OFBiz › OFBiz - Commits

svn commit: r541695 - in /ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util: HttpClient.java MultiTrustManager.java SSLUtil.java URLConnector.java

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

jaz-3

svn commit: r541695 - in /ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util: HttpClient.java MultiTrustManager.java SSLUtil.java URLConnector.java

Author: jaz
Date: Fri May 25 08:48:09 2007
New Revision: 541695

URL: http://svn.apache.org/viewvc?view=rev&rev=541695
Log:
implemented a trust any SSL client

Modified:
ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/HttpClient.java
ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/MultiTrustManager.java
ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/SSLUtil.java
ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/URLConnector.java

Modified: ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/HttpClient.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/HttpClient.java?view=diff&rev=541695&r1=541694&r2=541695
==============================================================================
--- ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/HttpClient.java (original)
+++ ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/HttpClient.java Fri May 25 08:48:09 2007
@@ -30,6 +30,7 @@
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
+import java.security.cert.CertificateException;

/**
* Send HTTP GET/POST requests.
@@ -38,10 +39,12 @@
public class HttpClient {

public static final String module = HttpClient.class.getName();
-
+
+ private int hostVerification = SSLUtil.HOSTCERT_NORMAL_CHECK;
private int timeout = 30000;
private boolean debug = false;
private boolean lineFeed = true;
+ private boolean trustAny = false;
private boolean followRedirects = true;

private String url = null;
@@ -176,6 +179,26 @@
return this.clientCertAlias;
}

+ /** Sets the server hostname verification level */
+ public void setHostVerificationLevel(int level) {
+ this.hostVerification = level;
+ }
+
+ /** Returns the current server hostname verification level */
+ public int getHostVerificationLevel() {
+ return this.hostVerification;
+ }
+
+ /** Allow untrusted server certificates */
+ public void setAllowUntrusted(boolean trustAny) {
+ this.trustAny = trustAny;
+ }
+
+ /** Do we trust any certificate */
+ public boolean getAllowUntrusted() {
+ return this.trustAny;
+ }
+
/** Invoke HTTP request GET. */
public String get() throws HttpClientException {
return sendHttpRequest("get");
@@ -331,7 +354,11 @@
return buf.toString();
}

- private InputStream sendHttpRequestStream(String method) throws HttpClientException {
+ private InputStream sendHttpRequestStream(String method) throws HttpClientException {
+ return sendHttpRequestStream(method, false);
+ }
+
+ private InputStream sendHttpRequestStream(String method, boolean overrideTrust) throws HttpClientException {
// setup some SSL variables
SSLUtil.loadJsseProperties();

@@ -356,7 +383,11 @@
// Create the URL and open the connection.
try {
requestUrl = new URL(url);
- con = URLConnector.openConnection(requestUrl, timeout, clientCertAlias, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ if (overrideTrust) {
+ con = URLConnector.openUntrustedConnection(requestUrl, timeout, clientCertAlias, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ } else {
+ con = URLConnector.openConnection(requestUrl, timeout, clientCertAlias, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ }
if (Debug.verboseOn() || debug) Debug.log("Connection opened to : " + requestUrl.toExternalForm(), module);

if ((con instanceof HttpURLConnection)) {
@@ -407,6 +438,10 @@

in = con.getInputStream();
} catch (IOException ioe) {
+ if ((trustAny && !overrideTrust) && (ioe.getCause() instanceof CertificateException)) {
+ Debug.logWarning(ioe.getCause(), module);
+ return sendHttpRequestStream(method, true);
+ }
throw new HttpClientException("IO Error processing request", ioe);
} catch (Exception e) {
throw new HttpClientException("Error processing request", e);

Modified: ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/MultiTrustManager.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/MultiTrustManager.java?view=diff&rev=541695&r1=541694&r2=541695
==============================================================================
--- ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/MultiTrustManager.java (original)
+++ ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/MultiTrustManager.java Fri May 25 08:48:09 2007
@@ -55,6 +55,10 @@
}
}

+ public int getNumberOfKeyStores() {
+ return keystores.size();
+ }
+
public void checkClientTrusted(X509Certificate[] certs, String alg) throws CertificateException {
if (!isTrusted(certs)) {
throw new CertificateException("No trusted certificate found");

Modified: ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/SSLUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/SSLUtil.java?view=diff&rev=541695&r1=541694&r2=541695
==============================================================================
--- ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/SSLUtil.java (original)
+++ ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/SSLUtil.java Fri May 25 08:48:09 2007
@@ -105,7 +105,10 @@
public static TrustManager[] getTrustManagers() throws IOException, GeneralSecurityException, GenericConfigException {
MultiTrustManager tm = new MultiTrustManager();
tm.add(KeyStoreUtil.getSystemTrustStore());
-
+ if (tm.getNumberOfKeyStores() < 1) {
+ Debug.logWarning("System truststore not found!", module);
+ }
+
Iterator i = ComponentConfig.getAllKeystoreInfos().iterator();
while (i.hasNext()) {
ComponentConfig.KeystoreInfo ksi = (ComponentConfig.KeystoreInfo) i.next();
@@ -122,6 +125,10 @@
return new TrustManager[] { tm };
}

