From dd45e938564249a5e6897bd92dd29808d8990868 Mon Sep 17 00:00:00 2001
From: rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Fri, 24 Oct 2003 08:34:56 +0000
Subject: MOA-ID version 1.1 (initial)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa/id/util/AxisSecureSocketFactory.java       | 213 +++++++++++++++++++++
 1 file changed, 213 insertions(+)
 create mode 100644 id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java

(limited to 'id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java')

diff --git a/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
new file mode 100644
index 000000000..8967bdbba
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
@@ -0,0 +1,213 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.util.Hashtable;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.axis.components.net.BooleanHolder;
+import org.apache.axis.components.net.DefaultSocketFactory;
+import org.apache.axis.components.net.SecureSocketFactory;
+import org.apache.axis.components.net.TransportClientProperties;
+import org.apache.axis.components.net.TransportClientPropertiesFactory;
+import org.apache.axis.utils.Messages;
+import org.apache.axis.utils.XMLUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Secure socket factory for Axis webs service clients of the MOA-ID component,
+ * which are the MOA-SP calls from MOA-ID Auth, 
+ * and the MOA-ID Auth calls from MOA-ID Proxy.
+ * <br/>Use this initialization code:<br/>
+ * <code>	// ConnectionParameter connParam = ... get from ConfigurationProvider
+ * 	AxisSecureSocketFactory.initialize(connParam);</code>
+ * <br/>See the Apache Axis documentation on how to configure this class
+ * as the default secure socket factory to be used by Axis.
+ * <br/>
+ * This code has been copied from <code>JSSESocketFactory</code>, the
+ * method <code>initialize()</code> has been added.
+ * 
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AxisSecureSocketFactory
+  extends DefaultSocketFactory implements SecureSocketFactory {
+
+  /** Field sslFactory           */
+  private static SSLSocketFactory sslFactory;
+
+  /**
+   * Constructor for AxisSecureSocketFactory.
+   * @param attributes ???
+   */
+  public AxisSecureSocketFactory(Hashtable attributes) {
+    super(attributes);
+  }
+  /**
+   * Initializes the factory by setting the connection parameters to be used for
+   * setting the secure socket factory, and by setting the system property 
+   * <code>axis.socketSecureFactory</code>.
+   * @param connParam <code>ConnectionParameter</code> to derive the
+   *         secure socket factory from
+   */
+  public static void initialize(SSLSocketFactory ssf)
+    throws IOException, GeneralSecurityException {
+
+    Logger.debug("Initialize AxisSecureSocketFactory");
+    sslFactory = ssf;
+  }
+
+  /**
+   * creates a secure socket
+   *
+   * @param host
+   * @param port
+   * @param otherHeaders
+   * @param useFullURL
+   *
+   * @return Socket
+   * @throws Exception
+   */
+  public Socket create(
+    String host,
+    int port,
+    StringBuffer otherHeaders,
+    BooleanHolder useFullURL)
+    throws Exception {
+    if (port == -1) {
+      port = 443;
+    }
+
+    TransportClientProperties tcp =
+      TransportClientPropertiesFactory.create("https");
+
+    boolean hostInNonProxyList =
+      isHostInNonProxyList(host, tcp.getNonProxyHosts());
+
+    Socket sslSocket = null;
+    if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
+      // direct SSL connection
+      sslSocket = sslFactory.createSocket(host, port);
+    }
+    else {
+
+      // Default proxy port is 80, even for https
+      int tunnelPort =
+        (tcp.getProxyPort().length() != 0)
+          ? Integer.parseInt(tcp.getProxyPort())
+          : 80;
+      if (tunnelPort < 0)
+        tunnelPort = 80;
+
+      // Create the regular socket connection to the proxy
+      Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
+
+      // The tunnel handshake method (condensed and made reflexive)
+      OutputStream tunnelOutputStream = tunnel.getOutputStream();
+      PrintWriter out =
+        new PrintWriter(
+          new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
+
+      // More secure version... engage later?
+      // PasswordAuthentication pa =
+      // Authenticator.requestPasswordAuthentication(
+      // InetAddress.getByName(tunnelHost),
+      // tunnelPort, "SOCK", "Proxy","HTTP");
+      // if(pa == null){
+      // printDebug("No Authenticator set.");
+      // }else{
+      // printDebug("Using Authenticator.");
+      // tunnelUser = pa.getUserName();
+      // tunnelPassword = new String(pa.getPassword());
+      // }
+      out.print(
+        "CONNECT "
+          + host
+          + ":"
+          + port
+          + " HTTP/1.0\r\n"
+          + "User-Agent: AxisClient");
+      if (tcp.getProxyUser().length() != 0
+        && tcp.getProxyPassword().length() != 0) {
+
+        // add basic authentication header for the proxy
+        String encodedPassword =
+          XMLUtils.base64encode(
+            (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
+
+        out.print("\nProxy-Authorization: Basic " + encodedPassword);
+      }
+      out.print("\nContent-Length: 0");
+      out.print("\nPragma: no-cache");
+      out.print("\r\n\r\n");
+      out.flush();
+      InputStream tunnelInputStream = tunnel.getInputStream();
+
+      if (log.isDebugEnabled()) {
+        log.debug(
+          Messages.getMessage(
+            "isNull00",
+            "tunnelInputStream",
+            "" + (tunnelInputStream == null)));
+      }
+      String replyStr = "";
+
+      // Make sure to read all the response from the proxy to prevent SSL negotiation failure
+      // Response message terminated by two sequential newlines
+      int newlinesSeen = 0;
+      boolean headerDone = false; /* Done on first newline */
+
+      while (newlinesSeen < 2) {
+        int i = tunnelInputStream.read();
+
+        if (i < 0) {
+          throw new IOException("Unexpected EOF from proxy");
+        }
+        if (i == '\n') {
+          headerDone = true;
+          ++newlinesSeen;
+        }
+        else if (i != '\r') {
+          newlinesSeen = 0;
+          if (!headerDone) {
+            replyStr += String.valueOf((char) i);
+          }
+        }
+      }
+      if (!replyStr.startsWith("HTTP/1.0 200")
+        && !replyStr.startsWith("HTTP/1.1 200")) {
+        throw new IOException(
+          Messages.getMessage(
+            "cantTunnel00",
+            new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
+      }
+
+      // End of condensed reflective tunnel handshake method
+      sslSocket = sslFactory.createSocket(tunnel, host, port, true);
+      if (log.isDebugEnabled()) {
+        log.debug(
+          Messages.getMessage(
+            "setupTunnel00",
+            tcp.getProxyHost(),
+            "" + tunnelPort));
+      }
+    }
+
+    ((SSLSocket) sslSocket).startHandshake();
+    if (log.isDebugEnabled()) {
+      log.debug(Messages.getMessage("createdSSL00"));
+    }
+    return sslSocket;
+  }
+
+}
-- 
cgit v1.2.3