You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by wu...@apache.org on 2022/11/28 14:24:28 UTC

[ambari] branch trunk updated: AMBARI-25445: VDF registration fails with SunCertPathBuilderException (#3584)

This is an automated email from the ASF dual-hosted git repository.

wuzhiguo pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new feeb1135dd AMBARI-25445: VDF registration fails with SunCertPathBuilderException (#3584)
feeb1135dd is described below

commit feeb1135ddefe5b5cec42b7121ebaa6da4f86dff
Author: Zhiguo Wu <wu...@apache.org>
AuthorDate: Mon Nov 28 22:24:22 2022 +0800

    AMBARI-25445: VDF registration fails with SunCertPathBuilderException (#3584)
---
 .../controller/AmbariManagementControllerImpl.java |  2 +-
 .../controller/internal/URLRedirectProvider.java   | 44 +++++++++++++++++++++-
 .../VersionDefinitionResourceProvider.java         |  2 +-
 3 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 0d36d69b29..3f8d8d024f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -4564,7 +4564,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
    * @throws AmbariException if verification fails
    */
   private void verifyRepository(RepositoryRequest request) throws AmbariException {
-    URLRedirectProvider usp = new URLRedirectProvider(REPO_URL_CONNECT_TIMEOUT, REPO_URL_READ_TIMEOUT);
+    URLRedirectProvider usp = new URLRedirectProvider(REPO_URL_CONNECT_TIMEOUT, REPO_URL_READ_TIMEOUT, true);
 
     String repoName = request.getRepoName();
     if (StringUtils.isEmpty(repoName)) {
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
index aed89fc185..1ec508cd8c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/URLRedirectProvider.java
@@ -21,7 +21,13 @@ package org.apache.ambari.server.controller.internal;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 
+import javax.net.ssl.SSLContext;
+
+import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.utils.URLCredentialsHider;
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpEntity;
@@ -29,8 +35,15 @@ import org.apache.http.HttpStatus;
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,14 +55,16 @@ public class URLRedirectProvider {
 
   private final int connTimeout;
   private final int readTimeout;
+  private final boolean skipSslCertificateCheck;
 
-  public URLRedirectProvider(int connectionTimeout, int readTimeout) {
+  public URLRedirectProvider(int connectionTimeout, int readTimeout, boolean skipSslCertificateCheck) {
     this.connTimeout = connectionTimeout;
     this.readTimeout = readTimeout;
+    this.skipSslCertificateCheck = skipSslCertificateCheck;
   }
 
   public RequestResult executeGet(String spec) throws IOException {
-    try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) {
+    try (CloseableHttpClient httpClient = buildHttpClient()) {
       HttpGet httpGet = new HttpGet(spec);
 
       RequestConfig requestConfig = RequestConfig.custom()
@@ -74,6 +89,31 @@ public class URLRedirectProvider {
     }
   }
 
+  private CloseableHttpClient buildHttpClient() throws AmbariException {
+    HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+    if (skipSslCertificateCheck) {
+      final SSLContext sslContext;
+      try {
+        sslContext = new SSLContextBuilder()
+          .loadTrustMaterial(null, (x509CertChain, authType) -> true)
+          .build();
+      } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
+        throw new AmbariException("Cannot build null truststore.", e);
+      }
+
+      httpClientBuilder.setSSLContext(sslContext)
+      .setConnectionManager(
+        new PoolingHttpClientConnectionManager(
+          RegistryBuilder.<ConnectionSocketFactory>create()
+            .register("http", PlainConnectionSocketFactory.INSTANCE)
+            .register("https", new SSLConnectionSocketFactory(sslContext,
+                                                              NoopHostnameVerifier.INSTANCE))
+            .build()
+        ));
+    }
+    return httpClientBuilder.build();
+  }
+
   public static class RequestResult {
     private final String content;
     private final int code;
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
index 96d53fa5b0..5d5a5a1ed3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java
@@ -579,7 +579,7 @@ public class VersionDefinitionResourceProvider extends AbstractAuthorizedResourc
         InputStream stream = uri.toURL().openStream();
         holder.xmlString = IOUtils.toString(stream, "UTF-8");
       } else {
-        URLRedirectProvider provider = new URLRedirectProvider(connectTimeout, readTimeout);
+        URLRedirectProvider provider = new URLRedirectProvider(connectTimeout, readTimeout, true);
         URLRedirectProvider.RequestResult requestResult = provider.executeGet(definitionUrl);
 
         if (requestResult.getCode() != HttpStatus.SC_OK) {


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ambari.apache.org
For additional commands, e-mail: commits-help@ambari.apache.org