axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Sitze <rsi...@us.ibm.com>
Subject Re: cvs commit: xml-axis/java/xmls targets.xml
Date Tue, 08 Oct 2002 23:40:58 GMT
Dug, you assume that I have a direction :-)

Seriously,
What I've done is
a) rename the files that had dependencies on com.sun.* to Sun*.
b) for symmetry, I added IBMFakeTrustSocketFactory.  How it's used, I 
don't know.

The JDK14 use the javax version of *some* of the classes, but there are 
still sun.com.* dependencies.  This could potentially be the common impl, 
but it should be noted that the API's change... particularly between 
Sun/IBMFakeTrustSocketFactory and JDK14FakeTrustSocketFactory.

Note also that this is for JDK14.  It's not clear to me if someone 
intended the sun/ibm for pre-1.4 or not.  If it IS assumed that the base 
for this level of support is 14, then having it as a default dependency is 
even more wrong than it was originally (this is suppose to be 1.3+ based, 
right?).

Regardless, I agree with your concerns, I'm simply trying to move some 
small step forward.  Dims really needs to step in here, or some one who 
better understands the security.  Minimum, we need a lively discussion to 
make some decisions.
<ras>

*******************************************
Richard A. Sitze
IBM WebSphere WebServices Development




Doug Davis/Raleigh/IBM@IBMUS
10/08/2002 05:56 PM
Please respond to axis-dev
 
        To:     axis-dev@xml.apache.org
        cc: 
        Subject:        Re: cvs commit: xml-axis/java/xmls targets.xml 

 







Richard,
  I'm still confused by the direction you and Dims are going with all of
this - perhaps I just don't understand what's involved with j2ee but why 
do
we need to have Sun, IBM and JDK14 versions of these files?  Continuing
down this path we'll be force to add code to Axis for each and every impl.
We don't have this issue with parsers - people can any impl just so long 
as
they adhere to the interfaces.  Isn't J2EE the same way?
-Dug


rsitze@apache.org on 10/08/2002 06:24:00 PM

Please respond to axis-dev@xml.apache.org

To:    xml-axis-cvs@apache.org
cc:
Subject:    cvs commit: xml-axis/java/xmls targets.xml


rsitze      2002/10/08 15:24:00

  Modified:    java/src/org/apache/axis/components/net
                        SocketFactoryFactory.java 
IBMJSSESocketFactory.java
               java/lib commons-discovery.jar
               java/src/org/apache/axis/transport/http HTTPSender.java
               java/src/org/apache/axis/configuration
                        EngineConfigurationFactoryFinder.java
               java/src/org/apache/axis AxisProperties.java
               java     build.xml
               java/xmls targets.xml
  Added:       java/src/org/apache/axis/components/net
                        IBMFakeTrustSocketFactory.java
                        JDK14FakeTrustSocketFactory.java
                        SunFakeTrustSocketFactory.java
                        SecureSocketFactory.java SunJSSESocketFactory.java
                        JDK14JSSESocketFactory.java
  Removed:     java/src/org/apache/axis/components/net
                        FakeTrustSocketFactory.java JSSESocketFactory.java
               java/src/org/apache/axis/discovery
                        DiscoverOldNamesInManagedProperties.java
                        DiscoverConstNames.java
  Log:
  work around components.net.*:
  - Moved JSSE (and Fake*) classes to Sun*.
  - Introduced JDK14* version, though they need more work/cleanup.
  - No way to configure SocketFactory and SecureSocketFactories
  separately, so added new interface SecureSocketFactory to
  key off of during discovery process.

  other:
  - Moved discovery helper classes to discovery.

