This is an automated email from the ASF dual-hosted git repository.
gongchao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git
The following commit(s) were added to refs/heads/master by this push:
new fd0e21681 [bugfix] fixed self signed certificate detected bug #1534
(#2221)
fd0e21681 is described below
commit fd0e216818bdcf4275b6226708c6f3d875855bd2
Author: kangli <[email protected]>
AuthorDate: Mon Jul 15 14:57:21 2024 +0800
[bugfix] fixed self signed certificate detected bug #1534 (#2221)
Co-authored-by: tomsun28 <[email protected]>
---
.../collect/http/SslCertificateCollectImpl.java | 38 ++++++++++++++++++++++
manager/src/main/resources/define/app-ssl_cert.yml | 12 +++++++
2 files changed, 50 insertions(+)
diff --git
a/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
b/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
index aaa818693..36141ddc3 100644
---
a/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
+++
b/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
@@ -23,12 +23,17 @@ import java.io.InterruptedIOException;
import java.net.ConnectException;
import java.net.URL;
import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import lombok.extern.slf4j.Slf4j;
import org.apache.hertzbeat.collector.collect.AbstractCollect;
import org.apache.hertzbeat.collector.dispatch.DispatchConstants;
@@ -81,6 +86,14 @@ public class SslCertificateCollectImpl extends
AbstractCollect {
uri = "https://"; + httpProtocol.getHost() + ":" +
httpProtocol.getPort();
}
urlConnection = (HttpsURLConnection) new URL(uri).openConnection();
+
+ boolean verifySsl = Boolean.parseBoolean(httpProtocol.getSsl());
+ // ignore ssl verify
+ if (!verifySsl){
+ SSLContext ignoreSslContext = createIgnoreVerifySslContext();
+
urlConnection.setSSLSocketFactory(ignoreSslContext.getSocketFactory());
+ }
+
urlConnection.connect();
Certificate[] certificates = urlConnection.getServerCertificates();
if (certificates == null || certificates.length == 0) {
@@ -160,4 +173,29 @@ public class SslCertificateCollectImpl extends
AbstractCollect {
private void validateParams(Metrics metrics) {
}
+
+ public SSLContext createIgnoreVerifySslContext() throws
NoSuchAlgorithmException, KeyManagementException {
+ SSLContext sc = SSLContext.getInstance("TLS");
+ X509TrustManager trustManager = new X509TrustManager() {
+ @Override
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[]
paramArrayOfX509Certificate,
+ String paramString) {
+ }
+
+ @Override
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[]
paramArrayOfX509Certificate,
+ String paramString) {
+ }
+
+ @Override
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ };
+
+ sc.init(null, new TrustManager[]{trustManager}, null);
+ return sc;
+ }
}
diff --git a/manager/src/main/resources/define/app-ssl_cert.yml
b/manager/src/main/resources/define/app-ssl_cert.yml
index d48406a67..9a2694380 100644
--- a/manager/src/main/resources/define/app-ssl_cert.yml
+++ b/manager/src/main/resources/define/app-ssl_cert.yml
@@ -56,6 +56,17 @@ params:
# default value
defaultValue: 443
# field-param field key
+ - field: verify
+ # name-param field display i18n name
+ name:
+ zh-CN: 校验证书
+ en-US: verify
+ # When the type is boolean, the frontend will display a switch for it.
+ type: boolean
+ defaultValue: true
+ # required-true or false
+ required: false
+ # field-param field key
- field: uri
# name-param field display i18n name
name:
@@ -140,3 +151,4 @@ metrics:
host: ^_^host^_^
port: ^_^port^_^
url: ^_^uri^_^
+ ssl: ^_^verify^_^
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
