You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by wu...@apache.org on 2022/11/28 14:24:28 UTC
[ambari] branch trunk updated: AMBARI-25445: VDF registration fails with SunCertPathBuilderException (#3584)
This is an automated email from the ASF dual-hosted git repository.
wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new feeb1135dd AMBARI-25445: VDF registration fails with SunCertPathBuilderException (#3584)
feeb1135dd is described below
commit feeb1135ddefe5b5cec42b7121ebaa6da4f86dff
Author: Zhiguo Wu <wu...@apache.org>
AuthorDate: Mon Nov 28 22:24:22 2022 +0800
AMBARI-25445: VDF registration fails with SunCertPathBuilderException (#3584)
---
.../controller/AmbariManagementControllerImpl.java | 2 +-
.../controller/internal/URLRedirectProvider.java | 44 +++++++++++++++++++++-
.../VersionDefinitionResourceProvider.java | 2 +-
3 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 0d36d69b29..3f8d8d024f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -4564,7 +4564,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
* @throws AmbariException if verification fails
*/
private void verifyRepository(RepositoryRequest request) throws AmbariException {
- URLRedirectProvider usp = new URLRedirectProvider(REPO_URL_CONNECT_TIMEOUT, REPO_URL_READ_TIMEOUT);
+ URLRedirectProvider usp = new URLRedirectProvider(REPO_URL_CONNECT_TIMEOUT, REPO_URL_READ_TIMEOUT, true);
String repoName = request.getRepoName();
if (StringUtils.isEmpty(repoName)) {
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
index aed89fc185..1ec508cd8c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
@@ -21,7 +21,13 @@ package org.apache.ambari.server.controller.internal;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import javax.net.ssl.SSLContext;
+
+import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.utils.URLCredentialsHider;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpEntity;
@@ -29,8 +35,15 @@ import org.apache.http.HttpStatus;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,14 +55,16 @@ public class URLRedirectProvider {
private final int connTimeout;
private final int readTimeout;
+ private final boolean skipSslCertificateCheck;
- public URLRedirectProvider(int connectionTimeout, int readTimeout) {
+ public URLRedirectProvider(int connectionTimeout, int readTimeout, boolean skipSslCertificateCheck) {
this.connTimeout = connectionTimeout;
this.readTimeout = readTimeout;
+ this.skipSslCertificateCheck = skipSslCertificateCheck;
}
public RequestResult executeGet(String spec) throws IOException {
- try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
+ try (CloseableHttpClient httpClient = buildHttpClient()) {
HttpGet httpGet = new HttpGet(spec);
RequestConfig requestConfig = RequestConfig.custom()
@@ -74,6 +89,31 @@ public class URLRedirectProvider {
}
}
+ private CloseableHttpClient buildHttpClient() throws AmbariException {
+ HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+ if (skipSslCertificateCheck) {
+ final SSLContext sslContext;
+ try {
+ sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(null, (x509CertChain, authType) -> true)
+ .build();
+ } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
+ throw new AmbariException("Cannot build null truststore.", e);
+ }
+
+ httpClientBuilder.setSSLContext(sslContext)
+ .setConnectionManager(
+ new PoolingHttpClientConnectionManager(
+ RegistryBuilder.<ConnectionSocketFactory>create()
+ .register("http", PlainConnectionSocketFactory.INSTANCE)
+ .register("https", new SSLConnectionSocketFactory(sslContext,
+ NoopHostnameVerifier.INSTANCE))
+ .build()
+ ));
+ }
+ return httpClientBuilder.build();
+ }
+
public static class RequestResult {
private final String content;
private final int code;
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
index 96d53fa5b0..5d5a5a1ed3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
@@ -579,7 +579,7 @@ public class VersionDefinitionResourceProvider extends AbstractAuthorizedResourc
InputStream stream = uri.toURL().openStream();
holder.xmlString = IOUtils.toString(stream, "UTF-8");
} else {
- URLRedirectProvider provider = new URLRedirectProvider(connectTimeout, readTimeout);
+ URLRedirectProvider provider = new URLRedirectProvider(connectTimeout, readTimeout, true);
URLRedirectProvider.RequestResult requestResult = provider.executeGet(definitionUrl);
if (requestResult.getCode() != HttpStatus.SC_OK) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org