[jira] [Commented] (NETBEANS-5956) Wildcard certificate of *.apache.org not accepted by IDE TrustManager for use in pom.xml

Sun, 03 Oct 2021 14:26:08 -0700 


    [ 
https://issues.apache.org/jira/browse/NETBEANS-5956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17423731#comment-17423731
 ] 

Benjamin Asbach commented on NETBEANS-5956:
-------------------------------------------

Added a pull request to fix this issue to GitHub.

> Wildcard certificate of *.apache.org not accepted by IDE TrustManager for use 
> in pom.xml
> ----------------------------------------------------------------------------------------
>
>                 Key: NETBEANS-5956
>                 URL: https://issues.apache.org/jira/browse/NETBEANS-5956
>             Project: NetBeans
>          Issue Type: Bug
>          Components: editor - Completion & Templates
>    Affects Versions: 12.4, 12.5
>            Reporter:  Ronny Perinke
>            Assignee: Benjamin Asbach
>            Priority: Major
>             Fix For: 12.6
>
>         Attachments: image-2021-08-27-20-52-46-248.png
>
>
> If you have a Maven project and open a pom.xml with xsi:schemalocation set, 
> you will get an error from the IDE that the certificate of "*.apache.org" 
> could not be verified. This seems to be an issue with the new wildcard cert. 
> The certificate is accepted by the JRE trust-store as a quick check with 
> jshell reveals.
>  !image-2021-08-27-20-52-46-248.png! 
> If you do not accept the certificate and the two from certificate chain, you 
> lose auto-completion and schema validation for the pom.
> messages.log says
> {code:title=messages.log}
> INFO [org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl]: The 
> certificate is not trusted by IDE TrustManager
> java.security.cert.CertificateException: The certificate is not trusted by 
> IDE TrustManager
>       at 
> org.netbeans.modules.xml.retriever.impl.SecureURLResourceRetriever$1.checkServerTrusted(SecureURLResourceRetriever.java:114)
>       at 
> java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1442)
>       at 
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341)
> Caused: javax.net.ssl.SSLHandshakeException: The certificate is not trusted 
> by IDE TrustManager
>       at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
>       at 
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
>       at 
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
>       at 
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
>       at 
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
>       at 
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
>       at 
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
>       at 
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
>       at 
> java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
>       at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
>       at 
> java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
>       at 
> java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1416)
>       at 
> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:451)
>       at 
> java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:422)
>       at 
> java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:574)
>       at 
> java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
>       at 
> java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142)
>       at 
> org.netbeans.modules.xml.retriever.impl.URLResourceRetriever.getInputStreamOfURL(URLResourceRetriever.java:144)
>       at 
> org.netbeans.modules.xml.retriever.impl.SecureURLResourceRetriever.retrieveDocument(SecureURLResourceRetriever.java:74)
> [catch] at 
> org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl.getModelSource(CatalogModelImpl.java:263)
>       at 
> org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl.doGetModelSource(CatalogModelImpl.java:244)
>       at 
> org.netbeans.modules.xml.retriever.catalog.impl.CatalogModelImpl.getModelSource(CatalogModelImpl.java:167)
>       at 
> org.netbeans.modules.xml.schema.completion.util.DefaultModelProvider.getCompletionModel(DefaultModelProvider.java:102)
>       at 
> org.netbeans.modules.xml.schema.completion.util.DefaultModelProvider.getModels(DefaultModelProvider.java:62)
>       at 
> org.netbeans.modules.xml.schema.completion.util.CompletionContextImpl.initModels(CompletionContextImpl.java:938)
>       at 
> org.netbeans.modules.xml.schema.completion.CompletionQuery.getCompletionItems(CompletionQuery.java:343)
>       at 
> org.netbeans.modules.xml.schema.completion.CompletionQuery$ModelTask.run(CompletionQuery.java:310)
>       at 
> org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:1418)
>       at 
> org.netbeans.modules.openide.util.GlobalLookup.execute(GlobalLookup.java:45)
>       at org.openide.util.lookup.Lookups.executeWith(Lookups.java:278)
>       at 
> org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:2033)
> {code}
> {code:title=check with jshell}
> jshell> 
> HttpClient.newHttpClient().sendAsync(HttpRequest.newBuilder().uri(URI.create("https://maven.apache.org/xsd/maven-4.0.0.xsd";)).build(),
>  
> HttpResponse.BodyHandlers.ofString()).thenApply(HttpResponse::body).thenAccept(System.out::println).join();
> <?xml version="1.0"?>
> <!--
>   Licensed to the Apache Software Foundation (ASF) under one
>   or more contributor license agreements.  See the NOTICE file
>   distributed with this work for additional information
>   regarding copyright ownership.  The ASF licenses this file
>   to you under the Apache License, Version 2.0 (the
>   "License"); you may not use this file except in compliance
>   with the License.  You may obtain a copy of the License at
>   http://www.apache.org/licenses/LICENSE-2.0
>   Unless required by applicable law or agreed to in writing,
>   software distributed under the License is distributed on an
>   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>   KIND, either express or implied.  See the License for the
>   specific language governing permissions and limitations
>   under the License.
> -->
> {code}
> Java -version
> openjdk version "16.0.2" 2021-07-20
> OpenJDK Runtime Environment Temurin-16.0.2+7 (build 16.0.2+7)
> OpenJDK 64-Bit Server VM Temurin-16.0.2+7 (build 16.0.2+7, mixed mode, 
> sharing)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists

Reply via email to