RE: Problem with SVNKit & https & Java 7/8

Wed, 22 Apr 2015 04:42:27 -0700 

Hi Alexander,

Thanks for the reply. I had fixed my problem but I have not the exact root 
cause. Here some elements about my knowledge:

FI: I discovered the problem at my home => without proxy => not sure the proxy 
is the root cause.

With property “-Djavax.net.debug=all” (very useful) I found in a certificate 
chain a Verisign with MD2withRSA Algorithm.
DefaultSVNSSLTrustManager used implicitly with DefaultSVNAuthenticationManager 
seems to have problem to deal with that when JDK >= 7 used.
Some posts can be found on forums about this algorithm & direct 
X509TrustManager extend (and not X509ExtendedTrustManager) & JDK 7.

In method checkServerTrusted, SVNSSLUtil.getServerCertificateFailures returns 
12 as result (same result with JDK 6), authProvider is null and an 
SSLHandshakeException is found when back to HTTPConnection ; origin is not 
clear … I can't debug when it has been thrown.

So I tried to use the default JVM trustmanager, who can explain why the direct 
HttpsURLConnection snippet code works.

Feasible with an extension of BasicAuthenticationManager (and better in my 
Maven plugin usage: fully java without ’%APPDATA%\Subversion’ requirements):
---
    public class BasicWithCertificateTrustedAuthenticationManager extends 
BasicAuthenticationManager {
        public BasicWithCertificateTrustedAuthenticationManager(String 
userName, String password) {
            super(userName, password);
        }
        @Override
        public TrustManager getTrustManager(SVNURL url) throws SVNException {
            try {
                // HTTPS URL requires certificate trust process
                if (url != null && url.getProtocol() != null && 
url.getProtocol().startsWith("https")) {
                    // TrustManagerUtils comes from commons-net:commons-net:3.3
                    return TrustManagerUtils.getDefaultTrustManager(null);
                }
                return null;
            } catch (GeneralSecurityException e) {
                throw new 
SVNException(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, e.getMessage()), e);
            }
        }
    }

Usage: SVNClientManager clientManager = 
SVNClientManager.newInstance(SVNWCUtil.createDefaultOptions(true), new 
BasicWithCertificateTrustedAuthenticationManager(userName, password));
---

=> It is ok for me. For investigation I could give you if you want the HTTPS 
URL in a private mail (mine: firstname.lastn...@gmail.com). The Certificate 
problem occurs before credential requirements.

Best Regards.

Reply via email to