From 5bf3e8320b4a341c2b47406dd1ca4772aa046b72 Mon Sep 17 00:00:00 2001 From: Sébastien Lesaint Date: Mon, 4 Apr 2016 15:49:25 +0200 Subject: SONAR-7498 OkHttpClient doesn't use ssl socket factory by default since we didn't set it for Java 8, SSL connections opened with OkHttpClient under Java 8 didn't have any of the SSL parameters --- .../java/org/sonarqube/ws/client/HttpConnector.java | 20 +++++++++++++++----- .../org/sonarqube/ws/client/HttpConnectorTest.java | 4 ++-- 2 files changed, 17 insertions(+), 7 deletions(-) (limited to 'sonar-ws') diff --git a/sonar-ws/src/main/java/org/sonarqube/ws/client/HttpConnector.java b/sonar-ws/src/main/java/org/sonarqube/ws/client/HttpConnector.java index d8cf31b5c5c..4c0917f751c 100644 --- a/sonar-ws/src/main/java/org/sonarqube/ws/client/HttpConnector.java +++ b/sonar-ws/src/main/java/org/sonarqube/ws/client/HttpConnector.java @@ -97,6 +97,19 @@ public class HttpConnector implements WsConnector { .supportsTlsExtensions(true) .build(); this.okHttpClient.setConnectionSpecs(asList(tls, ConnectionSpec.CLEARTEXT)); + this.okHttpClient.setSslSocketFactory(createSslSocketFactory(javaVersion)); + } + + private static SSLSocketFactory createSslSocketFactory(JavaVersion javaVersion) { + try { + SSLSocketFactory sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + return enableTls12InJava7(sslSocketFactory, javaVersion); + } catch (Exception e) { + throw new IllegalStateException("Fail to init TLS context", e); + } + } + + private static SSLSocketFactory enableTls12InJava7(SSLSocketFactory sslSocketFactory, JavaVersion javaVersion) { if (javaVersion.isJava7()) { // OkHttp executes SSLContext.getInstance("TLS") by default (see // https://github.com/square/okhttp/blob/c358656/okhttp/src/main/java/com/squareup/okhttp/OkHttpClient.java#L616) @@ -104,12 +117,9 @@ public class HttpConnector implements WsConnector { // in order to support all versions from 1.0 to 1.2. // Note that this is not overridden for Java 8 as TLS 1.2 is enabled by default. // Keeping getInstance("TLS") allows to support potential future versions of TLS on Java 8. - try { - this.okHttpClient.setSslSocketFactory(new Tls12Java7SocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault())); - } catch (Exception e) { - throw new IllegalStateException("Fail to init TLS context", e); - } + return new Tls12Java7SocketFactory(sslSocketFactory); } + return sslSocketFactory; } @Override diff --git a/sonar-ws/src/test/java/org/sonarqube/ws/client/HttpConnectorTest.java b/sonar-ws/src/test/java/org/sonarqube/ws/client/HttpConnectorTest.java index ed8b8d001e6..a18407bd28b 100644 --- a/sonar-ws/src/test/java/org/sonarqube/ws/client/HttpConnectorTest.java +++ b/sonar-ws/src/test/java/org/sonarqube/ws/client/HttpConnectorTest.java @@ -25,6 +25,7 @@ import com.squareup.okhttp.mockwebserver.MockWebServer; import com.squareup.okhttp.mockwebserver.RecordedRequest; import java.io.File; import java.util.List; +import javax.net.ssl.SSLSocketFactory; import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringUtils; @@ -281,8 +282,7 @@ public class HttpConnectorTest { HttpConnector underTest = new HttpConnector.Builder().url(serverUrl).build(javaVersion); assertTlsAndClearTextSpecifications(underTest); - // do not override the default TLS context provided by java 8 - assertThat(underTest.okHttpClient().getSslSocketFactory()).isNull(); + assertThat(underTest.okHttpClient().getSslSocketFactory()).isInstanceOf(SSLSocketFactory.getDefault().getClass()); } private void assertTlsAndClearTextSpecifications(HttpConnector underTest) { -- cgit v1.2.3