alibaba · huawenyao · Apr 15, 2020
diff --git a/api/src/main/java/com/alibaba/nacos/api/common/Constants.java b/api/src/main/java/com/alibaba/nacos/api/common/Constants.java
@@ -183,4 +183,7 @@ public class Constants {
 
     public static final String HTTP_PREFIX = "http";
 
+    public static final String HTTPS_PREFIX = "https";
+
+    public static final String FLASE_STR = "false";
 }
diff --git a/client/pom.xml b/client/pom.xml
@@ -129,8 +129,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>6</source>
-                    <target>6</target>
+                    <source>8</source>
+                    <target>8</target>
                 </configuration>
             </plugin>
         </plugins>

diff --git a/client/src/main/java/com/alibaba/nacos/client/config/http/ServerHttpAgent.java b/client/src/main/java/com/alibaba/nacos/client/config/http/ServerHttpAgent.java
@@ -23,6 +23,7 @@
 import com.alibaba.nacos.client.config.impl.ServerListManager;
 import com.alibaba.nacos.client.config.impl.SpasAdapter;
 import com.alibaba.nacos.client.identify.STSConfig;
+import com.alibaba.nacos.client.naming.net.HttpClient;
 import com.alibaba.nacos.client.security.SecurityProxy;
 import com.alibaba.nacos.client.utils.JSONUtils;
 import com.alibaba.nacos.client.utils.LogUtils;
@@ -31,6 +32,7 @@
 import com.alibaba.nacos.common.utils.IoUtils;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.type.TypeReference;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.math.NumberUtils;
 import org.slf4j.Logger;
@@ -40,10 +42,7 @@
 import java.net.HttpURLConnection;
 import java.net.SocketTimeoutException;
 import java.net.URL;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Properties;
+import java.util.*;
 import java.util.concurrent.*;
 
 /**
@@ -59,6 +58,11 @@ public class ServerHttpAgent implements HttpAgent {
 
     private String namespaceId;
 
+    private String  httpPre="http://";
+
+    private String  httpsPre="https://";
+
+
     private long securityInfoRefreshIntervalMills = TimeUnit.SECONDS.toMillis(5);
 
     /**
@@ -74,7 +78,7 @@ public class ServerHttpAgent implements HttpAgent {
     public HttpResult httpGet(String path, List<String> headers, List<String> paramValues, String encoding,
                               long readTimeoutMs) throws IOException {
         final long endTime = System.currentTimeMillis() + readTimeoutMs;
-        final boolean isSSL = false;
+
         injectSecurityInfo(paramValues);
         String currentServerAddr = serverListMgr.getCurrentServerAddr();
         int maxRetry = this.maxRetry;
@@ -86,8 +90,8 @@ public HttpResult httpGet(String path, List<String> headers, List<String> paramV
                     newHeaders.addAll(headers);
                 }
                 HttpResult result = HttpSimpleClient.httpGet(
-                    getUrl(currentServerAddr, path), newHeaders, paramValues, encoding,
-                    readTimeoutMs, isSSL);
+                    getUrl(currentServerAddr, path, HttpClient.ENABLE_HTTPS), newHeaders, paramValues, encoding,
+                    readTimeoutMs, HttpClient.ENABLE_HTTPS);
                 if (result.code == HttpURLConnection.HTTP_INTERNAL_ERROR
                     || result.code == HttpURLConnection.HTTP_BAD_GATEWAY
                     || result.code == HttpURLConnection.HTTP_UNAVAILABLE) {
@@ -127,7 +131,6 @@ public HttpResult httpGet(String path, List<String> headers, List<String> paramV
     public HttpResult httpPost(String path, List<String> headers, List<String> paramValues, String encoding,
                                long readTimeoutMs) throws IOException {
         final long endTime = System.currentTimeMillis() + readTimeoutMs;
-        boolean isSSL = false;
         injectSecurityInfo(paramValues);
         String currentServerAddr = serverListMgr.getCurrentServerAddr();
         int maxRetry = this.maxRetry;
@@ -141,8 +144,8 @@ public HttpResult httpPost(String path, List<String> headers, List<String> param
                 }
 
                 HttpResult result = HttpSimpleClient.httpPost(
-                    getUrl(currentServerAddr, path), newHeaders, paramValues, encoding,
-                    readTimeoutMs, isSSL);
+                    getUrl(currentServerAddr, path,HttpClient.ENABLE_HTTPS), newHeaders, paramValues, encoding,
+                    readTimeoutMs, HttpClient.ENABLE_HTTPS);
                 if (result.code == HttpURLConnection.HTTP_INTERNAL_ERROR
                     || result.code == HttpURLConnection.HTTP_BAD_GATEWAY
                     || result.code == HttpURLConnection.HTTP_UNAVAILABLE) {
@@ -182,7 +185,6 @@ public HttpResult httpPost(String path, List<String> headers, List<String> param
     public HttpResult httpDelete(String path, List<String> headers, List<String> paramValues, String encoding,
                                  long readTimeoutMs) throws IOException {
         final long endTime = System.currentTimeMillis() + readTimeoutMs;
-        boolean isSSL = false;
         injectSecurityInfo(paramValues);
         String currentServerAddr = serverListMgr.getCurrentServerAddr();
         int maxRetry = this.maxRetry;
@@ -194,8 +196,8 @@ public HttpResult httpDelete(String path, List<String> headers, List<String> par
                     newHeaders.addAll(headers);
                 }
                 HttpResult result = HttpSimpleClient.httpDelete(
-                    getUrl(currentServerAddr, path), newHeaders, paramValues, encoding,
-                    readTimeoutMs, isSSL);
+                    getUrl(currentServerAddr, path,HttpClient.ENABLE_HTTPS), newHeaders, paramValues, encoding,
+                    readTimeoutMs, HttpClient.ENABLE_HTTPS);
                 if (result.code == HttpURLConnection.HTTP_INTERNAL_ERROR
                     || result.code == HttpURLConnection.HTTP_BAD_GATEWAY
                     || result.code == HttpURLConnection.HTTP_UNAVAILABLE) {
@@ -233,10 +235,19 @@ public HttpResult httpDelete(String path, List<String> headers, List<String> par
 
     private String getUrl(String serverAddr, String relativePath) {
         String contextPath = serverListMgr.getContentPath().startsWith("/") ?
-                serverListMgr.getContentPath() : "/" + serverListMgr.getContentPath();
-        return serverAddr + contextPath + relativePath;
+            serverListMgr.getContentPath() : "/" + serverListMgr.getContentPath();
+        return StringUtils.removeEnd(serverAddr,"/")+"/"+StringUtils.removeStart(contextPath,"/")+ relativePath;
+    }
+    private String getUrl(String serverAddr, String relativePath,boolean isSSL) {
+        String contextPath = serverListMgr.getContentPath().startsWith("/") ?
+            serverListMgr.getContentPath() : "/" + serverListMgr.getContentPath();
+        String url= StringUtils.removeEnd(serverAddr,"/")+"/"+StringUtils.removeStart(contextPath,"/")+ relativePath;
+        if (isSSL &&url.startsWith(httpPre)){
+            return httpsPre+StringUtils.removeStart(url,httpPre);
+        }else{
+            return url;
+        }
     }
-
     public static String getAppname() {
         return ParamUtil.getAppName();
     }

diff --git a/client/src/main/java/com/alibaba/nacos/client/config/impl/HttpSimpleClient.java b/client/src/main/java/com/alibaba/nacos/client/config/impl/HttpSimpleClient.java
@@ -24,11 +24,18 @@
 import com.alibaba.nacos.common.utils.UuidUtils;
 import com.alibaba.nacos.common.utils.VersionUtils;
 
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.net.URLEncoder;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
 import java.util.*;
 
 /**
@@ -37,7 +44,41 @@
  * @author Nacos
  */
 public class HttpSimpleClient {
+    static {
+        try {
+            trustAllHttpsCertificates();
+            HttpsURLConnection.setDefaultHostnameVerifier
+                (
+                    (urlHostName, session) -> true
+                );
+        } catch (Exception e) {
+        }
+    }
+
+    private static void trustAllHttpsCertificates()
+        throws NoSuchAlgorithmException, KeyManagementException {
+        TrustManager[] trustAllCerts = new TrustManager[1];
+        trustAllCerts[0] = new TrustAllManager();
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, trustAllCerts, null);
+        HttpsURLConnection.setDefaultSSLSocketFactory(
+            sc.getSocketFactory());
+    }
+
+    private static class TrustAllManager
+        implements X509TrustManager {
+        public X509Certificate[] getAcceptedIssuers() {
+            return null;
+        }
+
+        public void checkServerTrusted(X509Certificate[] certs,
+                                       String authType) {
+        }
 
