How to configure GIT HTTPS client certificate authentication in Eclipse using EGit? - eclipse

I set up a GIT server (Gitblit) that uses HTTPS client authentication. I have a working configuration and key material with the standard GIT client on Linux (Debian).
Until now I didn't figure out how to correctly configure:
The standard GIT client (command line, v1.9.5) on Windows (Win7 64)
Eclipse (Luna) with EGit.

For Windows 7, I successfully used these parameters:
[http "https://git.repository.net"]
proxy = proxy.to.use:1234
sslCert = "C:/Path/to/mycert.crt"
sslKey = "C:/Path/to/mycert.key"
sslVerify = true
sslCertPasswordProtected = false
Be sure to not forget the quotes, or you will run into trouble with forward slashes.
I think git will also prompt you for the password, if you leave one on the key, but I'm not sure how well it can cache, and for me it got old quick to re-enter that password routinely.
Regarding Eclipse: I can at least verify, that the current SimRel 2018-9 doesn't work with that .gitconfig, so I'm still looking for a way to make it work.

Related

Eclipse Bluemix plugin 407 auth. error

I followed the steps of this tutorial:
http://www.ibm.com/smarterplanet/us/en/ibmwatson/developercloud/doc/ega_docs/dialog_ega.shtml#ega_getstart_setup
until the step 3h (Account validation), which leads to following error:
“Client error – 407 Proxy Authorization required”.
(I am behind a company proxy)
I use Eclipse Mars 4.5.2 and IBM Bluemix Tools 1.0.10.v20160406_1758.
What i have already done:
-Of course I have Bluemix account that works perfectly fine.
-I have filled in the HTTP and HTTPS info within the Eclipse proxy settings (General->network settings) and cleared the SOCK-field. I can therefore install new software and use the eclipse marketplace for instance.
-Set the proxy at the http_proxy/https_proxy at the Windows system variables, therefore I can use the Bluemix command line tool and login to Bluemix.
-Experimenting with adding various lines at the eclipse.ini as in the following:
-Dorg.eclipse.ecf.provider.filetransfer.excludeContributors=org.eclipse.ecf.provi der.filetransfer.httpclient
-Dhttp.proxyPort=8080
-Dhttp.proxyHost=YYY.com
-Dhttp.proxyUser=uid123
-Dhttp.proxyPassword=XXX
-Dhttps.proxyPort=8080
-Dhttps.proxyHost=YYY.com
-Dhttps.proxyUser=uid123
-Dhttps.proxyPassword=XXX
-Dhttp.nonProxyHosts=localhost|127.0.0.1
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.closeTimeout=3000
-Dorg.eclipse.ecf.provider.filetransfer.retrieve.readTimeout=3000
The command "nslookup api.ng.bluemix.net" returns:
Server: AAA.de Address: aa.bbb.cd.ef
Not authorized answer:
Name: ng.bluemix.net Address: 75.126.70.44 Aliases: api.ng.bluemix.net
Any suggestions how to successfully use the Eclipse Bluemix Plugin?
Based on the error, it looks like you have authentication error on accessing the proxy itself. The Bluemix Tools does not use the command line interface (CLI) to communicate with the Bluemix server. Therefore, proxy settings are not setup in Eclipse even if you have it working using the CLI.
In Eclipse, all the proxy settings can be done from the Preference page. There is no need to change eclipse.ini so you can restore the eclipse.ini file to the original before changing the preference setting. You can find the corresponding preference page in Window>Preferences>General>Network Connection. Then, change the "Active Provider" to "Manual" and edit the HTTP and HTTPS port proxy settings as needed.
In the Edit Proxy Entry dialog, you can input the proxy authentication information by selecting Requires Authentication checkbox and input the user/password.