  Revision  Changes    Path
  1.8       +27 -35
xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java

  Index: SocketFactoryFactory.java
  ===================================================================
  RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java,v

  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- SocketFactoryFactory.java            8 Oct 2002 17:55:33 -0000
 1.7
  +++ SocketFactoryFactory.java            8 Oct 2002 22:23:59 -0000
 1.8
  @@ -79,53 +79,45 @@
               LogFactory.getLog(SocketFactoryFactory.class.getName());

       /** socket factory */
  -    private static SocketFactory theFactory = null;
  -
  -    /** secure socket factory */
  -    private static SocketFactory theSecureFactory = null;
  +    private static Hashtable factories = new Hashtable();

       private static final Class classes[] = new Class[] { 
Hashtable.class
};

       /**
        * Returns a copy of the environment's default socket factory.
  -     *
  +     *
  +     * @param protocol Today this only supports "http" & "https".
        * @param attributes
        *
        * @return
        */
  -    public static synchronized SocketFactory getFactory(Hashtable
attributes) {
  +    public static synchronized SocketFactory getFactory(String 
protocol,
  +                                                        Hashtable
attributes) {
  +        SocketFactory theFactory =
(SocketFactory)factories.get(protocol);
  +
           if (theFactory == null) {
               Object objects[] = new Object[] { attributes };
  -
  -            theFactory = (SocketFactory)AxisProperties.newInstance(
  -                     new SPInterface(SocketFactory.class,
  -                                     "axis.socketFactory",
  -                                     classes,
  -                                     objects),
  -
"org.apache.axis.components.net.DefaultSocketFactory");
  +
  +            if (protocol.equalsIgnoreCase("http")) {
  +                theFactory = (SocketFactory)AxisProperties.newInstance(
  +                         new SPInterface(SocketFactory.class,
  +                                         "axis.socketFactory",
  +                                         classes,
  +                                         objects),
  +
"org.apache.axis.components.net.DefaultSocketFactory");
  +            } else if (protocol.equalsIgnoreCase("https")) {
  +                theFactory = (SocketFactory)AxisProperties.newInstance(
  +                         new SPInterface(SecureSocketFactory.class,
  +                                         "axis.socketSecureFactory",
  +                                         classes,
  +                                         objects),
  +
"org.apache.axis.components.net.DefaultSecureSocketFactory");
  +            }
  +
  +            if (theFactory != null) {
  +                factories.put(protocol, theFactory);
  +            }
           }
           return theFactory;
  -    }
  -
  -    /**
  -     * Returns a copy of the environment's default secure socket
factory.
  -     *
  -     * @param attributes
  -     *
  -     * @return
  -     */
  -    public static synchronized SocketFactory getSecureFactory(
  -            Hashtable attributes) {
  -        if (theSecureFactory == null) {
  -            Object objects[] = new Object[] { attributes };
  -
  -            theSecureFactory =
(SocketFactory)AxisProperties.newInstance(
  -                    new SPInterface(SocketFactory.class,
  -                                    "axis.socketSecureFactory",
  -                                    classes,
  -                                    objects),
  -
"org.apache.axis.components.net.DefaultSecureSocketFactory");
  -        }
  -        return theSecureFactory;
       }
   }



  1.2       +10 -8
xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java

  Index: IBMJSSESocketFactory.java
  ===================================================================
  RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java,v

  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- IBMJSSESocketFactory.java            8 Oct 2002 12:12:47 -0000
 1.1
  +++ IBMJSSESocketFactory.java            8 Oct 2002 22:23:59 -0000
 1.2
  @@ -55,6 +55,11 @@
   package org.apache.axis.components.net;

   import com.ibm.net.ssl.SSLContext;
  +import com.ibm.net.ssl.KeyManagerFactory;
  +import com.ibm.net.ssl.TrustManager;
  +import com.ibm.net.ssl.TrustManagerFactory;
  +import com.ibm.jsse.JSSEProvider;
  +
   import org.apache.axis.AxisProperties;
   import org.apache.axis.utils.JavaUtils;
   import org.apache.axis.utils.Messages;
  @@ -281,7 +286,7 @@
        * @return SSLContext
        * @throws Exception
        */
  -    protected com.ibm.net.ssl.SSLContext getContext() throws Exception 
{
  +    protected SSLContext getContext() throws Exception {
           // Please don't change the name of the attribute - other
           // software may depend on it ( j2ee for sure )
           String keystoreFile = (String) attributes.get("keystore");
  @@ -324,17 +329,15 @@
           KeyStore kstore = initKeyStore(keystoreFile, keystorePass);

           // Key manager will extract the server key
  -        com.ibm.net.ssl.KeyManagerFactory kmf =
  -
com.ibm.net.ssl.KeyManagerFactory.getInstance(algorithm);
  +        KeyManagerFactory kmf =
KeyManagerFactory.getInstance(algorithm);

           kmf.init(kstore, keyPass.toCharArray());

           // If client authentication is needed, set up TrustManager
  -        com.ibm.net.ssl.TrustManager[] tm = null;
  +        TrustManager[] tm = null;

           if (clientAuth) {
  -            com.ibm.net.ssl.TrustManagerFactory tmf =
  -
com.ibm.net.ssl.TrustManagerFactory.getInstance("SunX509");
  +            TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");

               tmf.init(kstore);
               tm = tmf.getTrustManagers();
  @@ -342,8 +345,7 @@

           // Create a SSLContext ( to create the ssl factory )
           // This is the only way to use server sockets with JSSE 1.0.1
  -        com.ibm.net.ssl.SSLContext context =
  -                com.ibm.net.ssl.SSLContext.getInstance(protocol);    //
SSL
  +        SSLContext context = SSLContext.getInstance(protocol);    // 
SSL

           // init context with the key managers
           context.init(kmf.getKeyManagers(), tm,



  1.1
xml-axis/java/src/org/apache/axis/components/net/IBMFakeTrustSocketFactory.java


  Index: IBMFakeTrustSocketFactory.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software 
itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.axis.components.net;

  import java.util.Hashtable;

  import org.apache.axis.components.logger.LogFactory;
  import org.apache.axis.utils.Messages;
  import org.apache.commons.logging.Log;

  import com.ibm.net.ssl.SSLContext;
  import com.ibm.net.ssl.TrustManager;
  import com.ibm.net.ssl.X509TrustManager;

  /**
   * Hook for Axis sender, allowing unsigned server certs
   */
  public class IBMFakeTrustSocketFactory extends IBMJSSESocketFactory {

      /** Field log           */
      protected static Log log =
 LogFactory.getLog(IBMFakeTrustSocketFactory.class.getName());

      /**
       * Constructor FakeTrustSocketFactory
       *
       * @param attributes
       */
      public IBMFakeTrustSocketFactory(Hashtable attributes) {
          super(attributes);
      }

      /**
       * Method getContext
       *
       * @return
       *
       * @throws Exception
       */
      protected SSLContext getContext() throws Exception {

          try {
              SSLContext sc = SSLContext.getInstance("SSL");

              sc.init(null, // we don't need no stinkin KeyManager
                      new TrustManager[]{new FakeX509TrustManager()},
                      new java.security.SecureRandom());
              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf00"));
              }
              return sc;
          } catch (Exception exc) {
              log.error(Messages.getMessage("ftsf01"), exc);
              throw new Exception(Messages.getMessage("ftsf02"));
          }
      }

      /**
       * Class FakeX509TrustManager
       */
      public static class FakeX509TrustManager implements X509TrustManager
{

          /** Field log           */
          protected static Log log =
                  LogFactory.getLog(FakeX509TrustManager.class.getName());

          /**
           * Method isClientTrusted
           *
           * @param chain
           *
           * @return
           */
          public boolean isClientTrusted(java.security.cert
                  .X509Certificate[] chain) {

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf03"));
              }
              return true;
          }

          /**
           * Method isServerTrusted
           *
           * @param chain
           *
           * @return
           */
          public boolean isServerTrusted(java.security.cert
                  .X509Certificate[] chain) {

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf04"));
              }
              return true;
          }

          /**
           * Method getAcceptedIssuers
           *
           * @return
           */
          public java.security.cert.X509Certificate[] getAcceptedIssuers()
{

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf05"));
              }
              return null;
          }
      }
  }



  1.1
xml-axis/java/src/org/apache/axis/components/net/JDK14FakeTrustSocketFactory.java


