Bug 1264079

Summary: User unfriendly msg shown when trying to create a bundle from untrusted URL
Product: [JBoss] JBoss Operations Network Reporter: Filip Brychta <fbrychta>
Component: Core Server, UsabilityAssignee: Josejulio Martínez <jmartine>
Status: CLOSED ERRATA QA Contact: Jeeva Kandasamy <jkandasa>
Severity: medium Docs Contact:
Priority: high    
Version: JON 3.3.4CC: jkandasa, jmartine, spinder
Target Milestone: DR01Keywords: Triaged
Target Release: JON 3.3.10   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-16 03:16:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
server log
none
screenshot
none
user friendly message none

Description Filip Brychta 2015-09-17 12:56:41 UTC 
Created attachment 1074455 [details]
server log

Description of problem:
$Summary

Version-Release number of selected component (if applicable):
JON3.3.4.DR1

How reproducible:
Always

Steps to Reproduce:
1. try to create new bundle from URL which is not trusted (for testing purposes - https://10.16.23.153:10443/bundle.zip)


Actual results:
[1442491555071] javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> sun.security.provider.certpath.SunCertPathBuilderException:unable to find valid certification path to requested target

Expected results:
In versions prior DR01 it was:
[1442491225231] javax.net.ssl.SSLPeerUnverifiedException:peer not authenticated

Additional info:
complete exception from server.log attached
Comment 1 Filip Brychta 2015-09-17 12:57:02 UTC 
Created attachment 1074456 [details]
screenshot
Comment 6 Josejulio Martínez 2017-11-16 18:35:30 UTC 
https://github.com/rhq-project/rhq/pull/338

Hides the unfriendly messages and changes it to:
[1510857243098] javax.net.ssl.SSLException:Failed to download the file from the URL [https://expired.badssl.com/].
Comment 7 Josejulio Martínez 2017-11-17 19:26:05 UTC 
commit 5e58f38af2c2af16a9455aeb7adba708c84c5759
Merge: 75733f1 0882a98
Author: Michael Burman <yak>
Date:   Fri Nov 17 15:01:44 2017 +0200

    Merge pull request #338 from josejulio/bugs/1264079
    
    Bug 1264079 - Hides SSLException verbose messages to the UI and logs it

commit 0882a984ebe0f51aab4c581ad1318868f1f6e513
Author: Josejulio Martínez <jmartine>
Date:   Thu Nov 16 12:19:21 2017 -0600

    Bug 1264079 - Hides SSLException verbose messages to the UI and logs it
Comment 9 Simeon Pinder 2017-12-29 12:11:56 UTC 
Moving to ON_QA as available for test with the latest build:

JON 3.3.10 DR01 artifacts are available for test from here:
http://download.eng.bos.redhat.com/brewroot/packages/org.jboss.on-jboss-on-parent/3.3.0.GA/164/maven/org/jboss/on/jon-server-patch/3.3.0.GA/jon-server-patch-3.3.0.GA.zip
 *Note: jon-server-patch-3.3.0.GA.zip maps to DR01 build of
 jon-server-3.3.0.GA-update-10.zip.

https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=635136
Comment 10 Jeeva Kandasamy 2018-01-03 13:01:07 UTC 
Created attachment 1376329 [details]
user friendly message

Browser: Firefox 57.0.1 (64-bit)
JON Version: 3.3.0.GA Update 10
Build Number: 8c98c29:28bd066
GWT Version: 2.5.0
SmartGWT Version: 3.0p

Shows the following exceptions when we create a bundle from untrusted URL,
"[1514983680907]  javax.net.ssl.SSLException:Failed to download the file from the URL  [https://10.36.112.58:8443/bundles/bundle.zip]."

GUI screenshot is attached.
Comment 13 errata-xmlrpc 2018-02-16 03:16:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0325