unable to get local issuer certificate vscode

I am trying to install extensions for VSCode. But getting unable to get local issuer certifiate.
my settings.json
// Place your settings in this file to overwrite the default settings { // Controls the font family.
"editor.fontFamily": "Consolas",
// Controls the font size.
"editor.fontSize": 12,
//Setting corporate proxy
"http.proxy": "http://proxy_servr:3128",
"https.proxy": "http://proxy_servr:3128",
//Disable SSL Verification
"http.proxyStrictSSL": false }
In VS code:
Click File -> Preferences ->Settings
{
"http.proxyStrictSSL":false,
"http.proxy":"http://USERID:PASSWORD#proxy.domain.com:3128"
}
It appears that you have not added authentication credentials to http.proxy
Edit %AppData%/Roaming/Code/User/settings.json, adding:
{
...
"http.proxyStrictSSL":false,
...
}
This could be a DHCP problem on your system. I was seeing the same and similar error messages trying to update and install NPM packages in my Window WSL2 Ubuntu terminal. After running sudo echo nameserver 8.8.8.8 > /etc/resolv.conf I was able to install and update packages again. I spent days trying to troubleshoot this and never thought to check for DNS issues.
All the above answers open security risks, because you are downloading from internet without checking that the Server Certificate Chain is correct. Using such practices open different hack possibilities that you would like to avoid.
The better way to do it is to properly configure the Server Certificate Chain on your system (this is different from OS to OS) and remove the config "http.proxyStrictSSL":false, from your setting.
To make this working with the extensions installation, I found that you have to override the "Proxy Support" for extensions. Weirdly with "on" doesn't work for me.
Now with this config I can download securely extensions on the host like as well in docker containers used for remote execution.

XDebug and RESTful server using PHPStorm or POSTman

How can I get a REST client (such as the one built into PHPStorm or POSTman) to work with XDebug?
In my current set-up of XDebug, using PHPStorm and the Bookmarklet provided I'm able to get it working in both Chrome and Firefox - but as soon as I try with POSTman or any other REST client, I can't figure out how to get it started.
Cheers.
You can use one of these approaches:
Configure your Xdebug (by editing php.ini) to attempt to debug every PHP script. The key option:
Xdebug v2: xdebug.remote_autostart = 1
Xdebug v3: xdebug.start_with_request = yes
Add Xdebug session start parameter to the actual URL (XDEBUG_SESSION_START={{KEY}} -- https://xdebug.org/docs/step_debug#manual-init), for example: ?XDEBUG_SESSION_START=PHPSTORM
Pass Xdebug cookie as part of the request (the one which is set by bookmarklet or browser extension, for example).
For this to work: make sure that "phone handle" icon is activated in advance in PhpStorm (Run | Start Listen for PHP Debug Connection).
P.S. If you are using Postman, Insominia or alike (another REST client) then the best / most transparent way IMO is to use Xdebug cookie. You're most likely already using separate Environments (e.g. "dev", "test", "production") so you can have such a cookie only where it is needed (depends on the tool and version used of course).
This way there is no need to edit the URL (even if you have it as a "conditional parameter" that is present for some environment and absent for another) or configure Xdebug to "debug all requests" at all.
An example of such Xdebug cookie from my Postman (edit it as needed; here it is set for the local some-domain.local.test fake domain):
XDEBUG_SESSION=value; Path=/; Domain=.some-domain.local.test; Expires=Tue, 19 Jan 2038 03:14:07 GMT;
Since the host URL should be a part of your Environment (e.g. the endpoint URL will be like {{host}}/api/v1/welcome) then such cookie will be sent to the dev domain only and not to the production one.
Just add ?XDEBUG_SESSION_START=filter_string at the end of the url, for eg:
https://new-supplier.local/api/login?XDEBUG_SESSION_START=PHPSTORM
PHPSTORM is my default filter string, you can use whatever you want. Your editor should be set up to filter connections by IDE key (filter string), and thats it. You should be able to debug the same way as from Chrome or FF.
Warning!
xdebug >= 3.0 has changed the parameters in php.ini.
After upgrading xdebug, most of the answers here will not be relevant.
Refer to:
https://xdebug.org/docs/upgrade_guide
Basically, you need to add something like this to your php.ini:
xdebug.mode=develop,gcstats,coverage,profile,debug
xdebug.start_with_request=1
xdebug.idekey=PHPSTORM
This was driving me crazy. I just updated to PHP 7.1 and xdebug that was working no longer worked. I updated the xdebug.so file (Linux) and php --version indicated that xdebug was indeed being loaded and working. But when I would use Postman the debugger never kicked on.
Here's the solution. If you are using Apache as your server then you need to enable the PHP 7.1 mods and reboot Apache: sudo service apache2 restart
xdebug.remote_timeout = 60000
Worked for me. As my Mac was very slow, and Remote debugger was timed out after 200 ms (Default value)
What finally got my Postman/PHPStorm Xdebug working was adding a PHP Remote Debug configuration in PHPStorm:
Run -> Edit Configurations -> + -> PHP Remote Debug
I just set the name to localhost and saved it - no IDE Key, etc.
you can set xdebug cookie into postman to use it from postman as well.
their are one link Cookies under the Send button click on it. and add new cookie. XDEBUG_SESSION = PHPSTORM their and save
Configure PHPStorm XDebug to trigger on RESTful API requests
Please, check this answer => https://stackoverflow.com/a/73802240/13321079

