[jbosstools-issues] [JBoss JIRA] (JBIDE-14768) Connection dialog: Inform users about invalid SSL certificates and allow them to accept/refuse them
Fred Bricon (JIRA)
issues at jboss.org
Wed Feb 5 10:16:29 EST 2014
[ https://issues.jboss.org/browse/JBIDE-14768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12941554#comment-12941554 ]
Fred Bricon edited comment on JBIDE-14768 at 2/5/14 10:15 AM:
--------------------------------------------------------------
There are 2 ways to handle that.
1 - either change the label so that it reads Remember this decision for the current Eclipse session.
2 - or, when checking the checkbox, open a dialog saying "This decision will be remembered for the current Eclipse session."
1 - provides a smoother UX but requires a UI change for the next release, hence invalidating any screenshots you might take for doc purposes
2 - slightly disrupt the workflow, but you keep the same general UI in upcoming releases.
was (Author: fbricon):
There are 2 ways to handle that.
1 - either change the label so that it reads Remember this decision for the current Eclipse session.
2 - or, when checked open a dialog saying "This decision will be remembered for the current Eclipse session."
1 - provides a smoother UX but requires a UI change for the next release, hence invalidating any screenshots you might take for doc purposes
2 - slightly disrupt the workflow, but you keep the same general UI in upcoming releases.
> Connection dialog: Inform users about invalid SSL certificates and allow them to accept/refuse them
> ----------------------------------------------------------------------------------------------------
>
> Key: JBIDE-14768
> URL: https://issues.jboss.org/browse/JBIDE-14768
> Project: Tools (JBoss Tools)
> Issue Type: Enhancement
> Components: openshift
> Affects Versions: 4.1.0.Beta2
> Reporter: Andre Dietisheim
> Assignee: Andre Dietisheim
> Priority: Critical
> Labels: connection_wizard
> Fix For: 4.2.x
>
> Attachments: certificate-dialog.png
>
>
> In JBIDE-10447 the openshift-java-client disabled the checks for SSL certificates since those prevented users from connecting to internal/private OpenShift instances:
> {code:title=UrlConnectionHttpClient}
> private HttpURLConnection createConnection(String userAgent, URL url) throws IOException {
> HttpURLConnection connection = (HttpURLConnection) url.openConnection();
> if (isHttps(url)
> && !doSSLChecks) {
> HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
> httpsConnection.setHostnameVerifier(new NoopHostnameVerifier());
> setPermissiveSSLSocketFactory(httpsConnection);
> }
> private boolean isHttps(URL url) {
> return "https".equals(url.getProtocol());
> }
> /**
> * Sets a trust manager that will always trust.
> * <p>
> * TODO: dont swallog exceptions and setup things so that they dont disturb other components.
> */
> private void setPermissiveSSLSocketFactory(HttpsURLConnection connection) {
> try {
> SSLContext sslContext = SSLContext.getInstance("SSL");
> sslContext.init(new KeyManager[0], new TrustManager[] { new PermissiveTrustManager() }, new SecureRandom());
> SSLSocketFactory socketFactory = sslContext.getSocketFactory();
> ((HttpsURLConnection) connection).setSSLSocketFactory(socketFactory);
> } catch (KeyManagementException e) {
> // ignore
> } catch (NoSuchAlgorithmException e) {
> // ignore
> }
> }
> private static class PermissiveTrustManager implements X509TrustManager {
> public X509Certificate[] getAcceptedIssuers() {
> return null;
> }
> public void checkServerTrusted(X509Certificate[] chain,
> String authType) throws CertificateException {
> }
> public void checkClientTrusted(X509Certificate[] chain,
> String authType) throws CertificateException {
> }
> }
> private static class NoopHostnameVerifier implements HostnameVerifier {
> public boolean verify(String hostname, SSLSession sslSession) {
> return true;
> }
> }
> {code}
> We should not simply disable these SSL checks but allow users to accept/refuse them via a dialog
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list