Mercurial > hg > thermostat-ng > agent
changeset 2712:30ac0c82bc98
Re-add SSLConfiguration.disableHostnameVerification().
Reviewed-by: ebaron
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-June/023923.html
author | Severin Gehwolf <sgehwolf@redhat.com> |
---|---|
date | Tue, 27 Jun 2017 19:25:23 +0200 |
parents | 325ba70eb3c1 |
children | 0765cd82bfec |
files | config/src/main/java/com/redhat/thermostat/shared/config/SSLConfiguration.java config/src/main/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImpl.java config/src/test/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImplTest.java config/src/test/resources/client.properties config/src/test/resources/ssl.properties config/src/test/resources/system_th_home/ssl.properties config/src/test/resources/user_th_home/ssl.properties distribution/config/ssl.properties |
diffstat | 8 files changed, 55 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/config/src/main/java/com/redhat/thermostat/shared/config/SSLConfiguration.java Tue Jun 27 10:52:26 2017 -0400 +++ b/config/src/main/java/com/redhat/thermostat/shared/config/SSLConfiguration.java Tue Jun 27 19:25:23 2017 +0200 @@ -53,6 +53,14 @@ * if any, null otherwise. */ public String getKeyStorePassword(); + + /** + * + * @return true if and only if host name verification should not be + * performed during SSL handshake. It might be useful to set to + * true for testing purposes or for self signed certificates. + */ + public boolean disableHostnameVerification(); }
--- a/config/src/main/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImpl.java Tue Jun 27 10:52:26 2017 -0400 +++ b/config/src/main/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImpl.java Tue Jun 27 19:25:23 2017 +0200 @@ -51,6 +51,7 @@ private CommonPaths paths; private Properties configProps = null; + private static final String DISABLE_HOSTNAME_VERIFICATION = "DISABLE_HOSTNAME_VERIFICATION"; private static final String SSL_PROPS_FILENAME = "ssl.properties"; private static final String KEYSTORE_FILE_KEY = "KEYSTORE_FILE"; private static final String KEYSTORE_FILE_PWD_KEY = "KEYSTORE_PASSWORD"; @@ -59,6 +60,28 @@ public SSLConfigurationImpl(CommonPaths paths) { this.paths = paths; } + + @Override + public boolean disableHostnameVerification() { + return readBooleanProperty(DISABLE_HOSTNAME_VERIFICATION); + } + + private boolean readBooleanProperty(final String property) { + boolean result = false; + try { + loadProperties(); + } catch (InvalidConfigurationException e) { + logger.log(Level.WARNING, + "THERMOSTAT_HOME not set and config file attempted to be " + + "read from there! Returning false."); + return result; + } + String token = configProps.getProperty(property); + if (token != null) { + result = Boolean.parseBoolean(token); + } + return result; + } @Override public File getKeystoreFile() {
--- a/config/src/test/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImplTest.java Tue Jun 27 10:52:26 2017 -0400 +++ b/config/src/test/java/com/redhat/thermostat/shared/config/internal/SSLConfigurationImplTest.java Tue Jun 27 19:25:23 2017 +0200 @@ -120,6 +120,7 @@ // use this assertion in order to avoid false positives if loading of // ssl.properties did not work, but boolean matches default values. assertEquals("system thermostat home", config.getKeyStorePassword()); + assertTrue(config.disableHostnameVerification()); } /* @@ -153,6 +154,7 @@ // use this assertion in order to avoid false positives if loading of // ssl.properties did not work, but boolean matches default values. assertEquals("user thermostat home", config.getKeyStorePassword()); + assertFalse(config.disableHostnameVerification()); } /* @@ -187,6 +189,7 @@ // use this assertion in order to avoid false positives if loading of // ssl.properties did not work, but boolean matches default values. assertEquals("user thermostat home", config.getKeyStorePassword()); + assertFalse(config.disableHostnameVerification()); } /* @@ -218,6 +221,16 @@ // assert default values assertNull(config.getKeyStorePassword()); assertNull(config.getKeystoreFile()); + assertFalse(config.disableHostnameVerification()); + } + + @Test + public void canGetSSLEnabledConfigs() { + assertTrue(sslConf.disableHostnameVerification()); + File disabledSSLProps = new File(this.getClass().getResource("/ssl.properties").getFile()); + SSLConfigurationImpl disabledSSLConf = new SSLConfigurationImpl(null); + disabledSSLConf.initProperties(disabledSSLProps); + assertFalse(disabledSSLConf.disableHostnameVerification()); } private static String decodeFilePath(URL url) {
--- a/config/src/test/resources/client.properties Tue Jun 27 10:52:26 2017 -0400 +++ b/config/src/test/resources/client.properties Tue Jun 27 19:25:23 2017 +0200 @@ -1,3 +1,4 @@ # Random comment KEYSTORE_FILE=/path/to/thermostat.keystore KEYSTORE_PASSWORD=some password +DISABLE_HOSTNAME_VERIFICATION=true
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/config/src/test/resources/ssl.properties Tue Jun 27 19:25:23 2017 +0200 @@ -0,0 +1,2 @@ +# This does not parse as a boolean +DISABLE_HOSTNAME_VERIFICATION=yes \ No newline at end of file
--- a/config/src/test/resources/system_th_home/ssl.properties Tue Jun 27 10:52:26 2017 -0400 +++ b/config/src/test/resources/system_th_home/ssl.properties Tue Jun 27 19:25:23 2017 +0200 @@ -1,3 +1,4 @@ # used for system vs. user thermostat home config of ssl.properties testing KEYSTORE_FILE=/path/to/system_thermostat.keystore -KEYSTORE_PASSWORD=system thermostat home \ No newline at end of file +KEYSTORE_PASSWORD=system thermostat home +DISABLE_HOSTNAME_VERIFICATION=true
--- a/config/src/test/resources/user_th_home/ssl.properties Tue Jun 27 10:52:26 2017 -0400 +++ b/config/src/test/resources/user_th_home/ssl.properties Tue Jun 27 19:25:23 2017 +0200 @@ -1,3 +1,4 @@ # used for system vs. user thermostat home config of ssl.properties testing KEYSTORE_FILE=/path/to/user_thermostat.keystore -KEYSTORE_PASSWORD=user thermostat home \ No newline at end of file +KEYSTORE_PASSWORD=user thermostat home +DISABLE_HOSTNAME_VERIFICATION=false
--- a/distribution/config/ssl.properties Tue Jun 27 10:52:26 2017 -0400 +++ b/distribution/config/ssl.properties Tue Jun 27 19:25:23 2017 +0200 @@ -8,3 +8,7 @@ # The password for the keystore file. If none is provided the empty password # is assumed. Only used if KEYSTORE_FILE was specified. #KEYSTORE_PASSWORD=nopassword + +# Uncomment the following line if host name checking should be disabled during +# SSL handshakes. It is not recommended to turn this off. +#DISABLE_HOSTNAME_VERIFICATION=true