[FIXED JENKINS-24967] Fix proxy exclusions not working

Also support proxy authentication Fixes #41
jenkinsci · Feb 12, 2015 · 5a1848f · 5a1848f
1 parent a5ff8a6
commit 5a1848f
Showing 1 changed file with 43 additions and 58 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/stashNotifier/StashNotifier.java b/src/main/java/org/jenkinsci/plugins/stashNotifier/StashNotifier.java
@@ -41,23 +41,15 @@
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.config.Registry;
 import org.apache.http.config.RegistryBuilder;
-import org.apache.http.conn.ClientConnectionManager;
 import org.apache.http.conn.HttpClientConnectionManager;
-import org.apache.http.conn.params.ConnRoutePNames;
-import org.apache.http.conn.scheme.PlainSocketFactory;
-import org.apache.http.conn.scheme.Scheme;
-import org.apache.http.conn.scheme.SchemeRegistry;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.conn.ssl.SSLContexts;
-import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
-import org.apache.http.impl.conn.SingleClientConnManager;
 import org.apache.http.util.EntityUtils;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
@@ -69,17 +61,22 @@
 import java.io.IOException;
 import java.io.PrintStream;
 import java.io.UnsupportedEncodingException;
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+import java.net.SocketAddress;
 import java.net.URL;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
-import java.util.regex.Pattern;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.ProxyAuthenticationStrategy;
 
 /**
  * Notifies a configured Atlassian Stash server instance of build results
@@ -289,23 +286,24 @@ private Collection<String> lookupCommitSha1s(
 	 * @param logger	the logger to log messages to
 	 * @return			the HttpClient
 	 */
-	private HttpClient getHttpClient(PrintStream logger) {
-		HttpClient client = null;
+	private HttpClient getHttpClient(PrintStream logger) throws Exception {
         boolean ignoreUnverifiedSSL = ignoreUnverifiedSSLPeer;
-        String url = stashServerBaseUrl;
+        String stashServer = stashServerBaseUrl;
         DescriptorImpl descriptor = getDescriptor();
-        if ("".equals(url) || url == null) {
-            url = descriptor.getStashRootUrl();
+        if ("".equals(stashServer) || stashServer == null) {
+            stashServer = descriptor.getStashRootUrl();
         }
         if (!ignoreUnverifiedSSL) {
             ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl();
         }
-        if (url.startsWith("https") 
+
+        URL url = new URL(stashServer);
+        HttpClientBuilder builder = HttpClientBuilder.create();
+        if (url.getProtocol().equals("https")
                 && ignoreUnverifiedSSL) {
 			// add unsafe trust manager to avoid thrown
 			// SSLPeerUnverifiedException
 			try {
-				HttpClientBuilder builder = HttpClientBuilder.create();
 				TrustStrategy easyStrategy = new TrustStrategy() {
 				    public boolean isTrusted(X509Certificate[] chain, String authType)
 				            throws CertificateException {
@@ -330,7 +328,6 @@ public boolean isTrusted(X509Certificate[] chain, String authType)
 						= new BasicHttpClientConnectionManager(registry);
 
 				builder.setConnectionManager(ccm);
-				client = builder.build();
 			} catch (NoSuchAlgorithmException nsae) {
 				logger.println("Couldn't establish SSL context:");
 				nsae.printStackTrace(logger);
@@ -340,49 +337,37 @@ public boolean isTrusted(X509Certificate[] chain, String authType)
 			} catch (KeyStoreException kse) {
 				logger.println("Couldn't initialize SSL context:");
 				kse.printStackTrace(logger);
-			} finally {
-				if (client == null) {
-					logger.println("Trying with safe trust manager, instead!");
-					client = HttpClientBuilder.create().build();
-				}
 			}
-		} else {
-			client = HttpClientBuilder.create().build();
-		}
-
-		ProxyConfiguration proxy = Jenkins.getInstance().proxy;
-		if(proxy != null && !proxy.name.isEmpty() && !proxy.name.startsWith("http") && !isHostOnNoProxyList(proxy)){
-			SchemeRegistry schemeRegistry = client.getConnectionManager().getSchemeRegistry();
-			schemeRegistry.register(new Scheme("http", proxy.port, new PlainSocketFactory()));
-			client.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(proxy.name, proxy.port));
-		}
-
-		return client;
-	}
-
-	/**
-	 * Returns whether or not the stash host is on the noProxy list
-	 * as defined in the Jenkins proxy settings
-	 * 
-	 * @param host     the stash URL
-	 * @param proxy    the ProxyConfiguration
-	 * @return         whether or not the host is on the noProxy list
-	 */
-	private boolean isHostOnNoProxyList(ProxyConfiguration proxy) {
-	    String host = getStashServerBaseUrl();
-	    if ("".equals(host) || host == null) {
-	        DescriptorImpl descriptor = getDescriptor();
-	        host = descriptor.getStashRootUrl();
-	    }
-	    if (host != null && proxy.noProxyHost != null) {
-            for (Pattern p : ProxyConfiguration.getNoProxyHostPatterns(proxy.noProxyHost)) {
-                if (p.matcher(host).matches()) {
-                    return true;
+        }
+
+        // Configure the proxy, if needed
+        // Using the Jenkins methods handles the noProxyHost settings
+        ProxyConfiguration proxyConfig = Jenkins.getInstance().proxy;
+        if (proxyConfig != null) {
+            Proxy proxy = proxyConfig.createProxy(url.getHost());
+            if (proxy != null && proxy.type() == Proxy.Type.HTTP) {
+                SocketAddress addr = proxy.address();
+                if (addr != null && addr instanceof InetSocketAddress) {
+                    InetSocketAddress proxyAddr = (InetSocketAddress) addr;
+                    HttpHost proxyHost = new HttpHost(proxyAddr.getAddress().getHostAddress(), proxyAddr.getPort());
+                    builder = builder.setProxy(proxyHost);
+
+                    String proxyUser = proxyConfig.getUserName();
+                    if (proxyUser != null) {
+                        String proxyPass = proxyConfig.getPassword();
+                        CredentialsProvider cred = new BasicCredentialsProvider();
+                        cred.setCredentials(new AuthScope(proxyHost),
+                                new UsernamePasswordCredentials(proxyUser, proxyPass));
+                        builder = builder
+                                .setDefaultCredentialsProvider(cred)
+                                .setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
+                    }
                 }
             }
-	    }
-	    return false;
-	}
+        }
+
+        return builder.build();
+    }
 
     /**
      * Hudson defines a method {@link Builder#getDescriptor()}, which