diff options
5 files changed, 156 insertions, 77 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 733b47dc..7f180ad0 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -43,6 +43,7 @@ import at.gv.egiz.bku.binding.DataUrlConnection; import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
public abstract class Configurator {
private Log log = LogFactory.getLog(Configurator.class);
@@ -270,6 +271,7 @@ public abstract class Configurator { sslCtx.init(km, new TrustManager[] { pkixTM }, null);
}
DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory());
+ URLDereferencer.getInstance().setSSLSocketFactory(sslCtx.getSocketFactory());
} catch (Exception e) {
log.error("Cannot configure SSL", e);
}
@@ -283,6 +285,12 @@ public abstract class Configurator { return true;
}
});
+ URLDereferencer.getInstance().setHostnameVerifier(new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ });
}
}
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java index 9e34d9ae..78172dcb 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java @@ -33,6 +33,8 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate;
import java.util.List;
+import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
@@ -191,6 +193,18 @@ public class SignatureTest { }
+ } + + @Override + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) { + // TODO Auto-generated method stub + + } + + @Override + public void setSSLSocketFactory(SSLSocketFactory socketFactory) { + // TODO Auto-generated method stub + }
});
diff --git a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java index 8d01fad1..99f804b7 100644 --- a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java +++ b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/HTTPURLProtocolHandlerImpl.java @@ -1,78 +1,112 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.utils.urldereferencer;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.security.InvalidParameterException;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-public class HTTPURLProtocolHandlerImpl implements URLProtocolHandler {
-
- private static Log log = LogFactory.getLog(HTTPURLProtocolHandlerImpl.class);
-
- public final static String HTTP = "http";
- public final static String HTTPS = "https";
- public final static String FORMDATA = "formdata";
- public final static String[] PROTOCOLS = { HTTP, HTTPS, FORMDATA };
-
- public StreamData dereference(String aUrl, URLDereferencerContext aContext)
- throws IOException {
- String urlString = aUrl.toLowerCase().trim();
- if (urlString.startsWith(FORMDATA)) {
- log.debug("Requested to dereference a formdata url");
- return dereferenceFormData(aUrl, aContext);
- }
-
- URL url = new URL(aUrl);
- if ((!HTTP.equalsIgnoreCase(url.getProtocol()) && (!HTTPS
- .equalsIgnoreCase(url.getProtocol())))) {
- throw new InvalidParameterException("Url " + aUrl + " not supported");
- }
- return dereferenceHTTP(url);
- }
-
+ * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.utils.urldereferencer; + +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.net.URL; +import java.security.InvalidParameterException; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class HTTPURLProtocolHandlerImpl implements URLProtocolHandler { + + private static Log log = LogFactory.getLog(HTTPURLProtocolHandlerImpl.class); + + public final static String HTTP = "http"; + public final static String HTTPS = "https"; + public final static String FORMDATA = "formdata"; + public final static String[] PROTOCOLS = { HTTP, HTTPS, FORMDATA }; + + private HostnameVerifier hostnameVerifier; + private SSLSocketFactory sslSocketFactory; + + public StreamData dereference(String aUrl, URLDereferencerContext aContext) + throws IOException { + String urlString = aUrl.toLowerCase().trim(); + if (urlString.startsWith(FORMDATA)) { + log.debug("Requested to dereference a formdata url"); + return dereferenceFormData(aUrl, aContext); + } + + URL url = new URL(aUrl); + if ((!HTTP.equalsIgnoreCase(url.getProtocol()) && (!HTTPS + .equalsIgnoreCase(url.getProtocol())))) { + throw new InvalidParameterException("Url " + aUrl + " not supported"); + } + return dereferenceHTTP(url); + } + protected StreamData dereferenceHTTP(URL url) throws IOException { - log.debug("Dereferencing url: "+url);
+ log.debug("Dereferencing url: " + url); HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); - log.trace("Successfully opened connection");
- return new StreamData(url.toString(), httpConn.getContentType(), httpConn
- .getInputStream());
- }
-
- protected StreamData dereferenceFormData(String aUrl,
- URLDereferencerContext aContext) throws IOException {
- log.debug("Dereferencing formdata url: " + aUrl);
- String[] parts = aUrl.split(":", 2);
- FormDataURLSupplier supplier = (FormDataURLSupplier) aContext