  Index: JDK14FakeTrustSocketFactory.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software 
itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.axis.components.net;

  import java.util.Hashtable;

  import org.apache.axis.components.logger.LogFactory;
  import org.apache.axis.utils.Messages;
  import org.apache.commons.logging.Log;

  import javax.net.ssl.SSLContext;
  import javax.net.ssl.TrustManager;
  import javax.net.ssl.X509TrustManager;

  /**
   * Hook for Axis sender, allowing unsigned server certs
   */
  public class JDK14FakeTrustSocketFactory extends JDK14JSSESocketFactory 
{

      /** Field log           */
      protected static Log log =

LogFactory.getLog(JDK14FakeTrustSocketFactory.class.getName());

      /**
       * Constructor FakeTrustSocketFactory
       *
       * @param attributes
       */
      public JDK14FakeTrustSocketFactory(Hashtable attributes) {
          super(attributes);
      }

      /**
       * Method getContext
       *
       * @return
       *
       * @throws Exception
       */
      protected SSLContext getContext() throws Exception {

          try {
              SSLContext sc = SSLContext.getInstance("SSL");

              sc.init(null, // we don't need no stinkin KeyManager
                      new TrustManager[]{new FakeX509TrustManager()},
                      new java.security.SecureRandom());
              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf00"));
              }
              return sc;
          } catch (Exception exc) {
              log.error(Messages.getMessage("ftsf01"), exc);
              throw new Exception(Messages.getMessage("ftsf02"));
          }
      }

      /**
       * Class FakeX509TrustManager
       */
      public static class FakeX509TrustManager implements X509TrustManager
{

          /** Field log           */
          protected static Log log =
                  LogFactory.getLog(FakeX509TrustManager.class.getName());

          /**
           * Method isClientTrusted
           *
           * @param chain
           *
           * @return
           */
          public void
checkClientTrusted(java.security.cert.X509Certificate[] chain,
                                         String arg)
              throws java.security.cert.CertificateException
          {

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf03"));
              }
          }

          /**
           * Method isServerTrusted
           *
           * @param chain
           *
           * @return
           */
          public void
checkServerTrusted(java.security.cert.X509Certificate[] chain,
                                         String arg)
              throws java.security.cert.CertificateException
          {

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf04"));
              }
          }

          /**
           * Method getAcceptedIssuers
           *
           * @return
           */
          public java.security.cert.X509Certificate[] getAcceptedIssuers()
{

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf05"));
              }
              return null;
          }
      }
  }



  1.1
xml-axis/java/src/org/apache/axis/components/net/SunFakeTrustSocketFactory.java


  Index: SunFakeTrustSocketFactory.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software 
itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.axis.components.net;

  import java.util.Hashtable;

  import org.apache.axis.components.logger.LogFactory;
  import org.apache.axis.utils.Messages;
  import org.apache.commons.logging.Log;

  import com.sun.net.ssl.SSLContext;
  import com.sun.net.ssl.TrustManager;
  import com.sun.net.ssl.X509TrustManager;

  /**
   * Hook for Axis sender, allowing unsigned server certs
   */
  public class SunFakeTrustSocketFactory extends SunJSSESocketFactory {

      /** Field log           */
      protected static Log log =
 LogFactory.getLog(SunFakeTrustSocketFactory.class.getName());

      /**
       * Constructor FakeTrustSocketFactory
       *
       * @param attributes
       */
      public SunFakeTrustSocketFactory(Hashtable attributes) {
          super(attributes);
      }

      /**
       * Method getContext
       *
       * @return
       *
       * @throws Exception
       */
      protected SSLContext getContext() throws Exception {

          try {
              SSLContext sc = SSLContext.getInstance("SSL");

              sc.init(null, // we don't need no stinkin KeyManager
                      new TrustManager[]{new FakeX509TrustManager()},
                      new java.security.SecureRandom());
              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf00"));
              }
              return sc;
          } catch (Exception exc) {
              log.error(Messages.getMessage("ftsf01"), exc);
              throw new Exception(Messages.getMessage("ftsf02"));
          }
      }

      /**
       * Class FakeX509TrustManager
       */
      public static class FakeX509TrustManager implements X509TrustManager
{

          /** Field log           */
          protected static Log log =
                  LogFactory.getLog(FakeX509TrustManager.class.getName());

          /**
           * Method isClientTrusted
           *
           * @param chain
           *
           * @return
           */
          public boolean isClientTrusted(java.security.cert
                  .X509Certificate[] chain) {

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf03"));
              }
              return true;
          }

          /**
           * Method isServerTrusted
           *
           * @param chain
           *
           * @return
           */
          public boolean isServerTrusted(java.security.cert
                  .X509Certificate[] chain) {

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf04"));
              }
              return true;
          }

          /**
           * Method getAcceptedIssuers
           *
           * @return
           */
          public java.security.cert.X509Certificate[] getAcceptedIssuers()
{

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("ftsf05"));
              }
              return null;
          }
      }
  }



  1.1
xml-axis/java/src/org/apache/axis/components/net/SecureSocketFactory.java

  Index: SecureSocketFactory.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2002 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software 
itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.axis.components.net;


  /**
   * Secure Socket factory.
   * This has a separate interface to allow discovery (by interface)
   * and runtime distinction to be made between Socket & SecureSockets.
   *
   * @author Richard A. Sitze
   * @author Davanum Srinivas (dims@yahoo.com)
   */
  public interface SecureSocketFactory extends SocketFactory {
  }



  1.1
xml-axis/java/src/org/apache/axis/components/net/SunJSSESocketFactory.java

  Index: SunJSSESocketFactory.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *    Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software 
itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.axis.components.net;

  import com.sun.net.ssl.SSLContext;
  import org.apache.axis.AxisProperties;
  import org.apache.axis.utils.JavaUtils;
  import org.apache.axis.utils.Messages;
  import org.apache.axis.utils.XMLUtils;

  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  import java.io.BufferedWriter;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.io.OutputStreamWriter;
  import java.io.PrintWriter;
  import java.net.Socket;
  import java.security.KeyStore;
  import java.security.Security;
  import java.util.Hashtable;

  /**
   * SSL socket factory. It _requires_ a valid RSA key and
   * JSSE. (borrowed code from tomcat)
   *
   * @author Davanum Srinivas (dims@yahoo.com)
   */
  public class SunJSSESocketFactory extends DefaultSocketFactory {

      /** Field keystoreType           */
      private String keystoreType;

      /** Field defaultKeystoreType           */
      static String defaultKeystoreType = "JKS";

      /** Field defaultProtocol           */
      static String defaultProtocol = "TLS";

      /** Field defaultAlgorithm           */
      static String defaultAlgorithm = "SunX509";

      /** Field defaultClientAuth           */
      static boolean defaultClientAuth = false;

      /** Field clientAuth           */
      private boolean clientAuth = false;

      /** Field sslFactory           */
      private SSLSocketFactory sslFactory = null;

      /** Field defaultKeystoreFile           */
      static String defaultKeystoreFile =
          System.getProperty("user.home") + "/.keystore";

      /** Field defaultKeyPass           */
      static String defaultKeyPass = "changeit";

      /**
       * Constructor JSSESocketFactory
       *
       * @param attributes
       */
      public SunJSSESocketFactory(Hashtable attributes) {
          super(attributes);
      }

      /**
       * creates a secure socket
       *
       * @param host
       * @param port
       * @param otherHeaders
       * @param useFullURL
       *
       * @return Socket
       * @throws Exception
       */
      public Socket create(
              String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
              throws Exception {
          Socket sslSocket = null;
          if (sslFactory == null) {
              initFactory();
          }
          if (port == -1) {
              port = 443;
          }

          TransportClientProperties tcp =
TransportClientPropertiesFactory.create("https");

          boolean hostInNonProxyList = isHostInNonProxyList(host,
tcp.getNonProxyHosts());

          if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
              // direct SSL connection
              sslSocket = sslFactory.createSocket(host, port);
          } else {

              // Default proxy port is 80, even for https
              int tunnelPort = (tcp.getProxyPort().length() != 0)
                               ? Integer.parseInt(tcp.getProxyPort())
                               : 80;
              if (tunnelPort < 0)
                  tunnelPort = 80;

