diff --git a/mid-java-client-core/pom.xml b/mid-java-client-core/pom.xml index 24735b9..2cdafa9 100644 --- a/mid-java-client-core/pom.xml +++ b/mid-java-client-core/pom.xml @@ -6,7 +6,7 @@ ch.mobileid.mid-java-client mid-java-client-parent - 1.6.0 + 1.6.1 mid-java-client-core diff --git a/mid-java-client-rest/pom.xml b/mid-java-client-rest/pom.xml index b89e5d7..c883889 100644 --- a/mid-java-client-rest/pom.xml +++ b/mid-java-client-rest/pom.xml @@ -6,7 +6,7 @@ ch.mobileid.mid-java-client mid-java-client-parent - 1.6.0 + 1.6.1 mid-java-client-rest diff --git a/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java b/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java index 97fd975..cc59d6b 100644 --- a/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java +++ b/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java @@ -15,10 +15,24 @@ */ package ch.swisscom.mid.client.rest; +import ch.swisscom.mid.client.MIDFlowException; +import ch.swisscom.mid.client.config.*; +import ch.swisscom.mid.client.impl.ComProtocolHandler; +import ch.swisscom.mid.client.impl.Loggers; +import ch.swisscom.mid.client.model.*; +import ch.swisscom.mid.client.rest.model.fault.MSSFault; +import ch.swisscom.mid.client.rest.model.profqreq.MSSProfileQueryRequest; +import ch.swisscom.mid.client.rest.model.profqresp.MSSProfileQueryResponse; +import ch.swisscom.mid.client.rest.model.receiptreq.MSSReceiptRequest; +import ch.swisscom.mid.client.rest.model.receiptresp.MSSReceiptResponse; +import ch.swisscom.mid.client.rest.model.signreq.MSSSignatureRequest; +import ch.swisscom.mid.client.rest.model.signresp.MSSSignatureResponse; +import ch.swisscom.mid.client.rest.model.statusreq.MSSStatusRequest; +import ch.swisscom.mid.client.rest.model.statusresp.MSSStatusResponse; +import ch.swisscom.mid.client.utils.Utils; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; - import org.apache.commons.codec.CharEncoding; import org.apache.hc.client5.http.auth.AuthScope; import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; @@ -30,6 +44,7 @@ import org.apache.hc.client5.http.impl.classic.HttpClients; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.http.ContentType; import org.apache.hc.core5.http.HttpHost; @@ -43,6 +58,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLException; import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.IOException; @@ -50,25 +67,6 @@ import java.security.KeyStore; import java.util.concurrent.TimeUnit; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; - -import ch.swisscom.mid.client.MIDFlowException; -import ch.swisscom.mid.client.config.*; -import ch.swisscom.mid.client.impl.ComProtocolHandler; -import ch.swisscom.mid.client.impl.Loggers; -import ch.swisscom.mid.client.model.*; -import ch.swisscom.mid.client.rest.model.fault.MSSFault; -import ch.swisscom.mid.client.rest.model.profqreq.MSSProfileQueryRequest; -import ch.swisscom.mid.client.rest.model.profqresp.MSSProfileQueryResponse; -import ch.swisscom.mid.client.rest.model.receiptreq.MSSReceiptRequest; -import ch.swisscom.mid.client.rest.model.receiptresp.MSSReceiptResponse; -import ch.swisscom.mid.client.rest.model.signreq.MSSSignatureRequest; -import ch.swisscom.mid.client.rest.model.signresp.MSSSignatureResponse; -import ch.swisscom.mid.client.rest.model.statusreq.MSSStatusRequest; -import ch.swisscom.mid.client.rest.model.statusresp.MSSStatusResponse; -import ch.swisscom.mid.client.utils.Utils; - public class ComProtocolHandlerRestImpl implements ComProtocolHandler { private static final Logger logConfig = LoggerFactory.getLogger(Loggers.CONFIG); @@ -115,9 +113,8 @@ public void initialize(ClientConfiguration config) { if (tlsConfig.isHostnameVerification()) { sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx); } else { - logConfig.warn("Hostname verification is disabled in configuration. " + - "This setting is ignored for security reasons. Hostname verification will remain active."); - sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx); + sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx, NoopHostnameVerifier.INSTANCE); + logConfig.warn("Hostname verification is disabled