iControl SDK hardcodes http for client running on any port other than 443

we ran into an issue internal to iControl SDK for Java. We were using lab systems for our tests via a gateway/NAT to access the lab systems from our iControl client code. On the gateway, we had mapped port 15443 of the gateway IP to port 443 of the F5 thru the gateway.

 

 

We were connecting with the F5 ok but that’s about it. The error messages were cryptic, and led us to investigate a number of things. We went from inspecting the format of the Soap, to reviewing and changing authentication, changing passwords (there was an issue posted on F5.com about special characters in passwords...is that still an issue?), to suspecting the self-certificates were invalid, reactivating the licenses, updating the certificates, and so on.

 

 

But, the problem it turns out was in the iControl code. iControl assumes that you are using http, not https if you use any other port other 443. This is hardcoded in the iControl assembly source:

 

 

private String buildURL()

 

{

 

String url = "http";

 

if ( 443 == m_port ) {

 

url = url + "s";

 

}

 

 

//url = url + "://" + m_username + ":" + m_password + "@" + m_hostname + ":" + m_port + "/iControl/iControlPortal.cgi";

 

 

url = url + "://" + m_hostname + ":" + m_port + "/iControl/iControlPortal.cgi";

 

 

return url;

 

}

 

 

That's the code used to generate the URL the iControl client will connect to run its operations. It's hardcoded as HTTP unless it's running on 443, in which case it's hardcoded as HTTPS. It was the problem, and we have modified our copy of iControl to work with our NAT setup…