SSLContext/HostnameVerifier change in org.openstack4j.core.transport.Config is ignored #913
Description
I came across this while testing SSL certificate validation against a secure Openstack (https endpoints).
Here are some steps to reproduce:
- Create a Config** with an initialized SSL context that points to an empty truststore
- Attempt authenticating with secure Openstack --> authentication should fail since truststore is empty
- Modify SSLContext within the Config object created in step 1 to point to a valid truststore --> authentication should now succeed
Actual Result: authentication fails again after step 3.
I looked into the code and found the problem was due to:
- Using "LoadingCache" to cache Config objects within the ClientFactory*** class and
- "equals" function within Config class does not take into consideration the HostnameVerifier or SSLContext
Therefore, any 2 Config objects with identical values except for SSLContext and/or HostnameVerifier will hit the same value in the LoadingCache and cause this issue.
Resolution: either remove the use of a cache or fix the "equals" function in the Config class.
** Config refers to org.openstack4j.core.transport.Config
***ClientFactory refers to org.openstack4j.connectors.jersey2.ClientFactory