[client] Try to use generic SSL and HTTPS context if connection check fails

6 files changed, 67 insertions, 26 deletions

diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
index f67acaba..a5dc7464 100755
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/App.java
@@ -15,8 +15,6 @@ import java.util.Set;
 import java.util.concurrent.CountDownLatch;
 import java.util.zip.Deflater;
 
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
 import javax.swing.SwingUtilities;
 import javax.swing.UIDefaults;
 import javax.swing.UIManager;
@@ -40,7 +38,6 @@ import org.openslx.dozmod.gui.helper.Language;
 import org.openslx.dozmod.gui.helper.MessageType;
 import org.openslx.dozmod.util.ClientVersion;
 import org.openslx.dozmod.util.FallbackTrustManager;
-import org.openslx.dozmod.util.OsHelper;
 import org.openslx.dozmod.util.ProxyConfigurator;
 import org.openslx.thrifthelper.ThriftManager;
 import org.openslx.util.AppUtil;
@@ -150,17 +147,8 @@ public class App {
 		AppUtil.logHeader(LOGGER, Branding.getApplicationName(), App.class.getPackage().getImplementationVersion());
 		LOGGER.info("Starting logging to " + logFilePath);
 
-		if (OsHelper.isWindows()) {
-			// On Windows 10+, use system store in addition to the Java one
-			LOGGER.info("Installing Fallback X509 truster");
-			try {
-				SSLContext sslContext = FallbackTrustManager.getSSLContext();
-				SSLContext.setDefault(sslContext);
-				HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
-			} catch (Exception e) {
-				LOGGER.warn("Cannot use fallback SSL context with system store", e);
-			}
-		}
+		// On Windows, we use the system's trust store in addition to the Java one
+		FallbackTrustManager.install();
 
 		// Setting the locale
 		if (!setPreferredLanguage()) {
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java
index 1fbdb88f..8d59e56c 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/FallbackTrustManager.java
@@ -4,6 +4,7 @@ import java.io.FileInputStream;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
@@ -18,9 +19,13 @@ public class FallbackTrustManager {
 	
 	private static SSLContext sslContext = null;
 
-	private static FallbackX509TrustManager delegatingTrustManager;
+	private static FallbackX509TrustManager delegatingTrustManager = null;
 
-	static {
+	public static void install() {
+		if (!OsHelper.isWindows())
+			return;
+		// On Windows, use system store in addition to the Java one
+		LOGGER.info("Installing Fallback X509 truster");
 		try {
 			// --- Load Java default trust store (cacerts) ---
 			String javaHome = System.getProperty("java.home");
@@ -53,17 +58,22 @@ public class FallbackTrustManager {
 					javaTrustManager, windowsTrustManager);
 
 			sslContext = SSLContext.getInstance("TLS");
-			sslContext.init(null, new TrustManager[] { delegatingTrustManager }, null);
+			sslContext.init(null, getTrustManagers(), null);
+			SSLContext.setDefault(sslContext);
+			HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
 		} catch (Exception e) {
+			LOGGER.warn("Cannot use fallback SSL context with system store", e);
 		}
 	}
 	
 	public static TrustManager getTrustManager() {
 		return delegatingTrustManager;
 	}
-
-	public static SSLContext getSSLContext() {
-		return sslContext;
+	
+	public static TrustManager[] getTrustManagers() {
+		if (delegatingTrustManager == null)
+			return null;
+		return new TrustManager[] { delegatingTrustManager };
 	}
 
 	// Extract the first X509TrustManager from the factory
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
index a1dc0dbc..b024dae5 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
@@ -10,7 +10,6 @@ import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
 
 import org.apache.hc.client5.http.classic.methods.HttpGet;
 import org.apache.hc.client5.http.config.ConnectionConfig;
@@ -29,6 +28,9 @@ import org.apache.logging.log4j.Logger;
 import org.openslx.bwlp.thrift.iface.MasterServer;
 import org.openslx.dozmod.App;
 import org.openslx.dozmod.authentication.ShibbolethEcp;
+import org.openslx.dozmod.gui.Gui;
+import org.openslx.dozmod.gui.helper.I18n;
+import org.openslx.dozmod.gui.helper.MessageType;
 import org.openslx.thrifthelper.ThriftManager;
 import org.openslx.util.Util;
 
