Revert "ninja: fixed ssl problem when downloading distribution from e…

…volveum servers." This reverts commit 69a1cd0.
Evolveum · Jan 28, 2024 · 2b4fd28 · 2b4fd28
1 parent 641878c
commit 2b4fd28
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 82 deletions.
diff --git a/...s/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/DistributionManager.java b/...s/ninja/src/main/java/com/evolveum/midpoint/ninja/action/upgrade/DistributionManager.java
@@ -7,23 +7,16 @@
 
 package com.evolveum.midpoint.ninja.action.upgrade;
 
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
 import org.apache.commons.io.FileUtils;
 import org.jetbrains.annotations.NotNull;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+
 /**
  * URL format: https://download.evolveum.com/midpoint/<VERSION>/midpoint-<VERSION_NUMBER>-dist.zip
  * VERSION can be: 3.4.1, ..., 4.7, latest
@@ -35,16 +28,13 @@ public class DistributionManager {
 
     public static final String LATEST_VERSION = "latest";
 
-    private final File tempDirectory;
-
-    private final boolean ignoreSslErrors;
+    private File tempDirectory;
 
-    public DistributionManager(@NotNull File tempDirectory, boolean ignoreSslErrors) {
+    public DistributionManager(@NotNull File tempDirectory) {
         this.tempDirectory = tempDirectory;
-        this.ignoreSslErrors = ignoreSslErrors;
     }
 
-    public File downloadDistribution(@NotNull String version, ProgressListener listener) throws IOException, NoSuchAlgorithmException, KeyManagementException {
+    public File downloadDistribution(@NotNull String version, ProgressListener listener) throws IOException {
         String distributionFile = createFileName(version);
 
         File file = new File(tempDirectory, System.currentTimeMillis() + "-" + distributionFile);
@@ -56,25 +46,14 @@ public File downloadDistribution(@NotNull String version, ProgressListener liste
                 .url(url)
                 .build();
 
-        OkHttpClient.Builder builder = new OkHttpClient.Builder()
+        OkHttpClient client = new OkHttpClient.Builder()
                 .addNetworkInterceptor(chain -> {
                     Response originalResponse = chain.proceed(chain.request());
                     return originalResponse.newBuilder()
                             .body(new ProgressResponseBody(originalResponse.body(), listener))
                             .build();
-                });
-
-        if (ignoreSslErrors) {
-            X509TrustManager tm = new EmptyTrustManager();
-            SSLContext sslContext = SSLContext.getInstance("TLS");
-            sslContext.init(null, new TrustManager[] { tm }, null);
-            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
-
-            builder.sslSocketFactory(sslSocketFactory, tm);
-            builder.hostnameVerifier((hostname, session) -> true);
-        }
-
-        OkHttpClient client = builder.build();
+                })
+                .build();
 
         try (Response response = client.newCall(request).execute()) {
             if (!response.isSuccessful()) {
@@ -93,22 +72,4 @@ public File downloadDistribution(@NotNull String version, ProgressListener liste
     private String createFileName(String versionNumber) {
         return "midpoint-" + versionNumber + "-dist.zip";
     }
-
-    private static final class EmptyTrustManager implements X509TrustManager {
-
-        @Override
-        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
-
-        }
-
-        @Override
-        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
-
-        }
-
-        @Override
-        public X509Certificate[] getAcceptedIssuers() {
-            return new X509Certificate[0];
-        }
-    }
 }
diff --git a/...in/java/com/evolveum/midpoint/ninja/action/upgrade/action/DownloadDistributionAction.java b/...in/java/com/evolveum/midpoint/ninja/action/upgrade/action/DownloadDistributionAction.java
@@ -8,16 +8,18 @@
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 
+import com.evolveum.midpoint.ninja.impl.NinjaApplicationContextLevel;
+
 import org.apache.commons.io.FileUtils;
 import org.fusesource.jansi.Ansi;
-import org.jetbrains.annotations.NotNull;
 
 import com.evolveum.midpoint.ninja.action.Action;
 import com.evolveum.midpoint.ninja.action.upgrade.ConsoleProgressListener;
 import com.evolveum.midpoint.ninja.action.upgrade.DistributionManager;
 import com.evolveum.midpoint.ninja.action.upgrade.ProgressListener;
 import com.evolveum.midpoint.ninja.impl.Log;
-import com.evolveum.midpoint.ninja.impl.NinjaApplicationContextLevel;
+
+import org.jetbrains.annotations.NotNull;
 
 public class DownloadDistributionAction extends Action<DownloadDistributionOptions, DownloadDistributionResult> {
 
@@ -45,7 +47,7 @@ public DownloadDistributionResult execute() throws Exception {
             }
             log.info("Downloading version: {}", version);
 
-            DistributionManager manager = new DistributionManager(tempDirectory, options.isIgnoreSslErrors());
+            DistributionManager manager = new DistributionManager(tempDirectory);
             ProgressListener listener = new ConsoleProgressListener(log);
             distributionZipFile = manager.downloadDistribution(version, listener);
         } else {

diff --git a/...n/java/com/evolveum/midpoint/ninja/action/upgrade/action/DownloadDistributionOptions.java b/...n/java/com/evolveum/midpoint/ninja/action/upgrade/action/DownloadDistributionOptions.java
@@ -16,8 +16,6 @@ public class DownloadDistributionOptions extends UpgradeCommonOptions {
     public static final String P_DISTRIBUTION_ARCHIVE = "--distribution-archive";
     public static final String P_DISTRIBUTION_DIRECTORY = "--distribution-directory";
 
