Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow disabling HTTPs cert validation of JNLP endpoint when starting Remoting from Main #210

Merged
merged 6 commits into from
Nov 20, 2017
Merged

Allow disabling HTTPs cert validation of JNLP endpoint when starting Remoting from Main #210

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
833838a
Add insecure flag to allow bypassing SSL hostname verification and ce…
MattLud Oct 20, 2017
328a766
Refactor the implementation and reuse old code created by @stephenc
oleg-nenashev Nov 3, 2017
db10434
Merge branch 'master' into feature/insecure-flag
oleg-nenashev Nov 10, 2017
9e2e1a9
Refactor the HTTPs check kill switch in JnlpAgentEndpointResolver
oleg-nenashev Nov 10, 2017
2a8f663
Merge commit 'db10434ee86120657b2f3a27beb7acfab6d3a387' into feature/…
oleg-nenashev Nov 10, 2017
77621ec
Launcher: Modify comment about -noCertificateCheck usage for JNLP arg…
oleg-nenashev Nov 20, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 24 additions & 9 deletions src/main/java/hudson/remoting/Engine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,11 @@
*/
package hudson.remoting;

import edu.umd.cs.findbugs.annotations.Nullable;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.remoting.Channel.Mode;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.net.Socket;
import java.net.URL;
import java.nio.file.Path;
Expand Down Expand Up @@ -134,7 +130,6 @@ public void run() {
*/
@CheckForNull
private URL hudsonUrl;

private final String secretKey;
public final String slaveName;
private String credentials;
Expand All @@ -145,6 +140,8 @@ public void run() {
*/
private String tunnel;

private boolean disableHttpsCertValidation;

private boolean noReconnect;

/**
Expand All @@ -153,9 +150,6 @@ public void run() {
* @since 2.62.1
*/
private boolean keepAlive = true;




@CheckForNull
private JarCache jarCache = null;
Expand Down Expand Up @@ -327,6 +321,26 @@ public void setNoReconnect(boolean noReconnect) {
this.noReconnect = noReconnect;
}

/**
* Determines if JNLPAgentEndpointResolver will not perform certificate validation in the HTTPs mode.
*
* @return {@code true} if the certificate validation is disabled.
* @since TODO
*/
public boolean isDisableHttpsCertValidation() {
return disableHttpsCertValidation;
}

/**
* Sets if JNLPAgentEndpointResolver will not perform certificate validation in the HTTPs mode.
*
* @param disableHttpsCertValidation {@code true} if the certificate validation is disabled.
* @since TODO
*/
public void setDisableHttpsCertValidation(boolean disableHttpsCertValidation) {
this.disableHttpsCertValidation = disableHttpsCertValidation;
}

/**
* Sets the destination for agent logs.
* @param agentLog Path to the agent log.
Expand Down Expand Up @@ -482,6 +496,7 @@ private void innerRun(IOHub hub, SSLContext context, ExecutorService service) {
resolver.setTunnel(tunnel);
try {
resolver.setSslSocketFactory(getSSLSocketFactory());
resolver.setDisableHttpsCertValidation(disableHttpsCertValidation);
} catch (Exception e) {
events.error(e);
}
Expand Down Expand Up @@ -809,8 +824,8 @@ private SSLSocketFactory getSSLSocketFactory()
trustManagerFactory.init(keyStore);
// prepare the SSL context
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, trustManagerFactory.getTrustManagers(), null);
// now we have our custom socket factory
ctx.init(null, trustManagerFactory.getTrustManagers(), null);
sslSocketFactory = ctx.getSocketFactory();
}
return sslSocketFactory;
Expand Down
36 changes: 16 additions & 20 deletions src/main/java/hudson/remoting/Launcher.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@

import org.jenkinsci.remoting.engine.WorkDirManager;
import org.jenkinsci.remoting.util.IOUtils;
import org.jenkinsci.remoting.util.https.NoCheckHostnameVerifier;
import org.jenkinsci.remoting.util.https.NoCheckTrustManager;
import org.jenkinsci.remoting.util.PathUtils;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
Expand Down Expand Up @@ -189,6 +191,12 @@ public void addClasspath(String pathList) throws Exception {
"certificate file to read.", forbids = "-noCertificateCheck")
public List<String> candidateCertificates;

/**
* Disables HTTPs Certificate validation of the server when using {@link org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver}.
* This option is managed by the {@code -noCertificateCheck} option.
*/
private boolean noCertificateCheck = false;

public InetSocketAddress connectionTarget = null;

@Option(name="-connectTo",usage="make a TCP connection to the given host and port, then start communication.",metaVar="HOST:PORT")
Expand All @@ -210,15 +218,13 @@ public void setConnectTo(String target) {
@Option(name="-noCertificateCheck", forbids = "-cert")
public void setNoCertificateCheck(boolean ignored) throws NoSuchAlgorithmException, KeyManagementException {
System.out.println("Skipping HTTPS certificate checks altogether. Note that this is not secure at all.");

this.noCertificateCheck = true;
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[]{new NoCheckTrustManager()}, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
// bypass host name check, too.
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
HttpsURLConnection.setDefaultHostnameVerifier(new NoCheckHostnameVerifier());
}

@Option(name="-noReconnect",usage="Doesn't try to reconnect when a communication fail, and exit instead")
Expand Down Expand Up @@ -345,6 +351,11 @@ public void run() throws Exception {
jnlpArgs.add(c);
}
}
if (noCertificateCheck) {
// Generally it is not required since the default settings have been changed anyway.
// But we set it up just in case there are overrides somewhere in the logic
jnlpArgs.add("-disableHttpsCertValidation");
}
try {
hudson.remoting.jnlp.Main._main(jnlpArgs.toArray(new String[jnlpArgs.size()]));
} catch (CmdLineException e) {
Expand Down Expand Up @@ -766,21 +777,6 @@ protected void onDead(Throwable cause) {
System.err.println("channel stopped");
}

/**
* {@link X509TrustManager} that performs no check at all.
*/
private static class NoCheckTrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}

public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}

public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}

public static boolean isWindows() {
return File.pathSeparatorChar==';';
}
Expand Down
20 changes: 18 additions & 2 deletions src/main/java/hudson/remoting/jnlp/Main.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
import hudson.remoting.FileSystemJarCache;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
Expand All @@ -45,14 +44,15 @@
import java.util.logging.Logger;
import java.util.logging.Level;
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.WARNING;

import java.util.List;
import java.util.ArrayList;
import java.net.URL;
import java.io.IOException;

import hudson.remoting.Engine;
import hudson.remoting.EngineListener;
import java.nio.file.Path;

import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
Expand Down Expand Up @@ -103,6 +103,16 @@ public class Main {
"certificate file to read.")
public List<String> candidateCertificates;

/**
* Disables HTTPs Certificate validation of the server when using {@link org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver}.
*
* This option is not recommended for production use.
* @since TODO
*/
@Option(name="-disableHttpsCertValidation",
usage="Ignore SSL validation errors - use as a last resort only.")
public boolean disableHttpsCertValidation = false;

/**
* Specifies a destination for error logs.
* If specified, this option overrides the default destination within {@link #workDir}.
Expand Down Expand Up @@ -243,6 +253,12 @@ public Engine createEngine() {
engine.setJarCache(new FileSystemJarCache(jarCache,true));
engine.setNoReconnect(noReconnect);
engine.setKeepAlive(!noKeepAlive);

if (disableHttpsCertValidation) {
LOGGER.log(WARNING, "Certificate validation for HTTPs endpoints is disabled");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could be nice to make the rest of the calls also consistent. In that class there are currently 3 ways to create logs : LOGGER.fine(...), LOGGER.log(INFO,..., and LOGGER.log(Level.WARNING,...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's do refactoring as a follow-up

}
engine.setDisableHttpsCertValidation(disableHttpsCertValidation);


// TODO: ideally logging should be initialized before the "Setting up slave" entry
if (agentLog != null) {
Expand Down
64 changes: 58 additions & 6 deletions src/main/java/org/jenkinsci/remoting/engine/JnlpAgentEndpointResolver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@
package org.jenkinsci.remoting.engine;

import hudson.remoting.Base64;
import org.jenkinsci.remoting.util.https.NoCheckHostnameVerifier;
import org.jenkinsci.remoting.util.https.NoCheckTrustManager;

import java.io.IOException;
import java.net.ConnectException;
import java.net.HttpURLConnection;
Expand All @@ -38,7 +41,9 @@
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
Expand All @@ -58,6 +63,9 @@
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

import static java.util.logging.Level.INFO;
import static org.jenkinsci.remoting.util.ThrowableUtils.chain;

Expand All @@ -80,6 +88,8 @@ public class JnlpAgentEndpointResolver {

private String tunnel;

private boolean disableHttpsCertValidation;

/**
* If specified, only the protocols from the list will be tried during the connection.
* The option provides protocol names, but the order of the check is defined internally and cannot be changed.
Expand Down Expand Up @@ -137,6 +147,27 @@ public void setTunnel(String tunnel) {
this.tunnel = tunnel;
}

