Bypass SSL certificate checks (#435)

vepanimas · vepanimas · commit 0f716db4e809 · 2021-03-02T00:45:58.000+03:00
diff --git a/resources/messages/GraphQLMessages.properties b/resources/messages/GraphQLMessages.properties
@@ -5,6 +5,7 @@ graphql.notification.introspection.spec.error.body=A valid schema could not be b
 graphql.notification.introspection.parse.error=The server introspection response cannot be parsed as a valid JSON object.
 graphql.notification.introspection.empty.errors=Encountered empty error array, which does not conform to the GraphQL spec.
 graphql.notification.error.title=GraphQL error
+graphql.notification.ssl.cert.error.title=SSL certificate error
 graphql.notification.stack.trace=Stack trace
 graphql.notification.retry.without.defaults=Retry (skip default values from now on)
 graphql.notification.retry=Retry
@@ -18,6 +19,7 @@ graphql.notification.load.schema.from.endpoint.title=Get GraphQL schema from end
 graphql.notification.load.schema.from.endpoint.body=Introspect ''{0}'' to update the local schema file.
 graphql.notification.load.schema.from.endpoint.action=Introspect ''{0}''
 graphql.notification.dont.show.again.message=Don't show again
+graphql.notification.trust.all.hosts=Trust all hosts
 
 # Introspection
 graphql.introspection.missing.data=Expected `data` key to be present in query result.
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/editor/GraphQLIntrospectionService.java b/src/main/com/intellij/lang/jsgraphql/ide/editor/GraphQLIntrospectionService.java
@@ -31,6 +31,7 @@
 import com.intellij.openapi.application.WriteAction;
 import com.intellij.openapi.command.WriteCommandAction;
 import com.intellij.openapi.components.ServiceManager;
+import com.intellij.openapi.diagnostic.Logger;
 import com.intellij.openapi.fileEditor.FileEditor;
 import com.intellij.openapi.fileEditor.FileEditorManager;
 import com.intellij.openapi.fileEditor.OpenFileDescriptor;
@@ -66,15 +67,23 @@
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.TrustAllStrategy;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.util.EntityUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
 import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -83,9 +92,11 @@
 import static com.intellij.lang.jsgraphql.v1.ide.project.JSGraphQLLanguageUIProjectService.setHeadersFromOptions;
 
 public class GraphQLIntrospectionService implements Disposable {
+    private static final Logger LOG = Logger.getInstance(GraphQLIntrospectionService.class);
 
     private static final Set<String> DEFAULT_DIRECTIVES = Sets.newHashSet("deprecated", "skip", "include", "specifiedBy");
     private static final String DISABLE_EMPTY_ERRORS_WARNING_KEY = "graphql.empty.errors.warning.disabled";
+    public static final String GRAPHQL_TRUST_ALL_HOSTS = "graphql.trust.all.hosts";
 
     private GraphQLIntrospectionTask latestIntrospection = null;
     private final Project myProject;
@@ -164,6 +175,27 @@ public static HttpPost createRequest(@NotNull GraphQLConfigVariableAwareEndpoint
         return request;
     }
 
+    @NotNull
+    public CloseableHttpClient createHttpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
+        HttpClientBuilder builder = HttpClients.custom();
+        if (PropertiesComponent.getInstance(myProject).isTrueValue(GRAPHQL_TRUST_ALL_HOSTS)) {
+            builder
+                .setSSLContext(new SSLContextBuilder().loadTrustMaterial(null, TrustAllStrategy.INSTANCE).build())
+                .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
+        }
+        return builder.build();
+    }
+
+    @Nullable
+    public NotificationAction createTrustAllHostsAction() {
+        final PropertiesComponent propertiesComponent = PropertiesComponent.getInstance(myProject);
+        if (propertiesComponent.isTrueValue(GRAPHQL_TRUST_ALL_HOSTS)) return null;
+
+        return NotificationAction.createSimpleExpiring(
+            GraphQLBundle.message("graphql.notification.trust.all.hosts"),
+            () -> propertiesComponent.setValue(GRAPHQL_TRUST_ALL_HOSTS, true));
+    }
+
     public void addIntrospectionStackTraceAction(@NotNull Notification notification, @NotNull Exception exception) {
         notification.addAction(new NotificationAction(GraphQLBundle.message("graphql.notification.stack.trace")) {
             @Override
@@ -392,6 +424,7 @@ void createOrUpdateIntrospectionOutputFile(@NotNull String schemaText,
                 }
             });
         } catch (IOException ioe) {
+            LOG.warn(ioe);
             Notifications.Bus.notify(new Notification(
                 GraphQLNotificationUtil.NOTIFICATION_GROUP_ID,
                 GraphQLBundle.message("graphql.notification.error.title"),
@@ -457,10 +490,10 @@ public void run(@NotNull ProgressIndicator indicator) {
             indicator.setIndeterminate(true);
             String responseJson;
 
