Supporting communication with servers who has a self-signed certificate

已回答
Avatar
Permanently deleted user
创建于

Hi,

My plugin communicates with some servers (configured by the users) who use self-signed certificates. How can I enable them to communicate with those servers over https? Important to say that those would be development servers and information passing won't be sensitive. 

I tried adding the certificate to the Pycharm (Tools -> server certificates) and also checking the "Accept non-trusted certificates automatically" but that didn't help.

The code I use for making the requests:

import org.apache.http.HttpEntity;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.HttpHostConnectException;
import org.apache.http.entity.StringEntity;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.entity.mime.content.FileBody;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;

public class RESTClient {
    public String executeHttpRequest(CloseableHttpClient httpClient, HttpUriRequest request) {
        try {
            CloseableHttpResponse response = httpClient.execute(request);
            try {
                HttpEntity resEntity = response.getEntity();
                Integer statusCode = response.getStatusLine().getStatusCode();
                if (statusCode.equals(200)) {
                    return EntityUtils.toString(resEntity, StandardCharsets.UTF_8);
                } else if (statusCode.equals(403)) {
                    LOG.info("Encountered error while sending a request to ,\nplease check your API key. Status code 403 - Forbidden");
                } else if (statusCode.equals(400)) {
                    LOG.info("Encountered error while sending a request. Status code 400");
                } else if (resEntity != null) {
                    LOG.error("Encountered error while sending a request to . Status code " + statusCode.toString());
                }
                EntityUtils.consume(resEntity);
            } finally {
                response.close();
            }

        } catch (HttpHostConnectException e) {
            LOG.info("Encountered error while sending a request to , error message was: " + e.getMessage());
        } catch (ClientProtocolException e) {
            LOG.info("Encountered error while sending a request to , error message was: " + e.getMessage());
        } catch (IOException e2) {
            LOG.info("Encountered error while sending a request to , error message was: " + e2.getMessage());
        }
        return "";
    }

    public String sendPostRequest(String serverUrl, String apiKey, String params, String endpointPath, String filePath) {
        CloseableHttpClient httpClient = getHttpClient();
        try {
            String dest = serverUrl + endpointPath;
            HttpPost httppost = new HttpPost(dest);
            httppost.setHeader("Authorization", apiKey);
            httppost.addHeader("Accept", "application/json");

            if (stringIsNotEmptyOrNull(filePath)) {
                LOG.info("Sending POST request. File path is: " + params);
                FileBody bin = new FileBody(new File(filePath));
                    httppost.setEntity(MultipartEntityBuilder.create()
                            .addPart("file", bin)
                            .build());
            } else {
                LOG.info("Sending POST request. Params are: " + params);
                httppost.addHeader("content-type", "application/json");
                httppost.setEntity(new StringEntity(params));
            }

            return executeHttpRequest(httpClient, httppost);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            LOG.error("Encountered UnsupportedEncodingException while making request to , error message was: " + e.getMessage());
        } finally {
            try {
                httpClient.close();
            } catch (IOException e1) {
                LOG.error("Encountered error while closing connection with , error message was: " + e1.getMessage());
            }
        }
        return "";
    }

    public String sendGetRequest(String serverUrl, String apiKey, String params, String endpointPath) {
        CloseableHttpClient httpClient = getHttpClient();
        try {
            String dest = serverUrl + endpointPath;
            HttpGet httpGet = new HttpGet(dest);
            httpGet.setHeader("Authorization", apiKey);
            httpGet.addHeader("Accept", "application/json");
            return executeHttpRequest(httpClient, httpGet);
        } finally {
            try {
                httpClient.close();
            } catch (IOException e1) {
                LOG.error("Encountered error while closing connection, error message was: " + e1.getMessage());
            }
        }
    }

    public CloseableHttpClient getHttpClient() {
        CloseableHttpClient httpClient = HttpClients.createDefault();;
        return httpClient;
    }
}

Votes

0

分享

10 条评论
Avatar
Yann Cebron
创建于

If you use builtin com.intellij.util.io.HttpRequests, certificates defined in IDE will be taken into account automatically.

0
Avatar
Permanently deleted user
创建于

Hi Yann,

Thank you for the quick response. I'm checking that API, how can I add a JSON body to a POST request there? 
HttpClient4 example for what I want to do:
```

public void whenPostJsonUsingHttpClient_thenCorrect()
  throws ClientProtocolException, IOException {
    CloseableHttpClient client = HttpClients.createDefault();
    HttpPost httpPost = new HttpPost("http://www.example.com");
 
    String json = "{"id":1,"name":"John"}";
    StringEntity entity = new StringEntity(json);
    httpPost.setEntity(entity);
    CloseableHttpResponse response = client.execute(httpPost);
    assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
    client.close();
}
```
0
Avatar
Yann Cebron
创建于

Something along this pattern:

HttpRequests.post(url, "application/json")...connect( r -> r.write(jsonString) )

0
Avatar
Permanently deleted user
创建于

Hi Yann,

I still get an SSL error when using your library. This happens both when I upload the certificate to Pycharm or check the "Allow any certificate"

My code:

import com.intellij.util.io.HttpRequests;

String dest = serverUrl + endpointPath;
HttpRequests.post(dest, JSON_CONTENT_TYPE)
.tuner(connection -> connection.addRequestProperty(AUTHORIZATION_HEADER_NAME, apiKey))
.connect(r -> {
r.write(params);
return r.readString();
});
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching aaa.compute.amazonaws.com found
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        at com.intellij.util.io.HttpRequests$Request.write(HttpRequests.java:117)
        at com.intellij.util.io.HttpRequests$Request.write(HttpRequests.java:111)
        at com.plugin.ide.RESTClient.lambda$sendPostRequest$1(RESTClient.java:164)
        at com.intellij.util.io.HttpRequests.doProcess(HttpRequests.java:523)
        at com.intellij.util.io.HttpRequests.process(HttpRequests.java:499)
        at com.intellij.util.io.HttpRequests.access$100(HttpRequests.java:59)
        at com.intellij.util.io.HttpRequests$RequestBuilderImpl.connect(HttpRequests.java:352)
        at com.plugin.ide.RESTClient.sendPostRequest(RESTClient.java:163)
        at com.plugin.ide.RESTClient.getPlaygroundInvestigationID(RESTClient.java:75)
        at com.plugin.ide.RESTClient.<init>(RESTClient.java:52)
        at com.plugin.ide.plugin_settings_setup.SetupGUI$2.doInBackground(SetupGUI.java:147)
        at com.plugin.ide.plugin_settings_setup.SetupGUI$2.doInBackground(SetupGUI.java:137)
        at javax.swing.SwingWorker$1.call(SwingWorker.java:295)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at javax.swing.SwingWorker.run(SwingWorker.java:334)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
        Caused by: java.security.cert.CertificateException: No name matching aaa.compute.amazonaws.com found
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1019)
        at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:986)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
        ... 30 more

 

0
Avatar
Permanently deleted user
创建于

Can anyone assist with this, please? It is of high importance for us and would be really appreciated 

0
Avatar
Mikhail Golubev
创建于

Hi there,

 

Actually you can use any HTTP library you prefer but you need to set the SSL context in use to

CertificateManager.getInstance().getSslContext()

according to their API.

For instance, in case of Apache HttpClient 4.x it means constructing an HttpClient instance with a builder:

HttpClients.custom()
  .setSSLContext(CertificateManager.getInstance().getSslContext())
  // Other necessary initialization
  .build();
1
Avatar
Mikhail Golubev
创建于

Also, according to the given stacktrace the error happens on hostname validation step that we don't intercept at the moment. Most likely it indicates some problem with the certificate you use.

If you're sure that everything is ok or don't have control other this certificate, you can still fallback to:

.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)

in this specific HttpClient builder to skip this step altogether.

 

1
Avatar
Permanently deleted user
创建于

Mikhail, thank you for your answer, I will try it. How can I use the proxy that the user defines in PyCharm?

0
Avatar
Yann Cebron
创建于

com.intellij.util.proxy.CommonProxy, see usage in com.intellij.util.net.HttpConfigurable#openConnection

0
Avatar
Mikhail Golubev
创建于

You can propagate all the proxy configuration from IDE settings to an HttpClient instance with:

CredentialsProvider provider = new BasicCredentialsProvider();
IdeHttpClientHelpers.ApacheHttpClient4.setProxyCredentialsForUrlIfEnabled(provider, url);

RequestConfig.Builder config = RequestConfig.custom();
IdeHttpClientHelpers.ApacheHttpClient4.setProxyForUrlIfEnabled(config, url);
RequestConfig requestConfig = config.build();

HttpClientBuilder builder = HttpClients.custom()
  // Other initialization
  .setDefaultRequestConfig(requestConfig)
  .setDefaultCredentialsProvider(provider)
  .build();
1

请先登录再写评论。