SSLContext/HostnameVerifier change in org.openstack4j.core.transport.Config is ignored #913

Open
m-kochaji opened this Issue Jan 4, 2017 · 3 comments

Projects

None yet

2 participants

@m-kochaji
m-kochaji commented Jan 4, 2017 edited

I came across this while testing SSL certificate validation against a secure Openstack (https endpoints).

Here are some steps to reproduce:

  1. Create a Config** with an initialized SSL context that points to an empty truststore
  2. Attempt authenticating with secure Openstack --> authentication should fail since truststore is empty
  3. Modify SSLContext within the Config object created in step 1 to point to a valid truststore --> authentication should now succeed

Actual Result: authentication fails again after step 3.

I looked into the code and found the problem was due to:

  1. Using "LoadingCache" to cache Config objects within the ClientFactory*** class and
  2. "equals" function within Config class does not take into consideration the HostnameVerifier or SSLContext

Therefore, any 2 Config objects with identical values except for SSLContext and/or HostnameVerifier will hit the same value in the LoadingCache and cause this issue.

Resolution: either remove the use of a cache or fix the "equals" function in the Config class.

** Config refers to org.openstack4j.core.transport.Config
***ClientFactory refers to org.openstack4j.connectors.jersey2.ClientFactory

@auhlig
Member
auhlig commented Jan 4, 2017

Hey @m-kochaji,
Many thanks for investigating and reporting.
Since you already seem to have a solution: Would you like to contribute and submit a PR?

@m-kochaji
m-kochaji commented Jan 4, 2017 edited

@auhlig Yes, I can do that. Can you mark this as a bug and let me know the steps in order to pull/modify/push the code back for code review?

@auhlig auhlig added the bug label Jan 4, 2017
@m-kochaji m-kochaji was assigned by auhlig Jan 4, 2017
@auhlig
Member
auhlig commented Jan 4, 2017

Sure. Just fork this repo, create a branch in which you implement the fix and create a PullRequest against our master branch. Then we review.
Feel free to reach out in case you need help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment