From: Serge Simard Date: Mon, 16 Sep 2019 21:06:58 +0000 (-0400) Subject: SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, X-Git-Tag: 0.6.3~2^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F38%2F95938%2F1;p=ccsdk%2Fcds.git SSLRestClientProperties does not allow ignoring hostname discrepancies with certificate, when doing SSL negotiation. Issue-ID: CCSDK-1732 Signed-off-by: Serge Simard Change-Id: I6e8d63b1f24abcd0098db471d18d2a55e45de3f9 Signed-off-by: Serge Simard (cherry picked from commit e275dc8ea2986f582b3a4aea65c8ca8c0d9f05f3) --- diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt index 68672f227..1e6e23b86 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/BluePrintRestLibData.kt @@ -28,6 +28,7 @@ open class SSLRestClientProperties : RestClientProperties() { lateinit var keyStoreInstance: String // JKS, PKCS12 lateinit var sslTrust: String lateinit var sslTrustPassword: String + var sslTrustIgnoreHostname: Boolean = false var sslKey: String? = null var sslKeyPassword: String? = null } diff --git a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt index 2acf776ca..0ef1757e2 100644 --- a/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt +++ b/ms/blueprintsprocessor/modules/commons/rest-lib/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/rest/service/SSLRestClientService.kt @@ -32,6 +32,7 @@ import java.io.File import java.io.FileInputStream import java.security.KeyStore import java.security.cert.X509Certificate +import org.apache.http.conn.ssl.NoopHostnameVerifier class SSLRestClientService(private val restClientProperties: SSLRestClientProperties) : BlueprintWebClientService { @@ -87,6 +88,7 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper val sslKeyPwd = restClientProperties.sslKeyPassword val sslTrust = restClientProperties.sslTrust val sslTrustPwd = restClientProperties.sslTrustPassword + val sslTrustIgnoreHostname = restClientProperties.sslTrustIgnoreHostname val acceptingTrustStrategy = { _: Array, _: String -> true @@ -101,9 +103,13 @@ class SSLRestClientService(private val restClientProperties: SSLRestClientProper } } - sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), - acceptingTrustStrategy) - val csf = SSLConnectionSocketFactory(sslContext.build()) + sslContext.loadTrustMaterial(File(sslTrust), sslTrustPwd.toCharArray(), acceptingTrustStrategy) + var csf : SSLConnectionSocketFactory + if (sslTrustIgnoreHostname) { + csf = SSLConnectionSocketFactory(sslContext.build(), NoopHostnameVerifier()) + } else { + csf = SSLConnectionSocketFactory(sslContext.build()) + } return HttpClients.custom() .addInterceptorFirst(WebClientUtils.logRequest()) .addInterceptorLast(WebClientUtils.logResponse())