[jbosstools-issues] [JBoss JIRA] (JBIDE-14768) Inform users about invalid SSL certificates and allow them to accept/refuse them
Andre Dietisheim (JIRA)
jira-events at lists.jboss.org
Wed Jun 5 18:56:54 EDT 2013
Andre Dietisheim created JBIDE-14768:
----------------------------------------
Summary: Inform users about invalid SSL certificates and allow them to accept/refuse them
Key: JBIDE-14768
URL: https://issues.jboss.org/browse/JBIDE-14768
Project: Tools (JBoss Tools)
Issue Type: Enhancement
Components: openshift
Affects Versions: 4.1.0.Beta2
Reporter: Andre Dietisheim
Assignee: Andre Dietisheim
Fix For: 4.1.x
The openshift-java-client currently disables the checks for SSL certificates since those prevented users from connecting to internal/private OpenShift instances:
{code:title=UrlConnectionHttpClient}
private HttpURLConnection createConnection(String userAgent, URL url) throws IOException {
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
if (isHttps(url)
&& !doSSLChecks) {
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
httpsConnection.setHostnameVerifier(new NoopHostnameVerifier());
setPermissiveSSLSocketFactory(httpsConnection);
}
private boolean isHttps(URL url) {
return "https".equals(url.getProtocol());
}
/**
* Sets a trust manager that will always trust.
* <p>
* TODO: dont swallog exceptions and setup things so that they dont disturb other components.
*/
private void setPermissiveSSLSocketFactory(HttpsURLConnection connection) {
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(new KeyManager[0], new TrustManager[] { new PermissiveTrustManager() }, new SecureRandom());
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
((HttpsURLConnection) connection).setSSLSocketFactory(socketFactory);
} catch (KeyManagementException e) {
// ignore
} catch (NoSuchAlgorithmException e) {
// ignore
}
}
private static class PermissiveTrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
}
private static class NoopHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession sslSession) {
return true;
}
}
{code}
We should not simply disable these SSL checks but allow users to accept/refuse them via a dialog
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list