              // Create the regular socket connection to the proxy
              Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);

              // The tunnel handshake method (condensed and made 
reflexive)
              OutputStream tunnelOutputStream = tunnel.getOutputStream();
              PrintWriter out = new PrintWriter(
                      new BufferedWriter(new
OutputStreamWriter(tunnelOutputStream)));

              // More secure version... engage later?
              // PasswordAuthentication pa =
              // Authenticator.requestPasswordAuthentication(
              // InetAddress.getByName(tunnelHost),
              // tunnelPort, "SOCK", "Proxy","HTTP");
              // if(pa == null){
              // printDebug("No Authenticator set.");
              // }else{
              // printDebug("Using Authenticator.");
              // tunnelUser = pa.getUserName();
              // tunnelPassword = new String(pa.getPassword());
              // }
              out.print("CONNECT " + host + ":" + port + " HTTP/1.0\r\n"
                      + "User-Agent: AxisClient");
              if (tcp.getProxyUser().length() != 0 &&
                  tcp.getProxyPassword().length() != 0) {

                  // add basic authentication header for the proxy
                  String encodedPassword =
XMLUtils.base64encode((tcp.getProxyUser()
                          + ":"
                          + tcp.getProxyPassword()).getBytes());

                  out.print("\nProxy-Authorization: Basic " +
encodedPassword);
              }
              out.print("\nContent-Length: 0");
              out.print("\nPragma: no-cache");
              out.print("\r\n\r\n");
              out.flush();
              InputStream tunnelInputStream = tunnel.getInputStream();

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("isNull00",
"tunnelInputStream",
                          "" + (tunnelInputStream
                          == null)));
              }
              String replyStr = "";

              // Make sure to read all the response from the proxy to
prevent SSL negotiation failure
              // Response message terminated by two sequential newlines
              int newlinesSeen = 0;
              boolean headerDone = false;    /* Done on first newline */

              while (newlinesSeen < 2) {
                  int i = tunnelInputStream.read();

                  if (i < 0) {
                      throw new IOException("Unexpected EOF from proxy");
                  }
                  if (i == '\n') {
                      headerDone = true;
                      ++newlinesSeen;
                  } else if (i != '\r') {
                      newlinesSeen = 0;
                      if (!headerDone) {
                          replyStr += String.valueOf((char) i);
                      }
                  }
              }
              if (!replyStr.startsWith("HTTP/1.0 200")
                      && !replyStr.startsWith("HTTP/1.1 200")) {
                  throw new 
IOException(Messages.getMessage("cantTunnel00",
                          new String[]{
                              tcp.getProxyHost(),
                              "" + tunnelPort,
                              replyStr}));
              }

              // End of condensed reflective tunnel handshake method
              sslSocket = sslFactory.createSocket(tunnel, host, port,
true);
              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("setupTunnel00",
                            tcp.getProxyHost(),
                          "" + tunnelPort));
              }
          }
          ((SSLSocket) sslSocket).startHandshake();
          if (log.isDebugEnabled()) {
              log.debug(Messages.getMessage("createdSSL00"));
          }
          return sslSocket;
      }

      /**
       * Read the keystore, init the SSL socket factory
       *
       * @throws IOException
       */
      private void initFactory() throws IOException {

          try {
              Security.addProvider(new sun.security.provider.Sun());
              Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

              if(attributes == null) {
                  //No configuration specified. Get the default.
                  sslFactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
              } else {
                  //Configuration specified in wsdd.
                  SSLContext context = getContext();
                  sslFactory = context.getSocketFactory();
              }
          } catch (Exception e) {
              if (e instanceof IOException) {
                  throw (IOException) e;
              }
              throw new IOException(e.getMessage());
          }
      }

      /**
       * gets a SSL Context
       *
       * @return SSLContext
       * @throws Exception
       */
      protected SSLContext getContext() throws Exception {
          // Please don't change the name of the attribute - other
          // software may depend on it ( j2ee for sure )
          String keystoreFile = (String) attributes.get("keystore");
          if (keystoreFile == null) {
              keystoreFile = defaultKeystoreFile;
          }

          keystoreType = (String) attributes.get("keystoreType");
          if (keystoreType == null) {
              keystoreType = defaultKeystoreType;
          }

