diff --git a/mid-java-client-core/pom.xml b/mid-java-client-core/pom.xml
index 24735b9..2cdafa9 100644
--- a/mid-java-client-core/pom.xml
+++ b/mid-java-client-core/pom.xml
@@ -6,7 +6,7 @@
ch.mobileid.mid-java-client
mid-java-client-parent
- 1.6.0
+ 1.6.1
mid-java-client-core
diff --git a/mid-java-client-rest/pom.xml b/mid-java-client-rest/pom.xml
index b89e5d7..c883889 100644
--- a/mid-java-client-rest/pom.xml
+++ b/mid-java-client-rest/pom.xml
@@ -6,7 +6,7 @@
ch.mobileid.mid-java-client
mid-java-client-parent
- 1.6.0
+ 1.6.1
mid-java-client-rest
diff --git a/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java b/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java
index 97fd975..cc59d6b 100644
--- a/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java
+++ b/mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java
@@ -15,10 +15,24 @@
*/
package ch.swisscom.mid.client.rest;
+import ch.swisscom.mid.client.MIDFlowException;
+import ch.swisscom.mid.client.config.*;
+import ch.swisscom.mid.client.impl.ComProtocolHandler;
+import ch.swisscom.mid.client.impl.Loggers;
+import ch.swisscom.mid.client.model.*;
+import ch.swisscom.mid.client.rest.model.fault.MSSFault;
+import ch.swisscom.mid.client.rest.model.profqreq.MSSProfileQueryRequest;
+import ch.swisscom.mid.client.rest.model.profqresp.MSSProfileQueryResponse;
+import ch.swisscom.mid.client.rest.model.receiptreq.MSSReceiptRequest;
+import ch.swisscom.mid.client.rest.model.receiptresp.MSSReceiptResponse;
+import ch.swisscom.mid.client.rest.model.signreq.MSSSignatureRequest;
+import ch.swisscom.mid.client.rest.model.signresp.MSSSignatureResponse;
+import ch.swisscom.mid.client.rest.model.statusreq.MSSStatusRequest;
+import ch.swisscom.mid.client.rest.model.statusresp.MSSStatusResponse;
+import ch.swisscom.mid.client.utils.Utils;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
-
import org.apache.commons.codec.CharEncoding;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
@@ -30,6 +44,7 @@
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.HttpHost;
@@ -43,6 +58,8 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
@@ -50,25 +67,6 @@
import java.security.KeyStore;
import java.util.concurrent.TimeUnit;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
-
-import ch.swisscom.mid.client.MIDFlowException;
-import ch.swisscom.mid.client.config.*;
-import ch.swisscom.mid.client.impl.ComProtocolHandler;
-import ch.swisscom.mid.client.impl.Loggers;
-import ch.swisscom.mid.client.model.*;
-import ch.swisscom.mid.client.rest.model.fault.MSSFault;
-import ch.swisscom.mid.client.rest.model.profqreq.MSSProfileQueryRequest;
-import ch.swisscom.mid.client.rest.model.profqresp.MSSProfileQueryResponse;
-import ch.swisscom.mid.client.rest.model.receiptreq.MSSReceiptRequest;
-import ch.swisscom.mid.client.rest.model.receiptresp.MSSReceiptResponse;
-import ch.swisscom.mid.client.rest.model.signreq.MSSSignatureRequest;
-import ch.swisscom.mid.client.rest.model.signresp.MSSSignatureResponse;
-import ch.swisscom.mid.client.rest.model.statusreq.MSSStatusRequest;
-import ch.swisscom.mid.client.rest.model.statusresp.MSSStatusResponse;
-import ch.swisscom.mid.client.utils.Utils;
-
public class ComProtocolHandlerRestImpl implements ComProtocolHandler {
private static final Logger logConfig = LoggerFactory.getLogger(Loggers.CONFIG);
@@ -115,9 +113,8 @@ public void initialize(ClientConfiguration config) {
if (tlsConfig.isHostnameVerification()) {
sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx);
} else {
- logConfig.warn("Hostname verification is disabled in configuration. " +
- "This setting is ignored for security reasons. Hostname verification will remain active.");
- sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx);
+ sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx, NoopHostnameVerifier.INSTANCE);
+ logConfig.warn("Hostname verification is disabled in configuration.");
}
if (tlsConfig.getSslContext() == null && sslCtx != null) {
