NEW - bug 207175: error "Received fatal alert: bad_record_mac" when

using https with SSLv3 https://bugs.eclipse.org/bugs/show_bug.cgi?id=207175 Change-Id: I8b07cff7648a601c00e43a4f6862198b404f9990
author: Steffen Pingel 2011-12-23 05:28:36 (EST)
committer: Steffen Pingel 2011-12-23 05:28:36 (EST)
commit: 62cd96c0aaadce09717f5ecd2322b9985feb67e9 (patch) (side-by-side diff)
tree: 1f6345521a2b172ab4b22510664eb0a95c48848a
parent: 47ad0a68f6d5fefdf69104255c57cffc13d066b1 (diff)
download: org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.zip
org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.tar.gz
org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.tar.bz2
3 files changed, 49 insertions, 25 deletions
diff --git a/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java b/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java
index c3704de..376640e 100644
--- a/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java
+++ b/org.eclipse.mylyn.commons.core/src/org/eclipse/mylyn/commons/core/net/NetUtil.java
@@ -19,14 +19,23 @@ import java.net.ProxySelector;
 import java.net.Socket;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Arrays;
 import java.util.List;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 
 import org.eclipse.core.net.proxy.IProxyData;
 import org.eclipse.core.net.proxy.IProxyService;
 import org.eclipse.core.runtime.Assert;
+import org.eclipse.core.runtime.IStatus;
+import org.eclipse.core.runtime.Status;
+import org.eclipse.mylyn.commons.core.StatusHandler;
 import org.eclipse.mylyn.commons.core.operations.ICancellable;
 import org.eclipse.mylyn.commons.core.operations.MonitoredOperation;
 import org.eclipse.mylyn.internal.commons.core.CommonsCorePlugin;
+import org.eclipse.osgi.util.NLS;
 
 /**
  * Provides network access related utility methods.
@@ -40,6 +49,17 @@ public class NetUtil {
 
 	private static final int HTTP_PORT = 80;
 
+	private SSLSocketFactory socketFactory;
+
+	private final static String[] enabledProtocols;
+
+	private final static AtomicBoolean loggedEnabledProtocolsException = new AtomicBoolean();
+
+	static {
+		String value = System.getProperty("org.eclipse.mylyn.https.protocols"); //$NON-NLS-1$
+		enabledProtocols = (value != null) ? value.split(",") : null; //$NON-NLS-1$
+	}
+
 	/**
 	 * Invokes {@link Socket#connect(java.net.SocketAddress, int)} on <code>socket</code> to connect to
 	 * <code>address</code>.
@@ -246,4 +266,18 @@ public class NetUtil {
 		return type == Type.SOCKS ? IProxyData.SOCKS_PROXY_TYPE : IProxyData.HTTP_PROXY_TYPE;
 	}
 
+	public static Socket configureSocket(Socket socket) {
+		if (socket instanceof SSLSocket && enabledProtocols != null) {
+			try {
+				((SSLSocket) socket).setEnabledProtocols(enabledProtocols);
+			} catch (IllegalArgumentException e) {
+				if (!loggedEnabledProtocolsException.getAndSet(true)) {
+					StatusHandler.log(new Status(IStatus.ERROR, CommonsCorePlugin.ID_PLUGIN, NLS.bind(
+							"Failed to configure SSL protocols ''{0}''", Arrays.toString(enabledProtocols)))); //$NON-NLS-1$
+				}
+			}
+		}
+		return socket;
+	}
+
 }
diff --git a/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java b/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java
index 02d6fb6..00df541 100644
--- a/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java
+++ b/org.eclipse.mylyn.commons.net/src/org/eclipse/mylyn/internal/commons/net/PollingSslProtocolSocketFactory.java
@@ -35,6 +35,7 @@ import org.apache.commons.httpclient.ConnectTimeoutException;
 import org.apache.commons.httpclient.params.HttpConnectionParams;
 import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 import org.eclipse.core.runtime.IStatus;
+import org.eclipse.mylyn.commons.core.net.NetUtil;
 import org.eclipse.mylyn.commons.net.SslCertificateException;
 
