From e1d69b3467917291b39c915929bda63f52773e83 Mon Sep 17 00:00:00 2001
From: dglFromAtt <dgl@research.att.com>
Date: Tue, 9 Apr 2019 01:46:16 -0400
Subject: [PATCH] Manage SSL connection to MR

Change-Id: Ia97fa113cf618289be4deae24d8be30ec65bad46
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-1145
---
 README.md                                          |  7 ++++
 .../onap/dmaap/dbcapi/client/MrProvConnection.java | 39 ++++++++++++++++------
 .../dmaap/dbcapi/client/MrTopicConnection.java     |  8 +++--
 3 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 235e0d0..ef81b86 100644
--- a/README.md
+++ b/README.md
@@ -98,6 +98,13 @@ The table below lists all the settings, default values (if not set), and shows a
 |-|-|-|-|
 |MR.projectID          | Value for some constructs of fully qualified topic names | 99999                                 | ONAP |
 |-|-|-|-|
+|MR.hostnameVerify     | Indicates if we want to relax hostname verification on SSL connection  | true                                 | false |
+|-|-|-|-|
+|MR.authentication     | Authentication method used when connecting to MR | none                                 | basicAuth |
+|                      | none = no creds sent (default)                   |  |  |
+|                      | basicAuth = formulate Basic Auth HTTP Header using name and pwd credentials |     |  |
+|                      | cert = use client certificate                    |  |  |
+|-|-|-|-|
 |cadi.properties       | Path to CADI properties file                            | /opt/app/osaaf/local/org.onap.dmaap-bc.props | /opt/app/osaaf/lcoal/org.onap.dmaap-bc.props |
 |-|-|-|-|
 |aaf.URL               | URL of the AAF server                                   | https://authentication.domain.netset.com:8095/proxy/ | https://aaf-authz/ |
diff --git a/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java b/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java
index 6e692fa..2be1b33 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/client/MrProvConnection.java
@@ -30,7 +30,10 @@ import org.onap.dmaap.dbcapi.model.MR_Cluster;
 import org.onap.dmaap.dbcapi.model.Topic;
 import org.onap.dmaap.dbcapi.util.DmaapConfig;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+
 import java.io.*;
 import java.net.*;
 import java.util.Arrays;
@@ -43,9 +46,10 @@ public class MrProvConnection extends BaseLoggingClass{
 
     
     private String topicMgrCred;
-    private boolean useAAF;
+    private String authMethod;
     private    String    user;
     private    String    encPwd;
+    private boolean hostnameVerify;
     
     public MrProvConnection() {
         String mechIdProperty = "aaf.TopicMgrUser";
@@ -53,8 +57,9 @@ public class MrProvConnection extends BaseLoggingClass{
         DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
         user = p.getProperty( mechIdProperty, "noMechId@domain.netset.com" );
         encPwd = p.getProperty( pwdProperty, "notSet" );
-        useAAF= "true".equalsIgnoreCase(p.getProperty("UseAAF", "false"));
+        authMethod = p.getProperty("MR.authentication", "none");
         topicMgrCred =  getCred();
+        hostnameVerify= "true".equalsIgnoreCase(p.getProperty("MR.hostnameVerify", "true"));
         
     }
     
@@ -84,10 +89,22 @@ public class MrProvConnection extends BaseLoggingClass{
         logger.info( "makeConnection to " + pURL );
     
         try {
+    	
+			HostnameVerifier hostnameVerifier = new HostnameVerifier() {
+				@Override
+				public boolean verify( String hostname, SSLSession session ) {
+					return true;
+				}
+			
+			};
             URL u = new URL( pURL );
             uc = (HttpsURLConnection) u.openConnection();
             uc.setInstanceFollowRedirects(false);
-            logger.info( "open connect to " + pURL );
+            if ( ! hostnameVerify ) {
+				HttpsURLConnection ucs = (HttpsURLConnection) uc;
+				ucs.setHostnameVerifier(hostnameVerifier);
+			}
+            logger.info( "open secure connect to " + pURL );
             return(true);
         } catch( UnknownHostException uhe ){
             logger.error( "Caught UnknownHostException for " + pURL);
@@ -105,7 +122,8 @@ public class MrProvConnection extends BaseLoggingClass{
         try {
             URL u = new URL( pURL );
             uc = (HttpURLConnection) u.openConnection();
-            uc.setInstanceFollowRedirects(false);
+            uc.setInstanceFollowRedirects(false);			
+
             logger.info( "open connect to " + pURL );
             return(true);
         } catch( UnknownHostException uhe ){
@@ -146,11 +164,12 @@ public class MrProvConnection extends BaseLoggingClass{
             byte[] postData = postTopic.getBytes();
             logger.info( "post fields=" + Arrays.toString(postData));
             
-            // when not using AAF, do not attempt Basic Authentication
-            if ( useAAF ) {
-                uc.setRequestProperty("Authorization", auth);
-                logger.info( "Authenticating with " + auth );
-            }
+			if ( authMethod.equalsIgnoreCase("basicAuth") ) {
+				uc.setRequestProperty("Authorization", auth);
+				logger.info( "Authenticating with " + auth );
+			} else if ( authMethod.equalsIgnoreCase("cert")) {
+				logger.error( "MR.authentication set for client certificate.  Not supported yet.");
+			}
             uc.setRequestMethod("POST");
             uc.setRequestProperty("Content-Type", "application/json");
             uc.setRequestProperty( "charset", "utf-8");
@@ -215,7 +234,7 @@ public class MrProvConnection extends BaseLoggingClass{
             } 
             
         } catch (Exception e) {
-            errorLogger.error("Unable to read response  " );
+            errorLogger.error("Unable to read response:  " + e.getMessage() );
            
         }
         finally {
diff --git a/src/main/java/org/onap/dmaap/dbcapi/client/MrTopicConnection.java b/src/main/java/org/onap/dmaap/dbcapi/client/MrTopicConnection.java
index 28a9add..0a5f91a 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/client/MrTopicConnection.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/client/MrTopicConnection.java
@@ -50,14 +50,14 @@ public class MrTopicConnection extends BaseLoggingClass  {
 	
 	private  String mmProvCred; 
 	private	String unit_test;
-	private boolean useAAF;
+	private String authMethod;
 	private boolean hostnameVerify;
 
 	public MrTopicConnection(String user, String pwd ) {
 		mmProvCred = new String( user + ":" + pwd );
 		DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
         unit_test = p.getProperty( "UnitTest", "No" );
-    	useAAF= "true".equalsIgnoreCase(p.getProperty("UseAAF", "false"));
+    	authMethod = p.getProperty("MR.authentication", "none");
     	hostnameVerify= "true".equalsIgnoreCase(p.getProperty("MR.hostnameVerify", "true"));
 	}
 	
@@ -146,9 +146,11 @@ public class MrTopicConnection extends BaseLoggingClass  {
 		try {
 			byte[] postData = postMessage.getBytes();
 			logger.info( "post fields=" + postMessage );
-			if ( useAAF ) {
+			if ( authMethod.equalsIgnoreCase("basicAuth") ) {
 				uc.setRequestProperty("Authorization", auth);
 				logger.info( "Authenticating with " + auth );
+			} else if ( authMethod.equalsIgnoreCase("cert")) {
+				logger.error( "MR.authentication set for client certificate.  Not supported yet.");
 			}
 			uc.setRequestMethod("POST");
 			uc.setRequestProperty("Content-Type", "application/json");
-- 
2.16.6