-    public static final String P_IGNORE_SSL_ERRORS = "--ignore-ssl-errors";
-
     @Parameter(names = { P_DISTRIBUTION_ARCHIVE }, descriptionKey = "upgradeDistribution.distributionArchive")
     private File distributionArchive;
 
@@ -27,9 +25,6 @@ public class DownloadDistributionOptions extends UpgradeCommonOptions {
     @Parameter(names = { P_DISTRIBUTION_VERSION }, descriptionKey = "upgradeDistribution.distributionVersion")
     private String distributionVersion = UpgradeConstants.SUPPORTED_VERSION_TARGET;
 
-    @Parameter(names = { P_IGNORE_SSL_ERRORS }, descriptionKey = "upgradeDistribution.ignoreSslErrors")
-    private boolean ignoreSslErrors;
-
     public File getDistributionArchive() {
         return distributionArchive;
     }
@@ -53,12 +48,4 @@ public File getDistributionDirectory() {
     public void setDistributionDirectory(File distributionDirectory) {
         this.distributionDirectory = distributionDirectory;
     }
-
-    public boolean isIgnoreSslErrors() {
-        return ignoreSslErrors;
-    }
-
-    public void setIgnoreSslErrors(boolean ignoreSslErrors) {
-        this.ignoreSslErrors = ignoreSslErrors;
-    }
 }
diff --git a/...ain/java/com/evolveum/midpoint/ninja/action/upgrade/action/UpgradeDistributionAction.java b/...ain/java/com/evolveum/midpoint/ninja/action/upgrade/action/UpgradeDistributionAction.java
@@ -62,7 +62,6 @@ public ActionResult<Void> execute() throws Exception {
         downloadOpts.setTempDirectory(tempDirectory);
         downloadOpts.setDistributionArchive(options.getDistributionArchive());
         downloadOpts.setDistributionVersion(options.getDistributionVersion());
-        downloadOpts.setIgnoreSslErrors(options.isIgnoreSslErrors());
 
         DownloadDistributionResult downloadResult = executeAction(new DownloadDistributionAction(), downloadOpts);
 

diff --git a/...in/java/com/evolveum/midpoint/ninja/action/upgrade/action/UpgradeDistributionOptions.java b/...in/java/com/evolveum/midpoint/ninja/action/upgrade/action/UpgradeDistributionOptions.java
@@ -23,8 +23,6 @@ public class UpgradeDistributionOptions {
     public static final String P_SKIP_PRE_CHECK = "--skip-pre-check";
     public static final String P_STOP_ON_CRITICAL_ERROR = "--stop-on-critical-error";
 
-    public static final String P_IGNORE_SSL_ERRORS = "--ignore-ssl-errors";
-
     @Parameter(names = { P_TEMP_DIR_LONG }, descriptionKey = "upgradeDistribution.tempDir")
     private File tempDirectory;
 
@@ -52,9 +50,6 @@ public class UpgradeDistributionOptions {
     @Parameter(names = { P_DISTRIBUTION_VERSION }, descriptionKey = "upgradeDistribution.distributionVersion", hidden = true)
     private String distributionVersion = UpgradeConstants.SUPPORTED_VERSION_TARGET;
 
-    @Parameter(names = { P_IGNORE_SSL_ERRORS }, descriptionKey = "upgradeDistribution.ignoreSslErrors")
-    private boolean ignoreSslErrors;
-
     public File getTempDirectory() {
         return tempDirectory;
     }
@@ -126,12 +121,4 @@ public String getDistributionVersion() {
     public void setDistributionVersion(String distributionVersion) {
         this.distributionVersion = distributionVersion;
     }
-
-    public boolean isIgnoreSslErrors() {
-        return ignoreSslErrors;
-    }
-
-    public void setIgnoreSslErrors(boolean ignoreSslErrors) {
-        this.ignoreSslErrors = ignoreSslErrors;
-    }
 }
diff --git a/tools/ninja/src/main/resources/messages.properties b/tools/ninja/src/main/resources/messages.properties
@@ -168,5 +168,3 @@ initialObjects.oid=Oid of initial object that should be processed. Option can be
 initialObjects.reverseTypeFilter=Reverse type filter defined by --type option.
 initialObjects.reverseOidFilter=Reverse oid filter defined by --oid option.
 export.exclude.items=Exclude from object specified items. Option can be used multiple times, or values can be separated by comma.
-upgradeDistribution.ignoreSslErrors=Ignore SSL errors when downloading distribution from evolveum servers. \
-  Otherwise, SSL certificate should be added to JVM truststore, which is by default located in '$MIDPOINT_HOME/keystore.jceks'.
diff --git a/tools/ninja/src/test/java/com/evolveum/midpoint/ninja/DistributionManagerTest.java b/tools/ninja/src/test/java/com/evolveum/midpoint/ninja/DistributionManagerTest.java
@@ -56,7 +56,7 @@ public void downloadUnknown() throws Exception {
     private void downloadAndAssert(String version) throws Exception {
         final TestProgressListener listener = new TestProgressListener();
 
-        File file = new DistributionManager(new File("./target"), true).downloadDistribution(version, listener);
+        File file = new DistributionManager(new File("./target")).downloadDistribution(version, listener);
         AssertJUnit.assertTrue(file.exists());
         AssertJUnit.assertTrue(file.length() > 0);
         AssertJUnit.assertEquals(listener.contentLength, file.length());