Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Oomph » is HTTPS URL supported in oomph.redirection.setups ?
is HTTPS URL supported in oomph.redirection.setups ? [message #1746436] Fri, 28 October 2016 16:52 Go to next message
Silvestre Martins is currently offline Silvestre MartinsFriend
Messages: 84
Registered: July 2009
Member
I have a custom catalog/index hosted in an local server.
When I switch from http:// to https:// Oomph Installer is not able to find the catalogs anymore.

The eclipse-inst.ini looks like this:
-Doomph.redirection.setups=index:/->https://<my-server>/setups/

Should this be supported?

[Updated on: Fri, 28 October 2016 16:54]

Report message to a moderator

Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746447 is a reply to message #1746436] Sat, 29 October 2016 04:54 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 29543
Registered: July 2009
Senior Member
Yes definitely this should be supported. I expect it just to work. Certainly I have customer project setups accessed via https that require basic authentication that do just work so in general ECFURIHandlerImpl should handle the required authentication properly...

You could try using -Doomph.setup.ecf.trace=true to get more detailed tracing information printed to System.out so you might be able to see what's going wrong.

Does this server require a user/password for access? Does it return a HTTP_UNAUTHORIZED/401 when accessing a resource without credentials? In my customer project the server is quite funky in that it returns a 404 after providing the correct credentials because the server also relies on cookie that's acquired from visiting the login page. That's supported too, but I've not yet documented how. Please let me know what information you get back for the tracing so I'll be better able to help provide the details (and fix any problems if there are any)...

Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746448 is a reply to message #1746436] Sat, 29 October 2016 04:55 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 29543
Registered: July 2009
Senior Member
Yes definitely this should be supported. I expect it just to work. Certainly I have customer project setups accessed via https that require basic authentication that do just work so in general ECFURIHandlerImpl should handle the required authentication properly...

You could try using -Doomph.setup.ecf.trace=true to get more detailed tracing information printed to System.out so you might be able to see what's going wrong.

Does this server require a user/password for access? Does it return a HTTP_UNAUTHORIZED/401 when accessing a resource without credentials? In my customer project the server is quite funky in that it returns a 404 after providing the correct credentials because the server also relies on cookie that's acquired from visiting the login page. That's supported too, but I've not yet documented how. Please let me know what information you get back for the tracing so I'll be better able to help provide the details (and fix any problems if there are any)...

Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746449 is a reply to message #1746448] Sat, 29 October 2016 07:59 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 29543
Registered: July 2009
Senior Member
One thing I just noticed debugging proxy related problems is that the prompt for the proxy password that I'm trying to add happens so early in the startup processing that there is no a Shell available yet. So the password prompting is bypassed. I'm quite sure the same thing would happen if the setup itself needs password prompting. So I'm hopeful that improving the proxy handling with proxy password prompting will also fix this problem because with the changes I'm working on, the password prompt will definitely appear. Hopefully that is indeed your problem. An ECF trace from you will still be helpful...
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746451 is a reply to message #1746449] Sat, 29 October 2016 08:31 Go to previous messageGo to next message
Silvestre Martins is currently offline Silvestre MartinsFriend
Messages: 84
Registered: July 2009
Member
Thanks Ed.
-Doomph.setup.ecf.trace=true helped a lot.

I can see the SSL certificate validation failed. Most liked this is caused by the usage of a self-signed certificate that we use on this internal server.

Here's the log:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExce
ption: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
        at sun.security.ssl.AppOutputStream.write(Unknown Source)
        at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159)
        at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166)
        at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272)
        at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277)
        at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:201)
        at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239)
        at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121)
        at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.performConnect(HttpClientRetrieveFileTransfer.java:1077)
        at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.openStreams(HttpClientRetrieveFileTransfer.java:618)
        at org.eclipse.ecf.provider.filetransfer.retrieve.AbstractRetrieveFileTransfer.sendRetrieveRequest(AbstractRetrieveFileTransfer.java:885)
        at org.eclipse.ecf.provider.filetransfer.retrieve.AbstractRetrieveFileTransfer.sendRetrieveRequest(AbstractRetrieveFileTransfer.java:576)
        at org.eclipse.ecf.provider.filetransfer.retrieve.MultiProtocolRetrieveAdapter.sendRetrieveRequest(MultiProtocolRetrieveAdapter.java:106)
        at org.eclipse.oomph.setup.internal.core.util.ECFURIHandlerImpl.createInputStream(ECFURIHandlerImpl.java:539)
        at org.eclipse.emf.ecore.resource.impl.ExtensibleURIConverterImpl.createInputStream(ExtensibleURIConverterImpl.java:360)
        at org.eclipse.emf.ecore.resource.impl.ResourceImpl.load(ResourceImpl.java:1269)
        at org.eclipse.oomph.setup.internal.core.util.ResourceMirror$LoadJob.perform(ResourceMirror.java:221)
        at org.eclipse.oomph.util.WorkerPool$Worker.run(WorkerPool.java:416)
        at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 36 more


Is there a way to disable the SSL verification in order to avoid to have to add the certificate to the list of trusted certificates?
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746453 is a reply to message #1746451] Sat, 29 October 2016 10:34 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 29543
Registered: July 2009
Senior Member
This is very low level. I don't know about that. I tried Googling "java disable certificate validation system property" and found some stackoverflow questions. All of these things suggest it's a bad idea to try to disable such checks with suggestions about importing the certificate so that it's considered valid.
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746458 is a reply to message #1746453] Sat, 29 October 2016 15:49 Go to previous messageGo to next message
Silvestre Martins is currently offline Silvestre MartinsFriend
Messages: 84
Registered: July 2009
Member
Yes, that's true, it's a bad idea to disable certificates in a generic way, but having to import it in every JRE we use (remember, we have a new JRE version every 3 months), that's not very practical.
Anyway, I imported the certificate and now it works fine, so I need to figure out how to workaround this, in order to not force users to install the certificate every time they change the JRE. Maybe I could distribute the Installer zip with a pre-configured JRE inside.

Thanks for the support.
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1746469 is a reply to message #1746458] Sun, 30 October 2016 09:22 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 29543
Registered: July 2009
Senior Member
Did you use keytool to import it? Perhaps we could provide a way to automatically import a certificate into the JRE of the installer and into any of the other JREs that Oomph discovers...
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1756320 is a reply to message #1746436] Wed, 15 March 2017 11:08 Go to previous messageGo to next message
Joachim Engelhardt is currently offline Joachim EngelhardtFriend
Messages: 53
Registered: September 2013
Member

Hi,

did you solved the problem already?
I figured out, that this problem does not occur on my own machine but only on my colleagues one. I have no idea how to figure out what we do differently.
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1756321 is a reply to message #1756320] Wed, 15 March 2017 11:28 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 29543
Registered: July 2009
Senior Member
Do you perhaps have a newer JRE installed than your colleagues? A newer JRE/JDK might well include more recognized root certificates; I know that solved one problem like this for me testing market place client listings...
Re: is HTTPS URL supported in oomph.redirection.setups ? [message #1756346 is a reply to message #1756321] Wed, 15 March 2017 16:04 Go to previous message
Joachim Engelhardt is currently offline Joachim EngelhardtFriend
Messages: 53
Registered: September 2013
Member

Thank you for your hint, Ed. This exactly solves the problem Smile
Previous Topic:Toggle Source/Header not working
Next Topic:Problems migrating to Neon
Goto Forum:
  


Current Time: Fri Sep 21 07:58:26 GMT 2018

Powered by FUDForum. Page generated in 0.02482 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top