Merge pull request #782 from watson-developer-cloud/disable-ssl-for-websocket

Disable ssl for websocket

Author: dpopp07

README.md

@@ -226,14 +226,14 @@ var myInstance = new watson.WhateverServiceV1({
 
 The HTTP client can be configured to disable SSL verification. Note that this has serious security implications - only do this if you really mean to! ⚠️
 
-To do this, set `disable_ssl` to `true` in the service constructor, like below:
+To do this, set `disable_ssl_verification` to `true` in the service constructor, like below:
 
 ```
 const discovery = new DiscoveryV1({
   url: '<service_url>',
   version: '<version-date>',
   iam_apikey: '<iam_api_key>',
-  disable_ssl: true, // this will disable SSL verification for any request made with this object
+  disable_ssl_verification: true, // this will disable SSL verification for any request made with this object
 });
 ```
 

lib/base_service.ts

@@ -43,7 +43,7 @@ export interface UserOptions {
   iam_access_token?: string;
   iam_apikey?: string;
   iam_url?: string;
-  disable_ssl?: boolean;
+  disable_ssl_verification?: boolean;
 }
 
 export interface BaseServiceOptions extends UserOptions {
@@ -151,9 +151,9 @@ export class BaseService {
     } else {
       this.tokenManager = null;
     }
-    // rejectUnauthorized should only be false if disable_ssl is true
+    // rejectUnauthorized should only be false if disable_ssl_verification is true
     // used to disable ssl checking for icp
-    this._options.rejectUnauthorized = !options.disable_ssl;
+    this._options.rejectUnauthorized = !options.disable_ssl_verification;
   }
 
   /**

lib/recognize-stream.ts

@@ -117,6 +117,7 @@ class RecognizeStream extends Duplex {
    * @param {string} [options.base_model_version] - The version of the specified base model that is to be used with recognition request or, for the **Create a session** method, with the new session.
    * Multiple versions of a base model can exist when a model is updated for internal improvements. The parameter is intended primarily for use with custom models that have been upgraded for a new base model.
    * The default value depends on whether the parameter is used with or without a custom model. For more information, see [Base model version](https://console.bluemix.net/docs/services/speech-to-text/input.html#version).
+   * @param {Boolean} [options.rejectUnauthorized] - If true, disable SSL verification for the WebSocket connection
    *
    * @constructor
    */
@@ -133,8 +134,10 @@ class RecognizeStream extends Duplex {
     this.listening = false;
     this.initialized = false;
     this.finished = false;
+
     // is using iam, another authentication step is needed
     this.authenticated = options.token_manager ? false : true;
+
     this.on('newListener', event => {
       if (!options.silent) {
         if (
@@ -217,14 +220,19 @@ class RecognizeStream extends Duplex {
 
     const self = this;
 
-    // node params: requestUrl, protocols, origin, headers, extraRequestOptions
+    // node params: requestUrl, protocols, origin, headers, extraRequestOptions, clientConfig options
     // browser params: requestUrl, protocols (all others ignored)
+
+    // for the last argument, `tlsOptions` gets passed to Node's `http` library,
+    // which allows us to pass a rejectUnauthorized option
+    // for disabling SSL verification (for ICP)
     const socket = (this.socket = new w3cWebSocket(
       url,
       null,
       null,
       options.headers,
-      null
+      null,
+      { tlsOptions: { rejectUnauthorized: options.rejectUnauthorized }}
     ));
 
     // when the input stops, let the service know that we're done

speech-to-text/v1.ts

@@ -477,6 +477,9 @@ class SpeechToTextV1 extends GeneratedSpeechToTextV1 {
       params.headers
     );
 
+    // allow user to disable ssl verification when using websockets
+    params.rejectUnauthorized = this._options.rejectUnauthorized;
+
     return new RecognizeStream(params);
   }
 

test/unit/test.base_service.js

@@ -265,25 +265,25 @@ describe('BaseService', function() {
     assert(authHeader.startsWith('Basic'));
   });
 
-  it('should set rejectUnauthorized to `false` if `disable_ssl` is `true`', function() {
+  it('should set rejectUnauthorized to `false` if `disable_ssl_verification` is `true`', function() {
     const instance = new TestService({
       username: 'apikey',
       password: 'icp-1234',
-      disable_ssl: true,
+      disable_ssl_verification: true,
     });
     assert.equal(instance._options.rejectUnauthorized, false);
   });
 
-  it('should set rejectUnauthorized to `true` if `disable_ssl` is `false`', function() {
+  it('should set rejectUnauthorized to `true` if `disable_ssl_verification` is `false`', function() {
     const instance = new TestService({
       username: 'apikey',
       password: 'icp-1234',
-      disable_ssl: false,
+      disable_ssl_verification: false,
     });
     assert(instance._options.rejectUnauthorized);
   });
 
-  it('should set rejectUnauthorized to `true` if `disable_ssl` is not set', function() {
+  it('should set rejectUnauthorized to `true` if `disable_ssl_verification` is not set', function() {
     const instance = new TestService({
       username: 'apikey',
       password: 'icp-1234',