Only set insecure socket factory on current connection (#678)

jshiell · jshiell · commit 9bd5e21b0e71 · 2025-10-18T12:25:08.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 
 # CheckStyle-IDEA Changelog
 
+* **5.113.1** Fixed: Insecure socket factory is now only set for the current connection (#678).
 * **5.113.0** New: Added Checkstyle 12.0.1.
 * **5.112.0** Fixed: Keep focus in tool window when scrolling result, matching find results behaviour (#676).
 * **5.112.0** Removed: Removed update notification, as IDEA now notifies when plugins are updated.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -19,7 +19,7 @@ plugins {
     id("org.infernus.idea.checkstyle.build")
 }
 
-version = "5.113.0"
+version = "5.113.1"
 
 intellijPlatform {
     pluginConfiguration {
diff --git a/src/main/java/org/infernus/idea/checkstyle/model/InsecureHTTPURLConfigurationLocation.java b/src/main/java/org/infernus/idea/checkstyle/model/InsecureHTTPURLConfigurationLocation.java
@@ -8,7 +8,9 @@
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.io.InputStream;
+import java.net.URLConnection;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 
 /**
@@ -22,20 +24,22 @@ public InsecureHTTPURLConfigurationLocation(@NotNull final Project project,
         super(id, ConfigurationType.INSECURE_HTTP_URL, project);
     }
 
-    @NotNull
     @Override
-    protected InputStream resolveFile(@NotNull final ClassLoader checkstyleClassLoader) throws IOException {
-        TrustManager[] trustAllCerts = new TrustManager[]{new AllTrustingTrustManager()};
-
-        try {
-            final SSLContext sc = SSLContext.getInstance("TLSv1.3");
-            sc.init(null, trustAllCerts, new java.security.SecureRandom());
-            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-        } catch (Exception ignored) {
-            // we care not for security
+    @NotNull URLConnection connectionTo(final String location) throws IOException {
+        final URLConnection urlConnection = super.connectionTo(location);
+
+        if (urlConnection instanceof HttpsURLConnection httpsURLConnection) {
+            try {
+                final TrustManager[] trustAllCerts = new TrustManager[]{new AllTrustingTrustManager()};
+                final SSLContext sc = SSLContext.getInstance("TLSv1.3");
+                sc.init(null, trustAllCerts, new java.security.SecureRandom());
+                httpsURLConnection.setSSLSocketFactory(sc.getSocketFactory());
+            } catch (NoSuchAlgorithmException | KeyManagementException e) {
+                throw new IOException("Failed to set an insecure SSL socket factory", e);
+            }
         }
 
-        return super.resolveFile(checkstyleClassLoader);
+        return urlConnection;
     }
 
     private static final class AllTrustingTrustManager implements X509TrustManager {
diff --git a/src/main/resources/META-INF/plugin.xml b/src/main/resources/META-INF/plugin.xml
@@ -25,6 +25,7 @@
     <change-notes>
         <![CDATA[
 <ul>
+    <li>5.113.1: Fixed: Insecure socket factory is now only set for the current connection (#678).</li>
     <li>5.113.0: New: Added Checkstyle 12.0.1.</li>
     <li>5.112.0: Fixed: Keep focus in tool window when scrolling result, matching find results behaviour (#676).</li>
     <li>5.112.0: Removed: Removed update notification, as IDEA now notifies when plugins are updated.</li>

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ plugins {`
`19`	`19`	`id("org.infernus.idea.checkstyle.build")`
`20`	`20`	`}`
`21`	`21`
`22`		`-version = "5.113.0"`
	`22`	`+version = "5.113.1"`
`23`	`23`
`24`	`24`	`intellijPlatform {`
`25`	`25`	`pluginConfiguration {`