Ivy
  1. Ivy
  2. IVY-109

Enable HTTPS with authentication per URL resolver

    Details

    • Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Core
    • Labels:
      None

      Description

      It seems that the HttpClient is set up in the IvyConfigure ant task.
      However, that will mean that
      1) You can only configure one https host in you total build, so you cannot use different secure repositories
      2) There should be an option to have hosts trusted, meaning that they then don't require a certificate that is imported via the keystore java tool. Something like this:
      try
      {
      URL remote = createRemoteUrl( artifact );
      log.println( this + " - opening connection: " + artifact + " --> " + remote );
      URLConnection conn = remote.openConnection();
      if( conn instanceof HttpsURLConnection )
      {
      log.println( this + " - HTTPS connection opened." );
      if( m_trusted )
      {
      log.println( this + " - Using NullTrustManager." );
      HttpsURLConnection ssl = (HttpsURLConnection) conn;
      TrustManager nullTrustManager = new NullTrustManager();
      SSLContext ctx = SSLContext.getInstance( "SSLv3" );
      ctx.init( null, new TrustManager[]

      {nullTrustManager}

      , null );
      log.println( this + " - Setting SSLv3 socket factory." );
      SSLSocketFactory factory = ctx.getSocketFactory();
      ssl.setSSLSocketFactory( factory );
      log.println( this + " - SSL socket factory is set." );
      }
      }
      conn.connect();
      if( conn instanceof HttpURLConnection )
      {
      int code = ( (HttpURLConnection) conn ).getResponseCode();
      log.println( this + " - ResponseCode: " + code );
      if( code == HttpURLConnection.HTTP_UNAUTHORIZED )

      { throw new IOException( "Unauthorized request." ); }

      else if( code == HttpURLConnection.HTTP_NOT_FOUND )

      { return false; }

      else if( code != HttpURLConnection.HTTP_OK )

      { throw new IOException( "Unexpected Result: " + code ); }

      }

      With a NullTrustManager:
      /**

      • A null trust manager that will accept any certificate. I.e. this
      • class performs NO TRUST MANAGEMENT and simply serves as a mechanism
      • through which https connections can be established with the same notion
      • of trust as a http connection (i.e. none).
        */
        private static final class NullTrustManager
        implements X509TrustManager
        {
        /**
      • Empty certificate sequence.
        */
        private static final X509Certificate[] EMPTY_CERTS = new X509Certificate[0];

      /**

      • Null implementation.
      • @param certs the supplied certs (ignored)
      • @param authType the supplied type (ignored)
        */
        public void checkServerTrusted( final X509Certificate[] certs, final String authType )
        {
        }

      /**

      • Null implementation.
      • @param certs the supplied certs (ignored)
      • @param authType the supplied type (ignored)
        */
        public void checkClientTrusted( final X509Certificate[] certs, final String authType )
        {
        }

      /**

      • Null implementation.
      • @return an empty certificate array
        */
        public X509Certificate[] getAcceptedIssuers() { return EMPTY_CERTS; }

        }

      //this code is copied from Transit at https://scm.ops4j.org/repos/ops4j/projects/legacy/transit/core/handler/src/main/net/dpml/transit/host/ClassicResourceHost.java so it is ASLv2

      /peter

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Peter Neubauer
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Due:
              Created:
              Updated:

              Development