From 50a0e80de65ab50d7426c8e0abf31977b05c9dbb Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Wed, 22 Sep 2021 20:46:57 +0200
Subject: [PATCH] CPVM: use X509ExtendedTrustManager (#5419)

---
 .../websocket/WebSocketReverseProxy.java      | 32 +++++++++++++------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
index e2f62d6ba16..96293fa7f71 100644
--- a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
+++ b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/websocket/WebSocketReverseProxy.java
@@ -25,13 +25,14 @@ import org.java_websocket.handshake.ServerHandshake;
 import org.java_websocket.protocols.Protocol;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
 import java.io.IOException;
+import java.net.Socket;
 import java.net.URI;
 import java.nio.ByteBuffer;
-import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 
@@ -54,15 +55,28 @@ public class WebSocketReverseProxy extends WebSocketClient {
     private Session remoteSession;
 
     private void acceptAllCerts() {
-        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
-            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                return new java.security.cert.X509Certificate[]{};
+        TrustManager[] trustAllCerts = new TrustManager[]{new X509ExtendedTrustManager() {
+            @Override
+            public void checkClientTrusted (X509Certificate [] chain, String authType, Socket socket) {
             }
-            public void checkClientTrusted(X509Certificate[] chain,
-                                           String authType) throws CertificateException {
+            @Override
+            public void checkServerTrusted (X509Certificate [] chain, String authType, Socket socket) {
             }
-            public void checkServerTrusted(X509Certificate[] chain,
-                                           String authType) throws CertificateException {
+            @Override
+            public void checkClientTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
+            }
+            @Override
+            public void checkServerTrusted (X509Certificate [] chain, String authType, SSLEngine engine) {
+            }
+            @Override
+            public java.security.cert.X509Certificate [] getAcceptedIssuers () {
+                return null;
+            }
+            @Override
+            public void checkClientTrusted (X509Certificate [] certs, String authType) {
+            }
+            @Override
+            public void checkServerTrusted (X509Certificate [] certs, String authType) {
             }
         }};
         SSLContext sc;