This is an automated email from the ASF dual-hosted git repository.

aonishuk pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new bc2fd78  AMBARI-25445. VDF registration fails with 
SunCertPathBuilderException (#3158)
bc2fd78 is described below

commit bc2fd78f175d6d85b84be259e87ce3a00513f38d
Author: aonishuk <aonis...@hortonworks.com>
AuthorDate: Tue Dec 10 20:34:35 2019 +0200

    AMBARI-25445. VDF registration fails with SunCertPathBuilderException 
(#3158)
    
    * AMBARI-25445. VDF registration fails with SunCertPathBuilderException: 
unable to find valid certification path to requested target' on HTTPS cluster  
(aonishuk)
    
    * AMBARI-25445. VDF registration fails with SunCertPathBuilderException: 
unable to find valid certification path to requested target' on HTTPS cluster  
(aonishuk)
---
 .../controller/AmbariManagementControllerImpl.java |  2 +-
 .../controller/internal/URLRedirectProvider.java   | 44 +++++++++++++++++++++-
 .../VersionDefinitionResourceProvider.java         |  2 +-
 3 files changed, 44 insertions(+), 4 deletions(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index fc8c965..0220e20 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -4464,7 +4464,7 @@ public class AmbariManagementControllerImpl implements 
AmbariManagementControlle
    * @throws AmbariException if verification fails
    */
   private void verifyRepository(RepositoryRequest request) throws 
AmbariException {
-    URLRedirectProvider usp = new 
URLRedirectProvider(REPO_URL_CONNECT_TIMEOUT, REPO_URL_READ_TIMEOUT);
+    URLRedirectProvider usp = new 
URLRedirectProvider(REPO_URL_CONNECT_TIMEOUT, REPO_URL_READ_TIMEOUT, true);
 
     String repoName = request.getRepoName();
     if (StringUtils.isEmpty(repoName)) {
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
index aed89fc..1ec508c 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
@@ -21,7 +21,13 @@ package org.apache.ambari.server.controller.internal;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 
+import javax.net.ssl.SSLContext;
+
+import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.utils.URLCredentialsHider;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpEntity;
@@ -29,8 +35,15 @@ import org.apache.http.HttpStatus;
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,14 +55,16 @@ public class URLRedirectProvider {
 
   private final int connTimeout;
   private final int readTimeout;
+  private final boolean skipSslCertificateCheck;
 
-  public URLRedirectProvider(int connectionTimeout, int readTimeout) {
+  public URLRedirectProvider(int connectionTimeout, int readTimeout, boolean 
skipSslCertificateCheck) {
     this.connTimeout = connectionTimeout;
     this.readTimeout = readTimeout;
+    this.skipSslCertificateCheck = skipSslCertificateCheck;
   }
 
   public RequestResult executeGet(String spec) throws IOException {
-    try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
+    try (CloseableHttpClient httpClient = buildHttpClient()) {
       HttpGet httpGet = new HttpGet(spec);
 
       RequestConfig requestConfig = RequestConfig.custom()
@@ -74,6 +89,31 @@ public class URLRedirectProvider {
     }
   }
 
+  private CloseableHttpClient buildHttpClient() throws AmbariException {
+    HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+    if (skipSslCertificateCheck) {
+      final SSLContext sslContext;
+      try {
+        sslContext = new SSLContextBuilder()
+          .loadTrustMaterial(null, (x509CertChain, authType) -> true)
+          .build();
+      } catch (NoSuchAlgorithmException | KeyManagementException | 
KeyStoreException e) {
+        throw new AmbariException("Cannot build null truststore.", e);
+      }
+
+      httpClientBuilder.setSSLContext(sslContext)
+      .setConnectionManager(
+        new PoolingHttpClientConnectionManager(
+          RegistryBuilder.<ConnectionSocketFactory>create()
+            .register("http", PlainConnectionSocketFactory.INSTANCE)
+            .register("https", new SSLConnectionSocketFactory(sslContext,
+                                                              
NoopHostnameVerifier.INSTANCE))
+            .build()
+        ));
+    }
+    return httpClientBuilder.build();
+  }
+
   public static class RequestResult {
     private final String content;
     private final int code;
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
index 2eda49e..4fd3cb0 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
@@ -576,7 +576,7 @@ public class VersionDefinitionResourceProvider extends 
AbstractAuthorizedResourc
         InputStream stream = uri.toURL().openStream();
         holder.xmlString = IOUtils.toString(stream, "UTF-8");
       } else {
-        URLRedirectProvider provider = new URLRedirectProvider(connectTimeout, 
readTimeout);
+        URLRedirectProvider provider = new URLRedirectProvider(connectTimeout, 
readTimeout, true);
         URLRedirectProvider.RequestResult requestResult = 
provider.executeGet(definitionUrl);
 
         if (requestResult.getCode() != HttpStatus.SC_OK) {

Reply via email to