From 9ca314eced8a73f58282684597468f98621ac502 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 19 Sep 2008 12:17:47 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@53 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 73 ++++++++++++---------- .../gv/egiz/bku/local/conf/defaultConf.properties | 6 ++ 2 files changed, 45 insertions(+), 34 deletions(-) (limited to 'BKULocal') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 3aeb1745..9326d904 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -42,11 +42,16 @@ import java.util.List; import java.util.Properties; import java.util.Set; +import javax.naming.ldap.LdapContext; +import javax.naming.ldap.LdapReferralException; import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; @@ -118,7 +123,14 @@ public class SpringConfigurator extends Configurator implements } public void configureNetwork() { - + String proxy = getProperty("HTTPProxyHost"); + String portString = getProperty("HTTPProxyPort"); + if ((proxy == null) || (proxy.equals(""))) { + log.info("No proxy configured"); + } else { + System.setProperty("proxyHost", proxy); + System.setProperty("proxyPort", portString); + } } private Set getCACerts() throws IOException, @@ -258,13 +270,33 @@ public class SpringConfigurator extends Configurator implements KeyManager[] km = null; SSLContext sslCtx = SSLContext .getInstance(getProperty("SSL.sslProtocol")); - sslCtx.init(km, trustFab.getTrustManagers(), null); - // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, - // certStoreList) }, null); + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("--------------------------------------"); + log.warn(" Disabling SSL Certificate Validation "); + log.warn("--------------------------------------"); + + sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + certStoreList) }, null); + } else { + sslCtx.init(km, trustFab.getTrustManagers(), null); + } HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("---------------------------------"); + log.warn(" Disabling Hostname Verification "); + log.warn("---------------------------------"); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + } } @Override @@ -275,20 +307,15 @@ public class SpringConfigurator extends Configurator implements class MyTrustManager implements X509TrustManager { private static Log log = LogFactory.getLog(MyTrustManager.class); - private Set caCerts; - private List certStoreList; private X509Certificate[] trustedCerts; public MyTrustManager(Set caCerts, List cs) { - this.caCerts = caCerts; - this.certStoreList = cs; trustedCerts = new X509Certificate[caCerts.size()]; int i = 0; for (Iterator it = caCerts.iterator(); it.hasNext();) { TrustAnchor ta = it.next(); trustedCerts[i++] = ta.getTrustedCert(); } - } @Override @@ -301,31 +328,9 @@ class MyTrustManager implements X509TrustManager { @Override public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException { - try { - log.debug("Checking server certificate: " + certs[0].getSubjectDN()); - CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); - X509CertSelector selector = new X509CertSelector(); - selector.setCertificate(certs[0]); - PKIXBuilderParameters pkixParams; - pkixParams = new PKIXBuilderParameters(caCerts, selector); - pkixParams.setRevocationEnabled(true); // FIXME - for (CertStore cs : certStoreList) { - pkixParams.addCertStore(cs); - } - PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder - .build(pkixParams); - if (log.isTraceEnabled()) { - StringBuffer sb = new StringBuffer(); - for (Certificate cert : result.getCertPath().getCertificates()) { - sb.append(((X509Certificate) cert).getSubjectDN()); - sb.append("->"); - } - sb.append("End"); - log.trace(sb); - } - } catch (Exception e) { - throw new CertificateException(e); - } + log.warn("-------------------------------------"); + log.warn("SSL Certificate Validation Disabled !"); + log.warn("-------------------------------------"); } @Override diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 93796a7e..31f55ed0 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -45,9 +45,15 @@ SSL.cache.lifetime=3600 # use authority info access extension to find ca certs. SSL.useAIA=true +# Don't set to true in production environments +# Attention flag only used for debugging +SSL.disableAllChecks=false # ------------ END SSL Config -------------------- ValidateHashDataInputs=true +#HTTPProxyHost=localhost +#HTTPProxyPort=8888 + -- cgit v1.2.3