Move SSL validation toggle into RRMConfig (#34)

Signed-off-by: Jeffrey Han <39203126+elludraon@users.noreply.github.com>
2025-11-02 03:28:04 +00:00 · 2022-08-17 16:52:49 -07:00
parent fb602c8b4b
commit 2f0023e483
3 changed files with 19 additions and 4 deletions
--- a/src/main/java/com/facebook/openwifirrm/Launcher.java
+++ b/src/main/java/com/facebook/openwifirrm/Launcher.java
@@ -158,6 +158,7 @@ public class Launcher implements Callable<Integer> {
 			UCentralUtils.generateServiceKey(config.serviceConfig);

 		// Instantiate clients
+		UCentralClient.verifySsl(config.uCentralConfig.verifySsl);
 		UCentralClient client = new UCentralClient(
 			config.serviceConfig.publicEndpoint,
 			config.uCentralConfig.usePublicEndpoints,
--- a/src/main/java/com/facebook/openwifirrm/RRMConfig.java
+++ b/src/main/java/com/facebook/openwifirrm/RRMConfig.java
@@ -93,7 +93,13 @@ public class RRMConfig {
 		public String password = "";

 		/**
-		 * uCentral socket parameters
+		 * Verify SSL/TLS certificates in HTTPS requests
+		 * ({@code UCENTRALCONFIG_VERIFYSSL})
+		 */
+		public boolean verifySsl = false;
+
+		/**
+		 * uCentral socket parameters.
 		 */
 		public class UCentralSocketParams {
 			/**
@@ -440,6 +446,9 @@ public class RRMConfig {
 		if ((v = env.get("UCENTRALCONFIG_PASSWORD")) != null) {
 			uCentralConfig.password = v;
 		}
+		if ((v = env.get("UCENTRALCONFIG_VERIFYSSL")) != null) {
+			uCentralConfig.verifySsl = Boolean.parseBoolean(v);
+		}
 		UCentralConfig.UCentralSocketParams uCentralSocketParams =
 			config.uCentralConfig.uCentralSocketParams;
 		if ((v = env.get("UCENTRALSOCKETPARAMS_CONNECTTIMEOUTMS")) != null) {
--- a/src/main/java/com/facebook/openwifirrm/ucentral/UCentralClient.java
+++ b/src/main/java/com/facebook/openwifirrm/ucentral/UCentralClient.java
@@ -81,9 +81,6 @@ public class UCentralClient {

 	static {
 		Unirest.config()
-			// TODO currently disabling SSL/TLS cert verification
-			.verifySsl(false)
-
 			// Suppress unchecked exceptions (ex. SocketTimeoutException),
 			// instead sending a (fake) FailedResponse.
 			.interceptor(new Interceptor() {
@@ -105,6 +102,14 @@ public class UCentralClient {
 			});
 	}

+	/**
+	 * Toggle verifying SSL/TLS certificates. This should be set only during
+	 * initialization, otherwise it may NOT take effect.
+	 */
+	public static void verifySsl(boolean enable) {
+		Unirest.config().verifySsl(enable);
+	}
+
 	/** Gson instance */
 	private final Gson gson = new Gson();