This is an automated email from the ASF dual-hosted git repository. aonishuk pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push: new 4fbcf42 AMBARI-25433. Adding VDF fails with paywalled repos/urls (aonishuk) 4fbcf42 is described below commit 4fbcf42a1a2b630fc4c69c8a50f1c8ae1a50e1f5 Author: Andrew Onishuk <aonis...@hortonworks.com> AuthorDate: Fri Dec 6 14:47:47 2019 +0200 AMBARI-25433. Adding VDF fails with paywalled repos/urls (aonishuk) --- .../controller/internal/URLStreamProvider.java | 48 +++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLStreamProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLStreamProvider.java index 429d5c8..454a5c5 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLStreamProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLStreamProvider.java @@ -24,16 +24,25 @@ import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; +import java.net.URLConnection; +import java.security.KeyManagementException; import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; import org.apache.ambari.server.configuration.ComponentSSLConfiguration; import org.apache.ambari.server.controller.utilities.StreamProvider; @@ -288,12 +297,49 @@ public class URLStreamProvider implements StreamProvider { return cookies + "; " + newCookie; } + public static class TrustAllHostnameVerifier implements HostnameVerifier + { + public boolean verify(String hostname, SSLSession session) { return true; } + } + + public static class TrustAllManager implements X509TrustManager + { + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[0]; + } + public void checkClientTrusted(X509Certificate[] certs, String authType) {} + public void checkServerTrusted(X509Certificate[] certs, String authType) {} + } // ----- helper methods ---------------------------------------------------- // Get a connection protected HttpURLConnection getConnection(URL url) throws IOException { - return (HttpURLConnection) url.openConnection(); + URLConnection connection = url.openConnection(); + + if (!setupTruststoreForHttps) { + HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; + + // Create a trust manager that does not validate certificate chains + TrustManager[] trustAllCerts = new TrustManager[] { + new TrustAllManager() + }; + + // Ignore differences between given hostname and certificate hostname + HostnameVerifier hostnameVerifier = new TrustAllHostnameVerifier(); + // Install the all-trusting trust manager + try { + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new SecureRandom()); + httpsConnection.setSSLSocketFactory(sc.getSocketFactory()); + httpsConnection.setHostnameVerifier(hostnameVerifier); + } catch (NoSuchAlgorithmException | KeyManagementException e) { + throw new IllegalStateException("Cannot create unverified ssl context.", e); + } + } + + return (HttpURLConnection) connection; } // Get an ssl connection