remove ability to disable cert chain validation

author renealr <reneal.rogers@amdocs.com>

Mon, 12 Nov 2018 17:23:28 +0000 (12:23 -0500)

committer renealr <reneal.rogers@amdocs.com>

Mon, 12 Nov 2018 17:24:40 +0000 (12:24 -0500)
author renealr <reneal.rogers@amdocs.com>
Mon, 12 Nov 2018 17:23:28 +0000 (12:23 -0500)
committer renealr <reneal.rogers@amdocs.com>
Mon, 12 Nov 2018 17:24:40 +0000 (12:24 -0500)
diff --git a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java

index 310a059..26c5fdf 100644 (file)
--- a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java
+++ b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java
@@ -201,28 +201,12 @@ public class RestClientBuilder {
      // Check to see if we need to perform proper validation of\r
      // the certificate chains.\r
      TrustManager[] trustAllCerts = null;\r
-    if (validateServerCertChain) {\r
        if (truststoreFilename != null) {\r
          System.setProperty(TRUST_STORE_PROPERTY, truststoreFilename);\r
        } else {\r
          throw new IllegalArgumentException("Trust store filename must be set!");\r
        }\r
  \r
-    } else {\r
-\r
-      // We aren't validating certificates, so create a trust manager that does\r
-      // not validate certificate chains.\r
-      trustAllCerts = new TrustManager[] {new X509TrustManager() {\r
-        public X509Certificate[] getAcceptedIssuers() {\r
-          return null;\r
-        }\r
-\r
-        public void checkClientTrusted(X509Certificate[] certs, String authType) {}\r
-\r
-        public void checkServerTrusted(X509Certificate[] certs, String authType) {}\r
-      }};\r
-    }\r
-\r
      // Set up the SSL context, keystore, etc. to use for our connection\r
      // to the AAI.\r
      SSLContext ctx = SSLContext.getInstance(sslProtocol);\r
diff --git a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java

index e2a728d..5eb7f1f 100644 (file)
--- a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java
+++ b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java
@@ -342,6 +342,7 @@ public class RestfulClientTest {
      public void testGetClient() throws Exception {
          RestClientBuilder restClientBuilder= new RestClientBuilder();
          restClientBuilder.setAuthenticationMode(RestAuthenticationMode.SSL_BASIC);
+        restClientBuilder.setTruststoreFilename("truststore");
          assertTrue(restClientBuilder.getClient() instanceof Client);
      }
  
diff --git a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java

index 5e7d8c1..7155f9a 100644 (file)
--- a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java
+++ b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java
@@ -141,6 +141,7 @@ public class RestClientBuilderTest {
      restClientBuilder.setReadTimeoutInMs(54321);\r
      restClientBuilder.setBasicAuthUsername("username");\r
      restClientBuilder.setBasicAuthPassword("password");\r
+    restClientBuilder.setTruststoreFilename("truststore");\r
      \r
      Client client = restClientBuilder.getClient();\r
     \r
@@ -155,7 +156,7 @@ public class RestClientBuilderTest {
      \r
    }\r
  \r
-  @Test\r
+  @Test (expected=IllegalArgumentException.class)\r
    public void validateSslCertClient_noHostOrCertChainValidation() throws Exception {\r
      \r
      RestClientBuilder restClientBuilder = new RestClientBuilder();\r
@@ -166,18 +167,10 @@ public class RestClientBuilderTest {
      restClientBuilder.setValidateServerCertChain(false);\r
      restClientBuilder.setValidateServerHostname(false);\r
      \r
-    Client client = restClientBuilder.getClient();\r
-   \r
-    Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES);\r
-    HTTPSProperties sslProps = null;\r
-    if ( sslPropertiesObj instanceof HTTPSProperties ) {\r
-      sslProps = (HTTPSProperties)sslPropertiesObj;\r
-      assertNotNull(sslProps.getHostnameVerifier());\r
-    } else {\r
-      fail("Unexpected value for https properties object");\r
-    }  }\r
+    Client client = restClientBuilder.getClient(); \r
+  }\r
    \r
-  @Test\r
+  @Test (expected=IllegalArgumentException.class)\r
    public void validateSslCertClient_hostOnlyValidation() throws Exception {\r
      \r
      RestClientBuilder restClientBuilder = new RestClientBuilder();\r
@@ -190,15 +183,7 @@ public class RestClientBuilderTest {
      \r
      Client client = restClientBuilder.getClient();\r
     \r
-    Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES);\r
-    HTTPSProperties sslProps = null;\r
-    if ( sslPropertiesObj instanceof HTTPSProperties ) {\r
-      sslProps = (HTTPSProperties)sslPropertiesObj;\r
-      assertNull(sslProps.getHostnameVerifier());\r
-    } else {\r
-      fail("Unexpected value for https properties object");\r
-    }\r
-   }\r
+  }\r
    \r
    @Test\r
    public void validateSslCertClient_certChainOnlyValidation() throws Exception {\r
author	renealr <reneal.rogers@amdocs.com>
	Mon, 12 Nov 2018 17:23:28 +0000 (12:23 -0500)
committer	renealr <reneal.rogers@amdocs.com>
	Mon, 12 Nov 2018 17:24:40 +0000 (12:24 -0500)
src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java		patch \| blob \| history
src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java		patch \| blob \| history
src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java		patch \| blob \| history