From 6ad41e3ccd398a2721f41ad61c80b7bb03f7d127 Mon Sep 17 00:00:00 2001 From: Ittay Stern Date: Mon, 31 Dec 2018 17:21:27 +0200 Subject: Merge from ECOMP's repository Main Features -------------- - Async-Instantiation jobs mechanism major update; still WIP (package `org.onap.vid.job`) - New features in View/Edit: Activate fabric configuration; show related networks; soft delete - Support AAI service-tree traversal (`AAIServiceTree`) - In-memory cache for SDC models and certain A&AI queries (`CacheProviderWithLoadingCache`) - Upgrade TOSCA Parser and add parsing options; fix malformed TOSCA models - Resolve Cloud-Owner values for MSO - Pass X-ONAP headers to MSO Infrastructure -------------- - Remove codehaus' jackson mapper; use soley fasterxml 2.9.7 - Surefire invokes both TestNG and JUnit tests - Support Kotlin source files - AaiController2 which handles errors in a "Spring manner" - Inline generated-sources and remove jsonschema2pojo Quality -------- - Cumulative bug fixes (A&AI API, UI timeouts, and many more) - Many Sonar issues cleaned-up - Some unused classes removed - Minor changes in vid-automation project, allowing some API verification to run Hard Merges ------------ - HTTP Clients (MSO, A&AI, WebConfig, OutgoingRequestHeadersTest) - Moved `package org.onap.vid.controllers` to `controller`, without plural -- just to keep semantic sync with ECOMP. Reference commit in ECOMP: 3d1141625 Issue-ID: VID-378 Change-Id: I9c8d1e74caa41815891d441fc0760bb5f29c5788 Signed-off-by: Ittay Stern --- .../org/onap/vid/aai/util/HttpsAuthClient.java | 28 +++++++++++++++++----- 1 file changed, 22 insertions(+), 6 deletions(-) (limited to 'vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java') diff --git a/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java b/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java index 15f81439b..489d2f1b6 100644 --- a/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java +++ b/vid-app-common/src/main/java/org/onap/vid/aai/util/HttpsAuthClient.java @@ -22,11 +22,16 @@ package org.onap.vid.aai.util; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.glassfish.jersey.client.ClientConfig; import org.glassfish.jersey.client.HttpUrlConnectorProvider; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.vid.aai.exceptions.HttpClientBuilderException; +import org.onap.vid.properties.Features; +import org.togglz.core.manager.FeatureManager; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; @@ -47,16 +52,19 @@ public class HttpsAuthClient { private final SystemPropertyHelper systemPropertyHelper; private final SSLContextProvider sslContextProvider; - public HttpsAuthClient(String certFilePath, SystemPropertyHelper systemPropertyHelper, SSLContextProvider sslContextProvider) { + public HttpsAuthClient(String certFilePath, SystemPropertyHelper systemPropertyHelper, SSLContextProvider sslContextProvider, FeatureManager featureManager) { this.certFilePath = certFilePath; this.systemPropertyHelper = systemPropertyHelper; this.sslContextProvider = sslContextProvider; + this.featureManager = featureManager; } private final String certFilePath; + FeatureManager featureManager; + /** The logger. */ - static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsAuthClient.class); + static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(org.onap.vid.aai.util.HttpsAuthClient.class); /** @@ -70,7 +78,7 @@ public class HttpsAuthClient { try { setSystemProperties(); - ignoreHostname(); + optionallyVerifyHostname(); return systemPropertyHelper.isClientCertEnabled() ? getTrustedClient(config, getKeystorePath(), systemPropertyHelper.getDecryptedKeystorePassword(), mode) @@ -83,8 +91,8 @@ public class HttpsAuthClient { } - private void ignoreHostname() { - HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); + private void optionallyVerifyHostname() { + HttpsURLConnection.setDefaultHostnameVerifier(getHostnameVerifier()); } private Client getUntrustedClient(ClientConfig config) { @@ -94,12 +102,20 @@ public class HttpsAuthClient { private Client getTrustedClient(ClientConfig config, String keystorePath, String keystorePassword, HttpClientMode httpClientMode) throws HttpClientBuilderException { return ClientBuilder.newBuilder() .sslContext(sslContextProvider.getSslContext(keystorePath, keystorePassword, httpClientMode)) - .hostnameVerifier((s, sslSession) -> true) + .hostnameVerifier(getHostnameVerifier()) .withConfig(config) .build() .register(CustomJacksonJaxBJsonProvider.class); } + protected HostnameVerifier getHostnameVerifier() { + if(featureManager.isActive(Features.FLAG_EXP_USE_DEFAULT_HOST_NAME_VERIFIER)){ + return new DefaultHostnameVerifier(); + } + + return new NoopHostnameVerifier(); + } + private String getKeystorePath() { return getCertificatesPath() + FileSystems.getDefault().getSeparator() + systemPropertyHelper.getAAIKeystoreFilename(); } -- cgit 1.2.3-korg