Blame - providers/rest/device/src/main/java/org/onosproject/provider/rest/device/impl/RestDeviceProviderUtilities.java - onos

blob: 53c97e14d2c8fbbc0046b5238697e513f100544d [file] [log] [blame]

Andrea Campanella	2947e62	2016-01-27 09:23:46 -0800	[diff] [blame^]	1	/*
				2	* Copyright 2016 Open Networking Laboratory
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	package org.onosproject.provider.rest.device.impl;
				18
				19	import javax.net.ssl.HttpsURLConnection;
				20	import javax.net.ssl.KeyManager;
				21	import javax.net.ssl.SSLContext;
				22	import javax.net.ssl.TrustManager;
				23	import javax.net.ssl.X509TrustManager;
				24	import java.security.KeyManagementException;
				25	import java.security.NoSuchAlgorithmException;
				26	import java.security.SecureRandom;
				27	import java.security.cert.CertificateException;
				28	import java.security.cert.X509Certificate;
				29
				30	/**
				31	* Utilities class for RestDevice provider.
				32	*/
				33	final class RestDeviceProviderUtilities {
				34
				35	private static final String TLS = "TLS";
				36
				37	//disable construction.
				38	private RestDeviceProviderUtilities(){}
				39
				40	/**
				41	* Method that bypasses every SSL certificate verification and accepts every
				42	* connection with any SSL protected device that ONOS has an interaction with.
				43	* Needs addressing for secutirty purposes.
				44	*
				45	* @throws NoSuchAlgorithmException
				46	* @throws KeyManagementException
				47	*/
				48	//FIXME redo for security purposes.
				49	protected static void enableSslCert() throws NoSuchAlgorithmException, KeyManagementException {
				50	SSLContext ctx = SSLContext.getInstance(TLS);
				51	ctx.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager()}, new SecureRandom());
				52	SSLContext.setDefault(ctx);
				53	HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> {
				54	//FIXME better way to do this.
				55	return true;
				56	});
				57	}
				58
				59	//FIXME this accepts every connection
				60	private static class DefaultTrustManager implements X509TrustManager {
				61
				62	@Override
				63	public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
				64	}
				65
				66	@Override
				67	public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
				68	}
				69
				70	@Override
				71	public X509Certificate[] getAcceptedIssuers() {
				72	return null;
				73	}
				74	}
				75	}