initial commit

localstack · Sep 20, 2023 · 0838a70 · 0838a70
commit 0838a70
Show file tree

Hide file tree

Showing 21 changed files with 712 additions and 0 deletions.
diff --git a/.github/release.yml b/.github/release.yml
@@ -0,0 +1,8 @@
+changelog:
+  exclude:
+    labels:
+      - ignore-for-release
+  categories:
+    - title: Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,30 @@
+name: Build
+
+on:
+  push:
+    branches: [ main ]
+    tags: v*.*
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Build
+      run: make build-in-docker
+
+    - uses: actions/upload-artifact@v3
+      with:
+        name: aws-java-sdk-disable-trust-certs
+        path: build/libs/*
+    - name: Release binaries
+      uses: softprops/action-gh-release@v1
+      if: startsWith(github.ref, 'refs/tags/')
+      with:
+        files: build/libs/*
+        generate_release_notes: true
+        prerelease: ${{ endsWith(github.ref, '-pre') }}
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+idea/
+.gradle/
+build/
diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/.name b/.idea/.name
diff --git a/.idea/compiler.xml b/.idea/compiler.xml
diff --git a/.idea/gradle.xml b/.idea/gradle.xml
diff --git a/.idea/jarRepositories.xml b/.idea/jarRepositories.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/.idea/uiDesigner.xml b/.idea/uiDesigner.xml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/Makefile b/Makefile
@@ -0,0 +1,11 @@
+build-in-docker:
+	docker run --rm -v $$PWD:/home/gradle/project -w /home/gradle/project gradle:8.3-jdk11 gradle clean jar
+
+build:
+	./gradlew jar
+
+clean:
+	./gradlew clean
+
+
+.PHONY: build-in-docker build clean
diff --git a/README.md b/README.md
@@ -0,0 +1,41 @@
+# AWS Java SDK v2 - Trust all Certificates Patch
+
+## Overview
+
+This repository contains the code to a small java agent, which will disable the certificate name validation for your [AWS Java SDK v2](https://github.com/aws/aws-sdk-java-v2) clients.
+
+This tool was made necessary due to the decision of the AWS Java SDK team to remove the global configuration option for this functionality with the AWS SDK v2. See: aws/aws-sdk-java-v2#1230
+
+For the AWS Java SDK v1, please set the [`-Dcom.amazonaws.sdk.disableCertChecking`](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/SDKGlobalConfiguration.html#DISABLE_CERT_CHECKING_SYSTEM_PROPERTY) system property.
+
+**Warning**: Please note that the usage of this tool is meant for testing/development purposes only.
+Please do not disable certificate name validation on your production stack.
+
+## Usage
+
+1) Download the latest [release](https://github.com/localstack/aws-java-sdk-v2-trust-certs-patch/releases)
+2) Load the jar file as java agent using `-javaagent:<path-to-file>` either specified as command line argument, or setting it in the `JAVA_TOOL_OPTIONS` environment variable when starting your process like this: `JAVA_TOOL_OPTIONS=-javaagent:<path-to-file>`.
+3) You can now use for example DNS to redirect your SDK calls to any endpoint you want, e.g. to [LocalStack](https://github.com/localstack/localstack).
+
+Please remember to use a separate profile/configuration for your development and production environments, to avoid accidentally disabling the certificate name verification in production.
+
+## How does it work?
+
+This utility works by using [java instrumentation](https://docs.oracle.com/javase/8/docs/api/java/lang/instrument/package-summary.html) to set the [`TRUST_ALL_CERTIFICATES`](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/http/SdkHttpConfigurationOption.html#TRUST_ALL_CERTIFICATES) option per default on all created clients.
+It does so by merging passed AttributeMaps of the SDK with a new one setting this option in the `buildWithDefaults` methods of all client builders.
+
+This tool uses [javassist](https://www.javassist.org/) to insert and compile the bytecode on the load of the respective client classes.
+
+## Supported HTTP Clients
+
+This tools supports the following http clients, if used:
+
+Synchronous:
+
+* [ApacheHttpClient](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/http/apache/ApacheHttpClient.html)
+* [UrlConnectionHttpClient](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/http/urlconnection/UrlConnectionHttpClient.html)
+
+Asynchronous:
+
+* [NettyNioAsyncHttpClient](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/http/nio/netty/NettyNioAsyncHttpClient.html)
+* [AwsCrtAsyncHttpClient](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/http/crt/AwsCrtAsyncHttpClient.html)
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -0,0 +1,33 @@
+plugins {
+    id("java")
+}
+
+group = "cloud.localstack"
+version = "1.0"
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation("org.javassist:javassist:3.29.2-GA")
+
+    testImplementation(platform("org.junit:junit-bom:5.9.1"))
+    testImplementation("org.junit.jupiter:junit-jupiter")
+}
+
+tasks.test {
+    useJUnitPlatform()
+}
+
+tasks.jar {
+    manifest {
+        attributes(mapOf("Premain-Class" to "cloud.localstack.AwsSdkV2DisableCertificateValidation", "Can-Redefine-Classes" to true, "Can-Retransform-Classes" to true))
+    }
+    from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) })
+}
+
+java {
+    sourceCompatibility = JavaVersion.VERSION_1_8
+    targetCompatibility = JavaVersion.VERSION_1_8
+}
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists