[IVY-109] Enable HTTPS with authentication per URL resolver - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: Core
Labels:
None

Description

It seems that the HttpClient is set up in the IvyConfigure ant task.
However, that will mean that
1) You can only configure one https host in you total build, so you cannot use different secure repositories
2) There should be an option to have hosts trusted, meaning that they then don't require a certificate that is imported via the keystore java tool. Something like this:
try
{
URL remote = createRemoteUrl( artifact );
log.println( this + " - opening connection: " + artifact + " --> " + remote );
URLConnection conn = remote.openConnection();
if( conn instanceof HttpsURLConnection )
{
log.println( this + " - HTTPS connection opened." );
if( m_trusted )
{
log.println( this + " - Using NullTrustManager." );
HttpsURLConnection ssl = (HttpsURLConnection) conn;
TrustManager nullTrustManager = new NullTrustManager();
SSLContext ctx = SSLContext.getInstance( "SSLv3" );
ctx.init( null, new TrustManager[]

{nullTrustManager}

, null );
log.println( this + " - Setting SSLv3 socket factory." );
SSLSocketFactory factory = ctx.getSocketFactory();
ssl.setSSLSocketFactory( factory );
log.println( this + " - SSL socket factory is set." );
}
}
conn.connect();
if( conn instanceof HttpURLConnection )
{
int code = ( (HttpURLConnection) conn ).getResponseCode();
log.println( this + " - ResponseCode: " + code );
if( code == HttpURLConnection.HTTP_UNAUTHORIZED )

{ throw new IOException( "Unauthorized request." ); }

else if( code == HttpURLConnection.HTTP_NOT_FOUND )

{ return false; }

else if( code != HttpURLConnection.HTTP_OK )

{ throw new IOException( "Unexpected Result: " + code ); }

}

With a NullTrustManager:
/**

A null trust manager that will accept any certificate. I.e. this
class performs NO TRUST MANAGEMENT and simply serves as a mechanism
through which https connections can be established with the same notion
of trust as a http connection (i.e. none).
*/
private static final class NullTrustManager
implements X509TrustManager
{
/**
Empty certificate sequence.
*/
private static final X509Certificate[] EMPTY_CERTS = new X509Certificate[0];

/**

Null implementation.
@param certs the supplied certs (ignored)
@param authType the supplied type (ignored)
*/
public void checkServerTrusted( final X509Certificate[] certs, final String authType )
{
}

/**

Null implementation.
@param certs the supplied certs (ignored)
@param authType the supplied type (ignored)
*/
public void checkClientTrusted( final X509Certificate[] certs, final String authType )
{
}

/**

Null implementation.
@return an empty certificate array
*/
public X509Certificate[] getAcceptedIssuers() { return EMPTY_CERTS; }
}

//this code is copied from Transit at https://scm.ops4j.org/repos/ops4j/projects/legacy/transit/core/handler/src/main/net/dpml/transit/host/ClassicResourceHost.java so it is ASLv2

/peter

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ASF.LICENSE.NOT.GRANTED--diff.txt
17/Nov/06 12:05
6 kB
Peter Neubauer

Activity

People

Assignee:: Unassigned

Reporter:: Peter Neubauer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Due:: 17/Nov/06

Created:: 01/Dec/05 11:32

Updated:: 24/Sep/17 15:13

Resolved:: 24/Sep/17 15:13