From: sb5356 Date: Fri, 7 Aug 2020 18:29:24 +0000 (-0400) Subject: Restapi-call-node: Fix setting truststore, should not set system properties X-Git-Tag: 1.0.1~6^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=ccsdk%2Fsli%2Fplugins.git;a=commitdiff_plain;h=a66d5461bdda211c861ae6d29b22e3b430e4ffbb Restapi-call-node: Fix setting truststore, should not set system properties Issue-ID: CCSDK-2637 Signed-off-by: sb5356 Change-Id: Icbbb7eaa9f904e0d51199efd78e36b1fa1fa702b --- diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java index 8950df4c..2a2bc6d3 100755 --- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java +++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/Parameters.java @@ -8,9 +8,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,11 +36,6 @@ public class Parameters { public Set listNameList; public boolean skipSending; public boolean convertResponse; - public String keyStoreFileName; - public String keyStorePassword; - public String trustStoreFileName; - public String trustStorePassword; - public boolean ssl; public String customHttpHeaders; public String partner; public Boolean dumpHeaders; diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java index b131301d..5ca2ca89 100755 --- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java +++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/RestapiCallNode.java @@ -38,7 +38,6 @@ import java.net.URI; import java.net.URL; import java.nio.file.Files; import java.nio.file.Paths; -import java.security.KeyStore; import java.util.ArrayList; import java.util.Base64; import java.util.Collections; @@ -52,10 +51,7 @@ import java.util.Properties; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; - import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; import javax.ws.rs.ProcessingException; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; @@ -226,12 +222,6 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { String skipSendingStr = paramMap.get(skipSendingMessage); p.skipSending = "true".equalsIgnoreCase(skipSendingStr); p.convertResponse = valueOf(parseParam(paramMap, "convertResponse", false, "true")); - p.trustStoreFileName = parseParam(paramMap, "trustStoreFileName", false, null); - p.trustStorePassword = parseParam(paramMap, "trustStorePassword", false, null); - p.keyStoreFileName = parseParam(paramMap, "keyStoreFileName", false, null); - p.keyStorePassword = parseParam(paramMap, "keyStorePassword", false, null); - p.ssl = p.trustStoreFileName != null && p.trustStorePassword != null && p.keyStoreFileName != null - && p.keyStorePassword != null; p.customHttpHeaders = parseParam(paramMap, "customHttpHeaders", false, null); p.partner = parseParam(paramMap, "partner", false, null); p.dumpHeaders = valueOf(parseParam(paramMap, "dumpHeaders", false, null)); @@ -791,18 +781,9 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { */ public HttpResponse sendHttpRequest(String request, Parameters p) throws SvcLogicException { - SSLContext ssl = null; - if (p.ssl && p.restapiUrl.startsWith("https")) { - ssl = createSSLContext(p); - } - Client client; + HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); - if (ssl != null) { - HttpsURLConnection.setDefaultSSLSocketFactory(ssl.getSocketFactory()); - client = ClientBuilder.newBuilder().sslContext(ssl).hostnameVerifier((s, sslSession) -> true).build(); - } else { - client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build(); - } + Client client = ClientBuilder.newBuilder().hostnameVerifier((s, sslSession) -> true).build(); setClientTimeouts(client); // Needed to support additional HTTP methods such as PATCH client.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, true); @@ -925,29 +906,6 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { return r; } - protected SSLContext createSSLContext(Parameters p) { - try (FileInputStream in = new FileInputStream(p.keyStoreFileName)) { - System.setProperty("jsse.enableSNIExtension", "false"); - System.setProperty("javax.net.ssl.trustStore", p.trustStoreFileName); - System.setProperty("javax.net.ssl.trustStorePassword", p.trustStorePassword); - - HttpsURLConnection.setDefaultHostnameVerifier((string, ssls) -> true); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - KeyStore ks = KeyStore.getInstance("PKCS12"); - char[] pwd = p.keyStorePassword.toCharArray(); - ks.load(in, pwd); - kmf.init(ks, pwd); - - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kmf.getKeyManagers(), null, null); - return ctx; - } catch (Exception e) { - log.error("Error creating SSLContext: {}", e.getMessage(), e); - } - return null; - } - protected void setFailureResponseStatus(SvcLogicContext ctx, String prefix, String errorMessage, HttpResponse resp) { resp.code = 500; @@ -1265,7 +1223,7 @@ public class RestapiCallNode implements SvcLogicJavaPlugin { } protected static String[] getMultipleUrls(String restapiUrl) { - List urls = new ArrayList(); + List urls = new ArrayList<>(); int start = 0; for (int i = 0; i < restapiUrl.length(); i++) { if (restapiUrl.charAt(i) == ',') {