+        public void checkClientTrusted(X509Certificate[] certs,
+                                       String authType) {
+        }
+    }
     static public HttpResult httpGet(String url, List<String> headers, List<String> paramValues,
                                      String encoding, long readTimeoutMs, boolean isSSL) throws IOException {
         String encodedContent = encodingParams(paramValues, encoding);

diff --git a/client/src/main/java/com/alibaba/nacos/client/naming/net/HttpClient.java b/client/src/main/java/com/alibaba/nacos/client/naming/net/HttpClient.java
@@ -16,18 +16,26 @@
 package com.alibaba.nacos.client.naming.net;
 
 import com.alibaba.nacos.api.common.Constants;
+import com.alibaba.nacos.client.config.impl.HttpSimpleClient;
 import com.alibaba.nacos.common.utils.HttpMethod;
 import com.alibaba.nacos.common.utils.IoUtils;
 import com.google.common.net.HttpHeaders;
 import org.apache.commons.lang3.StringUtils;
 
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
 import java.net.InetAddress;
 import java.net.URL;
 import java.net.URLEncoder;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
 import java.util.*;
 import java.util.zip.GZIPInputStream;
 
@@ -42,14 +50,48 @@ public class HttpClient {
         .getInteger("com.alibaba.nacos.client.naming.rtimeout", 50000);
     public static final int CON_TIME_OUT_MILLIS = Integer
         .getInteger("com.alibaba.nacos.client.naming.ctimeout", 3000);
-    private static final boolean ENABLE_HTTPS = Boolean
+    public static final boolean ENABLE_HTTPS = Boolean
         .getBoolean("com.alibaba.nacos.client.naming.tls.enable");
 
     static {
         // limit max redirection
         System.setProperty("http.maxRedirects", "5");
     }
+    static {
+        try {
+            trustAllHttpsCertificates();
+            HttpsURLConnection.setDefaultHostnameVerifier
+                (
+                    (urlHostName, session) -> true
+                );
+        } catch (Exception e) {
+        }
+    }
+
+    private static void trustAllHttpsCertificates()
+        throws NoSuchAlgorithmException, KeyManagementException {
+        TrustManager[] trustAllCerts = new TrustManager[1];
+        trustAllCerts[0] = new TrustAllManager();
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, trustAllCerts, null);
+        HttpsURLConnection.setDefaultSSLSocketFactory(
+            sc.getSocketFactory());
+    }
 
+    private static class TrustAllManager
+        implements X509TrustManager {
+        public X509Certificate[] getAcceptedIssuers() {
+            return null;
+        }
+
+        public void checkServerTrusted(X509Certificate[] certs,
+                                       String authType) {
+        }
+
+        public void checkClientTrusted(X509Certificate[] certs,
+                                       String authType) {
+        }
+    }
     public static String getPrefix() {
         if (ENABLE_HTTPS) {
             return "https://";

diff --git a/client/src/main/java/com/alibaba/nacos/client/security/SecurityProxy.java b/client/src/main/java/com/alibaba/nacos/client/security/SecurityProxy.java
@@ -23,6 +23,7 @@
 import com.alibaba.nacos.client.naming.net.HttpClient;
 import com.alibaba.nacos.common.utils.HttpMethod;
 import org.apache.commons.codec.Charsets;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -112,9 +113,14 @@ public boolean login(String server) {
             Map<String, String> params = new HashMap<String, String>(2);
             params.put("username", username);
             String body = "password=" + password;
-            String url = "http://" + server + contextPath + LOGIN_URL;
+            String url;
+            if (HttpClient.ENABLE_HTTPS){
+                url = "https://" + server + contextPath + LOGIN_URL;
+            }else {
+                url = "http://" + server + contextPath + LOGIN_URL;
+            }
 
-            if (server.contains(Constants.HTTP_PREFIX)) {
+            if (server.contains(Constants.HTTP_PREFIX)||server.contains(Constants.HTTPS_PREFIX)) {
                 url = server + contextPath + LOGIN_URL;
             }