@@ -81,7 +83,7 @@ public class ProxyConfigurator {
 			} else {
 				thriftCtx = SSLContext.getInstance("TLSv1.2");
 			}
-			thriftCtx.init(null, new TrustManager[] { FallbackTrustManager.getTrustManager() }, null);
+			thriftCtx.init(null, FallbackTrustManager.getTrustManagers(), null);
 		} catch (NoSuchAlgorithmException | KeyManagementException e) {
 			LOGGER.warn("Error creating default SSL context for thrift", e);
 		}
@@ -96,7 +98,7 @@ public class ProxyConfigurator {
 			MasterServer.Client masterClient;
 			try {
 				ctx = SSLContext.getInstance(tls[0].id);
-				ctx.init(null, new TrustManager[] { FallbackTrustManager.getTrustManager() }, null);
+				ctx.init(null, FallbackTrustManager.getTrustManagers(), null);
 				masterClient = ThriftManager.getNewMasterClient(ctx,
 						App.getMasterServerAddress(),
 						App.THRIFT_SSL_PORT, 4000);
@@ -139,6 +141,35 @@ public class ProxyConfigurator {
 	 * Initialization method.
 	 */
 	public static void init() {
+		try {
+			initInternal();
+		} finally {
+			boolean warn = false;
+			if (thriftCtx == null) {
+				try {
+					SSLContext ctx = SSLContext.getDefault();
+					ctx.init(null, FallbackTrustManager.getTrustManagers(), null);
+					thriftCtx = ctx;
+				} catch (Exception e) {
+					Gui.asyncMessageBox(I18n.GUI.getString("ProxyConfigurator.Message.error.couldNotGetSslContext"),
+							MessageType.ERROR, LOGGER, e);
+					System.exit(1);
+				}
+				warn = true;
+			}
+			if (apacheClient.get() == null) {
+				HttpClientBuilder builder = createDefaultBuilder();
+				apacheClient.set(builder.build());
+				warn = true;
+			}
+			if (warn) {
+				Gui.asyncMessageBox(I18n.GUI.getString("ProxyConfigurator.Message.warning.couldNotConnect"),
+						MessageType.WARNING, LOGGER, null);
+			}
+		}
+	}
+	
+	private static void initInternal() {
 		tryAllThriftVariants();
 		// Only try HTTPS if thrift succeeded
 		if (thriftCtx != null) {
diff --git a/dozentenmodul/src/main/properties/i18n/gui.properties b/dozentenmodul/src/main/properties/i18n/gui.properties
index 633cda75..bd5c2120 100644
--- a/dozentenmodul/src/main/properties/i18n/gui.properties
+++ b/dozentenmodul/src/main/properties/i18n/gui.properties
@@ -7,6 +7,10 @@ GraphicalCertHandler.Message.yesNo.fingerprintChanged=!!! ALARM !!!! ALARM !!!\n
 GraphicalCertHandler.Message.error.couldNotGetSSLContext=Could not get TLSv1.2 SSL context
 GraphicalCertHandler.Message.error.couldNotInitializeSSLContext=Could not initialize TLSv1.2 SSL context
 
+# ProxyConfigurator
+ProxyConfigurator.Message.error.couldNotGetSslContext=Could not initialize any SSL context
+ProxyConfigurator.Message.warning.couldNotConnect=Could not connect to masterserver. Are you offline? Try restarting the app if you fail to login.
+
 # MainWindow
 MainWindow.GuiErrorCallback.master.serverString=the {0} master server
 MainWindow.GuiErrorCallback.satellite.serverString=the satellite server
@@ -37,4 +41,4 @@ MainWindow.Message.warning.incorrectTime=ATTENTION: The time on your computer di
   can be corrected.\n\n\
   Your computer: {0}\n\
   Satellite server: {1}
-MainWindow.Label.pleaseWait.text=Please wait, looking for proxy configuration...
\ No newline at end of file
+MainWindow.Label.pleaseWait.text=Please wait, looking for proxy configuration...
diff --git a/dozentenmodul/src/main/properties/i18n/gui_de_DE.properties b/dozentenmodul/src/main/properties/i18n/gui_de_DE.properties
index 9041b221..e1508342 100644
--- a/dozentenmodul/src/main/properties/i18n/gui_de_DE.properties
+++ b/dozentenmodul/src/main/properties/i18n/gui_de_DE.properties
@@ -7,6 +7,10 @@ GraphicalCertHandler.Message.yesNo.fingerprintChanged=!!! ALARM !!!! ALARM !!!\n
 GraphicalCertHandler.Message.error.couldNotGetSSLContext=SSL-Kontext TLSv1.2 konnte nicht geladen werden
 GraphicalCertHandler.Message.error.couldNotInitializeSSLContext=SSL-Kontext TLSv1.2 konnte nicht initialisiert werden
 
+# ProxyConfigurator
+ProxyConfigurator.Message.error.couldNotGetSslContext=Konnte keinen SSL-Kontext initialisieren
+ProxyConfigurator.Message.warning.couldNotConnect=Keine Verbindung zum Masterserver möglich. Bitte Netzwerkverbindung prüfen, und ggf. die Anwendung neu starten.
+
 # MainWindow
 MainWindow.GuiErrorCallback.master.serverString=dem {0}-Zentralserver
 MainWindow.GuiErrorCallback.satellite.serverString=dem Satellitenserver
@@ -37,4 +41,4 @@ MainWindow.Message.warning.incorrectTime=ACHTUNG: Die Uhrzeit Ihres Computers we
   korrigiert werden kann.\n\n\
   Ihr Computer: {0}\n\
   Satellitenserver: {1}
-MainWindow.Label.pleaseWait.text=Bitte warten, suche Proxy-Konfiguration...
\ No newline at end of file
+MainWindow.Label.pleaseWait.text=Bitte warten, suche Proxy-Konfiguration...
diff --git a/dozentenmodul/src/main/properties/i18n/gui_tr_TR.properties b/dozentenmodul/src/main/properties/i18n/gui_tr_TR.properties
index ac1d3cb4..7a91d138 100644
--- a/dozentenmodul/src/main/properties/i18n/gui_tr_TR.properties
+++ b/dozentenmodul/src/main/properties/i18n/gui_tr_TR.properties
@@ -7,6 +7,10 @@ GraphicalCertHandler.Message.yesNo.fingerprintChanged=!!! ALARM !!!! ALARM !!!\n
 GraphicalCertHandler.Message.error.couldNotGetSSLContext=TLSv1.2 SSL içeriği alınamadı
 GraphicalCertHandler.Message.error.couldNotInitializeSSLContext=TLSv1.2 SSL içeriği başlatılamadı
 
+# ProxyConfigurator
+ProxyConfigurator.Message.error.couldNotGetSslContext=SSL bağlamı başlatılamadı.
+ProxyConfigurator.Message.warning.couldNotConnect=Ana sunucuya bağlantı kurulamadı. Lütfen ağ bağlantınızı kontrol edin ve gerekirse uygulamayı yeniden başlatın.
+
 # MainWindow
 MainWindow.GuiErrorCallback.master.serverString={0} master sunucusu
 MainWindow.GuiErrorCallback.satellite.serverString=satelit sunucusu
@@ -37,4 +41,4 @@ MainWindow.Message.warning.incorrectTime=DİKKAT: Bilgisayar saatiniz satelit su
   sorumlu yöneticiye başvurun.\n\n\
   Bilgisayarınız: {0}\n\
   Satelit sunucusu: {1}
-MainWindow.Label.pleaseWait.text=Lütfen bekleyin, proxy yapılandırması aranıyor...
\ No newline at end of file
+MainWindow.Label.pleaseWait.text=Lütfen bekleyin, proxy yapılandırması aranıyor...