Use ResteasyClientBuilder to configure ignoreCertificateErrors
This commit is contained in:
Robin Müller
parent
37a9456884
commit
99bde6fe1e
|
|
@ -17,16 +17,7 @@ import hudson.security.ACL;
|
||||||
import jenkins.model.Jenkins;
|
import jenkins.model.Jenkins;
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.apache.commons.lang.StringUtils;
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.apache.http.conn.ClientConnectionManager;
|
|
||||||
import org.apache.http.conn.scheme.PlainSocketFactory;
|
|
||||||
import org.apache.http.conn.scheme.Scheme;
|
|
||||||
import org.apache.http.conn.scheme.SchemeRegistry;
|
|
||||||
import org.apache.http.conn.ssl.SSLSocketFactory;
|
|
||||||
import org.apache.http.conn.ssl.TrustStrategy;
|
|
||||||
import org.apache.http.impl.client.DefaultHttpClient;
|
|
||||||
import org.apache.http.impl.conn.BasicClientConnectionManager;
|
|
||||||
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
|
||||||
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
|
|
||||||
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
import org.jboss.resteasy.spi.ResteasyProviderFactory;
|
||||||
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
|
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
|
||||||
|
|
||||||
|
|
@ -41,9 +32,6 @@ import javax.ws.rs.ext.RuntimeDelegate;
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.security.GeneralSecurityException;
|
|
||||||
import java.security.cert.CertificateException;
|
|
||||||
import java.security.cert.X509Certificate;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
@ -61,14 +49,18 @@ public class GitLabClientBuilder {
|
||||||
private static final String PRIVATE_TOKEN = "PRIVATE-TOKEN";
|
private static final String PRIVATE_TOKEN = "PRIVATE-TOKEN";
|
||||||
|
|
||||||
public static GitLabApi buildClient(String gitlabHostUrl, final String gitlabApiTokenId, boolean ignoreCertificateErrors) {
|
public static GitLabApi buildClient(String gitlabHostUrl, final String gitlabApiTokenId, boolean ignoreCertificateErrors) {
|
||||||
return new ResteasyClientBuilder()
|
ResteasyClientBuilder builder = new ResteasyClientBuilder();
|
||||||
.httpEngine(new ApacheHttpClient4Engine(createHttpClient(ignoreCertificateErrors)))
|
if (ignoreCertificateErrors) {
|
||||||
.register(new JacksonJsonProvider())
|
builder.hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY);
|
||||||
.register(new JacksonConfig())
|
builder.disableTrustManager();
|
||||||
.register(new ApiHeaderTokenFilter(getApiToken(gitlabApiTokenId))).build().target(gitlabHostUrl)
|
}
|
||||||
.register(new LoggingFilter())
|
return builder
|
||||||
.proxyBuilder(GitLabApi.class)
|
.register(new JacksonJsonProvider())
|
||||||
.classloader(Jenkins.getInstance().getPluginManager().uberClassLoader)
|
.register(new JacksonConfig())
|
||||||
|
.register(new ApiHeaderTokenFilter(getApiToken(gitlabApiTokenId))).build().target(gitlabHostUrl)
|
||||||
|
.register(new LoggingFilter())
|
||||||
|
.proxyBuilder(GitLabApi.class)
|
||||||
|
.classloader(Jenkins.getInstance().getPluginManager().uberClassLoader)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -88,32 +80,6 @@ public class GitLabClientBuilder {
|
||||||
return credentials == null ? null : credentials.getSecret().getPlainText();
|
return credentials == null ? null : credentials.getSecret().getPlainText();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static DefaultHttpClient createHttpClient(boolean ignoreCertificateErrors) {
|
|
||||||
ClientConnectionManager connectionManager;
|
|
||||||
if (ignoreCertificateErrors) {
|
|
||||||
connectionManager = new BasicClientConnectionManager(createSchemeRegistry());
|
|
||||||
} else {
|
|
||||||
connectionManager = new BasicClientConnectionManager();
|
|
||||||
}
|
|
||||||
return new DefaultHttpClient(connectionManager, new DefaultHttpClient().getParams());
|
|
||||||
}
|
|
||||||
|
|
||||||
private static SchemeRegistry createSchemeRegistry() {
|
|
||||||
SchemeRegistry registry = new SchemeRegistry();
|
|
||||||
registry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
|
|
||||||
try {
|
|
||||||
SSLSocketFactory factory = new SSLSocketFactory(new TrustStrategy() {
|
|
||||||
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
|
|
||||||
registry.register(new Scheme("https", 10443, factory));
|
|
||||||
} catch (GeneralSecurityException e) {
|
|
||||||
LOGGER.log(Level.SEVERE, "Failed to set ignoreCertificateErrors", e);
|
|
||||||
}
|
|
||||||
return registry;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static class ApiHeaderTokenFilter implements ClientRequestFilter {
|
private static class ApiHeaderTokenFilter implements ClientRequestFilter {
|
||||||
private final String gitlabApiToken;
|
private final String gitlabApiToken;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue