axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Sitze <rsi...@us.ibm.com>
Subject Re: cvs commit: xml-axis/java/xmls targets.xml
Date Wed, 09 Oct 2002 15:39:24 GMT
It's a mess, we all agree.

That something changed between Beta3 and RC1/2, no doubt.  But the issue 
was NOT pluggability, the issue is about change of default implementation. 
 I agree that you should NOT be required to make changes to axis to use it 
out-of-box.  HOWEVER (that's a BIG HOWEVER), if you are running in a 
non-standard environment, then all bets are off.

So, let's step back and take a look at "standard" the environment in which 
AXIS is expected to run (out-of-box), relevant to this discussion:
1.  1.3.1 level JDK.
2.  JSSE 1.0.3 (Java 1.3.1).

The issue is that either JSSE is not portable, or we are not using it in a 
correct/portable manner.  Either way, we've broken our open-source AXIS 
solution.  If it's simply not portable then the solution for the IBM JSSE 
is going to be plugging the IBM version via the pluggable interfaces.

We can discuss (and we should vote) on eliminating the default dependency 
on com.sun.* (which is what Dug did yesterday).

We do have one solution to consider, but I must say up-front that I *DO 
NOT* like it:
- We can create a list of default implementations.
- In this case:  SunJSSESocketFactory, IBMJSSESocketFactory, 
DefaultSecureSocketFactory
- Try to load each one.  First one to load successfully wins.

The problem here is that you have NO idea what your behaviour really is. 
You have expected behaviour based on your understanding of your 
environment, but if something happens it falls through to a functioning 
factory (DefaultSecureSocketFactory) without warning.  In a production 
environment, I want it to BREAK if my environment is messed up, not 
pretend to move forward with a (at worst) less secure functioning system.


With regards to discovery, yes it can be complicated at one level.  Yes, 
the documention needs improvement.  Yet, at another level, it's very 
straight forward:  "please give me a class that implements this interface" 
(see integration.html).  Either way, it's required by the users - never 
mind that it provides a way out of the current mire.


*******************************************
Richard A. Sitze
IBM WebSphere WebServices Development




Rick Rineholt/Raleigh/IBM@IBMUS
10/08/2002 11:07 PM
Please respond to axis-dev
 
        To:     axis-dev@xml.apache.org
        cc: 
        Subject:        Re: cvs commit: xml-axis/java/xmls targets.xml 

 



Richard, 
Without the great insight and vision you see in this work, I too also 
would like to lend my concern where all this is going.  I just recently 
had to go in and fix something that had been working.  I'm not complaining 
about that, things do break, but the time to understand all of this 
compared to what once was contained in a single file and could be 
understood with the just the basic understand of  Java class library and 
sockets  is slowing becoming "daunting" to figure out all the pluggablity 
and configuration.  There was the need to go and investigate the jakarta 
commons discovery package which seemed to be "sparsely" documented which I 
finally concluded that if I  really wanted to figure out I would need to 
down load its source and investigate. Mind you there might be more there, 
but I was in rush to get something working again and move on!!  I really 
question the requirement th! at all of this fills too; who will really 
needs to use this?  Was what we had sufficient to meet their needs?   The 
complexity of just all this configuration stuff is just another bar raised 
for people wanting to join Axis to contribute.  It makes understand and 
maintaining a whole lot more difficult.  At one time I could look at 
HTTPSender.java all by itself and within very short time feel comfortable 
with modifying it; now I need to scour through several different Axis 
classes and some other package is see a being "lightly" documented. What's 
there  now also  means another package to maintain in sync with in the 
future too.  In most systems I have seen configuration and pluggablity is 
just a class or two and most often just a few lines of code;  however, in 
Axis it has become it own whole subsystem architecture!  Do we have 
testcases for all this?  How about for all those socket factories? I was 
sure while I! was working on this  the change I did by modifying the ! 
default secure socket implementation would break some tests... it didn't 
as far as I could tell.  So do we have any test coverage here?    I have a 
some real reservations whether  the benefit derived to anyone warrants its 
*total* cost. 
"In practicality,  most systems versatility is seldom  a product of the 
quantity of features, but of its simplicity." 


Rick Rineholt
"The truth is out there...  All you need is a better search engine!"

rineholt@us.ibm.com

Please respond to axis-dev@xml.apache.org 
To:        axis-dev@xml.apache.org 
cc: 
Subject:        Re: cvs commit: xml-axis/java/xmls targets.xml 








Richard,
I'm still confused by the direction you and Dims are going with all of 
this - perhaps I just don't understand what's involved with j2ee but why 
do
we need to have Sun, IBM and JDK14 versions of these files?  Continuing
down this path we'll be force to add code to Axis for each and every impl.
We don't have this issue with parsers - people can any impl just so long 
as
they adhere to the interfaces.  Isn't J2EE the same way?
-Dug


rsitze@apache.org on 10/08/2002 06:24:00 PM

Please respond to axis-dev@xml.apache.org

To:    xml-axis-cvs@apache.org
cc:
Subject:    cvs commit: xml-axis/java/xmls targets.xml


rsitze      2002/10/08 15:24:00

Modified:    java/src/org/apache/axis/components/net
SocketFactoryFactory.java IBMJSSESocketFactory.java 
java/lib commons-discovery.jar
java/src/org/apache/axis/transport/http HTTPSender.java
java/src/org/apache/axis/configuration 
EngineConfigurationFactoryFinder.java
java/src/org/apache/axis AxisProperties.java
java     build.xml
java/xmls targets.xml 
Added:       java/src/org/apache/axis/components/net
IBMFakeTrustSocketFactory.java
JDK14FakeTrustSocketFactory.java
SunFakeTrustSocketFactory.java
SecureSocketFactory.java SunJSSESocketFactory.java
JDK14JSSESocketFactory.java 
Removed:     java/src/org/apache/axis/components/net
FakeTrustSocketFactory.java JSSESocketFactory.java 
java/src/org/apache/axis/discovery
DiscoverOldNamesInManagedProperties.java
DiscoverConstNames.java 
Log:
work around components.net.*:
- Moved JSSE (and Fake*) classes to Sun*.
- Introduced JDK14* version, though they need more work/cleanup.
- No way to configure SocketFactory and SecureSocketFactories
separately, so added new interface SecureSocketFactory to
key off of during discovery process. 

other:
- Moved discovery helper classes to discovery. 

Revision  Changes    Path
1.8       +27 -35 
xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java

Index: SocketFactoryFactory.java
===================================================================
RCS file: 
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java,v


retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- SocketFactoryFactory.java            8 Oct 2002 17:55:33 -0000 
1.7
+++ SocketFactoryFactory.java            8 Oct 2002 22:23:59 -0000 
1.8
@@ -79,53 +79,45 @@ 
LogFactory.getLog(SocketFactoryFactory.class.getName());

/** socket factory */
-    private static SocketFactory theFactory = null;
-
-    /** secure socket factory */
-    private static SocketFactory theSecureFactory = null;
+    private static Hashtable factories = new Hashtable(); 

private static final Class classes[] = new Class[] { Hashtable.class
};

/**
* Returns a copy of the environment's default socket factory. 
-     *
+     *
+     * @param protocol Today this only supports "http" & "https". 
* @param attributes
*
* @return
*/ 
-    public static synchronized SocketFactory getFactory(Hashtable
attributes) { 
+    public static synchronized SocketFactory getFactory(String protocol,
+                                                        Hashtable 
attributes) {
+        SocketFactory theFactory = 
(SocketFactory)factories.get(protocol);
+ 
if (theFactory == null) {
Object objects[] = new Object[] { attributes }; 
-
-            theFactory = (SocketFactory)AxisProperties.newInstance(
-                     new SPInterface(SocketFactory.class,
-                                     "axis.socketFactory",
-                                     classes,
-                                     objects),
- 
"org.apache.axis.components.net.DefaultSocketFactory");
+
+            if (protocol.equalsIgnoreCase("http")) {
+                theFactory = (SocketFactory)AxisProperties.newInstance(
+                         new SPInterface(SocketFactory.class,
+                                         "axis.socketFactory",
+                                         classes,
+                                         objects),
+ 
"org.apache.axis.components.net.DefaultSocketFactory");
+            } else if (protocol.equalsIgnoreCase("https")) {
+                theFactory = (SocketFactory)AxisProperties.newInstance(
+                         new SPInterface(SecureSocketFactory.class,
+                                         "axis.socketSecureFactory",
+                                         classes,
+                                         objects),
+ 
"org.apache.axis.components.net.DefaultSecureSocketFactory");
+            }
+
+            if (theFactory != null) {
+                factories.put(protocol, theFactory);
+            } 
}
return theFactory; 
-    }
-
-    /**
-     * Returns a copy of the environment's default secure socket 
factory.
-     *
-     * @param attributes
-     *
-     * @return
-     */
-    public static synchronized SocketFactory getSecureFactory(
-            Hashtable attributes) {
-        if (theSecureFactory == null) {
-            Object objects[] = new Object[] { attributes };
-
-            theSecureFactory = 
(SocketFactory)AxisProperties.newInstance(
-                    new SPInterface(SocketFactory.class,
-                                    "axis.socketSecureFactory",
-                                    classes,
-                                    objects),
- 
"org.apache.axis.components.net.DefaultSecureSocketFactory");
-        }
-        return theSecureFactory; 
}
} 



1.2       +10 -8
xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java

Index: IBMJSSESocketFactory.java
===================================================================
RCS file: 
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java,v


retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- IBMJSSESocketFactory.java            8 Oct 2002 12:12:47 -0000 
1.1
+++ IBMJSSESocketFactory.java            8 Oct 2002 22:23:59 -0000 
1.2
@@ -55,6 +55,11 @@ 
package org.apache.axis.components.net;

import com.ibm.net.ssl.SSLContext;
+import com.ibm.net.ssl.KeyManagerFactory;
+import com.ibm.net.ssl.TrustManager;
+import com.ibm.net.ssl.TrustManagerFactory;
+import com.ibm.jsse.JSSEProvider;
+ 
import org.apache.axis.AxisProperties;
import org.apache.axis.utils.JavaUtils;
import org.apache.axis.utils.Messages; 
@@ -281,7 +286,7 @@
* @return SSLContext
* @throws Exception
*/ 
-    protected com.ibm.net.ssl.SSLContext getContext() throws Exception {
+    protected SSLContext getContext() throws Exception { 
// Please don't change the name of the attribute - other
// software may depend on it ( j2ee for sure )
String keystoreFile = (String) attributes.get("keystore"); 
@@ -324,17 +329,15 @@
KeyStore kstore = initKeyStore(keystoreFile, keystorePass); 

// Key manager will extract the server key
-        com.ibm.net.ssl.KeyManagerFactory kmf =
- 
com.ibm.net.ssl.KeyManagerFactory.getInstance(algorithm);
+        KeyManagerFactory kmf = 
KeyManagerFactory.getInstance(algorithm);

kmf.init(kstore, keyPass.toCharArray());

// If client authentication is needed, set up TrustManager
-        com.ibm.net.ssl.TrustManager[] tm = null;
+        TrustManager[] tm = null; 

if (clientAuth) {
-            com.ibm.net.ssl.TrustManagerFactory tmf =
- 
com.ibm.net.ssl.TrustManagerFactory.getInstance("SunX509");
+            TrustManagerFactory tmf = 
TrustManagerFactory.getInstance("SunX509");

tmf.init(kstore);
tm = tmf.getTrustManagers(); 
@@ -342,8 +345,7 @@

// Create a SSLContext ( to create the ssl factory )
// This is the only way to use server sockets with JSSE 1.0.1 
-        com.ibm.net.ssl.SSLContext context =
-                com.ibm.net.ssl.SSLContext.getInstance(protocol);    // 
SSL
+        SSLContext context = SSLContext.getInstance(protocol);    // SSL 

// init context with the key managers
context.init(kmf.getKeyManagers(), tm, 



1.1
xml-axis/java/src/org/apache/axis/components/net/IBMFakeTrustSocketFactory.java



Index: IBMFakeTrustSocketFactory.java
===================================================================
/* 
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation.  All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in
*    the documentation and/or other materials provided with the
*    distribution.
*
* 3. The end-user documentation included with the redistribution,
*    if any, must include the following acknowledgment:
*       "This product includes software developed by the
*        Apache Software Foundation (http://www.apache.org/)."
*    Alternately, this acknowledgment may appear in the software itself,
*    if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
*    not be used to endorse or promote products derived from this
*    software without prior written permission. For written
*    permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
*    nor may "Apache" appear in their name, without prior written
*    permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation.  For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/ 
package org.apache.axis.components.net;

import java.util.Hashtable;

import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log; 

import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.X509TrustManager; 

/**
* Hook for Axis sender, allowing unsigned server certs
*/ 
public class IBMFakeTrustSocketFactory extends IBMJSSESocketFactory {

/** Field log           */
protected static Log log = 
LogFactory.getLog(IBMFakeTrustSocketFactory.class.getName());

/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/ 
public IBMFakeTrustSocketFactory(Hashtable attributes) {
super(attributes); 
}

/**
* Method getContext
*
* @return
*
* @throws Exception
*/ 
protected SSLContext getContext() throws Exception {

try {
SSLContext sc = SSLContext.getInstance("SSL"); 

sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom()); 
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00")); 
}
return sc; 
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02")); 
}
} 

/**
* Class FakeX509TrustManager
*/ 
public static class FakeX509TrustManager implements X509TrustManager
{

/** Field log           */
protected static Log log = 
LogFactory.getLog(FakeX509TrustManager.class.getName());

/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/ 
public boolean isClientTrusted(java.security.cert
.X509Certificate[] chain) { 

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03")); 
}
return true; 
}

/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/ 
public boolean isServerTrusted(java.security.cert
.X509Certificate[] chain) { 

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04")); 
}
return true; 
}

/**
* Method getAcceptedIssuers
*
* @return
*/ 
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05")); 
}
return null; 
}
} 
}



1.1
xml-axis/java/src/org/apache/axis/components/net/JDK14FakeTrustSocketFactory.java



Index: JDK14FakeTrustSocketFactory.java
===================================================================
/* 
* The Apache Software License, Version 1.1
*
* 
* Copyright (c) 2001 The Apache Software Foundation.  All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in
*    the documentation and/or other materials provided with the
*    distribution.
*
* 3. The end-user documentation included with the redistribution,
*    if any, must include the following acknowledgment:
*       "This product includes software developed by the
*        Apache Software Foundation (http://www.apache.org/)."
*    Alternately, this acknowledgment may appear in the software itself,
*    if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
*    not be used to endorse or promote products derived from this
*    software without prior written permission. For written
*    permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
*    nor may "Apache" appear in their name, without prior written
*    permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation.  For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/ 
package org.apache.axis.components.net;

import java.util.Hashtable;

import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log; 

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; 

/**
* Hook for Axis sender, allowing unsigned server certs
*/ 
public class JDK14FakeTrustSocketFactory extends JDK14JSSESocketFactory {

/** Field log           */
protected static Log log = 

LogFactory.getLog(JDK14FakeTrustSocketFactory.class.getName());

/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/ 
public JDK14FakeTrustSocketFactory(Hashtable attributes) {
super(attributes); 
}

/**
* Method getContext
*
* @return
*
* @throws Exception
*/ 
protected SSLContext getContext() throws Exception {

try {
SSLContext sc = SSLContext.getInstance("SSL"); 

sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom()); 
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00")); 
}
return sc; 
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02")); 
}
} 

/**
* Class FakeX509TrustManager
*/ 
public static class FakeX509TrustManager implements X509TrustManager
{

/** Field log           */
protected static Log log = 
LogFactory.getLog(FakeX509TrustManager.class.getName());

/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/ 
public void
checkClientTrusted(java.security.cert.X509Certificate[] chain, 
String arg)
throws java.security.cert.CertificateException 
{

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03")); 
}
} 

/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/ 
public void
checkServerTrusted(java.security.cert.X509Certificate[] chain, 
String arg)
throws java.security.cert.CertificateException 
{

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04")); 
}
} 

/**
* Method getAcceptedIssuers
*
* @return
*/ 
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05")); 
}
return null; 
}
} 
}



1.1
xml-axis/java/src/org/apache/axis/components/net/SunFakeTrustSocketFactory.java



Index: SunFakeTrustSocketFactory.java
===================================================================
/* 
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation.  All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in
*    the documentation and/or other materials provided with the
*    distribution.
*
* 3. The end-user documentation included with the redistribution,
*    if any, must include the following acknowledgment:
*       "This product includes software developed by the
*        Apache Software Foundation (http://www.apache.org/)."
*    Alternately, this acknowledgment may appear in the software itself,
*    if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
*    not be used to endorse or promote products derived from this
*    software without prior written permission. For written
*    permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
*    nor may "Apache" appear in their name, without prior written
*    permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation.  For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/ 
package org.apache.axis.components.net;

import java.util.Hashtable;

import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log; 

import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager; 

/**
* Hook for Axis sender, allowing unsigned server certs
*/ 
public class SunFakeTrustSocketFactory extends SunJSSESocketFactory {

/** Field log           */
protected static Log log = 
LogFactory.getLog(SunFakeTrustSocketFactory.class.getName());

/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/ 
public SunFakeTrustSocketFactory(Hashtable attributes) {
super(attributes); 
}

/**
* Method getContext
*
* @return
*
* @throws Exception
*/ 
protected SSLContext getContext() throws Exception {

try {
SSLContext sc = SSLContext.getInstance("SSL"); 

sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom()); 
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00")); 
}
return sc; 
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02")); 
}
} 

/**
* Class FakeX509TrustManager
*/ 
public static class FakeX509TrustManager implements X509TrustManager
{

/** Field log           */
protected static Log log = 
LogFactory.getLog(FakeX509TrustManager.class.getName());

/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/ 
public boolean isClientTrusted(java.security.cert
.X509Certificate[] chain) { 

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03")); 
}
return true; 
}

/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/ 
public boolean isServerTrusted(java.security.cert
.X509Certificate[] chain) { 

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04")); 
}
return true; 
}

/**
* Method getAcceptedIssuers
*
* @return
*/ 
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{

if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05")); 
}
return null; 
}
} 
}



1.1
xml-axis/java/src/org/apache/axis/components/net/SecureSocketFactory.java

Index: SecureSocketFactory.java
===================================================================
/* 
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2002 The Apache Software Foundation.  All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in
*    the documentation and/or other materials provided with the
*    distribution.
*
* 3. The end-user documentation included with the redistribution,
*    if any, must include the following acknowledgment:
*       "This product includes software developed by the
*        Apache Software Foundation (http://www.apache.org/)."
*    Alternately, this acknowledgment may appear in the software itself,
*    if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
*    not be used to endorse or promote products derived from this
*    software without prior written permission. For written
*    permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
*    nor may "Apache" appear in their name, without prior written
*    permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation.  For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/ 
package org.apache.axis.components.net;


/**
* Secure Socket factory.
* This has a separate interface to allow discovery (by interface)
* and runtime distinction to be made between Socket & SecureSockets.
*
* @author Richard A. Sitze
* @author Davanum Srinivas (dims@yahoo.com)
*/ 
public interface SecureSocketFactory extends SocketFactory {
} 



1.1 



Mime
View raw message