From 9ca314eced8a73f58282684597468f98621ac502 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 19 Sep 2008 12:17:47 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@53 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 73 ++++++++++++---------- .../gv/egiz/bku/local/conf/defaultConf.properties | 6 ++ .../egiz/bku/online/conf/SpringConfigurator.java | 17 +++++ .../gv/egiz/bku/online/conf/defaultConf.properties | 3 + .../main/java/at/gv/egiz/bku/binding/DataUrl.java | 3 +- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 7 ++- 6 files changed, 72 insertions(+), 37 deletions(-) diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 3aeb1745..9326d904 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -42,11 +42,16 @@ import java.util.List; import java.util.Properties; import java.util.Set; +import javax.naming.ldap.LdapContext; +import javax.naming.ldap.LdapReferralException; import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; @@ -118,7 +123,14 @@ public class SpringConfigurator extends Configurator implements } public void configureNetwork() { - + String proxy = getProperty("HTTPProxyHost"); + String portString = getProperty("HTTPProxyPort"); + if ((proxy == null) || (proxy.equals(""))) { + log.info("No proxy configured"); + } else { + System.setProperty("proxyHost", proxy); + System.setProperty("proxyPort", portString); + } } private Set getCACerts() throws IOException, @@ -258,13 +270,33 @@ public class SpringConfigurator extends Configurator implements KeyManager[] km = null; SSLContext sslCtx = SSLContext .getInstance(getProperty("SSL.sslProtocol")); - sslCtx.init(km, trustFab.getTrustManagers(), null); - // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, - // certStoreList) }, null); + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("--------------------------------------"); + log.warn(" Disabling SSL Certificate Validation "); + log.warn("--------------------------------------"); + + sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + certStoreList) }, null); + } else { + sslCtx.init(km, trustFab.getTrustManagers(), null); + } HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("---------------------------------"); + log.warn(" Disabling Hostname Verification "); + log.warn("---------------------------------"); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + } } @Override @@ -275,20 +307,15 @@ public class SpringConfigurator extends Configurator implements class MyTrustManager implements X509TrustManager { private static Log log = LogFactory.getLog(MyTrustManager.class); - private Set caCerts; - private List certStoreList; private X509Certificate[] trustedCerts; public MyTrustManager(Set caCerts, List cs) { - this.caCerts = caCerts; - this.certStoreList = cs; trustedCerts = new X509Certificate[caCerts.size()]; int i = 0; for (Iterator it = caCerts.iterator(); it.hasNext();) { TrustAnchor ta = it.next(); trustedCerts[i++] = ta.getTrustedCert(); } - } @Override @@ -301,31 +328,9 @@ class MyTrustManager implements X509TrustManager { @Override public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException { - try { - log.debug("Checking server certificate: " + certs[0].getSubjectDN()); - CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); - X509CertSelector selector = new X509CertSelector(); - selector.setCertificate(certs[0]); - PKIXBuilderParameters pkixParams; - pkixParams = new PKIXBuilderParameters(caCerts, selector); - pkixParams.setRevocationEnabled(true); // FIXME - for (CertStore cs : certStoreList) { - pkixParams.addCertStore(cs); - } - PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder - .build(pkixParams); - if (log.isTraceEnabled()) { - StringBuffer sb = new StringBuffer(); - for (Certificate cert : result.getCertPath().getCertificates()) { - sb.append(((X509Certificate) cert).getSubjectDN()); - sb.append("->"); - } - sb.append("End"); - log.trace(sb); - } - } catch (Exception e) { - throw new CertificateException(e); - } + log.warn("-------------------------------------"); + log.warn("SSL Certificate Validation Disabled !"); + log.warn("-------------------------------------"); } @Override diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 93796a7e..31f55ed0 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -45,9 +45,15 @@ SSL.cache.lifetime=3600 # use authority info access extension to find ca certs. SSL.useAIA=true +# Don't set to true in production environments +# Attention flag only used for debugging +SSL.disableAllChecks=false # ------------ END SSL Config -------------------- ValidateHashDataInputs=true +#HTTPProxyHost=localhost +#HTTPProxyPort=8888 + diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index 9fe91708..54dbfdea 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -70,6 +70,8 @@ public class SpringConfigurator extends Configurator implements } catch (IOException e) { log.error("Cannot load config", e); } + } else { + log.warn("Cannot load properties, resource: "+resource); } } @@ -91,8 +93,23 @@ public class SpringConfigurator extends Configurator implements super.configure(); configureSSL(); configureVersion(); + configureNetwork(); } + public void configureNetwork() { + String proxyHost = getProperty("HTTPProxyHost"); + String proxyPort = getProperty("HTTPProxyPort"); + if (proxyPort == null) { + proxyPort = "80"; + } + if (proxyHost != null) { + log.debug("Setting proxy server to: "+proxyHost+":"+proxyPort); + System.setProperty("http.proxyHost", proxyHost); + System.setProperty("http.proxyPort", proxyPort); + } + log.debug("No proxy specified"); + } + private Set getCACerts() throws IOException, CertificateException { Set caCerts = new HashSet(); diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index cdc2bfad..42b0d93e 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -41,3 +41,6 @@ SSL.sslProtocol=TLS ValidateHashDataInputs=true + +HTTPProxyHost=taranis.iaik.tugraz.at +HTTPProxyPort=8888 diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java index a8477ece..d462ac60 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java @@ -52,7 +52,8 @@ public class DataUrl { } public DataUrlConnection openConnection() { - try { + try { + log.debug("Opening dataurl connection"); DataUrlConnectionSPI retVal = defaultDataUrlConnection.newInstance(); retVal.init(url); return retVal; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 775f4136..6ad0bb78 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -91,11 +91,13 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { String name = headerIt.next(); connection.setRequestProperty(name, requestHttpHeaders.get(name)); } + log.trace("Connecting to: "+url); connection.connect(); if (connection instanceof HttpsURLConnection) { HttpsURLConnection ssl = (HttpsURLConnection) connection; X509Certificate[] certs = (X509Certificate[]) ssl.getServerCertificates(); if ((certs != null) && (certs.length >= 1)) { + log.trace("Server certificate: "+certs[0]); serverCertificate = certs[0]; } } @@ -142,7 +144,7 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { formParams.add(slResultPart); OutputStream os = connection.getOutputStream(); - + log.trace("Sending data"); Part[] parts = new Part[formParams.size()]; Part.sendParts(os, formParams.toArray(parts), boundary.getBytes()); os.close(); @@ -152,7 +154,8 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { is = connection.getInputStream(); } catch (IOException iox) { log.info(iox); - } + } + log.trace("Reading response"); result = new DataUrlResponse(url.toString(), connection.getResponseCode(), is); Map responseHttpHeaders = new HashMap(); Map> httpHeaders = connection.getHeaderFields(); -- cgit v1.2.3