Skip to content

Commit

Permalink
[bugfix] fixed self signed certificate detected bug #1534 (#2221)
Browse files Browse the repository at this point in the history
Co-authored-by: tomsun28 <tomsun28@outlook.com>
pwallk and tomsun28 authored Jul 15, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 999b37e commit fd0e216
Showing 2 changed files with 50 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -23,12 +23,17 @@
import java.net.ConnectException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import lombok.extern.slf4j.Slf4j;
import org.apache.hertzbeat.collector.collect.AbstractCollect;
import org.apache.hertzbeat.collector.dispatch.DispatchConstants;
@@ -81,6 +86,14 @@ public void collect(CollectRep.MetricsData.Builder builder,
uri = "https://" + httpProtocol.getHost() + ":" + httpProtocol.getPort();
}
urlConnection = (HttpsURLConnection) new URL(uri).openConnection();

boolean verifySsl = Boolean.parseBoolean(httpProtocol.getSsl());
// ignore ssl verify
if (!verifySsl){
SSLContext ignoreSslContext = createIgnoreVerifySslContext();
urlConnection.setSSLSocketFactory(ignoreSslContext.getSocketFactory());
}

urlConnection.connect();
Certificate[] certificates = urlConnection.getServerCertificates();
if (certificates == null || certificates.length == 0) {
@@ -160,4 +173,29 @@ public String supportProtocol() {
private void validateParams(Metrics metrics) {

}

public SSLContext createIgnoreVerifySslContext() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sc = SSLContext.getInstance("TLS");
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}

@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};

sc.init(null, new TrustManager[]{trustManager}, null);
return sc;
}
}
12 changes: 12 additions & 0 deletions manager/src/main/resources/define/app-ssl_cert.yml
Original file line number Diff line number Diff line change
@@ -56,6 +56,17 @@ params:
# default value
defaultValue: 443
# field-param field key
- field: verify
# name-param field display i18n name
name:
zh-CN: 校验证书
en-US: verify
# When the type is boolean, the frontend will display a switch for it.
type: boolean
defaultValue: true
# required-true or false
required: false
# field-param field key
- field: uri
# name-param field display i18n name
name:
@@ -140,3 +151,4 @@ metrics:
host: ^_^host^_^
port: ^_^port^_^
url: ^_^uri^_^
ssl: ^_^verify^_^

0 comments on commit fd0e216

Please sign in to comment.