diff options
| author | Julien HENRY <julien.henry@sonarsource.com> | 2024-11-27 10:48:57 +0100 |
|---|---|---|
| committer | sonartech <sonartech@sonarsource.com> | 2024-11-27 20:02:57 +0000 |
| commit | 67779bbfb3c304bdfd658accc0b4e05c5511ce7b (patch) | |
| tree | f70305dd22b9279de13173dd185e1e3062997641 /sonar-scanner-engine/src/main/java/org/sonar | |
| parent | 06c1c1193c492979b84a985403ca67c3d70c4ce6 (diff) | |
| download | sonarqube-67779bbfb3c304bdfd658accc0b4e05c5511ce7b.tar.gz sonarqube-67779bbfb3c304bdfd658accc0b4e05c5511ce7b.zip | |
SONAR-23774 Add a scanner property to disable loading of OS-level SSL certificates
Diffstat (limited to 'sonar-scanner-engine/src/main/java/org/sonar')
| -rw-r--r-- | sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java index f11e481d749..3f9825f2a36 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java @@ -73,6 +73,7 @@ public class ScannerWsClientProvider { public static final String SONAR_SCANNER_CONNECT_TIMEOUT = "sonar.scanner.connectTimeout"; public static final String SONAR_SCANNER_SOCKET_TIMEOUT = "sonar.scanner.socketTimeout"; public static final String SONAR_SCANNER_RESPONSE_TIMEOUT = "sonar.scanner.responseTimeout"; + public static final String SKIP_SYSTEM_TRUST_MATERIAL = "sonar.scanner.skipSystemTruststore"; @Bean("DefaultScannerWsClient") public DefaultScannerWsClient provide(ScannerProperties scannerProps, EnvironmentInformation env, GlobalAnalysisMode globalMode, @@ -87,7 +88,8 @@ public class ScannerWsClientProvider { String envVarToken = defaultIfBlank(system.envVariable(TOKEN_ENV_VARIABLE), null); String token = defaultIfBlank(scannerProps.property(TOKEN_PROPERTY), envVarToken); String login = defaultIfBlank(scannerProps.property(CoreProperties.LOGIN), token); - var sslContext = configureSsl(parseSslConfig(scannerProps, sonarUserHome), system); + boolean skipSystemTrustMaterial = Boolean.parseBoolean(defaultIfBlank(scannerProps.property(SKIP_SYSTEM_TRUST_MATERIAL), "false")); + var sslContext = configureSsl(parseSslConfig(scannerProps, sonarUserHome), system, skipSystemTrustMaterial); connectorBuilder .readTimeoutMilliseconds(parseDurationProperty(socketTimeout, SONAR_SCANNER_SOCKET_TIMEOUT)) .connectTimeoutMilliseconds(parseDurationProperty(connectTimeout, SONAR_SCANNER_CONNECT_TIMEOUT)) @@ -147,10 +149,14 @@ public class ScannerWsClientProvider { return new SslConfig(keyStore, trustStore); } - private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2) { + private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2, boolean skipSystemTrustMaterial) { var sslFactoryBuilder = SSLFactory.builder() - .withDefaultTrustMaterial() - .withSystemTrustMaterial(); + .withDefaultTrustMaterial(); + if (!skipSystemTrustMaterial) { + LOG.debug("Loading OS trusted SSL certificates..."); + LOG.debug("This operation might be slow or even get stuck. You can skip it by passing the scanner property '{}=true'", SKIP_SYSTEM_TRUST_MATERIAL); + sslFactoryBuilder.withSystemTrustMaterial(); + } if (system2.properties().containsKey("javax.net.ssl.keyStore")) { sslFactoryBuilder.withSystemPropertyDerivedIdentityMaterial(); } |