feat(agent): add option to disable hostname verification

cryostatio · Jan 14, 2025 · f8af1b4 · f8af1b4
1 parent f371a03
commit f8af1b4
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 1 deletion.
diff --git a/src/main/java/io/cryostat/ConfigProperties.java b/src/main/java/io/cryostat/ConfigProperties.java
@@ -62,4 +62,6 @@ public class ConfigProperties {
     public static final String URI_RANGE = "cryostat.target.uri-range";
 
     public static final String AGENT_TLS_REQUIRED = "cryostat.agent.tls.required";
+    public static final String AGENT_DISABLE_HOSTNAME_VERIFICATION =
+            "cryostat.agent.disable-hostname-verification";
 }
diff --git a/src/main/java/io/cryostat/Producers.java b/src/main/java/io/cryostat/Producers.java
@@ -25,6 +25,7 @@
 import io.cryostat.recordings.LongRunningRequestGenerator;
 
 import io.quarkus.arc.DefaultBean;
+import io.vertx.ext.web.client.WebClientOptions;
 import io.vertx.mutiny.core.Vertx;
 import io.vertx.mutiny.ext.web.client.WebClient;
 import jakarta.enterprise.context.ApplicationScoped;
@@ -43,6 +44,7 @@
 public class Producers {
 
     public static final String BASE64_URL = "BASE64_URL";
+    public static final String AGENT_CLIENT = "AGENT_CLIENT";
 
     @Produces
     @ApplicationScoped
@@ -84,6 +86,18 @@ public static LongRunningRequestGenerator produceArchiveRequestGenerator() {
         return new LongRunningRequestGenerator();
     }
 
+    @Produces
+    @ApplicationScoped
+    @Named(AGENT_CLIENT)
+    public WebClient produceAgentWebClient(
+            @ConfigProperty(name = "cryostat.agent.disable-hostname-verification")
+                    boolean disableHostnameVerification,
+            Vertx vertx) {
+        WebClientOptions options = new WebClientOptions();
+        options.setVerifyHost(!disableHostnameVerification);
+        return WebClient.create(vertx, options);
+    }
+
     @Produces
     @DefaultBean
     public WebClient produceWebClient(Vertx vertx) {

diff --git a/src/main/java/io/cryostat/targets/AgentClient.java b/src/main/java/io/cryostat/targets/AgentClient.java
@@ -37,6 +37,7 @@
 import org.openjdk.jmc.flightrecorder.configuration.internal.EventTypeIDV2;
 
 import io.cryostat.ConfigProperties;
+import io.cryostat.Producers;
 import io.cryostat.core.serialization.JmcSerializableRecordingDescriptor;
 import io.cryostat.credentials.Credential;
 import io.cryostat.discovery.DiscoveryPlugin;
@@ -60,6 +61,7 @@
 import io.vertx.mutiny.ext.web.codec.BodyCodec;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
+import jakarta.inject.Named;
 import jakarta.ws.rs.ForbiddenException;
 import jdk.jfr.RecordingState;
 import org.apache.commons.lang3.StringUtils;
@@ -75,7 +77,9 @@ public class AgentClient {
     private boolean tlsEnabled;
 
     private final Target target;
+
     private final WebClient webClient;
+
     private final Duration httpTimeout;
     private final ObjectMapper mapper;
     private final Logger logger = Logger.getLogger(getClass());
@@ -483,7 +487,11 @@ private <T> Uni<HttpResponse<T>> invoke(
     public static class Factory {
 
         @Inject ObjectMapper mapper;
-        @Inject WebClient webClient;
+
+        @Inject
+        @Named(Producers.AGENT_CLIENT)
+        WebClient webClient;
+
         @Inject Logger logger;
 
         @ConfigProperty(name = ConfigProperties.CONNECTIONS_FAILED_TIMEOUT)

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -47,6 +47,7 @@ cryostat.http.proxy.path=/
 cryostat.target.uri-range=PUBLIC
 
 cryostat.agent.tls.required=true
+cryostat.agent.disable-hostname-verification=false
 
 conf-dir=/opt/cryostat.d
 rules-dir=${conf-dir}/rules.d