in configuration."); } if (tlsConfig.getSslContext() == null && sslCtx != null) { diff --git a/mid-java-client-soap/pom.xml b/mid-java-client-soap/pom.xml index 46bfed0..58da0e5 100644 --- a/mid-java-client-soap/pom.xml +++ b/mid-java-client-soap/pom.xml @@ -6,7 +6,7 @@ ch.mobileid.mid-java-client mid-java-client-parent - 1.6.0 + 1.6.1 mid-java-client-soap diff --git a/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java b/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java index 12aa666..7b2d25c 100644 --- a/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java +++ b/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java @@ -15,8 +15,13 @@ */ package ch.swisscom.mid.client.soap; +import ch.swisscom.mid.client.MIDClientException; +import ch.swisscom.mid.client.config.ClientConfiguration; +import ch.swisscom.mid.client.config.ConfigurationException; +import ch.swisscom.mid.client.config.ProxyConfiguration; +import ch.swisscom.mid.client.config.TlsConfiguration; +import ch.swisscom.mid.client.impl.Loggers; import com.sun.xml.ws.developer.JAXWSProperties; - import org.apache.commons.pool2.BasePooledObjectFactory; import org.apache.commons.pool2.PooledObject; import org.apache.commons.pool2.impl.DefaultPooledObject; @@ -24,6 +29,12 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.net.ssl.*; +import javax.xml.namespace.QName; +import javax.xml.ws.Binding; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; +import javax.xml.ws.handler.Handler; import java.io.ByteArrayInputStream; import java.io.FileInputStream; import java.io.InputStream; @@ -32,20 +43,6 @@ import java.util.List; import java.util.function.Supplier; -import javax.net.ssl.*; -import javax.xml.namespace.QName; -import javax.xml.ws.Binding; -import javax.xml.ws.BindingProvider; -import javax.xml.ws.Service; -import javax.xml.ws.handler.Handler; - -import ch.swisscom.mid.client.MIDClientException; -import ch.swisscom.mid.client.config.ClientConfiguration; -import ch.swisscom.mid.client.config.ConfigurationException; -import ch.swisscom.mid.client.config.ProxyConfiguration; -import ch.swisscom.mid.client.config.TlsConfiguration; -import ch.swisscom.mid.client.impl.Loggers; - public class MssServiceFactory extends BasePooledObjectFactory> { private static final Logger log = LoggerFactory.getLogger(Loggers.CLIENT_PROTOCOL); @@ -69,6 +66,7 @@ public class MssServiceFactory extends BasePooledObjectFactory createMssService() { bindingProvider.getRequestContext().put(JAXWS_SSL_SOCKET_FACTORY, sslSocketFactory); if (!clientConfiguration.getTls().isHostnameVerification()) { - log.warn("MSS Soap client: Hostname verification is disabled in configuration. " + - "This setting is ignored for security reasons. Hostname verification will remain active."); + NoopHostnameVerifier noopHostnameVerifier = new NoopHostnameVerifier(); + bindingProvider.getRequestContext().put(JAXWSProperties.HOSTNAME_VERIFIER, noopHostnameVerifier); + bindingProvider.getRequestContext().put(JAXWS_HOSTNAME_VERIFIER, noopHostnameVerifier); + log.warn("MSS Soap client: Hostname verification is disabled in configuration."); } String serviceBaseUrl = serviceUrlSupplier.get(); @@ -298,4 +298,11 @@ private KeyStore produceATrustStore(TlsConfiguration tlsConfig) { } } + // ---------------------------------------------------------------------------------------------------- + private static class NoopHostnameVerifier implements HostnameVerifier { + @Override + public boolean verify(String hostName, SSLSession session) { + return true; + } + } } diff --git a/mid-java-client-usage/pom.xml b/mid-java-client-usage/pom.xml index b529cdb..903e55f 100644 --- a/mid-java-client-usage/pom.xml +++ b/mid-java-client-usage/pom.xml @@ -6,7 +6,7 @@ ch.mobileid.mid-java-client mid-java-client-parent - 1.6.0 + 1.6.1 mid-java-client-usage diff --git a/pom.xml b/pom.xml index f08cac2..8e1117a 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ ch.mobileid.mid-java-client mid-java-client-parent - 1.6.0 + 1.6.1 Mobile ID Java client Mobile ID client reference implementation in Java https://github.com/MobileID-Strong-Authentication/mobileid-client-java