-certs to true whenever https is specified. This is insecure. Modified the code to set the value based on the property, defaulting to false. Issue-ID: POLICY-3145 Change-Id: Ie88cf2411ae44a7c53bc8943f615a74c5b87d1aa Signed-off-by: Jim Hahn --- .../common/endpoints/http/client/IndexedHttpClientFactory.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'policy-endpoints') diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java index edf8ff6f..5c3f52d3 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -95,13 +95,12 @@ class IndexedHttpClientFactory implements HttpClientFactory { return; } - boolean https = props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false); - try { HttpClient client = this.build(BusTopicParams.builder() .clientName(clientName) - .useHttps(https) - .allowSelfSignedCerts(https) + .useHttps(props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false)) + .allowSelfSignedCerts( + props.getBoolean(PolicyEndPointProperties.PROPERTY_ALLOW_SELF_SIGNED_CERTIFICATES_SUFFIX, false)) .hostname(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_HOST_SUFFIX, null)) .port(port) .basePath(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_URL_SUFFIX, null)) -- cgit 1.2.3-korg