From 8d36b067cc8a067c6777c833106aa93b78a244c5 Mon Sep 17 00:00:00 2001 From: Denys Digtiar Date: Fri, 10 Jan 2025 11:41:11 +1000 Subject: [PATCH] Check TLS through HTTP Proxy if configured Also address a few deprecations. --- scriptler/checkSSLConnection.groovy | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/scriptler/checkSSLConnection.groovy b/scriptler/checkSSLConnection.groovy index f044bfd..afe6be1 100644 --- a/scriptler/checkSSLConnection.groovy +++ b/scriptler/checkSSLConnection.groovy @@ -8,17 +8,16 @@ ] } END META**/ -import javax.net.ssl.HttpsURLConnection +import hudson.ProxyConfiguration import javax.net.ssl.TrustManager import javax.net.ssl.TrustManagerFactory import javax.net.ssl.X509TrustManager +import java.net.http.HttpResponse import java.security.KeyStore -import java.security.Principal import java.security.cert.Certificate import java.security.cert.X509Certificate try { - println("## DUMP JVM TRUST MANAGERS ##") TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) tmf.init((KeyStore) null) @@ -28,7 +27,7 @@ try { if (trustManager instanceof X509TrustManager) { X509TrustManager x509TrustManager = (X509TrustManager) trustManager for (X509Certificate certificate: x509TrustManager.getAcceptedIssuers()) { - println("\t" + certificate.getSubjectDN()) + println("\t" + certificate.getSubjectX500Principal()) } println("\tAccepted issuers count : " + x509TrustManager.getAcceptedIssuers().length) println("###################") @@ -42,12 +41,15 @@ try { } try { String url = "${serverUrl}" - HttpsURLConnection urlConnection = (HttpsURLConnection) new URL(url).openConnection() - println(url + "->" + urlConnection.getResponseCode() + " " + urlConnection.getResponseMessage()) - for (Certificate certificate : urlConnection.getServerCertificates()) { + def response = ProxyConfiguration.newHttpClient().send( + ProxyConfiguration.newHttpRequestBuilder(new URI(url)).build(), + HttpResponse.BodyHandlers.discarding() + ) + println("$url -> ${response.statusCode()}") + for (Certificate certificate : response.sslSession().get().getPeerCertificates()) { if (certificate instanceof X509Certificate) { X509Certificate x509Certificate = (X509Certificate) certificate - Principal subjectDN = x509Certificate.getSubjectDN() + def subjectDN = x509Certificate.getSubjectX500Principal() println("\t" + subjectDN.getClass() + " - " + subjectDN) } else { println(certificate)