diff options
6 files changed, 72 insertions, 37 deletions
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 3aeb1745..9326d904 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -42,11 +42,16 @@ import java.util.List; import java.util.Properties;
import java.util.Set;
+import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.LdapReferralException;
import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
@@ -118,7 +123,14 @@ public class SpringConfigurator extends Configurator implements }
public void configureNetwork() {
-
+ String proxy = getProperty("HTTPProxyHost");
+ String portString = getProperty("HTTPProxyPort");
+ if ((proxy == null) || (proxy.equals(""))) {
+ log.info("No proxy configured");
+ } else {
+ System.setProperty("proxyHost", proxy);
+ System.setProperty("proxyPort", portString);
+ }
}
private Set<TrustAnchor> getCACerts() throws IOException,
@@ -258,13 +270,33 @@ public class SpringConfigurator extends Configurator implements KeyManager[] km = null;
SSLContext sslCtx = SSLContext
.getInstance(getProperty("SSL.sslProtocol"));
- sslCtx.init(km, trustFab.getTrustManagers(), null);
- // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
- // certStoreList) }, null);
+ String disableAll = getProperty("SSL.disableAllChecks");
+ if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+ log.warn("--------------------------------------");
+ log.warn(" Disabling SSL Certificate Validation ");
+ log.warn("--------------------------------------");
+
+ sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
+ certStoreList) }, null);
+ } else {
+ sslCtx.init(km, trustFab.getTrustManagers(), null);
+ }
HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
} catch (Exception e) {
log.error("Cannot configure SSL", e);
}
+ String disableAll = getProperty("SSL.disableAllChecks");
+ if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+ log.warn("---------------------------------");
+ log.warn(" Disabling Hostname Verification ");
+ log.warn("---------------------------------");
+ HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ });
+ }
}
@Override
@@ -275,20 +307,15 @@ public class SpringConfigurator extends Configurator implements class MyTrustManager implements X509TrustManager {
private static Log log = LogFactory.getLog(MyTrustManager.class);
- private Set<TrustAnchor> caCerts;
- private List<CertStore> certStoreList;
private X509Certificate[] trustedCerts;
public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
- this.caCerts = caCerts;
- this.certStoreList = cs;
trustedCerts = new X509Certificate[caCerts.size()];
int i = 0;
for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
TrustAnchor ta = it.next();
trustedCerts[i++] = ta.getTrustedCert();
}
-
}
@Override
@@ -301,31 +328,9 @@ class MyTrustManager implements X509TrustManager { @Override
public void checkServerTrusted(X509Certificate[] certs, String arg1)
throws CertificateException {
- try {
- log.debug("Checking server certificate: " + certs[0].getSubjectDN());
- CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
- X509CertSelector selector = new X509CertSelector();
- selector.setCertificate(certs[0]);
- PKIXBuilderParameters pkixParams;
- pkixParams = new PKIXBuilderParameters(caCerts, selector);
- pkixParams.setRevocationEnabled(true); // FIXME
- for (CertStore cs : certStoreList) {
- pkixParams.addCertStore(cs);
- }
- PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder
- .build(pkixParams);
- if (log.isTraceEnabled()) {
- StringBuffer sb = new StringBuffer();
- for (Certificate cert : result.getCertPath().getCertificates()) {
- sb.append(((X509Certificate) cert).getSubjectDN());
- sb.append("->");
- }
- sb.append("End");
- log.trace(sb);
- }
- } catch (Exception e) {
- throw new CertificateException(e);
- }
+ log.warn("-------------------------------------");
+ log.warn("SSL Certificate Validation Disabled !");
+ log.warn("-------------------------------------");
}
@Override
diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 93796a7e..31f55ed0 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -45,9 +45,15 @@ SSL.cache.lifetime=3600 # use authority info access extension to find ca certs.
SSL.useAIA=true
+# Don't set to true in production environments
+# Attention flag only used for debugging
+SSL.disableAllChecks=false
# ------------ END SSL Config --------------------
ValidateHashDataInputs=true
+#HTTPProxyHost=localhost
+#HTTPProxyPort=8888
+
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index 9fe91708..54dbfdea 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -70,6 +70,8 @@ public class SpringConfigurator extends Configurator implements } catch (IOException e) {
log.error("Cannot load config", e);
}
+ } else {
+ log.warn("Cannot load properties, resource: "+resource);
}
}
@@ -91,8 +93,23 @@ public class SpringConfigurator extends Configurator implements super.configure();
configureSSL();
configureVersion();
+ configureNetwork();
}
+ public void configureNetwork() {
+ String proxyHost = getProperty("HTTPProxyHost");
+ String proxyPort = getProperty("HTTPProxyPort");
+ if (proxyPort == null) {
+ proxyPort = "80";
+ }
+ if (proxyHost != null) {
+ log.debug("Setting proxy server to: "+proxyHost+":"+proxyPort);
+ System.setProperty("http.proxyHost", proxyHost);
+ System.setProperty("http.proxyPort", proxyPort);
+ }
+ log.debug("No proxy specified");
+ }
+
private Set<TrustAnchor> getCACerts() throws IOException,
CertificateException {
Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index cdc2bfad..42b0d93e 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -41,3 +41,6 @@ SSL.sslProtocol=TLS ValidateHashDataInputs=true
+
+HTTPProxyHost=taranis.iaik.tugraz.at
+HTTPProxyPort=8888
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java index a8477ece..d462ac60 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java @@ -52,7 +52,8 @@ public class DataUrl { }
public DataUrlConnection openConnection() {
- try {
+ try { + log.debug("Opening dataurl connection");
DataUrlConnectionSPI retVal = defaultDataUrlConnection.newInstance();
retVal.init(url);
return retVal;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 775f4136..6ad0bb78 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -91,11 +91,13 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { String name = headerIt.next(); connection.setRequestProperty(name, requestHttpHeaders.get(name)); } + log.trace("Connecting to: "+url); connection.connect(); if (connection instanceof HttpsURLConnection) { HttpsURLConnection ssl = (HttpsURLConnection) connection; X509Certificate[] certs = (X509Certificate[]) ssl.getServerCertificates(); if ((certs != null) && (certs.length >= 1)) { + log.trace("Server certificate: "+certs[0]); serverCertificate = certs[0]; } } @@ -142,7 +144,7 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { formParams.add(slResultPart); OutputStream os = connection.getOutputStream(); - + log.trace("Sending data"); Part[] parts = new Part[formParams.size()]; Part.sendParts(os, formParams.toArray(parts), boundary.getBytes()); os.close(); @@ -152,7 +154,8 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { is = connection.getInputStream(); } catch (IOException iox) { log.info(iox); - }
+ } + log.trace("Reading response");
result = new DataUrlResponse(url.toString(), connection.getResponseCode(), is); Map<String, String> responseHttpHeaders = new HashMap<String, String>(); Map<String, List<String>> httpHeaders = connection.getHeaderFields(); |