This is an automated email from the ASF dual-hosted git repository.

gongchao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git


The following commit(s) were added to refs/heads/master by this push:
     new fd0e21681 [bugfix] fixed self signed certificate detected bug #1534 
(#2221)
fd0e21681 is described below

commit fd0e216818bdcf4275b6226708c6f3d875855bd2
Author: kangli <[email protected]>
AuthorDate: Mon Jul 15 14:57:21 2024 +0800

    [bugfix] fixed self signed certificate detected bug #1534 (#2221)
    
    Co-authored-by: tomsun28 <[email protected]>
---
 .../collect/http/SslCertificateCollectImpl.java    | 38 ++++++++++++++++++++++
 manager/src/main/resources/define/app-ssl_cert.yml | 12 +++++++
 2 files changed, 50 insertions(+)

diff --git 
a/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
 
b/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
index aaa818693..36141ddc3 100644
--- 
a/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
+++ 
b/collector/src/main/java/org/apache/hertzbeat/collector/collect/http/SslCertificateCollectImpl.java
@@ -23,12 +23,17 @@ import java.io.InterruptedIOException;
 import java.net.ConnectException;
 import java.net.URL;
 import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.hertzbeat.collector.collect.AbstractCollect;
 import org.apache.hertzbeat.collector.dispatch.DispatchConstants;
@@ -81,6 +86,14 @@ public class SslCertificateCollectImpl extends 
AbstractCollect {
                 uri = "https://"; + httpProtocol.getHost() + ":" + 
httpProtocol.getPort();
             }
             urlConnection = (HttpsURLConnection) new URL(uri).openConnection();
+
+            boolean verifySsl = Boolean.parseBoolean(httpProtocol.getSsl());
+            // ignore ssl verify
+            if (!verifySsl){
+                SSLContext ignoreSslContext = createIgnoreVerifySslContext();
+                
urlConnection.setSSLSocketFactory(ignoreSslContext.getSocketFactory());
+            }
+
             urlConnection.connect();
             Certificate[] certificates = urlConnection.getServerCertificates();
             if (certificates == null || certificates.length == 0) {
@@ -160,4 +173,29 @@ public class SslCertificateCollectImpl extends 
AbstractCollect {
     private void validateParams(Metrics metrics) {
 
     }
+
+    public SSLContext createIgnoreVerifySslContext() throws 
NoSuchAlgorithmException, KeyManagementException {
+        SSLContext sc = SSLContext.getInstance("TLS");
+        X509TrustManager trustManager = new X509TrustManager() {
+            @Override
+            public void checkClientTrusted(
+                    java.security.cert.X509Certificate[] 
paramArrayOfX509Certificate,
+                    String paramString) {
+            }
+
+            @Override
+            public void checkServerTrusted(
+                    java.security.cert.X509Certificate[] 
paramArrayOfX509Certificate,
+                    String paramString) {
+            }
+
+            @Override
+            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                return null;
+            }
+        };
+
+        sc.init(null, new TrustManager[]{trustManager}, null);
+        return sc;
+    }
 }
diff --git a/manager/src/main/resources/define/app-ssl_cert.yml 
b/manager/src/main/resources/define/app-ssl_cert.yml
index d48406a67..9a2694380 100644
--- a/manager/src/main/resources/define/app-ssl_cert.yml
+++ b/manager/src/main/resources/define/app-ssl_cert.yml
@@ -56,6 +56,17 @@ params:
     # default value
     defaultValue: 443
   # field-param field key
+  - field: verify
+    # name-param field display i18n name
+    name:
+      zh-CN: 校验证书
+      en-US: verify
+    # When the type is boolean, the frontend will display a switch for it.
+    type: boolean
+    defaultValue: true
+    # required-true or false
+    required: false
+  # field-param field key
   - field: uri
     # name-param field display i18n name
     name:
@@ -140,3 +151,4 @@ metrics:
       host: ^_^host^_^
       port: ^_^port^_^
       url: ^_^uri^_^
+      ssl: ^_^verify^_^


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to