 /**
@@ -98,16 +99,16 @@ public class PollingSslProtocolSocketFactory implements SecureProtocolSocketFact
 
 	public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException,
 			UnknownHostException {
-		return getSocketFactory().createSocket(socket, host, port, autoClose);
+		return NetUtil.configureSocket(getSocketFactory().createSocket(socket, host, port, autoClose));
 	}
 
 	public Socket createSocket(String remoteHost, int remotePort) throws IOException, UnknownHostException {
-		return getSocketFactory().createSocket(remoteHost, remotePort);
+		return NetUtil.configureSocket(getSocketFactory().createSocket(remoteHost, remotePort));
 	}
 
 	public Socket createSocket(String remoteHost, int remotePort, InetAddress clientHost, int clientPort)
 			throws IOException, UnknownHostException {
-		return getSocketFactory().createSocket(remoteHost, remotePort, clientHost, clientPort);
+		return NetUtil.configureSocket(getSocketFactory().createSocket(remoteHost, remotePort, clientHost, clientPort));
 	}
 
 	public Socket createSocket(String host, int port, InetAddress localAddress, int localPort,
@@ -117,7 +118,7 @@ public class PollingSslProtocolSocketFactory implements SecureProtocolSocketFact
 		}
 
 		int timeout = params.getConnectionTimeout();
-		final Socket socket = getSocketFactory().createSocket();
+		final Socket socket = NetUtil.configureSocket(getSocketFactory().createSocket());
 		socket.bind(new InetSocketAddress(localAddress, localPort));
 		MonitoredRequest.connect(socket, new InetSocketAddress(host, port), timeout);
 		return socket;
diff --git a/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java b/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java
index 52b6191..c247814 100644
--- a/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java
+++ b/org.eclipse.mylyn.commons.repositories.http.core/src/org/eclipse/mylyn/commons/repositories/http/core/PollingSslProtocolSocketFactory.java
@@ -29,6 +29,7 @@ import org.apache.http.conn.ConnectTimeoutException;
 import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
 import org.apache.http.params.HttpConnectionParams;
 import org.apache.http.params.HttpParams;
+import org.eclipse.core.runtime.Assert;
 import org.eclipse.core.runtime.IStatus;
 import org.eclipse.core.runtime.Status;
 import org.eclipse.mylyn.commons.core.StatusHandler;
@@ -83,38 +84,26 @@ class PollingSslProtocolSocketFactory implements LayeredSchemeSocketFactory {
 	}
 
 	public Socket createSocket(HttpParams params) throws IOException {
-		return getSocketFactory().createSocket();
+		return NetUtil.configureSocket(getSocketFactory().createSocket());
 	}
 
 	public Socket connectSocket(Socket sock, InetSocketAddress remoteAddress, InetSocketAddress localAddress,
 			HttpParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
+		Assert.isNotNull(params);
 
-		if (params == null) {
-			throw new IllegalArgumentException("Parameters may not be null"); //$NON-NLS-1$
-		}
-
-		final Socket socket = getSocketFactory().createSocket();
-
+		final Socket socket = NetUtil.configureSocket(getSocketFactory().createSocket());
 		int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
-
 		socket.bind(localAddress);
 		NetUtil.connect(socket, remoteAddress, connTimeout, MonitoredOperation.getCurrentOperation());
 		return socket;
 	}
 
-	/**
-	 * From SSLSocketFactory
-	 */
-	public boolean isSecure(Socket sock) throws IllegalArgumentException {
-		if (sock == null) {
-			throw new IllegalArgumentException("Socket may not be null"); //$NON-NLS-1$
-		}
-		// This instanceof check is in line with createSocket() above.
-		if (!(sock instanceof SSLSocket)) {
-			throw new IllegalArgumentException("Socket not created by this factory"); //$NON-NLS-1$
+	public boolean isSecure(Socket socket) throws IllegalArgumentException {
+		Assert.isNotNull(socket);
+		if (!(socket instanceof SSLSocket)) {
+			throw new IllegalArgumentException("Socket is not secure: " + socket.getClass()); //$NON-NLS-1$
 		}
-		// This check is performed last since it calls the argument object.
-		if (sock.isClosed()) {
+		if (socket.isClosed()) {
 			throw new IllegalArgumentException("Socket is closed"); //$NON-NLS-1$
 		}
 		return true;
@@ -122,7 +111,7 @@ class PollingSslProtocolSocketFactory implements LayeredSchemeSocketFactory {
 
 	public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose) throws IOException,
 			UnknownHostException {
-		return getSocketFactory().createSocket(socket, target, port, autoClose);
+		return NetUtil.configureSocket(getSocketFactory().createSocket(socket, target, port, autoClose));
 	}
 
 	public SSLSocketFactory getSocketFactory() throws IOException {
author	Steffen Pingel	2011-12-23 05:28:36 (EST)
committer	Steffen Pingel	2011-12-23 05:28:36 (EST)
commit	62cd96c0aaadce09717f5ecd2322b9985feb67e9 (patch) (side-by-side diff)
tree	1f6345521a2b172ab4b22510664eb0a95c48848a
parent	47ad0a68f6d5fefdf69104255c57cffc13d066b1 (diff)
download	org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.zip org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.tar.gz org.eclipse.mylyn.commons-62cd96c0aaadce09717f5ecd2322b9985feb67e9.tar.bz2