GitHub Windows client behind proxy

I'm trying to get the GitHub client for Windows working. I am on a corporate Win 7 x64 computer behind a corporate proxy and firewall. Following various other posts and experimenting with multiple combinations of environment variables and config variables I have found the only way to get cloning and push updates to work is by using the HTTPS_PROXY environment variable, including my full corporate domain user ID and password.
This is unacceptable from a security standpoint. Is there any other way to get this to work?
Additional notes:
The following worked:
Add an environment variable called HTTPS_PROXY with the value http://[domain]\[userid]:[password]#someproxy.mycorp.com:8080
The following did not work:
Omitting user id and password from HTTPS_PROXY variable
Using an environment variable called HTTP_PROXY (no S)
Adding the http.proxy variable to the global config file (.gitconfig)
Adding the https.proxy variable to the global config file
In all cases, the GitHub client still does not recognize the proxy: The content of the file TheLog.txt always shows the following on startup:
[time]|INFO|thread:4|GitHub.Helpers.StartupLogger|Proxy information: (None)
[time]|INFO|thread:4|GitHub.Helpers.StartupLogger|Couldn't fetch creds for proxy
And is followed by the output of several failed proxy authentication attempts, all of which indicate "Credentials are missing."
Add these entries to your '.gitconfig' file in your user directory (go to %USERPROFILE%):
[http]
proxy = http://<proxy address>:<proxy port>
[https]
proxy = https://<proxy address>:<proxy port>
And if you don't want to store your password in plaintext, I would use a local proxy forwarder like CNTLM which allows you to direct all traffic through it and can store the passwords hashed.
Unlike the original question, if you don't care if your password is in plain text add these:
[http]
proxy = http://<username>:<password>#<proxy address>:<proxy port>
[https]
proxy = https://<username>:<password>#<proxy address>:<proxy port>
Tried everything of above - and didn't succeed, only thing that helped me is CNTLM - http://cntlm.sourceforge.net/.
Install it and run cntlm -H, than authenticate to corp proxy, edit cntlm.ini file with the output of cntlm, restart the windows service. Update .gitconfig with:
[https] proxy = localhost:3128
[http] proxy = localhost:3128
Now cntlm will do all the authentication, and you'll be able to use GitHub(and Dropbox, btw) behind the corp proxy. At least until next password change :) (than do cntlm -H stuff again)
I was able to make GitHub Shell to work with our corporate proxy. I'm starting GitHub Shell and execute following command:
export http_proxy=http://<username>:<password>#<corporate proxy>:3128
I would really like to make GUI to work too. But I don't want to set Windows global environment variable which contains my corporate credential information.
Strangely GitHub GUI Client is able to connect to GitHub for user authentication, but only problem is with cloning, pulling and pushing projects from and into GitHub. It seems like the problem is with git implementation. I was able to configure git to run through our proxy without putting my credentials in the git global settings and it was asking for my credentials while performing pull or push requests. But that was working only in Git Shell.
If you’re using GitHub for Windows in a corporate, chances are high that you’re behind a big bad Corporate Firewall/Proxy. GitHub for Windows doesn’t yet have the proxy parameters in its GUI for setting Options.
To configure GitHub for Windows to use your corporate proxy, edit the .gitconfig file typically found at C:\Users\.gitconfig or C:\Documents & Settings\.gitconfig
Close GitHub for Windows; In .gitconfig, just add
[https]
proxy = proxy.yourcompany.com:port
I've also run into this issue, and tried to dig into it a bit as well (disassembled the client).
The piece of code that generates the log messages we're seeing is as follows:
private static void LogProxyServerConfiguration()
{
WebProxy defaultProxy = WebProxy.GetDefaultProxy();
string str = defaultProxy.Address != (Uri)null ? defaultProxy.Address.ToString() : "(None)";
StartupLogger.log.Info((IFormatProvider)CultureInfo.InvariantCulture, "Proxy information: {0}", str);
try
{
if (defaultProxy.Credentials == null)
{
StartupLogger.log.Info((IFormatProvider)CultureInfo.InvariantCulture, "Couldn't fetch creds for proxy", new object[0]);
}
else
{
NetworkCredential credential = defaultProxy.Credentials.GetCredential(GitHubClient.GitHubDotComUri, "Basic");
StartupLogger.log.Info((IFormatProvider)CultureInfo.InvariantCulture, "Proxy is authenticated: {0}", credential != null && !string.IsNullOrWhiteSpace(credential.UserName));
}
}
catch (Exception ex)
{
StartupLogger.log.InfoException("Couldn't fetch creds for proxy", ex);
}
}
So this block only logs the proxy information that's setup in IE. The log message appears to have no bearing on what we have setup in the config files or environmental variables.
i dont know about your firewall, but my campus use proxy
do you use any git gui? EDIT : just noticed that you're using github client for windows
i am using tortoisegit and its very easy to set the proxy. Just right click anywhere, tortoisegit>network, enable proxy server and set server address, username, and password. done
as far as i remember, tortoisegit will also works out-of-the-box with github.
Here is the way to set proxy in github
git config --global http.proxy http://<username>:<pass>#<ip>:<port>
git config --global https.proxy http://<username>:<pass>#<ip>:<port>
Here in my college we don't have username and password, so if our college
ip is 172.16.10.10 and
port is 8080
git config --global http.proxy http://172.16.10.10:8080
git config --global https.proxy http://172.16.10.10:8080
P.S -> I would recommend using this method to set proxy as things will fall into place as you will learn further
Source
I found this blog to be useful. It describes ntlmaps proxy. It's probably less secure, but worked smoothly. I couldn't get cntlm working.
For us, the solution involved two different things. First, as described in Sogger's answer, you need to add the entries to your .gitconfig file, located in %USERPROFILE%.
[http]
proxy = http://<proxy address>:<proxy port>
[https]
proxy = https://<proxy address>:<proxy port>
Second, (and this was the missing piece for us,) you need to configure an exception on the proxy server to allow non-authenticated proxy traffic to *.github.com
In iPrism, it looks like this:
The problem is not so much the proxy, but the authentication. Bypassing the authentication requirement allows the needed communication to clone and work with projects using the GitHub desktop client.
Also note that this approach did not require storing proxy credentials in the .gitconfig file.
In case you need to force Git or GitHub client to bypass the proxy (use the direct connection), just set the proxy URI in the .gitconfig to an empty string. You'll probably have to edit the file manually, I didn't manage to persuade the git config command to set the value of a configuration directive to an empty string (tried git config --global http.proxy "").
So just add the following lines to the ~/.gitconfig:
[http]
proxy = ""
[https]
proxy = ""