+ public static TrustManager[] getTrustAnyManagers() {
+ return new TrustManager[] { new TrustAnyManager() };
+ }
+
public static KeyManager[] getKeyManagers(KeyStore ks, String password, String alias) throws GeneralSecurityException {
KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509");
factory.init(ks, password.toCharArray());
@@ -149,15 +156,24 @@
return context.getSocketFactory();
}

- public static SSLSocketFactory getSSLSocketFactory(String alias) throws IOException, GeneralSecurityException, GenericConfigException {
+ public static SSLSocketFactory getSSLSocketFactory(String alias, boolean trustAny) throws IOException, GeneralSecurityException, GenericConfigException {
KeyManager[] km = SSLUtil.getKeyManagers(alias);
- TrustManager[] tm = SSLUtil.getTrustManagers();
+ TrustManager[] tm;
+ if (trustAny) {
+ tm = SSLUtil.getTrustAnyManagers();
+ } else {
+ tm = SSLUtil.getTrustManagers();
+ }

SSLContext context = SSLContext.getInstance("SSL");
context.init(km, tm, new SecureRandom());
return context.getSocketFactory();
}

+ public static SSLSocketFactory getSSLSocketFactory(String alias) throws IOException, GeneralSecurityException, GenericConfigException {
+ return getSSLSocketFactory(alias, false);
+ }
+
public static SSLSocketFactory getSSLSocketFactory() throws IOException, GeneralSecurityException, GenericConfigException {
return getSSLSocketFactory(null);
}
@@ -249,6 +265,28 @@
System.setProperty("javax.net.debug","ssl:handshake");
}
loadedProps = true;
+ }
+ }
+
+ static class TrustAnyManager implements X509TrustManager {
+
+ public void checkClientTrusted(X509Certificate[] cert, String string) throws CertificateException {
+ Debug.logImportant("Trusting (un-trusted) client certificate chain:", module);
+ for (int i = 0; i < cert.length; i++) {
+ Debug.logImportant("---- " + cert[i].getSubjectX500Principal().getName() + " valid: " + cert[i].getNotAfter(), module);
+
+ }
+ }
+
+ public void checkServerTrusted(X509Certificate[] cert, String string) throws CertificateException {
+ Debug.logImportant("Trusting (un-trusted) server certificate chain:", module);
+ for (int i = 0; i < cert.length; i++) {
+ Debug.logImportant("---- " + cert[i].getSubjectX500Principal().getName() + " valid: " + cert[i].getNotAfter(), module);
+ }
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
}
}
}

Modified: ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/URLConnector.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/URLConnector.java?view=diff&rev=541695&r1=541694&r2=541695
==============================================================================
--- ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/URLConnector.java (original)
+++ ofbiz/trunk/framework/base/src/base/org/ofbiz/base/util/URLConnector.java Fri May 25 08:48:09 2007
@@ -40,12 +40,14 @@
private URL url = null;
private String clientCertAlias = null;
private boolean timedOut = false;
+ private boolean trustAnyCert = false;
private int hostCertLevel = 2;

protected URLConnector() {}
- protected URLConnector(URL url, String clientCertAlias, int hostCertLevel) {
+ protected URLConnector(URL url, String clientCertAlias, int hostCertLevel, boolean trustAnyCert) {
this.clientCertAlias = clientCertAlias;
this.url = url;
+ this.trustAnyCert = trustAnyCert;
this.hostCertLevel = hostCertLevel;
}

@@ -71,7 +73,8 @@
throw new IOException("Connection timed out");
}
}
-
+
+ // trusted certs only
public static URLConnection openConnection(URL url) throws IOException {
return openConnection(url, 30000);
}
@@ -85,9 +88,27 @@
}

public static URLConnection openConnection(URL url, int timeout, String clientCertAlias, int hostCertLevel) throws IOException {
- URLConnector uc = new URLConnector(url, clientCertAlias, hostCertLevel);
+ URLConnector uc = new URLConnector(url, clientCertAlias, hostCertLevel, false);
return uc.openConnection(timeout);
- }
+ }
+
+ // allow untrusted certs
+ public static URLConnection openUntrustedConnection(URL url) throws IOException {
+ return openConnection(url, 30000);
+ }
+
+ public static URLConnection openUntrustedConnection(URL url, int timeout) throws IOException {
+ return openConnection(url, timeout, null, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ }
+
+ public static URLConnection openUntrustedConnection(URL url, String clientCertAlias) throws IOException {
+ return openConnection(url, 30000, clientCertAlias, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ }
+
+ public static URLConnection openUntrustedConnection(URL url, int timeout, String clientCertAlias, int hostCertLevel) throws IOException {
+ URLConnector uc = new URLConnector(url, clientCertAlias, hostCertLevel, true);
+ return uc.openConnection(timeout);
+ }

// special thread to open the connection
private class URLConnectorThread implements Runnable {
@@ -98,7 +119,7 @@
if ("HTTPS".equalsIgnoreCase(url.getProtocol())) {
HttpsURLConnection scon = (HttpsURLConnection) con;
try {
- scon.setSSLSocketFactory(SSLUtil.getSSLSocketFactory(clientCertAlias));
+ scon.setSSLSocketFactory(SSLUtil.getSSLSocketFactory(clientCertAlias, trustAnyCert));
HostnameVerifier hv = SSLUtil.getHostnameVerifier(hostCertLevel);
if (hv != null) {
scon.setHostnameVerifier(hv);