[jbosstools-issues] [JBoss JIRA] (JBIDE-10447) Cannot connect to Dev environment with JBoss Tools OpenShift Tooling
Andre Dietisheim (Issue Comment Edited) (JIRA)
jira-events at lists.jboss.org
Mon Dec 12 13:39:09 EST 2011
[ https://issues.jboss.org/browse/JBIDE-10447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12650159#comment-12650159 ]
Andre Dietisheim edited comment on JBIDE-10447 at 12/12/11 1:38 PM:
--------------------------------------------------------------------
This was a very hard one, but it looks like I finally found out how to cleanly completely turn off the SSL checks HttpsUrlConnection does by default. Here once again you can see very well why so many people switched from the jdk default to 3rd party libraries (apache http client etc.). The jdk default is a very verbose and not obvious API:
Here are the relevant changes in the client:
* UrlConnectionHttpClient:
{code}
private HttpURLConnection createConnection(String userAgent, URL url) throws IOException {
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
if (isHttps(url)
&& !doSSLChecks) {
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
httpsConnection.setHostnameVerifier(new NoopHostnameVerifier());
setPermissiveSSLSocketFactory(httpsConnection);
}
{code}
{code}
private boolean isHttps(URL url) {
return "https".equals(url.getProtocol());
}
{code}
{code}
/**
* Sets a trust manager that will always trust.
* <p>
* TODO: dont swallog exceptions and setup things so that they dont disturb other components.
*/
private void setPermissiveSSLSocketFactory(HttpsURLConnection connection) {
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(new KeyManager[0], new TrustManager[] { new PermissiveTrustManager() }, new SecureRandom());
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
((HttpsURLConnection) connection).setSSLSocketFactory(socketFactory);
} catch (KeyManagementException e) {
// ignore
} catch (NoSuchAlgorithmException e) {
// ignore
}
}
{code}
{code}
private static class PermissiveTrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
}
{code}
{code}
private static class NoopHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession sslSession) {
return true;
}
}
{code}
I swallowed the exceptions to get things done, but we should at least log what happend. We should port this fix to Bill DeCoste's branch of the client, his solution set the trust manager for the whole jvm and is therefore neither osgi friendly nor thread safe.
To have jboss Tools working with the OpenShift development environment, we just have to switch to the new client library that I attached to this bug.
was (Author: adietish):
This was a very hard one, but it looks like I finally found out how to cleanly completely turn off the SSL checks HttpsUrlConnection does by default. Here once again you can see very well why so many people switched from the jdk default to 3rd party libraries (apache http client etc.). The jdk default is a very verbose and not obvious API:
Here are the relevant changes in the client:
* UrlConnectionHttpClient:
{code}
private HttpURLConnection createConnection(String userAgent, URL url) throws IOException {
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
if (isHttps(url)
&& !doSSLChecks) {
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
httpsConnection.setHostnameVerifier(new NoopHostnameVerifier());
setPermissiveSSLSocketFactory(httpsConnection);
}
{code}
{code}
private boolean isHttps(URL url) {
return "https".equals(url.getProtocol());
}
{code}
/**
* Sets a trust manager that will always trust.
* <p>
* TODO: dont swallog exceptions and setup things so that they dont disturb other components.
*/
private void setPermissiveSSLSocketFactory(HttpsURLConnection connection) {
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(new KeyManager[0], new TrustManager[] { new PermissiveTrustManager() }, new SecureRandom());
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
((HttpsURLConnection) connection).setSSLSocketFactory(socketFactory);
} catch (KeyManagementException e) {
// ignore
} catch (NoSuchAlgorithmException e) {
// ignore
}
}
{code}
{code}
private static class PermissiveTrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
}
{code}
{code}
private static class NoopHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession sslSession) {
return true;
}
}
{code}
I swallowed the exceptions to get things done, but we should at least log what happend. We should port this fix to Bill DeCoste's branch of the client, his solution set the trust manager for the whole jvm and is therefore neither osgi friendly nor thread safe.
To have jboss Tools working with the OpenShift development environment, we just have to switch to the new client library that I attached to this bug.
> Cannot connect to Dev environment with JBoss Tools OpenShift Tooling
> --------------------------------------------------------------------
>
> Key: JBIDE-10447
> URL: https://issues.jboss.org/browse/JBIDE-10447
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 3.3.0.M5
> Reporter: Andre Dietisheim
> Assignee: Andre Dietisheim
> Fix For: 3.3.0.M5
>
> Attachments: eclipse-proxy.png
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list