diff options
author | Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com> | 2021-03-12 18:51:49 +0530 |
---|---|---|
committer | Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com> | 2021-03-16 04:07:48 +0000 |
commit | 83ef96a61121e722b8b49bf8ddbf75e8dace935b (patch) | |
tree | c1db0b913bfc41e785a089253c9b5372769632b5 | |
parent | 9584bf58465f6b6a8430d5bc4e3398a9a71e668e (diff) |
weak-cryptography issues identified in sonarcloud
Issue-ID: VFC-1827
Signed-off-by: Abhishek Bajaj <abhishek.kumar.bajaj@huawei.com>
Change-Id: If6ab805698a8d89f523037230e29b9b8482f3c8d
-rw-r--r-- | huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java | 58 |
1 files changed, 50 insertions, 8 deletions
diff --git a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java b/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java index bccf4815..f453a0a4 100644 --- a/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java +++ b/huawei/vnfmadapter/VnfmadapterService/service/src/main/java/org/onap/vfc/nfvo/vnfm/svnfm/vnfmadapter/service/csm/connect/AbstractSslContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 Huawei Technologies Co., Ltd. + * Copyright 2020-2021 Huawei Technologies Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,8 +23,10 @@ import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.KeyManager; @@ -62,7 +64,7 @@ public class AbstractSslContext { protected static SSLContext getAnonymousSSLContext() throws GeneralSecurityException { SSLContext sslContext = getSSLContext(); - sslContext.init(null, new TrustManager[] {new TrustAnyTrustManager()}, new SecureRandom()); + sslContext.init(null, new TrustManager[] {new MyTrustManager()}, new SecureRandom()); return sslContext; } @@ -170,21 +172,61 @@ public class AbstractSslContext { return sslJson; } - private static class TrustAnyTrustManager implements X509TrustManager { - + private static class MyTrustManager implements X509TrustManager { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + private MyTrustManager() throws NoSuchAlgorithmException{ + } + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[] {}; } @Override - public void checkServerTrusted(X509Certificate[] certs, String authType) { - // NOSONAR + public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { + try { + tmf.init((KeyStore)null); + } catch (KeyStoreException e) { + throw new IllegalStateException(e); + } + + //Get hold of default trust manager + X509TrustManager x509Tm = null; + for(TrustManager tm: tmf.getTrustManagers()) + { + if(tm instanceof X509TrustManager) { + x509Tm = (X509TrustManager) tm; + break; + } + } + + //Wrap it in your own class + final X509TrustManager finalTm = x509Tm; + finalTm.checkServerTrusted(certs, authType); + } @Override - public void checkClientTrusted(X509Certificate[] certs, String authType) { - // NOSONAR + public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException { + try { + tmf.init((KeyStore)null); + } catch (KeyStoreException e) { + throw new IllegalStateException(e); + } + + //Get hold of default trust manager + X509TrustManager x509Tm = null; + for(TrustManager tm: tmf.getTrustManagers()) + { + if(tm instanceof X509TrustManager) { + x509Tm = (X509TrustManager) tm; + break; + } + } + + //Wrap it in your own class + final X509TrustManager finalTm = x509Tm; + finalTm.checkClientTrusted(certs, authType); } } } |