From ffa700f94635175f933108633878c1d8438f7185 Mon Sep 17 00:00:00 2001 From: Jean Niklas L'orange Date: Sun, 26 Jul 2015 22:12:01 +0200 Subject: [PATCH] Replace old HttpWagon conn-mngr setup. Fixes #1746 Bumping HttpWagon from 2.4 to 2.6 caused old methods in HttpWagon to disappear, and along with it all the old Apache Http stuff we depended on. This caused additional CA certificates provided in :certificates to make Lein just fall on the floor and die. This bumps HttpWagon to 2.9 and refactors Apache Http usage to non-deprecated usage for the version we depend on. --- leiningen-core/project.clj | 2 +- leiningen-core/src/leiningen/core/project.clj | 6 +- leiningen-core/src/leiningen/core/ssl.clj | 69 ++++++++++++++----- 3 files changed, 56 insertions(+), 21 deletions(-) diff --git a/leiningen-core/project.clj b/leiningen-core/project.clj index 7e6f6bc28..b2330e42e 100644 --- a/leiningen-core/project.clj +++ b/leiningen-core/project.clj @@ -8,7 +8,7 @@ [classlojure "0.6.6"] [robert/hooke "1.3.0"] [com.cemerick/pomegranate "0.3.0"] - [org.apache.maven.wagon/wagon-http "2.7"] + [org.apache.maven.wagon/wagon-http "2.9"] [com.hypirion/io "0.3.1"] [pedantic "0.2.0"]] :scm {:dir ".."} diff --git a/leiningen-core/src/leiningen/core/project.clj b/leiningen-core/src/leiningen/core/project.clj index 456f3ac20..67b7470b6 100644 --- a/leiningen-core/src/leiningen/core/project.clj +++ b/leiningen-core/src/leiningen/core/project.clj @@ -758,11 +758,11 @@ (let [make-context (resolve 'leiningen.core.ssl/make-sslcontext) read-certs (resolve 'leiningen.core.ssl/read-certs) default-certs (resolve 'leiningen.core.ssl/default-trusted-certs) - register-scheme (resolve 'leiningen.core.ssl/register-scheme) - https-scheme (resolve 'leiningen.core.ssl/https-scheme) + override-wagon-registry! (resolve 'leiningen.core.ssl/override-wagon-registry!) + https-registry (resolve 'leiningen.core.ssl/https-registry) certs (mapcat read-certs (:certificates project)) context (make-context (into (default-certs) certs))] - (register-scheme (https-scheme context)) + (override-wagon-registry! (https-registry context)) project))) (defn activate-middleware diff --git a/leiningen-core/src/leiningen/core/ssl.clj b/leiningen-core/src/leiningen/core/ssl.clj index 594672d67..83e477820 100644 --- a/leiningen-core/src/leiningen/core/ssl.clj +++ b/leiningen-core/src/leiningen/core/ssl.clj @@ -1,5 +1,6 @@ (ns leiningen.core.ssl - (:require [clojure.java.io :as io] + (:require [cemerick.pomegranate.aether :as aether] + [clojure.java.io :as io] [leiningen.core.user :as user]) (:import java.security.KeyStore java.security.KeyStore$TrustedCertificateEntry @@ -10,10 +11,12 @@ javax.net.ssl.TrustManagerFactory javax.net.ssl.X509TrustManager java.io.FileInputStream - org.apache.http.conn.ssl.SSLSocketFactory - org.apache.http.conn.scheme.Scheme - org.apache.maven.wagon.providers.http.HttpWagon - org.apache.http.conn.ssl.BrowserCompatHostnameVerifier)) + org.apache.http.config.RegistryBuilder + org.apache.http.conn.socket.PlainConnectionSocketFactory + org.apache.http.conn.ssl.BrowserCompatHostnameVerifier + org.apache.http.conn.ssl.SSLConnectionSocketFactory + org.apache.http.impl.conn.PoolingHttpClientConnectionManager + org.apache.maven.wagon.providers.http.HttpWagon)) (defn ^TrustManagerFactory trust-manager-factory [^KeyStore keystore] (doto (TrustManagerFactory/getInstance "PKIX") @@ -78,16 +81,48 @@ (alter-var-root #'make-sslcontext memoize) -(defn https-scheme - "Construct a Scheme that uses a given SSLContext." - ([context] (https-scheme context 443)) +(defn https-registry + "Constructs a registry map that uses a given SSLContext for https." + [context] + (let [factory (SSLConnectionSocketFactory. context (BrowserCompatHostnameVerifier.))] + {"https" factory + "http" PlainConnectionSocketFactory/INSTANCE})) + +(defn ^:deprecated https-scheme + "Constructs a registry map that uses a given SSLContext for https. + + DEPRECATED: Use https-registry instead." ([context port] - (let [factory (SSLSocketFactory. context (BrowserCompatHostnameVerifier.))] - (Scheme. "https" port factory)))) - -(def register-scheme - "Register a scheme with the HTTP Wagon for use with Aether." - (memoize (fn [scheme] - (-> (.getConnectionManager (HttpWagon.)) - (.getSchemeRegistry) - (.register scheme))))) + (if (not= port 443) ;; TODO: Should we support this? + (throw (ex-info "Specifying port for https-scheme is not possible anymore." + {:context context :port port})) + (https-scheme context))) + ([context] + (binding [*out* *err*] + (println "https-scheme is deprecated, use https-registry instead")) + (https-registry context))) + +(defn- map->registry + "Creates a Registry based of the given map." + [m] + (let [rb (RegistryBuilder/create)] + (doseq [[scheme conn-sock-factory] m] + (.register rb scheme conn-sock-factory)) + (.build rb))) + +(defn override-wagon-registry! + "Override the registry scheme used by the HTTP Wagon's Connection + manager (used for Aether)." + [registry] + (let [cm (PoolingHttpClientConnectionManager. (map->registry registry))] + (HttpWagon/setPoolingHttpClientConnectionManager cm))) + +(defn ^:deprecated register-scheme + "Override the registry scheme used by the HTTP Wagon's Connection + manager (used for Aether). + + DEPRECATED: Use override-wagon-registry! instead." + [scheme] + (binding [*out* *err*] + (println "register-scheme is deprecated, use override-wagon-registry! instead")) + (override-wagon-registry! scheme))