Code Review / policy / common.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 760d81a)
Use self-signed-cert property for HTTP clients 66/119866/2
authorJim Hahn <jrh3@att.com>
Thu, 25 Mar 2021 17:52:02 +0000 (13:52 -0400)
committerJim Hahn <jrh3@att.com>
Thu, 25 Mar 2021 18:00:55 +0000 (14:00 -0400)
Currently, the HttpClient code sets self-signed-certs to true whenever
https is specified.  This is insecure.  Modified the code to set the
value based on the property, defaulting to false.

Issue-ID: POLICY-3145
Change-Id: Ie88cf2411ae44a7c53bc8943f615a74c5b87d1aa
Signed-off-by: Jim Hahn <jrh3@att.com>
policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java patch | blob | history

diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java
index edf8ff6..5c3f52d 100644 (file)
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/client/IndexedHttpClientFactory.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP
  * ================================================================================
- * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019, 2021 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -95,13 +95,12 @@ class IndexedHttpClientFactory implements HttpClientFactory {
             return;
         }
 
-        boolean https = props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false);
-
         try {
             HttpClient client = this.build(BusTopicParams.builder()
                 .clientName(clientName)
-                .useHttps(https)
-                .allowSelfSignedCerts(https)
+                .useHttps(props.getBoolean(PolicyEndPointProperties.PROPERTY_HTTP_HTTPS_SUFFIX, false))
+                .allowSelfSignedCerts(
+                    props.getBoolean(PolicyEndPointProperties.PROPERTY_ALLOW_SELF_SIGNED_CERTIFICATES_SUFFIX, false))
                 .hostname(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_HOST_SUFFIX, null))
                 .port(port)
                 .basePath(props.getString(PolicyEndPointProperties.PROPERTY_HTTP_URL_SUFFIX, null))
Policy common shared modules