X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=dashboard%2Fwebapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Futil%2FHttpsURLConnectionUtils.java;h=f687483d87d7e1174fc647221fcb6269be2eb76c;hb=1f0eaf77b131fe5757bae47fbdd64e691a9c2053;hp=a97ed7b4512d4aff8002316a4885bd2780c2d460;hpb=b96fd22c2a19b61bbd9d4c71c4f4a8fbb3741df1;p=nonrtric.git

diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
index a97ed7b4..f687483d 100644
--- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
+++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java
@@ -3,13 +3,14 @@
  * O-RAN-SC
  * %%
  * Copyright (C) 2019 AT&T Intellectual Property
+ * Modifications Copyright (C) 2020 Nordix Foundation
  * %%
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,61 +23,47 @@ package org.oransc.ric.portal.dashboard.util;
 
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+
+import org.apache.axis2.java.security.TrustAllTrustManager;
 
 /**
  * Disables and enables certificate and host-name checking in
  * HttpsURLConnection, the default JVM implementation of the HTTPS/TLS protocol.
  * Has no effect on implementations such as Apache Http Client, Ok Http.
- * 
+ *
  * https://stackoverflow.com/questions/23504819/how-to-disable-ssl-certificate-checking-with-spring-resttemplate/58291331#58291331
  */
 public final class HttpsURLConnectionUtils {
 
-	private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
-
-	private static final HostnameVerifier trivialHostnameVerifier = new HostnameVerifier() {
-		public boolean verify(String hostname, SSLSession sslSession) {
-			return true;
-		}
-	};
-
-	private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] { new X509TrustManager() {
-		public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-			return null;
-		}
+    private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
 
-		public void checkClientTrusted(X509Certificate[] certs, String authType) {
-		}
+    private static final HostnameVerifier trivialHostnameVerifier =
+        (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
 
-		public void checkServerTrusted(X509Certificate[] certs, String authType) {
-		}
-	} };
+    private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new TrustAllTrustManager()};
 
-	public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
-		HttpsURLConnection.setDefaultHostnameVerifier(trivialHostnameVerifier);
-		// Install the all-trusting trust manager
-		SSLContext sc = SSLContext.getInstance("SSL");
-		sc.init(null, UNQUESTIONING_TRUST_MANAGER, null);
-		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-	}
+    public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
+        HttpsURLConnection.setDefaultHostnameVerifier(trivialHostnameVerifier);
+        // Install the all-trusting trust manager
+        SSLContext sc = SSLContext.getInstance("TLS");
+        sc.init(null, UNQUESTIONING_TRUST_MANAGER, null);
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    }
 
-	public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {
-		HttpsURLConnection.setDefaultHostnameVerifier(jvmHostnameVerifier);
-		// Return it to the initial state (discovered by reflection, now hardcoded)
-		SSLContext sc = SSLContext.getInstance("SSL");
-		sc.init(null, null, null);
-		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-	}
+    public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {
+        HttpsURLConnection.setDefaultHostnameVerifier(jvmHostnameVerifier);
+        // Return it to the initial state (discovered by reflection, now hardcoded)
+        SSLContext sc = SSLContext.getInstance("TLS");
+        sc.init(null, null, null);
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    }
 
-	private HttpsURLConnectionUtils() {
-		throw new UnsupportedOperationException("Do not instantiate libraries.");
-	}
+    private HttpsURLConnectionUtils() {
+        throw new UnsupportedOperationException("Do not instantiate libraries.");
+    }
 }