-            try (final CloseableHttpClient httpClient = HttpClients.createDefault();
+            try (final CloseableHttpClient httpClient = createHttpClient();
                  final CloseableHttpResponse response = httpClient.execute(request)) {
                 responseJson = ObjectUtils.coalesce(EntityUtils.toString(response.getEntity()), "");
-            } catch (IOException e) {
+            } catch (IOException | GeneralSecurityException e) {
                 GraphQLNotificationUtil.showGraphQLRequestErrorNotification(myProject, url, e, NotificationType.WARNING, retry);
                 return;
             }
diff --git a/src/main/com/intellij/lang/jsgraphql/ide/notifications/GraphQLNotificationUtil.java b/src/main/com/intellij/lang/jsgraphql/ide/notifications/GraphQLNotificationUtil.java
@@ -2,12 +2,14 @@
 
 import com.intellij.lang.jsgraphql.GraphQLBundle;
 import com.intellij.lang.jsgraphql.GraphQLSettings;
+import com.intellij.lang.jsgraphql.ide.editor.GraphQLIntrospectionService;
 import com.intellij.notification.Notification;
 import com.intellij.notification.NotificationAction;
 import com.intellij.notification.NotificationType;
 import com.intellij.notification.Notifications;
 import com.intellij.openapi.actionSystem.AnActionEvent;
 import com.intellij.openapi.application.ApplicationManager;
+import com.intellij.openapi.diagnostic.Logger;
 import com.intellij.openapi.fileEditor.FileEditorManager;
 import com.intellij.openapi.project.Project;
 import com.intellij.openapi.util.text.StringUtil;
@@ -17,7 +19,10 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
+import javax.net.ssl.SSLException;
+
 public class GraphQLNotificationUtil {
+    private static final Logger LOG = Logger.getInstance(GraphQLNotificationUtil.class);
     public static final String NOTIFICATION_GROUP_ID = "GraphQL";
 
     public static void showInvalidConfigurationNotification(@NotNull String message,
@@ -46,16 +51,30 @@ public static void showGraphQLRequestErrorNotification(@NotNull Project project,
                                                            @NotNull String url,
                                                            @NotNull Exception error,
                                                            @NotNull NotificationType notificationType,
-                                                           @Nullable NotificationAction retry) {
+                                                           @Nullable NotificationAction action) {
+        LOG.warn(error);
+
+        boolean isSSLError = error instanceof SSLException;
+        final String message = isSSLError
+            ? GraphQLBundle.message("graphql.notification.ssl.cert.error.title")
+            : GraphQLBundle.message("graphql.notification.error.title");
+
         Notification notification = new Notification(
             NOTIFICATION_GROUP_ID,
-            GraphQLBundle.message("graphql.notification.error.title"),
+            message,
             url + ": " + GraphQLNotificationUtil.formatExceptionMessage(error),
             notificationType
         );
 
-        if (retry != null) {
-            notification.addAction(retry);
+        if (isSSLError) {
+            NotificationAction trustAction = GraphQLIntrospectionService.getInstance(project).createTrustAllHostsAction();
+            if (trustAction != null) {
+                notification.addAction(trustAction);
+            }
+        }
+
+        if (action != null) {
+            notification.addAction(action);
         }
 
         Notifications.Bus.notify(notification, project);
diff --git a/src/main/com/intellij/lang/jsgraphql/v1/ide/project/JSGraphQLLanguageUIProjectService.java b/src/main/com/intellij/lang/jsgraphql/v1/ide/project/JSGraphQLLanguageUIProjectService.java
@@ -76,7 +76,6 @@
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
 import org.apache.http.util.EntityUtils;
 import org.jetbrains.annotations.NotNull;
 
@@ -86,6 +85,7 @@
 import java.awt.event.MouseAdapter;
 import java.awt.event.MouseEvent;
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
@@ -396,8 +396,9 @@ public void run(@NotNull ProgressIndicator indicator) {
     }
 
     private void runQuery(Editor editor, VirtualFile virtualFile, JSGraphQLQueryContext context, String url, HttpPost request) {
+        GraphQLIntrospectionService introspectionService = GraphQLIntrospectionService.getInstance(myProject);
         try {
-            try (final CloseableHttpClient httpClient = HttpClients.createDefault()) {
+            try (final CloseableHttpClient httpClient = introspectionService.createHttpClient()) {
                 editor.putUserData(JS_GRAPH_QL_EDITOR_QUERYING, true);
 
                 String responseJson;
@@ -453,7 +454,7 @@ private void runQuery(Editor editor, VirtualFile virtualFile, JSGraphQLQueryCont
             } finally {
                 editor.putUserData(JS_GRAPH_QL_EDITOR_QUERYING, null);
             }
-        } catch (IOException | IllegalArgumentException e) {
+        } catch (IOException | GeneralSecurityException e) {
             GraphQLNotificationUtil.showGraphQLRequestErrorNotification(myProject, url, e, NotificationType.WARNING, null);
         }
     }
