summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAbhishek Bajaj <abhishek.kumar.bajaj@huawei.com>2021-03-12 18:51:49 +0530
committerAbhishek Bajaj <abhishek.kumar.bajaj@huawei.com>2021-03-16 04:07:48 +0000
commit83ef96a61121e722b8b49bf8ddbf75e8dace935b (patch)
treec1db0b913bfc41e785a089253c9b5372769632b5
parent9584bf58465f6b6a8430d5bc4e3398a9a71e668e (diff)
weak-cryptography issues identified in sonarcloud
Issue-ID: VFC-1827 Signed-off-by: Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com> Change-Id: If6ab805698a8d89f523037230e29b9b8482f3c8d
-rw-r--r--huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java58
1 files changed, 50 insertions, 8 deletions
diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java b/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java
index bccf4815..f453a0a4 100644
--- a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java
+++ b/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2017 Huawei Technologies Co., Ltd.
+ * Copyright 2020-2021 Huawei Technologies Co., Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -23,8 +23,10 @@ import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
@@ -62,7 +64,7 @@ public class AbstractSslContext {
protected static SSLContext getAnonymousSSLContext() throws GeneralSecurityException {
SSLContext sslContext = getSSLContext();
- sslContext.init(null, new TrustManager[] {new TrustAnyTrustManager()}, new SecureRandom());
+ sslContext.init(null, new TrustManager[] {new MyTrustManager()}, new SecureRandom());
return sslContext;
}
@@ -170,21 +172,61 @@ public class AbstractSslContext {
return sslJson;
}
- private static class TrustAnyTrustManager implements X509TrustManager {
-
+ private static class MyTrustManager implements X509TrustManager {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ private MyTrustManager() throws NoSuchAlgorithmException{
+ }
+
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};
}
@Override
- public void checkServerTrusted(X509Certificate[] certs, String authType) {
- // NOSONAR
+ public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
+ try {
+ tmf.init((KeyStore)null);
+ } catch (KeyStoreException e) {
+ throw new IllegalStateException(e);
+ }
+
+ //Get hold of default trust manager
+ X509TrustManager x509Tm = null;
+ for(TrustManager tm: tmf.getTrustManagers())
+ {
+ if(tm instanceof X509TrustManager) {
+ x509Tm = (X509TrustManager) tm;
+ break;
+ }
+ }
+
+ //Wrap it in your own class
+ final X509TrustManager finalTm = x509Tm;
+ finalTm.checkServerTrusted(certs, authType);
+
}
@Override
- public void checkClientTrusted(X509Certificate[] certs, String authType) {
- // NOSONAR
+ public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
+ try {
+ tmf.init((KeyStore)null);
+ } catch (KeyStoreException e) {
+ throw new IllegalStateException(e);
+ }
+
+ //Get hold of default trust manager
+ X509TrustManager x509Tm = null;
+ for(TrustManager tm: tmf.getTrustManagers())
+ {
+ if(tm instanceof X509TrustManager) {
+ x509Tm = (X509TrustManager) tm;
+ break;
+ }
+ }
+
+ //Wrap it in your own class
+ final X509TrustManager finalTm = x509Tm;
+ finalTm.checkClientTrusted(certs, authType);
}
}
}