"RA layer request failed" error with Subclipse, no errors with web browser

I'm using STS 2.8.1 (I think it's based on Eclipse Indigo) with Subclipse 1.6.18.
I'm trying to check some code out from a repository, but when I add the repository location, I get the following error:
RA layer request failed
svn: Server sent unexpected return value (503 Service Unavailable) in response to OPTIONS request for 'http://a.b.com:18080/svn/myproject'
The thing is, if I try to access that repository from a web browser (e.g. Chrome or IE), I'm allowed to access it. It asks for my username and password, and after I enter them, I can see the project tree.
Does anyone know why I can access from the web browser but not from STS?
The proxy settings are configured correctly for Subclipse (and I can access other repositories from STS, but not that one).
This is usually due to an SVN setting (c:\Documents and Settings\_username_\Application Data\Subversion\servers or ~/.subversion/servers) overriding an Eclipse setting.
Or one of those settings could have the wrong password for the proxy.
However, the OP Neets reports:
I'm able to connect to other repository locations (so the proxy password is correct)
I solved it, adding the corresponding exception in the servers file, like this:
http-proxy-exceptions = exception.com
That is compliant with what describes the openDNS article Configuring Subversion to Use a Proxy Server:
http-proxy-exceptions
This specifies a set of repository addresses for which you don't need to access a proxy server. For example, if you have a repository on your local LAN, then you probably won't need a proxy to access it.
This should be a comma-delimited list of servers, and you can use an asterisk as a wildcard.
If all of the repositories that you will access require you to use a proxy server, then you can leave this out.
The following shows a sample configuration that will use a proxy server to access all servers outside of the example.com domain:
[global]
http-proxy-exceptions = *.example.com
http-proxy-host = proxy.example.com
http-proxy-port = 8080
http-proxy-username = myuserid
http-proxy-password = mypassword