From: renealr Date: Mon, 12 Nov 2018 17:23:28 +0000 (-0500) Subject: remove ability to disable cert chain validation X-Git-Tag: 1.4.0~1 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aai%2Frest-client.git;a=commitdiff_plain;h=ef858ed661134e651082675c091db056f8add98d remove ability to disable cert chain validation Remove the ability to disbale certificate chain validation Issue-ID: AAI-1908 Change-Id: I5803cec657594bfbc814be1e0122a67206d28cc4 Signed-off-by: renealr --- diff --git a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java index 310a059..26c5fdf 100644 --- a/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java +++ b/src/main/java/org/onap/aai/restclient/rest/RestClientBuilder.java @@ -201,28 +201,12 @@ public class RestClientBuilder { // Check to see if we need to perform proper validation of // the certificate chains. TrustManager[] trustAllCerts = null; - if (validateServerCertChain) { if (truststoreFilename != null) { System.setProperty(TRUST_STORE_PROPERTY, truststoreFilename); } else { throw new IllegalArgumentException("Trust store filename must be set!"); } - } else { - - // We aren't validating certificates, so create a trust manager that does - // not validate certificate chains. - trustAllCerts = new TrustManager[] {new X509TrustManager() { - public X509Certificate[] getAcceptedIssuers() { - return null; - } - - public void checkClientTrusted(X509Certificate[] certs, String authType) {} - - public void checkServerTrusted(X509Certificate[] certs, String authType) {} - }}; - } - // Set up the SSL context, keystore, etc. to use for our connection // to the AAI. SSLContext ctx = SSLContext.getInstance(sslProtocol); diff --git a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java index e2a728d..5eb7f1f 100644 --- a/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java +++ b/src/test/java/org/onap/aai/restclient/client/RestfulClientTest.java @@ -342,6 +342,7 @@ public class RestfulClientTest { public void testGetClient() throws Exception { RestClientBuilder restClientBuilder= new RestClientBuilder(); restClientBuilder.setAuthenticationMode(RestAuthenticationMode.SSL_BASIC); + restClientBuilder.setTruststoreFilename("truststore"); assertTrue(restClientBuilder.getClient() instanceof Client); } diff --git a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java index 5e7d8c1..7155f9a 100644 --- a/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java +++ b/src/test/java/org/onap/aai/restclient/rest/RestClientBuilderTest.java @@ -141,6 +141,7 @@ public class RestClientBuilderTest { restClientBuilder.setReadTimeoutInMs(54321); restClientBuilder.setBasicAuthUsername("username"); restClientBuilder.setBasicAuthPassword("password"); + restClientBuilder.setTruststoreFilename("truststore"); Client client = restClientBuilder.getClient(); @@ -155,7 +156,7 @@ public class RestClientBuilderTest { } - @Test + @Test (expected=IllegalArgumentException.class) public void validateSslCertClient_noHostOrCertChainValidation() throws Exception { RestClientBuilder restClientBuilder = new RestClientBuilder(); @@ -166,18 +167,10 @@ public class RestClientBuilderTest { restClientBuilder.setValidateServerCertChain(false); restClientBuilder.setValidateServerHostname(false); - Client client = restClientBuilder.getClient(); - - Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES); - HTTPSProperties sslProps = null; - if ( sslPropertiesObj instanceof HTTPSProperties ) { - sslProps = (HTTPSProperties)sslPropertiesObj; - assertNotNull(sslProps.getHostnameVerifier()); - } else { - fail("Unexpected value for https properties object"); - } } + Client client = restClientBuilder.getClient(); + } - @Test + @Test (expected=IllegalArgumentException.class) public void validateSslCertClient_hostOnlyValidation() throws Exception { RestClientBuilder restClientBuilder = new RestClientBuilder(); @@ -190,15 +183,7 @@ public class RestClientBuilderTest { Client client = restClientBuilder.getClient(); - Object sslPropertiesObj = client.getProperties().get(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES); - HTTPSProperties sslProps = null; - if ( sslPropertiesObj instanceof HTTPSProperties ) { - sslProps = (HTTPSProperties)sslPropertiesObj; - assertNull(sslProps.getHostnameVerifier()); - } else { - fail("Unexpected value for https properties object"); - } - } + } @Test public void validateSslCertClient_certChainOnlyValidation() throws Exception {