Andrea Campanella | 2947e62 | 2016-01-27 09:23:46 -0800 | [diff] [blame] | 1 | /* |
Brian O'Connor | a09fe5b | 2017-08-03 21:12:30 -0700 | [diff] [blame] | 2 | * Copyright 2016-present Open Networking Foundation |
Andrea Campanella | 2947e62 | 2016-01-27 09:23:46 -0800 | [diff] [blame] | 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package org.onosproject.provider.rest.device.impl; |
| 18 | |
| 19 | import javax.net.ssl.HttpsURLConnection; |
| 20 | import javax.net.ssl.KeyManager; |
| 21 | import javax.net.ssl.SSLContext; |
| 22 | import javax.net.ssl.TrustManager; |
| 23 | import javax.net.ssl.X509TrustManager; |
| 24 | import java.security.KeyManagementException; |
| 25 | import java.security.NoSuchAlgorithmException; |
| 26 | import java.security.SecureRandom; |
| 27 | import java.security.cert.CertificateException; |
| 28 | import java.security.cert.X509Certificate; |
| 29 | |
| 30 | /** |
| 31 | * Utilities class for RestDevice provider. |
| 32 | */ |
| 33 | final class RestDeviceProviderUtilities { |
| 34 | |
| 35 | private static final String TLS = "TLS"; |
| 36 | |
| 37 | //disable construction. |
| 38 | private RestDeviceProviderUtilities(){} |
| 39 | |
| 40 | /** |
| 41 | * Method that bypasses every SSL certificate verification and accepts every |
| 42 | * connection with any SSL protected device that ONOS has an interaction with. |
| 43 | * Needs addressing for secutirty purposes. |
| 44 | * |
Thomas Vachuska | 708d303 | 2016-02-18 11:11:46 -0800 | [diff] [blame] | 45 | * @throws NoSuchAlgorithmException if algorithm specified is not available |
Michele Santuari | c372c22 | 2017-01-12 09:41:25 +0100 | [diff] [blame] | 46 | * @throws KeyManagementException if unable to use the key |
Andrea Campanella | 2947e62 | 2016-01-27 09:23:46 -0800 | [diff] [blame] | 47 | */ |
| 48 | //FIXME redo for security purposes. |
| 49 | protected static void enableSslCert() throws NoSuchAlgorithmException, KeyManagementException { |
| 50 | SSLContext ctx = SSLContext.getInstance(TLS); |
| 51 | ctx.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager()}, new SecureRandom()); |
| 52 | SSLContext.setDefault(ctx); |
| 53 | HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> { |
| 54 | //FIXME better way to do this. |
| 55 | return true; |
| 56 | }); |
| 57 | } |
| 58 | |
| 59 | //FIXME this accepts every connection |
| 60 | private static class DefaultTrustManager implements X509TrustManager { |
| 61 | |
| 62 | @Override |
| 63 | public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { |
| 64 | } |
| 65 | |
| 66 | @Override |
| 67 | public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { |
| 68 | } |
| 69 | |
| 70 | @Override |
| 71 | public X509Certificate[] getAcceptedIssuers() { |
| 72 | return null; |
| 73 | } |
| 74 | } |
| 75 | } |