Closed meiswjn closed 3 years ago
The graph proxy is done with custom code and not the standard azure sdk integration, looks like proxy was just missed: https://github.com/jenkinsci/azure-ad-plugin/blob/f6841393099e2c75cab09b0cf0f2a857ec91861b/src/main/java/com/microsoft/jenkins/azuread/GraphProxy.java#L129
should be quite straightforward.
otherwise I can do a PR when I get a chance
all proxy support is best effort for me, I do not have an environment to test it in, and I always prefer someone with an environment to either create the PR or at least validate it
Apologies for the late reply. I will have a look at it.
I'm sorry, but I don't get the referred code yet. As of now, I don't see any usage of the class "GraphProxy" in the whole project - am I missing something? The class "AzureSecurityRealm" uses the hudson-native proxy configuration, it appears.
Not as easy as I thought. Using the OkHttpClient Builder to use the proxy in the proxy() method did not bring any success. Let me know if you have any ideas!
can you create a draft PR with what you've got?
It should be roughly:
Jenkins.get().getProxy()
and then getting the values off of that
Done :)
Hey,
First of all, thanks for maintaining this plugin!
I found an issue with the proxy.
Version report
Reproduction steps
MIN_RAM=1G MAX_RAM=6G JAVA_ARGS=" [...] -Djavax.net.ssl.trustStore=/var/lib/jenkins/extra_truststore.jks -Djavax.net.ssl.trustStorePassword='???' -Djetty.ssl.sniHostCheck=false -Djavax.net.debug=ssl:handshake" [...]
.microsoft.com .microsoftonline.com .office.com .azure.com
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) Caused: sun.security.validator.ValidatorException: PKIX path building failed at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:276) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141) at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234) at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:723) at io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36) at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:38) at io.netty.handler.ssl.ReferenceCountedOpenSslEngine$3.run(ReferenceCountedOpenSslEngine.java:1447) at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1512) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1526) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1390) Caused: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1845) at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:812) at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:522) at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1039) at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:925) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1403) at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1245) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1282) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.handler.proxy.ProxyHandler.channelRead(ProxyHandler.java:253) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436) at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:253) at io.netty.handler.proxy.HttpProxyHandler$HttpClientCodecWrapper.channelRead(HttpProxyHandler.java:272) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795) at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378) at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:829)
http_port 3128 http_access allow all
cache_peer parent 8080 0 no-query default
acl all src 0.0.0.0/0.0.0.0 acl microsoft dstdomain .office.com .microsoft.com .microsoftonline.com .azure.com never_direct deny microsoft never_direct allow all
debug_options ALL,1 33,2 28,9