- .getProperty(FormDataURLSupplier.PROPERTY_KEY_NAME);
- if (supplier == null) {
- throw new NullPointerException(
- "No FormdataUrlSupplier found in provided context");
- }
- String contentType = supplier.getFormDataContentType(parts[1]);
- InputStream is = supplier.getFormData(parts[1]);
- if (is != null) {
- return new StreamData(aUrl, contentType, is);
- }
- return null;
- }
+ if (httpConn instanceof HttpsURLConnection) { + log.trace("Detected ssl connection"); + HttpsURLConnection https = (HttpsURLConnection) httpConn; + if (sslSocketFactory != null) { + log.debug("Setting custom ssl socket factory for ssl connection"); + https.setSSLSocketFactory(sslSocketFactory); + } else { + log.trace("No custom socket factory set"); + } + if (hostnameVerifier != null) { + log.debug("Setting custom hostname verifier"); + https.setHostnameVerifier(hostnameVerifier); + } + } else { + log.trace("No secure connection with: "+url+ " class="+httpConn.getClass()); + } + log.trace("Successfully opened connection"); + return new StreamData(url.toString(), httpConn.getContentType(), httpConn + .getInputStream()); + } + + protected StreamData dereferenceFormData(String aUrl, + URLDereferencerContext aContext) throws IOException { + log.debug("Dereferencing formdata url: " + aUrl); + String[] parts = aUrl.split(":", 2); + FormDataURLSupplier supplier = (FormDataURLSupplier) aContext + .getProperty(FormDataURLSupplier.PROPERTY_KEY_NAME); + if (supplier == null) { + throw new NullPointerException( + "No FormdataUrlSupplier found in provided context"); + } + String contentType = supplier.getFormDataContentType(parts[1]); + InputStream is = supplier.getFormData(parts[1]); + if (is != null) { + return new StreamData(aUrl, contentType, is); + } + return null; + } + + @Override + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) { + this.hostnameVerifier = hostnameVerifier; + } + + @Override + public void setSSLSocketFactory(SSLSocketFactory socketFactory) { + this.sslSocketFactory = socketFactory; + } + }
\ No newline at end of file diff --git a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLDereferencer.java b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLDereferencer.java index d747753f..8853a9c1 100644 --- a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLDereferencer.java +++ b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLDereferencer.java @@ -20,6 +20,9 @@ import java.io.IOException; import java.net.MalformedURLException;
import java.util.HashMap;
import java.util.Map;
+ +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -37,7 +40,10 @@ public class URLDereferencer { private static URLDereferencer instance = new URLDereferencer();
private Map<String, URLProtocolHandler> handlerMap = new HashMap<String, URLProtocolHandler>();
-
+ + private HostnameVerifier hostnameVerifier; + private SSLSocketFactory sslSocketFactory; +
private URLDereferencer() {
registerHandlers();
}
@@ -62,7 +68,9 @@ public class URLDereferencer { if (handler == null) {
throw new MalformedURLException("No handler for protocol: " + protocol
+ " found");
- }
+ } + handler.setHostnameVerifier(hostnameVerifier); + handler.setSSLSocketFactory(sslSocketFactory);
return handler.dereference(aUrl, aContext);
}
@@ -86,5 +94,13 @@ public class URLDereferencer { for (String proto : HTTPURLProtocolHandlerImpl.PROTOCOLS) {
handlerMap.put(proto, handler);
}
+ } + + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) { + this.hostnameVerifier = hostnameVerifier; + } + + public void setSSLSocketFactory(SSLSocketFactory socketFactory) { + this.sslSocketFactory = socketFactory; }
}
\ No newline at end of file diff --git a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLProtocolHandler.java b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLProtocolHandler.java index f584f450..f886bd4e 100644 --- a/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLProtocolHandler.java +++ b/utils/src/main/java/at/gv/egiz/bku/utils/urldereferencer/URLProtocolHandler.java @@ -18,6 +18,9 @@ package at.gv.egiz.bku.utils.urldereferencer; import java.io.IOException;
import java.net.MalformedURLException;
+ +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; public interface URLProtocolHandler {
@@ -28,5 +31,9 @@ public interface URLProtocolHandler { * @return the streamdata of this url or null if the url cannot be resolved.
* @throws IOException
*/
- public StreamData dereference(String aUrl, URLDereferencerContext aContext) throws IOException;
+ public StreamData dereference(String aUrl, URLDereferencerContext aContext) throws IOException; + + public void setSSLSocketFactory(SSLSocketFactory socketFactory); + + public void setHostnameVerifier(HostnameVerifier hostnameVerifier);
}
\ No newline at end of file |