aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java14
-rw-r--r--sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java25
2 files changed, 35 insertions, 4 deletions
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
index f11e481d749..3f9825f2a36 100644
--- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
@@ -73,6 +73,7 @@ public class ScannerWsClientProvider {
public static final String SONAR_SCANNER_CONNECT_TIMEOUT = "sonar.scanner.connectTimeout";
public static final String SONAR_SCANNER_SOCKET_TIMEOUT = "sonar.scanner.socketTimeout";
public static final String SONAR_SCANNER_RESPONSE_TIMEOUT = "sonar.scanner.responseTimeout";
+ public static final String SKIP_SYSTEM_TRUST_MATERIAL = "sonar.scanner.skipSystemTruststore";
@Bean("DefaultScannerWsClient")
public DefaultScannerWsClient provide(ScannerProperties scannerProps, EnvironmentInformation env, GlobalAnalysisMode globalMode,
@@ -87,7 +88,8 @@ public class ScannerWsClientProvider {
String envVarToken = defaultIfBlank(system.envVariable(TOKEN_ENV_VARIABLE), null);
String token = defaultIfBlank(scannerProps.property(TOKEN_PROPERTY), envVarToken);
String login = defaultIfBlank(scannerProps.property(CoreProperties.LOGIN), token);
- var sslContext = configureSsl(parseSslConfig(scannerProps, sonarUserHome), system);
+ boolean skipSystemTrustMaterial = Boolean.parseBoolean(defaultIfBlank(scannerProps.property(SKIP_SYSTEM_TRUST_MATERIAL), "false"));
+ var sslContext = configureSsl(parseSslConfig(scannerProps, sonarUserHome), system, skipSystemTrustMaterial);
connectorBuilder
.readTimeoutMilliseconds(parseDurationProperty(socketTimeout, SONAR_SCANNER_SOCKET_TIMEOUT))
.connectTimeoutMilliseconds(parseDurationProperty(connectTimeout, SONAR_SCANNER_CONNECT_TIMEOUT))
@@ -147,10 +149,14 @@ public class ScannerWsClientProvider {
return new SslConfig(keyStore, trustStore);
}
- private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2) {
+ private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2, boolean skipSystemTrustMaterial) {
var sslFactoryBuilder = SSLFactory.builder()
- .withDefaultTrustMaterial()
- .withSystemTrustMaterial();
+ .withDefaultTrustMaterial();
+ if (!skipSystemTrustMaterial) {
+ LOG.debug("Loading OS trusted SSL certificates...");
+ LOG.debug("This operation might be slow or even get stuck. You can skip it by passing the scanner property '{}=true'", SKIP_SYSTEM_TRUST_MATERIAL);
+ sslFactoryBuilder.withSystemTrustMaterial();
+ }
if (system2.properties().containsKey("javax.net.ssl.keyStore")) {
sslFactoryBuilder.withSystemPropertyDerivedIdentityMaterial();
}
diff --git a/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java b/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java
index b041be11fbb..63a52e51cd7 100644
--- a/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java
+++ b/sonar-scanner-engine/src/test/java/org/sonar/scanner/http/ScannerWsClientProviderTest.java
@@ -42,7 +42,9 @@ import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;
import org.junitpioneer.jupiter.RestoreSystemProperties;
+import org.slf4j.event.Level;
import org.sonar.api.notifications.AnalysisWarnings;
+import org.sonar.api.testfixtures.log.LogTesterJUnit5;
import org.sonar.api.utils.System2;
import org.sonar.batch.bootstrapper.EnvironmentInformation;
import org.sonar.scanner.bootstrap.GlobalAnalysisMode;
@@ -72,6 +74,10 @@ class ScannerWsClientProviderTest {
private static final GlobalAnalysisMode GLOBAL_ANALYSIS_MODE = new GlobalAnalysisMode(new ScannerProperties(Collections.emptyMap()));
private static final AnalysisWarnings ANALYSIS_WARNINGS = warning -> {
};
+
+ @RegisterExtension
+ private LogTesterJUnit5 logTester = new LogTesterJUnit5();
+
private SonarUserHome sonarUserHome = mock(SonarUserHome.class);
private final Map<String, String> scannerProps = new HashMap<>();
@@ -114,6 +120,25 @@ class ScannerWsClientProviderTest {
assertThat(httpConnector.okHttpClient().proxy()).isNull();
}
+ @Test
+ void should_load_os_certificates_by_default() {
+ logTester.setLevel(Level.DEBUG);
+
+ underTest.provide(new ScannerProperties(scannerProps), env, GLOBAL_ANALYSIS_MODE, system2, ANALYSIS_WARNINGS, sonarUserHome);
+
+ assertThat(logTester.logs(Level.DEBUG)).contains("Loading OS trusted SSL certificates...");
+ }
+
+ @Test
+ void should_skip_load_of_os_certificates_if_props_set() {
+ logTester.setLevel(Level.DEBUG);
+ scannerProps.put("sonar.scanner.skipSystemTruststore", "true");
+
+ underTest.provide(new ScannerProperties(scannerProps), env, GLOBAL_ANALYSIS_MODE, system2, ANALYSIS_WARNINGS, sonarUserHome);
+
+ assertThat(logTester.logs(Level.DEBUG)).doesNotContain("Loading OS trusted SSL certificates...");
+ }
+
@ParameterizedTest
@CsvSource({
"keystore_changeit.p12, wrong, false",