From: Nicolas Hu Date: Fri, 2 Oct 2020 15:12:08 +0000 (-0400) Subject: fix-sonar-complaints X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=848677173191182d46aa22ab83bee0de84999a81;p=portal%2Fric-dashboard.git fix-sonar-complaints Remove the code which bypass certificate and host-name checking Signed-off-by: Jun (Nicolas) Hu Change-Id: I80dfb3cda8768ba300641f36421aa358681246e7 --- diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/CaasIngressConfiguration.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/CaasIngressConfiguration.java index 4d51ef7f..0f6c06fb 100644 --- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/CaasIngressConfiguration.java +++ b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/CaasIngressConfiguration.java @@ -24,7 +24,6 @@ import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import org.oransc.ric.portal.dashboard.model.RicRegionList; -import org.oransc.ric.portal.dashboard.util.HttpsURLConnectionUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -53,11 +52,6 @@ public class CaasIngressConfiguration { logger.debug("ctor: suffix {} insecure flag {}", pltUrlSuffix, insecureFlag); this.urlSuffix = pltUrlSuffix; this.instanceConfig = instanceConfig; - // This is a brutal hack: - if (insecureFlag != null && insecureFlag) { - logger.warn("ctor: insecure flag set, disabling SSL checks"); - HttpsURLConnectionUtils.turnOffSslChecking(); - } } @Bean diff --git a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java b/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java deleted file mode 100644 index c4cb055d..00000000 --- a/dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java +++ /dev/null @@ -1,80 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ - -package org.oransc.ric.portal.dashboard.util; - -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - -/** - * Disables and enables certificate and host-name checking in - * HttpsURLConnection, the default JVM implementation of the HTTPS/TLS protocol. - * Has no effect on implementations such as Apache Http Client, Ok Http. - * - * https://stackoverflow.com/questions/23504819/how-to-disable-ssl-certificate-checking-with-spring-resttemplate/58291331#58291331 - */ -public final class HttpsURLConnectionUtils { - - private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); - - private static final HostnameVerifier trivialHostnameVerifier = (hostname, sslSession) -> true; - - private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] { new X509TrustManager() { - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return new java.security.cert.X509Certificate[0]; - } - - public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException { - // empty implementation - } - - public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { - // empty implementation - } - } }; - - public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException { - HttpsURLConnection.setDefaultHostnameVerifier(trivialHostnameVerifier); - // Install the all-trusting trust manager - SSLContext sc = SSLContext.getInstance("TLS"); - sc.init(null, UNQUESTIONING_TRUST_MANAGER, null); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - } - - public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException { - HttpsURLConnection.setDefaultHostnameVerifier(jvmHostnameVerifier); - // Return it to the initial state (discovered by reflection, now hardcoded) - SSLContext sc = SSLContext.getInstance("TLS"); - sc.init(null, null, null); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - } - - private HttpsURLConnectionUtils() { - throw new UnsupportedOperationException("Do not instantiate libraries."); - } -} diff --git a/dashboard/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/k8sapi/CaasIngressTest.java b/dashboard/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/k8sapi/CaasIngressTest.java index cc1a7e86..bddecc81 100644 --- a/dashboard/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/k8sapi/CaasIngressTest.java +++ b/dashboard/webapp-backend/src/test/java/org/oransc/ric/portal/dashboard/k8sapi/CaasIngressTest.java @@ -21,21 +21,19 @@ package org.oransc.ric.portal.dashboard.k8sapi; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.oransc.ric.portal.dashboard.util.HttpsURLConnectionUtils; import org.springframework.web.client.RestTemplate; public class CaasIngressTest { @Test public void coverHttpsUtils() throws Exception { - HttpsURLConnectionUtils.turnOffSslChecking(); // Get IP address from REC deployment team for testing final String podsUrl = "https://localhost:16443/api/v1/namespaces/ricaux/pods"; RestTemplate rt = new RestTemplate(); Assertions.assertThrows(Exception.class, () -> { rt.getForEntity(podsUrl, String.class); }); - HttpsURLConnectionUtils.turnOnSslChecking(); + } }