[JBoss JIRA] (JBIDE-14768) Connection dialog: Inform users about invalid SSL certificates and allow them to accept/refuse them

Wednesday, 15 January 2014

     [
https://issues.jboss.org/browse/JBIDE-14768?page=com.atlassian.jira.plugi...
]

Max Rydahl Andersen updated JBIDE-14768:
----------------------------------------

    Priority: Critical  (was: Major)

...
 Connection dialog: Inform users about invalid SSL certificates and
allow them to accept/refuse them 

----------------------------------------------------------------------------------------------------

                 Key: JBIDE-14768
                 URL: https://issues.jboss.org/browse/JBIDE-14768
             Project: Tools (JBoss Tools)
          Issue Type: Enhancement
          Components: openshift
    Affects Versions: 4.1.0.Beta2
            Reporter: Andre Dietisheim
            Priority: Critical
              Labels: connection_wizard
             Fix For: 4.2.x

 In JBIDE-10447 the openshift-java-client disabled the checks for SSL certificates since
those prevented users from connecting to internal/private OpenShift instances:
 {code:title=UrlConnectionHttpClient}
 private HttpURLConnection createConnection(String userAgent, URL url) throws IOException
{
 	HttpURLConnection connection = (HttpURLConnection) url.openConnection();
 	if (isHttps(url)
 			&& !doSSLChecks) {
 		HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
 		httpsConnection.setHostnameVerifier(new NoopHostnameVerifier());
 		setPermissiveSSLSocketFactory(httpsConnection);
 	}
 	private boolean isHttps(URL url) {
 		return "https".equals(url.getProtocol());
 	}
 	/**
 	 * Sets a trust manager that will always trust.
 	 * <p>
 	 * TODO: dont swallog exceptions and setup things so that they dont disturb other
components.
 	 */
 	private void setPermissiveSSLSocketFactory(HttpsURLConnection connection) {
 		try {
 			SSLContext sslContext = SSLContext.getInstance("SSL");
 			sslContext.init(new KeyManager[0], new TrustManager[] { new PermissiveTrustManager()
}, new SecureRandom());
 			SSLSocketFactory socketFactory = sslContext.getSocketFactory();
 			((HttpsURLConnection) connection).setSSLSocketFactory(socketFactory);
 		} catch (KeyManagementException e) {
 			// ignore
 		} catch (NoSuchAlgorithmException e) {
 			// ignore
 		}
 	}
 	private static class PermissiveTrustManager implements X509TrustManager {
 		public X509Certificate[] getAcceptedIssuers() {
 			return null;
 		}
 		public void checkServerTrusted(X509Certificate[] chain,
 				String authType) throws CertificateException {
 		}
 		public void checkClientTrusted(X509Certificate[] chain,
 				String authType) throws CertificateException {
 		}
 	}
 	private static class NoopHostnameVerifier implements HostnameVerifier {
 		public boolean verify(String hostname, SSLSession sslSession) {
 			return true;
 		}
 	}
 {code}
 We should not simply disable these SSL checks but allow users to accept/refuse them via a
dialog 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006