You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ant.apache.org by "Gintas Grigelionis (JIRA)" <ji...@apache.org> on 2017/08/31 16:28:00 UTC
[jira] [Commented] (IVY-109) Enable HTTPS with authentication per
URL resolver
[ https://issues.apache.org/jira/browse/IVY-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16149214#comment-16149214 ]
Gintas Grigelionis commented on IVY-109:
----------------------------------------
Is this still relevant?
> Enable HTTPS with authentication per URL resolver
> -------------------------------------------------
>
> Key: IVY-109
> URL: https://issues.apache.org/jira/browse/IVY-109
> Project: Ivy
> Issue Type: New Feature
> Components: Core
> Reporter: Peter Neubauer
> Attachments: ASF.LICENSE.NOT.GRANTED--diff.txt
>
>
> It seems that the HttpClient is set up in the IvyConfigure ant task.
> However, that will mean that
> 1) You can only configure one https host in you total build, so you cannot use different secure repositories
> 2) There should be an option to have hosts trusted, meaning that they then don't require a certificate that is imported via the keystore java tool. Something like this:
> try
> {
> URL remote = createRemoteUrl( artifact );
> log.println( this + " - opening connection: " + artifact + " --> " + remote );
> URLConnection conn = remote.openConnection();
> if( conn instanceof HttpsURLConnection )
> {
> log.println( this + " - HTTPS connection opened." );
> if( m_trusted )
> {
> log.println( this + " - Using NullTrustManager." );
> HttpsURLConnection ssl = (HttpsURLConnection) conn;
> TrustManager nullTrustManager = new NullTrustManager();
> SSLContext ctx = SSLContext.getInstance( "SSLv3" );
> ctx.init( null, new TrustManager[]{nullTrustManager}, null );
> log.println( this + " - Setting SSLv3 socket factory." );
> SSLSocketFactory factory = ctx.getSocketFactory();
> ssl.setSSLSocketFactory( factory );
> log.println( this + " - SSL socket factory is set." );
> }
> }
> conn.connect();
> if( conn instanceof HttpURLConnection )
> {
> int code = ( (HttpURLConnection) conn ).getResponseCode();
> log.println( this + " - ResponseCode: " + code );
> if( code == HttpURLConnection.HTTP_UNAUTHORIZED )
> {
> throw new IOException( "Unauthorized request." );
> }
> else if( code == HttpURLConnection.HTTP_NOT_FOUND )
> {
> return false;
> }
> else if( code != HttpURLConnection.HTTP_OK )
> {
> throw new IOException( "Unexpected Result: " + code );
> }
> }
> With a NullTrustManager:
> /**
> * A null trust manager that will accept any certificate. I.e. this
> * class performs NO TRUST MANAGEMENT and simply serves as a mechanism
> * through which https connections can be established with the same notion
> * of trust as a http connection (i.e. none).
> */
> private static final class NullTrustManager
> implements X509TrustManager
> {
> /**
> * Empty certificate sequence.
> */
> private static final X509Certificate[] EMPTY_CERTS = new X509Certificate[0];
> /**
> * Null implementation.
> * @param certs the supplied certs (ignored)
> * @param authType the supplied type (ignored)
> */
> public void checkServerTrusted( final X509Certificate[] certs, final String authType )
> {
> }
> /**
> * Null implementation.
> * @param certs the supplied certs (ignored)
> * @param authType the supplied type (ignored)
> */
> public void checkClientTrusted( final X509Certificate[] certs, final String authType )
> {
> }
> /**
> * Null implementation.
> * @return an empty certificate array
> */
> public X509Certificate[] getAcceptedIssuers()
> {
> return EMPTY_CERTS;
> }
> }
> //this code is copied from Transit at https://scm.ops4j.org/repos/ops4j/projects/legacy/transit/core/handler/src/main/net/dpml/transit/host/ClassicResourceHost.java so it is ASLv2
> /peter
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)