[SECURITY-1411]

jenkinsci · May 29, 2019 · d0b807d · d0b807d
1 parent b8859ab
commit d0b807d
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 35 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/electricflow/ElectricFlowClient.java b/src/main/java/org/jenkinsci/plugins/electricflow/ElectricFlowClient.java
@@ -389,7 +389,7 @@ public String uploadArtifact(
                 + "/commander/cgi-bin/publishArtifactAPI.cgi";
 
         // return sessionId;
-        MultipartUtility multipart = new MultipartUtility(requestURL, CHARSET);
+        MultipartUtility multipart = new MultipartUtility(requestURL, CHARSET, this.getIgnoreSslConnectionErrors());
 
         multipart.addFormField("artifactName", name);
         multipart.addFormField("artifactVersionVersion", version);

diff --git a/src/main/java/org/jenkinsci/plugins/electricflow/MultipartUtility.java b/src/main/java/org/jenkinsci/plugins/electricflow/MultipartUtility.java
@@ -9,6 +9,9 @@
 
 package org.jenkinsci.plugins.electricflow;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -37,6 +40,7 @@ public class MultipartUtility
     //~ Static fields/initializers ---------------------------------------------
 
     private static final String LINE_FEED = "\r\n";
+    private static final Log log = LogFactory.getLog(MultipartUtility.class);
 
     //~ Instance fields --------------------------------------------------------
 
@@ -54,47 +58,18 @@ public class MultipartUtility
      *
      * @param   requestURL  URL for request
      * @param   charset     name of encodings
+     * @param   ignoreSslConnectionErrors Override Electric Flow SSL Validation Check
      *
-     * @throws  NoSuchAlgorithmException  Exception
-     * @throws  KeyManagementException    Exception
      * @throws  IOException               Exception
      */
     public MultipartUtility(
             String requestURL,
-            String charset)
-        throws NoSuchAlgorithmException, KeyManagementException, IOException
+            String charset,
+            boolean ignoreSslConnectionErrors)
+        throws IOException
     {
         this.charset = charset;
 
-        TrustManager[] trustAllCerts = new TrustManager[] {
-            new X509TrustManager() {
-                @Override public java.security.cert.X509Certificate[] getAcceptedIssuers()
-                {
-                    return null;
-                }
-
-                @Override public void checkClientTrusted(
-                        X509Certificate[] certs,
-                        String            authType) { }
-
-                @Override public void checkServerTrusted(
-                        X509Certificate[] certs,
-                        String            authType) { }
-            }
-        };
-
-        // Install the all-trusting trust manager
-        SSLContext sc = SSLContext.getInstance("SSL");
-
-        sc.init(null, trustAllCerts, new java.security.SecureRandom());
-        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-
-        // Create all-trusting host name verifier
-        HostnameVerifier allHostsValid = (hostname, session) -> true;
-
-        // Install the all-trusting host verifier
-        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
-
         // creates a unique boundary based on time stamp
         boundary = "===" + System.currentTimeMillis() + "===";
 
@@ -107,10 +82,21 @@ public MultipartUtility(
         httpConn.setDoInput(true);
         httpConn.setRequestProperty("Content-Type",
             "multipart/form-data; boundary=" + boundary);
+
+        if (ignoreSslConnectionErrors) {
+            try {
+                httpConn.setSSLSocketFactory(RelaxedSSLContext.getInstance().getSocketFactory());
+            } catch (KeyManagementException | NoSuchAlgorithmException e) {
+                if (log.isDebugEnabled()) {
+                    log.debug(e.getMessage(), e);
+                }
+            }
+            httpConn.setHostnameVerifier(RelaxedSSLContext.allHostsValid);
+        }
+
         outputStream = httpConn.getOutputStream();
         writer       = new PrintWriter(new OutputStreamWriter(outputStream,
                     charset), true);
-        // Create a trust manager that does not validate certificate chains
     }
 
     //~ Methods ----------------------------------------------------------------