diff --git a/mid-java-client-soap/pom.xml b/mid-java-client-soap/pom.xml
index 46bfed0..58da0e5 100644
--- a/mid-java-client-soap/pom.xml
+++ b/mid-java-client-soap/pom.xml
@@ -6,7 +6,7 @@
ch.mobileid.mid-java-client
mid-java-client-parent
- 1.6.0
+ 1.6.1
mid-java-client-soap
diff --git a/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java b/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java
index 12aa666..7b2d25c 100644
--- a/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java
+++ b/mid-java-client-soap/src/main/java/ch/swisscom/mid/client/soap/MssServiceFactory.java
@@ -15,8 +15,13 @@
*/
package ch.swisscom.mid.client.soap;
+import ch.swisscom.mid.client.MIDClientException;
+import ch.swisscom.mid.client.config.ClientConfiguration;
+import ch.swisscom.mid.client.config.ConfigurationException;
+import ch.swisscom.mid.client.config.ProxyConfiguration;
+import ch.swisscom.mid.client.config.TlsConfiguration;
+import ch.swisscom.mid.client.impl.Loggers;
import com.sun.xml.ws.developer.JAXWSProperties;
-
import org.apache.commons.pool2.BasePooledObjectFactory;
import org.apache.commons.pool2.PooledObject;
import org.apache.commons.pool2.impl.DefaultPooledObject;
@@ -24,6 +29,12 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.net.ssl.*;
+import javax.xml.namespace.QName;
+import javax.xml.ws.Binding;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import javax.xml.ws.handler.Handler;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.InputStream;
@@ -32,20 +43,6 @@
import java.util.List;
import java.util.function.Supplier;
-import javax.net.ssl.*;
-import javax.xml.namespace.QName;
-import javax.xml.ws.Binding;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-import javax.xml.ws.handler.Handler;
-
-import ch.swisscom.mid.client.MIDClientException;
-import ch.swisscom.mid.client.config.ClientConfiguration;
-import ch.swisscom.mid.client.config.ConfigurationException;
-import ch.swisscom.mid.client.config.ProxyConfiguration;
-import ch.swisscom.mid.client.config.TlsConfiguration;
-import ch.swisscom.mid.client.impl.Loggers;
-
public class MssServiceFactory extends BasePooledObjectFactory> {
private static final Logger log = LoggerFactory.getLogger(Loggers.CLIENT_PROTOCOL);
@@ -69,6 +66,7 @@ public class MssServiceFactory extends BasePooledObjectFactory createMssService() {
bindingProvider.getRequestContext().put(JAXWS_SSL_SOCKET_FACTORY, sslSocketFactory);
if (!clientConfiguration.getTls().isHostnameVerification()) {
- log.warn("MSS Soap client: Hostname verification is disabled in configuration. " +
- "This setting is ignored for security reasons. Hostname verification will remain active.");
+ NoopHostnameVerifier noopHostnameVerifier = new NoopHostnameVerifier();
+ bindingProvider.getRequestContext().put(JAXWSProperties.HOSTNAME_VERIFIER, noopHostnameVerifier);
+ bindingProvider.getRequestContext().put(JAXWS_HOSTNAME_VERIFIER, noopHostnameVerifier);
+ log.warn("MSS Soap client: Hostname verification is disabled in configuration.");
}
String serviceBaseUrl = serviceUrlSupplier.get();
@@ -298,4 +298,11 @@ private KeyStore produceATrustStore(TlsConfiguration tlsConfig) {
}
}
+ // ----------------------------------------------------------------------------------------------------
+ private static class NoopHostnameVerifier implements HostnameVerifier {
+ @Override
+ public boolean verify(String hostName, SSLSession session) {
+ return true;
+ }
+ }
}
diff --git a/mid-java-client-usage/pom.xml b/mid-java-client-usage/pom.xml
index b529cdb..903e55f 100644
--- a/mid-java-client-usage/pom.xml
+++ b/mid-java-client-usage/pom.xml
@@ -6,7 +6,7 @@
ch.mobileid.mid-java-client
mid-java-client-parent
- 1.6.0
+ 1.6.1
mid-java-client-usage
diff --git a/pom.xml b/pom.xml
index f08cac2..8e1117a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
ch.mobileid.mid-java-client
mid-java-client-parent
- 1.6.0
+ 1.6.1
Mobile ID Java client
Mobile ID client reference implementation in Java
https://github.com/MobileID-Strong-Authentication/mobileid-client-java