Skip to first unread message
phat...@gmail.com
Apr 18, 2017, 8:25:43 AM4/18/17
to SonarLint
Hi all,
SonarLint for Eclipse cannot connect to my SonarQube server which is available via HTTPs behind a proxy server:
The proxy configuration in Eclipse is correct. SonarLint also extracts the correct values from the Eclipe proxy service and adds an interceptor to the OkHttp client.
But when OkHttp is opening the SSL/TLS connection, it is not using the interceptor which sets the proxy header.
SonarLint should set the proxy authenticator (okhttp3.Authenticator) on the client builder as well (see org.sonarqube.ws.client.OkHttpClientBuilder).
I just did a quick and dirty fix and this change worked for me.
Best regards,
Gregor
SonarLint for Eclipse cannot connect to my SonarQube server which is available via HTTPs behind a proxy server:
Fail to request https://sonar.etas-dev.com/api/system/status
java.lang.IllegalStateException: Fail to request https://sonar.etas-dev.com/api/system/status
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:165)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.get(HttpConnector.java:111)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.call(HttpConnector.java:100)
at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:108)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:97)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:61)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:51)
at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:48)
at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:43)
at org.sonarlint.eclipse.core.internal.server.Server.testConnection(Server.java:324)
at org.sonarlint.eclipse.ui.internal.server.wizard.ServerConnectionTestJob.run(ServerConnectionTestJob.java:44)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)
Caused by: java.io.IOException: Failed to authenticate with proxy
at okhttp3.internal.io.RealConnection.createTunnel(RealConnection.java:318)
at okhttp3.internal.io.RealConnection.buildTunneledConnection(RealConnection.java:152)
at okhttp3.internal.io.RealConnection.connect(RealConnection.java:108)
at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:187)
at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:123)
at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:93)
at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:296)
at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
at okhttp3.RealCall.getResponse(RealCall.java:243)
at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:201)
at org.sonarsource.sonarlint.core.util.ws.OkHttpClientBuilder.completeHeaders(OkHttpClientBuilder.java:183)
at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:190)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:163)
at okhttp3.RealCall.execute(RealCall.java:57)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:162)
... 11 more
The proxy configuration in Eclipse is correct. SonarLint also extracts the correct values from the Eclipe proxy service and adds an interceptor to the OkHttp client.
But when OkHttp is opening the SSL/TLS connection, it is not using the interceptor which sets the proxy header.
SonarLint should set the proxy authenticator (okhttp3.Authenticator) on the client builder as well (see org.sonarqube.ws.client.OkHttpClientBuilder).
I just did a quick and dirty fix and this change worked for me.
public OkHttpClient build() {
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.proxy(proxy);
if (connectTimeoutMs >= 0) {
builder.connectTimeout(connectTimeoutMs, TimeUnit.MILLISECONDS);
}
if (readTimeoutMs >= 0) {
builder.readTimeout(readTimeoutMs, TimeUnit.MILLISECONDS);
}
builder.addInterceptor(this::completeHeaders);
ConnectionSpec tls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).allEnabledTlsVersions()
.allEnabledCipherSuites().supportsTlsExtensions(true).build();
builder.connectionSpecs(asList(tls, ConnectionSpec.CLEARTEXT));
X509TrustManager trustManager = sslTrustManager != null ? sslTrustManager : systemDefaultTrustManager();
SSLSocketFactory sslFactory = sslSocketFactory != null ? sslSocketFactory
: systemDefaultSslSocketFactory(trustManager);
builder.sslSocketFactory(sslFactory, trustManager);
// set proxy authenticator
if (proxyLogin != null) {
builder.proxyAuthenticator((route, response) -> {
Request.Builder newRequest = response.request().newBuilder();
return newRequest
.header("Proxy-Authorization", Credentials.basic(proxyLogin, nullToEmpty(proxyPassword)))
.build();
});
}
return builder.build();
}Best regards,
Gregor
Julien HENRY
Apr 18, 2017, 9:02:59 AM4/18/17
to phat...@gmail.com, SonarLint
Hi Gregor,
Thanks for reporting this issue. Would you mind submitting a pull request? Can you also test by removing the proxy authentication header added by the interceptor. I feel the interceptor is not called in some situation, and that probbaly duplicate the builder.proxyAuthenticator anyway.
Thanks
Julien
--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/60aa7a66-dd4e-49e3-b96d-c977dc49542f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Gregor Latuske
Apr 18, 2017, 9:32:22 AM4/18/17
to SonarLint, phat...@gmail.com
Hi Julien,
I have tested without setting the authentication header in the interceptor and it works fine as well.
Unfortunately I have no SonarQube server which is available just via HTTP, so I cannot make sure if this would work as well.
Of course I can submit a pull request. Should I include the removed lines of the interceptor?
Regards
Gregor
I have tested without setting the authentication header in the interceptor and it works fine as well.
Unfortunately I have no SonarQube server which is available just via HTTP, so I cannot make sure if this would work as well.
Of course I can submit a pull request. Should I include the removed lines of the interceptor?
Regards
Gregor
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.
Julien HENRY
Apr 18, 2017, 9:55:31 AM4/18/17
to Gregor Latuske, SonarLint
2017-04-18 15:32 GMT+02:00 Gregor Latuske <phat...@gmail.com>:
Of course I can submit a pull request. Should I include the removed lines of the interceptor?
Yes please. We have some Integration Tests with http proxy (but not with https), so in case of regression, it will be easy to spot.
Gregor Latuske
Apr 18, 2017, 10:53:36 AM4/18/17
to SonarLint
Should I apply the changes to org.sonarqube.ws.client.OkHttpClientBuilder as well? Seems to be copy of org.sonarsource.sonarlint.core.util.ws.OkHttpClientBuilder (or vice versa ;-))
Julien HENRY
Apr 18, 2017, 11:22:27 AM4/18/17
to Gregor Latuske, SonarLint
2017-04-18 16:53 GMT+02:00 Gregor Latuske <phat...@gmail.com>:
Should I apply the changes to org.sonarqube.ws.client.OkHttpClientBuilder as well?
Yes, please.
Seems to be copy of org.sonarsource.sonarlint.core.util.ws.OkHttpClientBuilder (or vice versa ;-))
Julien HENRY
Apr 28, 2017, 3:21:06 AM4/28/17
to Gregor Latuske, SonarLint
Hi Gregor,
I will shortly start the feedback period for next version of SonarLint for Eclipse. Would you mind testing that:
is ok regarding proxy support?
Thanks
Julien Henry | SonarSource
Developer
http://sonarsource.comReply all
Reply to author
Forward
0 new messages