From a5b4ea02957adabb603f4203a8ef350edd565896 Mon Sep 17 00:00:00 2001 From: Arunan Sugunakumar Date: Tue, 12 Dec 2023 10:18:04 +0530 Subject: [PATCH] Add web socket transport sender hostname verification --- .../transport/WebsocketConnectionFactory.java | 17 ++++++++++++++++- .../websocket/transport/WebsocketConstants.java | 1 + 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConnectionFactory.java b/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConnectionFactory.java index 2e3597848b..5531631357 100644 --- a/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConnectionFactory.java +++ b/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConnectionFactory.java @@ -36,6 +36,7 @@ import io.netty.handler.codec.http.websocketx.WebSocketVersion; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslHandler; import org.apache.axiom.om.OMElement; import org.apache.axis2.AxisFault; import org.apache.axis2.description.Parameter; @@ -48,7 +49,9 @@ import java.net.URI; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.xml.namespace.QName; public class WebsocketConnectionFactory { @@ -220,7 +223,19 @@ public WebSocketClientHandler cacheNewConnection(final URI uri, final String sou protected void initChannel(SocketChannel ch) { ChannelPipeline p = ch.pipeline(); if (sslCtx != null) { - p.addLast(sslCtx.newHandler(ch.alloc(), host, port)); + SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), host, port); + Parameter wsEnableHostnameVerification = transportOut + .getParameter(WebsocketConstants.WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG); + if (wsEnableHostnameVerification != null + && wsEnableHostnameVerification.getValue() != null + && !wsEnableHostnameVerification.getValue().toString().isEmpty() + && Boolean.parseBoolean(wsEnableHostnameVerification.getValue().toString())) { + SSLEngine sslEngine = sslHandler.engine(); + SSLParameters sslParams = sslEngine.getSSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(sslParams); + } + p.addLast(sslHandler); } p.addLast(new HttpClientCodec(), new HttpObjectAggregator(8192), new WebSocketFrameAggregator(Integer.MAX_VALUE), handler); diff --git a/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConstants.java b/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConstants.java index 1f431ab913..1897ac51eb 100644 --- a/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConstants.java +++ b/components/mediation/transports/org.wso2.micro.integrator.websocket.transport/src/main/java/org/wso2/micro/integrator/websocket/transport/WebsocketConstants.java @@ -53,6 +53,7 @@ public class WebsocketConstants { public static final String WEBSOCKET_CUSTOM_HEADER_PREFIX = "websocket.custom.header."; public static final String WEBSOCKET_CUSTOM_HEADER_CONFIG = "ws.custom.header"; + public static final String WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG = "ws.client.enable.hostname.verification"; public static final String CONNECTION_TERMINATE = "connection.terminate";