Allow overriding the SSL hostname verification that the ElasticSearch

client uses by default

Allow overriding the SSL hostname verification that the ElasticSearch
4a4f1276 · Maximilien de Bayser · 9d0a6a4a · 4a4f1276 · 4a4f1276
Commit 4a4f1276 authored 5 years ago by Maximilien de Bayser
--- a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/CustomHostnameVerifier.java
+++ b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/CustomHostnameVerifier.java
+package org.opengroup.osdu.indexer.ibm;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.util.PublicSuffixMatcherLoader;
+
+public class CustomHostnameVerifier implements HostnameVerifier {
+	
+	Set<String> insecureHostnames;
+	
+	DefaultHostnameVerifier fallback; 
+
+	public CustomHostnameVerifier() {
+		if (System.getenv().containsKey("INDEXER_INSECURE_HOSTNAMES")) {
+			insecureHostnames = new HashSet<String>(Arrays.asList(System.getenv("INDEXER_INSECURE_HOSTNAMES").split(":")));
+		} else {
+			insecureHostnames = new HashSet<>();
+		}
+		fallback = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
+	}
+
+	@Override
+	public boolean verify(String hostname, SSLSession session) {
+        if (insecureHostnames.contains(hostname)) {
+        	return true;
+        }
+		return fallback.verify(hostname, session);
+	}
+
+}
--- a/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/IndexerIBMApplication.java
+++ b/provider/indexer-ibm/src/main/java/org/opengroup/osdu/indexer/ibm/IndexerIBMApplication.java
@@ -22,20 +22,69 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.FilterType;

+import javassist.ClassPool;
+import javassist.CtClass;
+import javassist.CtMethod;
+

 @SpringBootApplication
 @ComponentScan(
-        basePackages = {"org.opengroup.osdu"},
-        excludeFilters = {
-                @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value=IndexerApplication.class),
-                @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value=ServerletInitializer.class),
-                @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value=ElasticSettingServiceImpl.class),
-        }
-)
+		basePackages = {"org.opengroup.osdu"},
+		excludeFilters = {
+				@ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value=IndexerApplication.class),
+				@ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value=ServerletInitializer.class),
+				@ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value=ElasticSettingServiceImpl.class),
+		}
+		)
 public class IndexerIBMApplication {

-    public static void main(String[] args) {
-        SpringApplication.run(IndexerIBMApplication.class, args);
-    }
+	public static void main(String[] args) throws Exception {
+		/*
+		 * This here can replace passing a truststore with trusted certificates
+		 * with -Djavax.net.ssl.trustStore=/path/to/my/truststore.jks
+		 * but that's probably not a good idea.
+		 * 
+		SSLContext sslContext = SSLContext.getInstance("SSL");
+		 
+		// set up a TrustManager that trusts everything
+		sslContext.init(null, new TrustManager[] { new X509TrustManager() {
+			public X509Certificate[] getAcceptedIssuers() {
+				System.out.println("getAcceptedIssuers =============");
+				return null;
+			}
+
+			public void checkClientTrusted(X509Certificate[] certs, String authType) {
+				System.out.println("checkClientTrusted =============");
+			}
+
+			public void checkServerTrusted(X509Certificate[] certs, String authType) {
+
+				String f = certs[0].getSubjectDN().getName();
+				System.out.println(f);
+				System.out.println("checkServerTrusted =============");
+			}
+		} }, new SecureRandom());
+		
+		SSLContext.setDefault(sslContext);
+		*/
+		
+		if (System.getenv().containsKey("INDEXER_INSECURE_HOSTNAMES")) {
+
+			ClassPool pool = ClassPool.getDefault();
+			CtClass cc = pool.get("org.apache.http.impl.nio.client.HttpAsyncClientBuilder");
+			String mname = "create";
+			CtMethod create = cc.getDeclaredMethod(mname);
+	
+			create.setBody("{\n"
+				+ "org.apache.http.impl.nio.client.HttpAsyncClientBuilder ret = new org.apache.http.impl.nio.client.HttpAsyncClientBuilder();\n"
+				+ "ret.setSSLHostnameVerifier(new org.opengroup.osdu.indexer.ibm.CustomHostnameVerifier());\n"
+				+ "return ret;\n"
+			+ "}");
+			cc.toClass();
+		
+		}
+
+		SpringApplication.run(IndexerIBMApplication.class, args);
+	}

 }