SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate,

when doing SSL negotiation.

Issue-ID: CCSDK-1732

Signed-off-by: Serge Simard <serge@agilitae.com>
Change-Id: I6e8d63b1f24abcd0098db471d18d2a55e45de3f9
Signed-off-by: Serge Simard <serge@agilitae.com>
(cherry picked from commit e275dc8ea2986f582b3a4aea65c8ca8c0d9f05f3)

diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
index 68672f2..1e6e23b 100644 (file)
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt
@@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() {
     lateinit var keyStoreInstance: String // JKS, PKCS12
     lateinit var sslTrust: String
     lateinit var sslTrustPassword: String
+    var sslTrustIgnoreHostname: Boolean = false
     var sslKey: String? = null
     var sslKeyPassword: String? = null
 }

diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
index 2acf776..0ef1757 100644 (file)
--- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
+++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt
@@ -32,6 +32,7 @@ import java.io.File
 import java.io.FileInputStream
 import java.security.KeyStore
 import java.security.cert.X509Certificate
+import org.apache.http.conn.ssl.NoopHostnameVerifier
 
 class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) :
     BlueprintWebClientService {
@@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
         val sslKeyPwd = restClientProperties.sslKeyPassword
         val sslTrust = restClientProperties.sslTrust
         val sslTrustPwd = restClientProperties.sslTrustPassword
+        val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname
 
         val acceptingTrustStrategy = { _: Array<X509Certificate>, _: String ->
             true
@@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper
             }
         }
 
-        sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(),
-            acceptingTrustStrategy)
-        val csf = SSLConnectionSocketFactory(sslContext.build())
+        sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy)
+        var csf : SSLConnectionSocketFactory
+        if (sslTrustIgnoreHostname) {
+            csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier())
+        } else {
+            csf = SSLConnectionSocketFactory(sslContext.build())
+        }
         return HttpClients.custom()
             .addInterceptorFirst(WebClientUtils.logRequest())
             .addInterceptorLast(WebClientUtils.logResponse())