diff options
2 files changed, 35 insertions, 4 deletions
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java index f11e481d749..3f9825f2a36 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java @@ -73,6 +73,7 @@ public class ScannerWsClientProvider { public static final String SONAR_SCANNER_CONNECT_TIMEOUT = "sonar.scanner.connectTimeout"; public static final String SONAR_SCANNER_SOCKET_TIMEOUT = "sonar.scanner.socketTimeout"; public static final String SONAR_SCANNER_RESPONSE_TIMEOUT = "sonar.scanner.responseTimeout"; + public static final String SKIP_SYSTEM_TRUST_MATERIAL = "sonar.scanner.skipSystemTruststore"; @Bean("DefaultScannerWsClient") public DefaultScannerWsClient provide(ScannerProperties scannerProps, EnvironmentInformation env, GlobalAnalysisMode globalMode, @@ -87,7 +88,8 @@ public class ScannerWsClientProvider { String envVarToken = defaultIfBlank(system.envVariable(TOKEN_ENV_VARIABLE), null); String token = defaultIfBlank(scannerProps.property(TOKEN_PROPERTY), envVarToken); String login = defaultIfBlank(scannerProps.property(CoreProperties.LOGIN), token); - var sslContext = configureSsl(parseSslConfig(scannerProps, sonarUserHome), system); + boolean skipSystemTrustMaterial = Boolean.parseBoolean(defaultIfBlank(scannerProps.property(SKIP_SYSTEM_TRUST_MATERIAL), "false")); + var sslContext = configureSsl(parseSslConfig(scannerProps, sonarUserHome), system, skipSystemTrustMaterial); connectorBuilder .readTimeoutMilliseconds(parseDurationProperty(socketTimeout, SONAR_SCANNER_SOCKET_TIMEOUT)) .connectTimeoutMilliseconds(parseDurationProperty(connectTimeout, SONAR_SCANNER_CONNECT_TIMEOUT)) @@ -147,10 +149,14 @@ public class ScannerWsClientProvider { return new SslConfig(keyStore, trustStore); } - private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2) { + private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2, boolean skipSystemTrustMaterial) { var sslFactoryBuilder = SSLFactory.builder() - .withDefaultTrustMaterial() - .withSystemTrustMaterial(); + .withDefaultTrustMaterial(); + if (!skipSystemTrustMaterial) { + LOG.debug("Loading OS trusted SSL certificates..."); + LOG.debug("This operation might be slow or even get stuck. You can skip it by passing the scanner property '{}=true'", SKIP_SYSTEM_TRUST_MATERIAL); + sslFactoryBuilder.withSystemTrustMaterial(); + } if (system2.properties().containsKey("javax.net.ssl.keyStore")) { sslFactoryBuilder.withSystemPropertyDerivedIdentityMaterial(); } diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java index b041be11fbb..63a52e51cd7 100644 --- a/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java +++ b/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java @@ -42,7 +42,9 @@ import org.junit.jupiter.api.io.TempDir; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.CsvSource; import org.junitpioneer.jupiter.RestoreSystemProperties; +import org.slf4j.event.Level; import org.sonar.api.notifications.AnalysisWarnings; +import org.sonar.api.testfixtures.log.LogTesterJUnit5; import org.sonar.api.utils.System2; import org.sonar.batch.bootstrapper.EnvironmentInformation; import org.sonar.scanner.bootstrap.GlobalAnalysisMode; @@ -72,6 +74,10 @@ class ScannerWsClientProviderTest { private static final GlobalAnalysisMode GLOBAL_ANALYSIS_MODE = new GlobalAnalysisMode(new ScannerProperties(Collections.emptyMap())); private static final AnalysisWarnings ANALYSIS_WARNINGS = warning -> { }; + + @RegisterExtension + private LogTesterJUnit5 logTester = new LogTesterJUnit5(); + private SonarUserHome sonarUserHome = mock(SonarUserHome.class); private final Map<String, String> scannerProps = new HashMap<>(); @@ -114,6 +120,25 @@ class ScannerWsClientProviderTest { assertThat(httpConnector.okHttpClient().proxy()).isNull(); } + @Test + void should_load_os_certificates_by_default() { + logTester.setLevel(Level.DEBUG); + + underTest.provide(new ScannerProperties(scannerProps), env, GLOBAL_ANALYSIS_MODE, system2, ANALYSIS_WARNINGS, sonarUserHome); + + assertThat(logTester.logs(Level.DEBUG)).contains("Loading OS trusted SSL certificates..."); + } + + @Test + void should_skip_load_of_os_certificates_if_props_set() { + logTester.setLevel(Level.DEBUG); + scannerProps.put("sonar.scanner.skipSystemTruststore", "true"); + + underTest.provide(new ScannerProperties(scannerProps), env, GLOBAL_ANALYSIS_MODE, system2, ANALYSIS_WARNINGS, sonarUserHome); + + assertThat(logTester.logs(Level.DEBUG)).doesNotContain("Loading OS trusted SSL certificates..."); + } + @ParameterizedTest @CsvSource({ "keystore_changeit.p12, wrong, false", |