Removing jackson to mitigate cve-2017-4995

[vfc/nfvo/driver/vnfm/svnfm.git] / nokiav2 / driver / src / main / java / org / onap / vfc / nfvo / driver / vnfm / svnfm / nokia / vnfm / CbamSecurityProvider.java
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java

index 6c70c26..3a33436 100644 (file)
--- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java
@@ -15,33 +15,14 @@
   */
  package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm;
  
-import com.google.common.base.Joiner;
-import com.google.common.io.BaseEncoding;
-import org.apache.http.conn.ssl.DefaultHostnameVerifier;
-import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.StoreLoader;
-import org.slf4j.Logger;
  import org.springframework.beans.factory.annotation.Value;
  import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
-
-import javax.net.ssl.*;
-import java.nio.charset.StandardCharsets;
-import java.security.KeyStore;
-import java.security.SecureRandom;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Set;
-
-import static java.util.UUID.randomUUID;
-import static org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.CbamUtils.buildFatalFailure;
-import static org.slf4j.LoggerFactory.getLogger;
  
  /**
- * Responsible for providing a token to access CBAM APIs
+ * Responsible for providing SSL factories for AAI
   */
  @Component
-public class CbamSecurityProvider {
-    private static Logger logger = getLogger(CbamSecurityProvider.class);
+public class CbamSecurityProvider extends GenericSecurityProvider {
      @Value("${trustedCertificates}")
      private String trustedCertificates;
      @Value("${skipCertificateVerification}")
@@ -49,69 +30,18 @@ public class CbamSecurityProvider {
      @Value("${skipHostnameVerification}")
      private boolean skipHostnameVerification;
  
-    protected HostnameVerifier buildHostnameVerifier() {
-        if (skipHostnameVerification) {
-            return (hostname, session) -> true;
-        } else {
-            return new DefaultHostnameVerifier();
-        }
+    @Override
+    protected boolean skipHostnameVerification() {
+        return skipHostnameVerification;
      }
  
-    protected SSLSocketFactory buildSSLSocketFactory() {
-        try {
-            TrustManager[] trustManagers = new X509TrustManager[]{buildTrustManager()};
-            SSLContext sslContext = SSLContext.getInstance("TLS");
-            sslContext.init(null, trustManagers, new SecureRandom());
-            return sslContext.getSocketFactory();
-        } catch (Exception e) {
-            throw buildFatalFailure(logger, "Unable to create SSL socket factory", e);
-        }
+    @Override
+    protected boolean skipCertificateVerification() {
+        return skipCertificateVerification;
      }
  
-    protected X509TrustManager buildTrustManager() {
-        if (skipCertificateVerification) {
-            return new AllTrustedTrustManager();
-        } else {
-            if (StringUtils.isEmpty(trustedCertificates)) {
-                throw buildFatalFailure(logger, "If the skipCertificateVerification is set to false (default) the trustedCertificates can not be empty");
-            }
-            Set<String> trustedPems;
-            String content;
-            try {
-                content = new String(BaseEncoding.base64().decode(trustedCertificates), StandardCharsets.UTF_8);
-                trustedPems = StoreLoader.getCertifacates(content);
-            } catch (Exception e) {
-                throw buildFatalFailure(logger, "The trustedCertificates must be a base64 encoded collection of PEM certificates", e);
-            }
-            if (trustedPems.isEmpty()) {
-                throw buildFatalFailure(logger, "No certificate can be extracted from " + content);
-            }
-            try {
-                KeyStore keyStore = StoreLoader.loadStore(Joiner.on("\n").join(trustedPems), randomUUID().toString(), randomUUID().toString());
-                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                trustManagerFactory.init(keyStore);
-                return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
-            } catch (Exception e) {
-                throw buildFatalFailure(logger, "Unable to create keystore", e);
-            }
-        }
+    @Override
+    protected String trustedCertificates() {
+        return trustedCertificates;
      }
-
-    private static class AllTrustedTrustManager implements X509TrustManager {
-        @Override
-        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-            //no need to check certificates if everything is trusted
-        }
-
-        @Override
-        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-            //no need to check certificates if everything is trusted
-        }
-
-        @Override
-        public X509Certificate[] getAcceptedIssuers() {
-            return new X509Certificate[0];
-        }
-    }
-
  }