/**
* Determine if certificate checking should be ignored for JNLP endpoint
*
* @return {@code true} if the HTTPs certificate is disabled, endpoint check is ignored
*/

public boolean isDisableHttpsCertValidation() {
return disableHttpsCertValidation;
}

/**
* Sets if the HTTPs certificate check should be disabled.
*
* This behavior is no recommended.
* @param disableHttpsCertValidation
* @since TODO
*/
public void setDisableHttpsCertValidation(boolean disableHttpsCertValidation) {
this.disableHttpsCertValidation = disableHttpsCertValidation;
}

@CheckForNull
public JnlpAgentEndpoint resolve() throws IOException {
IOException firstError = null;
Expand All @@ -157,7 +188,7 @@ public JnlpAgentEndpoint resolve() throws IOException {

// find out the TCP port
HttpURLConnection con =
(HttpURLConnection) openURLConnection(salURL, credentials, proxyCredentials, sslSocketFactory);
(HttpURLConnection) openURLConnection(salURL, credentials, proxyCredentials, sslSocketFactory, disableHttpsCertValidation);
try {
try {
con.setConnectTimeout(30000);
Expand Down Expand Up @@ -314,7 +345,7 @@ public void waitForReady() throws InterruptedException {
t.setName(oldName + ": trying " + url + " for " + retries + " times");

HttpURLConnection con =
(HttpURLConnection) openURLConnection(url, credentials, proxyCredentials, sslSocketFactory);
(HttpURLConnection) openURLConnection(url, credentials, proxyCredentials, sslSocketFactory, disableHttpsCertValidation);
con.setConnectTimeout(5000);
con.setReadTimeout(5000);
con.connect();
Expand All @@ -335,7 +366,6 @@ public void waitForReady() throws InterruptedException {
} finally {
t.setName(oldName);
}

}

@CheckForNull
Expand Down Expand Up @@ -382,7 +412,7 @@ static InetSocketAddress getResolvedHttpProxyAddress(@Nonnull String host, int p
* Credentials can be passed e.g. to support running Jenkins behind a (reverse) proxy requiring authorization
*/
static URLConnection openURLConnection(URL url, String credentials, String proxyCredentials,
SSLSocketFactory sslSocketFactory) throws IOException {
SSLSocketFactory sslSocketFactory, boolean disableHttpsCertValidation) throws IOException {
String httpProxy = null;
// If http.proxyHost property exists, openConnection() uses it.
if (System.getProperty("http.proxyHost") == null) {
Expand Down Expand Up @@ -411,8 +441,30 @@ static URLConnection openURLConnection(URL url, String credentials, String proxy
String encoding = Base64.encode(proxyCredentials.getBytes("UTF-8"));
con.setRequestProperty("Proxy-Authorization", "Basic " + encoding);
}
if (con instanceof HttpsURLConnection && sslSocketFactory != null) {
((HttpsURLConnection) con).setSSLSocketFactory(sslSocketFactory);

if (con instanceof HttpsURLConnection) {
final HttpsURLConnection httpsConnection = (HttpsURLConnection) con;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the final does not add value here

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It prevents somebody from modifying a field in the logic just in case

if (disableHttpsCertValidation) {
System.err.println("Warning: HTTPs certificate check is disabled for the endpoint");

try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[]{new NoCheckTrustManager()}, new SecureRandom());
sslSocketFactory = ctx.getSocketFactory();

httpsConnection.setHostnameVerifier(new NoCheckHostnameVerifier());
httpsConnection.setSSLSocketFactory(sslSocketFactory);
} catch (KeyManagementException | NoSuchAlgorithmException ex) {
// We could just suppress it, but the exception will unlikely happen.
// So let's just propagate the error and fail the resolution
throw new IOException("Cannot initialize the insecure HTTPs mode", ex);
}

} else if (sslSocketFactory != null) {
httpsConnection.setSSLSocketFactory(sslSocketFactory);
//FIXME: Is it really required in this path? Seems like a bug
httpsConnection.setHostnameVerifier(new NoCheckHostnameVerifier());
}
}
return con;
}
Expand Down
45 changes: 45 additions & 0 deletions src/main/java/org/jenkinsci/remoting/util/https/NoCheckHostnameVerifier.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
/*
*
* The MIT License
*
* Copyright (c) 2017 CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*/

package org.jenkinsci.remoting.util.https;

import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

/**
* Hostname verifier, which accepts any hostname.
*/
@Restricted(NoExternalUse.class)
public class NoCheckHostnameVerifier implements HostnameVerifier {

@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
Loading