Revert "[JENKINS-31256] Use credentials in waitForServerToBack (#87)"

This reverts commit fbb9aff.
jenkinsci · Jun 9, 2016 · 2d8e969 · 2d8e969
1 parent fbb9aff
commit 2d8e969
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 67 deletions.
diff --git a/src/main/java/hudson/remoting/Engine.java b/src/main/java/hudson/remoting/Engine.java
@@ -29,7 +29,6 @@
 import java.security.AccessController;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
-import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.PrivilegedActionException;
@@ -43,6 +42,7 @@
 import java.util.logging.Level;
 import javax.annotation.CheckForNull;
 import javax.annotation.concurrent.NotThreadSafe;
+import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
@@ -214,15 +214,46 @@ public void run() {
                 Throwable firstError=null;
                 String host=null;
                 String port=null;
-                SSLSocketFactory sslSocketFactory = getSSLSocketFactory();
+                SSLSocketFactory sslSocketFactory = null;
+                if (candidateCertificates != null && !candidateCertificates.isEmpty()) {
+                    KeyStore keyStore = getCacertsKeyStore();
+                    // load the keystore
+                    keyStore.load(null, null);
+                    int i = 0;
+                    for (X509Certificate c : candidateCertificates) {
+                        keyStore.setCertificateEntry(String.format("alias-%d", i++), c);
+                    }
+                    // prepare the trust manager
+                    TrustManagerFactory trustManagerFactory =
+                            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                    trustManagerFactory.init(keyStore);
+                    // prepare the SSL context
+                    SSLContext ctx = SSLContext.getInstance("TLS");
+                    ctx.init(null, trustManagerFactory.getTrustManagers(), null);
+                    // now we have our custom socket factory
+                    sslSocketFactory = ctx.getSocketFactory();
+                }
 
                 for (URL url : candidateUrls) {
                     String s = url.toExternalForm();
                     if(!s.endsWith("/"))    s+='/';
                     URL salURL = new URL(s+"tcpSlaveAgentListener/");
 
                     // find out the TCP port
-                    HttpURLConnection con = (HttpURLConnection)Util.openURLConnection(salURL, credentials, proxyCredentials, sslSocketFactory);
+                    HttpURLConnection con = (HttpURLConnection)Util.openURLConnection(salURL);
+                    if (con instanceof HttpsURLConnection && sslSocketFactory != null) {
+                        ((HttpsURLConnection) con).setSSLSocketFactory(sslSocketFactory);
+                    }
+                    if (credentials != null) {
+                        // TODO /tcpSlaveAgentListener is unprotected so why do we need to pass any credentials?
+                        String encoding = Base64.encode(credentials.getBytes("UTF-8"));
+                        con.setRequestProperty("Authorization", "Basic " + encoding);
+                    }
+
+                    if (proxyCredentials != null) {
+                        String encoding = Base64.encode(proxyCredentials.getBytes("UTF-8"));
+                        con.setRequestProperty("Proxy-Authorization", "Basic " + encoding);
+                    }
                     try {
                         try {
                             con.setConnectTimeout(30000);
@@ -410,12 +441,6 @@ private Socket connect(String host, String port) throws IOException, Interrupted
     private void waitForServerToBack() throws InterruptedException {
         Thread t = Thread.currentThread();
         String oldName = t.getName();
-        SSLSocketFactory sslSocketFactory = null;
-        try {
-            sslSocketFactory = getSSLSocketFactory();
-        } catch (Throwable e) {
-            events.error(e);
-        }
         try {
             int retries=0;
             while(true) {
@@ -427,7 +452,7 @@ private void waitForServerToBack() throws InterruptedException {
                     retries++;
                     t.setName(oldName+": trying "+url+" for "+retries+" times");
 
