3535import org .apache .http .ssl .SSLContexts ;
3636
3737import javax .net .ssl .SSLContext ;
38+ import javax .net .ssl .TrustManager ;
39+ import javax .net .ssl .TrustManagerFactory ;
40+ import javax .net .ssl .X509TrustManager ;
3841import java .io .File ;
3942import java .io .FileInputStream ;
4043import java .io .IOException ;
4649import java .security .KeyStoreException ;
4750import java .security .NoSuchAlgorithmException ;
4851import java .security .cert .CertificateException ;
52+ import java .security .cert .X509Certificate ;
4953import java .util .Map ;
5054
5155public class HttpsDirectTemplateDownloader extends HttpDirectTemplateDownloader {
@@ -90,6 +94,16 @@ private SSLContext getSSLContext() throws KeyStoreException, NoSuchAlgorithmExce
9094 } finally {
9195 instream .close ();
9296 }
97+ // Load the default trust store entries to ensure we have everything
98+ TrustManagerFactory factory = TrustManagerFactory .getInstance (TrustManagerFactory .getDefaultAlgorithm ());
99+ factory .init ((KeyStore ) null );
100+ for (TrustManager manager : factory .getTrustManagers ()) {
101+ if (manager instanceof X509TrustManager ) {
102+ for (X509Certificate acceptedIssuer : ((X509TrustManager ) manager ).getAcceptedIssuers ()) {
103+ trustStore .setCertificateEntry (acceptedIssuer .getSubjectDN ().getName (), acceptedIssuer );
104+ }
105+ }
106+ }
93107 return SSLContexts .custom ()
94108 .loadTrustMaterial (trustStore , new TrustSelfSignedStrategy ())
95109 .build ();
@@ -101,6 +115,7 @@ public boolean downloadTemplate() {
101115 try {
102116 response = httpsClient .execute (req );
103117 } catch (IOException e ) {
118+ s_logger .error ("Error on execute" , e );
104119 throw new CloudRuntimeException ("Error on HTTPS request: " + e .getMessage ());
105120 }
106121 return consumeResponse (response );
0 commit comments