Mercurial > hg > thermostat-ng > agent

changeset 2712:30ac0c82bc98

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Re-add SSLConfiguration.disableHostnameVerification(). Reviewed-by: ebaron Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-June/023923.html
author Severin Gehwolf <sgehwolf@redhat.com>
date Tue, 27 Jun 2017 19:25:23 +0200
parents 325ba70eb3c1
children 0765cd82bfec
files config/src/main/java/com/redhat/thermostat/shared/config/SSLConfiguration.java config/src/main/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImpl.java config/src/test/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImplTest.java config/src/test/resources/client.properties config/src/test/resources/ssl.properties config/src/test/resources/system_th_home/ssl.properties config/src/test/resources/user_th_home/ssl.properties distribution/config/ssl.properties
diffstat 8 files changed, 55 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/config/src/main/java/com/redhat/thermostat/shared/config/SSLConfiguration.java	Tue Jun 27 10:52:26 2017 -0400
+++ b/config/src/main/java/com/redhat/thermostat/shared/config/SSLConfiguration.java	Tue Jun 27 19:25:23 2017 +0200
@@ -53,6 +53,14 @@
      *         if any, null otherwise.
      */
     public String getKeyStorePassword();
+    
+    /**
+     * 
+     * @return true if and only if host name verification should not be
+     *         performed during SSL handshake. It might be useful to set to
+     *         true for testing purposes or for self signed certificates.
+     */
+    public boolean disableHostnameVerification();
 
 }
 
--- a/config/src/main/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImpl.java	Tue Jun 27 10:52:26 2017 -0400
+++ b/config/src/main/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImpl.java	Tue Jun 27 19:25:23 2017 +0200
@@ -51,6 +51,7 @@
 
     private CommonPaths paths;
     private Properties configProps = null;
+    private static final String DISABLE_HOSTNAME_VERIFICATION = "DISABLE_HOSTNAME_VERIFICATION";
     private static final String SSL_PROPS_FILENAME = "ssl.properties";
     private static final String KEYSTORE_FILE_KEY = "KEYSTORE_FILE";
     private static final String KEYSTORE_FILE_PWD_KEY = "KEYSTORE_PASSWORD";
@@ -59,6 +60,28 @@
     public SSLConfigurationImpl(CommonPaths paths) {
         this.paths = paths;
     }
+    
+    @Override
+    public boolean disableHostnameVerification() {
+        return readBooleanProperty(DISABLE_HOSTNAME_VERIFICATION);
+    }
+    
+    private boolean readBooleanProperty(final String property) {
+        boolean result = false;
+        try {
+            loadProperties();
+        } catch (InvalidConfigurationException e) {
+            logger.log(Level.WARNING,
+                    "THERMOSTAT_HOME not set and config file attempted to be " +
+                          "read from there! Returning false.");
+            return result;
+        }
+        String token = configProps.getProperty(property);
+        if (token != null) {
+            result = Boolean.parseBoolean(token);
+        }
+        return result;
+    }
 
     @Override
     public File getKeystoreFile() {
--- a/config/src/test/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImplTest.java	Tue Jun 27 10:52:26 2017 -0400
+++ b/config/src/test/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImplTest.java	Tue Jun 27 19:25:23 2017 +0200
@@ -120,6 +120,7 @@
         // use this assertion in order to avoid false positives if loading of
         // ssl.properties did not work, but boolean matches default values.
         assertEquals("system thermostat home", config.getKeyStorePassword());
+        assertTrue(config.disableHostnameVerification());
     }
     
     /*
@@ -153,6 +154,7 @@
         // use this assertion in order to avoid false positives if loading of
         // ssl.properties did not work, but boolean matches default values.
         assertEquals("user thermostat home", config.getKeyStorePassword());
+        assertFalse(config.disableHostnameVerification());
     }
     
     /*
@@ -187,6 +189,7 @@
         // use this assertion in order to avoid false positives if loading of
         // ssl.properties did not work, but boolean matches default values.
         assertEquals("user thermostat home", config.getKeyStorePassword());
+        assertFalse(config.disableHostnameVerification());
     }
     
     /*
@@ -218,6 +221,16 @@
         // assert default values
         assertNull(config.getKeyStorePassword());
         assertNull(config.getKeystoreFile());
+        assertFalse(config.disableHostnameVerification());
+    }
+    
+    @Test
+    public void canGetSSLEnabledConfigs() {
+        assertTrue(sslConf.disableHostnameVerification());
+        File disabledSSLProps = new File(this.getClass().getResource("/ssl.properties").getFile());
+        SSLConfigurationImpl disabledSSLConf = new SSLConfigurationImpl(null);
+        disabledSSLConf.initProperties(disabledSSLProps);
+        assertFalse(disabledSSLConf.disableHostnameVerification());
     }
     
     private static String decodeFilePath(URL url) {
--- a/config/src/test/resources/client.properties	Tue Jun 27 10:52:26 2017 -0400
+++ b/config/src/test/resources/client.properties	Tue Jun 27 19:25:23 2017 +0200
@@ -1,3 +1,4 @@
 # Random comment
 KEYSTORE_FILE=/path/to/thermostat.keystore
 KEYSTORE_PASSWORD=some password
+DISABLE_HOSTNAME_VERIFICATION=true
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/config/src/test/resources/ssl.properties	Tue Jun 27 19:25:23 2017 +0200
@@ -0,0 +1,2 @@
+# This does not parse as a boolean
+DISABLE_HOSTNAME_VERIFICATION=yes
\ No newline at end of file
--- a/config/src/test/resources/system_th_home/ssl.properties	Tue Jun 27 10:52:26 2017 -0400
+++ b/config/src/test/resources/system_th_home/ssl.properties	Tue Jun 27 19:25:23 2017 +0200
@@ -1,3 +1,4 @@
 # used for system vs. user thermostat home config of ssl.properties testing
 KEYSTORE_FILE=/path/to/system_thermostat.keystore
-KEYSTORE_PASSWORD=system thermostat home
\ No newline at end of file
+KEYSTORE_PASSWORD=system thermostat home
+DISABLE_HOSTNAME_VERIFICATION=true
--- a/config/src/test/resources/user_th_home/ssl.properties	Tue Jun 27 10:52:26 2017 -0400
+++ b/config/src/test/resources/user_th_home/ssl.properties	Tue Jun 27 19:25:23 2017 +0200
@@ -1,3 +1,4 @@
 # used for system vs. user thermostat home config of ssl.properties testing
 KEYSTORE_FILE=/path/to/user_thermostat.keystore
-KEYSTORE_PASSWORD=user thermostat home
\ No newline at end of file
+KEYSTORE_PASSWORD=user thermostat home
+DISABLE_HOSTNAME_VERIFICATION=false
--- a/distribution/config/ssl.properties	Tue Jun 27 10:52:26 2017 -0400
+++ b/distribution/config/ssl.properties	Tue Jun 27 19:25:23 2017 +0200
@@ -8,3 +8,7 @@
 # The password for the keystore file. If none is provided the empty password
 # is assumed. Only used if KEYSTORE_FILE was specified.
 #KEYSTORE_PASSWORD=nopassword
+
+# Uncomment the following line if host name checking should be disabled during
+# SSL handshakes. It is not recommended to turn this off.
+#DISABLE_HOSTNAME_VERIFICATION=true