-                    HttpURLConnection con = (HttpURLConnection)Util.openURLConnection(url, credentials, proxyCredentials, sslSocketFactory);
+                    HttpURLConnection con = (HttpURLConnection) url.openConnection();
                     con.setConnectTimeout(5000);
                     con.setReadTimeout(5000);
                     con.connect();
@@ -553,31 +578,6 @@ public FileInputStream run() throws Exception {
             }
         });
     }
-
-    private SSLSocketFactory getSSLSocketFactory()
-            throws PrivilegedActionException, KeyStoreException, NoSuchProviderException, CertificateException,
-            NoSuchAlgorithmException, IOException, KeyManagementException {
-        SSLSocketFactory sslSocketFactory = null;
-        if (candidateCertificates != null && !candidateCertificates.isEmpty()) {
-            KeyStore keyStore = getCacertsKeyStore();
-            // load the keystore
-            keyStore.load(null, null);
-            int i = 0;
-            for (X509Certificate c : candidateCertificates) {
-                keyStore.setCertificateEntry(String.format("alias-%d", i++), c);
-            }
-            // prepare the trust manager
-            TrustManagerFactory trustManagerFactory =
-                    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            trustManagerFactory.init(keyStore);
-            // prepare the SSL context
-            SSLContext ctx = SSLContext.getInstance("TLS");
-            ctx.init(null, trustManagerFactory.getTrustManagers(), null);
-            // now we have our custom socket factory
-            sslSocketFactory = ctx.getSocketFactory();
-        }
-        return sslSocketFactory;
-    }
     //a read() call on the SocketInputStream associated with underlying Socket will block for only this amount of time
     static final int SOCKET_TIMEOUT = Integer.getInteger(Engine.class.getName()+".socketTimeout",30*60*1000);
     /**

diff --git a/src/main/java/hudson/remoting/Util.java b/src/main/java/hudson/remoting/Util.java
@@ -14,8 +14,6 @@
 import java.net.Proxy;
 import java.net.SocketAddress;
 import java.net.URL;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSocketFactory;
 import java.util.Iterator;
 
 /**
@@ -161,9 +159,8 @@ static boolean inNoProxyEnvVar(String host) {
     /**
      * Gets URL connection.
      * If http_proxy environment variable exists,  the connection uses the proxy.
-     * Credentials can be passed e.g. to support running Jenkins behind a (reverse) proxy requiring authorization
      */
-    static URLConnection openURLConnection(URL url, String credentials, String proxyCredentials, SSLSocketFactory sslSocketFactory) throws IOException {
+    static URLConnection openURLConnection(URL url) throws IOException {
         String httpProxy = null;
         // If http.proxyHost property exists, openConnection() uses it.
         if (System.getProperty("http.proxyHost") == null) {
@@ -183,37 +180,9 @@ static URLConnection openURLConnection(URL url, String credentials, String proxy
         } else {
             con = url.openConnection();
         }
-        if (credentials != null) {
-            String encoding = Base64.encode(credentials.getBytes("UTF-8"));
-            con.setRequestProperty("Authorization", "Basic " + encoding);
-        }
-        if (proxyCredentials != null) {
-            String encoding = Base64.encode(proxyCredentials.getBytes("UTF-8"));
-            con.setRequestProperty("Proxy-Authorization", "Basic " + encoding);
-        }
-        if (con instanceof HttpsURLConnection && sslSocketFactory != null) {
-            ((HttpsURLConnection) con).setSSLSocketFactory(sslSocketFactory);
-        }
         return con;
     }
 
-    /**
-     * Gets URL connection.
-     * If http_proxy environment variable exists,  the connection uses the proxy.
-     * Credentials can be passed e.g. to support running Jenkins behind a (reverse) proxy requiring authorization
-     */
-    static URLConnection openURLConnection(URL url, String credentials, String proxyCredentials) throws IOException {
-        return openURLConnection(url, credentials, proxyCredentials, null);
-    }
-
-    /**
-     * Gets URL connection.
-     * If http_proxy environment variable exists,  the connection uses the proxy.
-     */
-    static URLConnection openURLConnection(URL url) throws IOException {
-        return openURLConnection(url, null, null, null);
-    }
-
     static InetSocketAddress getResolvedHttpProxyAddress(String host, int port) throws IOException {
         InetSocketAddress targetAddress = null;
         Iterator<Proxy> proxies = ProxySelector.getDefault().select(URI.create(String.format("http://%s:%d", host, port))).iterator();