          // determine whether we want client authentication
          // the presence of the attribute enables client auth
          clientAuth = null != (String) attributes.get("clientauth");
          String keyPass = (String) attributes.get("keypass");
          if (keyPass == null) {
              keyPass = defaultKeyPass;
          }

          String keystorePass = (String) attributes.get("keystorePass");
          if (keystorePass == null) {
              keystorePass = keyPass;
          }

          // protocol for the SSL ie - TLS, SSL v3 etc.
          String protocol = (String) attributes.get("protocol");
          if (protocol == null) {
              protocol = defaultProtocol;
          }

          // Algorithm used to encode the certificate ie - SunX509
          String algorithm = (String) attributes.get("algorithm");
          if (algorithm == null) {
              algorithm = defaultAlgorithm;
          }

          // You can't use ssl without a server certificate.
          // Create a KeyStore ( to get server certs )
          KeyStore kstore = initKeyStore(keystoreFile, keystorePass);

          // Key manager will extract the server key
          com.sun.net.ssl.KeyManagerFactory kmf =
 com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);

          kmf.init(kstore, keyPass.toCharArray());

          // If client authentication is needed, set up TrustManager
          com.sun.net.ssl.TrustManager[] tm = null;

          if (clientAuth) {
              com.sun.net.ssl.TrustManagerFactory tmf =

com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");

              tmf.init(kstore);
              tm = tmf.getTrustManagers();
          }

          // Create a SSLContext ( to create the ssl factory )
          // This is the only way to use server sockets with JSSE 1.0.1
          SSLContext context =
                  com.sun.net.ssl.SSLContext.getInstance(protocol);    //
SSL

          // init context with the key managers
          context.init(kmf.getKeyManagers(), tm,
                  new java.security.SecureRandom());
          return context;
      }

      /**
       * intializes a keystore.
       *
       * @param keystoreFile
       * @param keyPass
       *
       * @return keystore
       * @throws IOException
       */
      private KeyStore initKeyStore(String keystoreFile, String keyPass)
              throws IOException {
          try {
              KeyStore kstore = KeyStore.getInstance(keystoreType);

              InputStream istream = new FileInputStream(keystoreFile);
              kstore.load(istream, keyPass.toCharArray());
              return kstore;
          } catch (FileNotFoundException fnfe) {
              throw fnfe;
          } catch (IOException ioe) {
              throw ioe;
          } catch (Exception ex) {
              ex.printStackTrace();
              throw new IOException("Exception trying to load keystore "
                      + keystoreFile + ": " + ex.getMessage());
          }
      }
  }



  1.1
xml-axis/java/src/org/apache/axis/components/net/JDK14JSSESocketFactory.java


  Index: JDK14JSSESocketFactory.java
  ===================================================================
  /*
   * The Apache Software License, Version 1.1
   *
   *
   * Copyright (c) 2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *    Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software 
itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Axis" and "Apache Software Foundation" must
   *    not be used to endorse or promote products derived from this
   *    software without prior written permission. For written
   *    permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    nor may "Apache" appear in their name, without prior written
   *    permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
  package org.apache.axis.components.net;

  import javax.net.ssl.SSLContext;
  import javax.net.ssl.KeyManagerFactory;
  import javax.net.ssl.TrustManager;
  import javax.net.ssl.TrustManagerFactory;

  import org.apache.axis.AxisProperties;
  import org.apache.axis.utils.JavaUtils;
  import org.apache.axis.utils.Messages;
  import org.apache.axis.utils.XMLUtils;

  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  import java.io.BufferedWriter;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.io.OutputStreamWriter;
  import java.io.PrintWriter;
  import java.net.Socket;
  import java.security.KeyStore;
  import java.security.Security;
  import java.util.Hashtable;

  /**
   * SSL socket factory. It _requires_ a valid RSA key and
   * JSSE. (borrowed code from tomcat)
   *
   * THIS CODE STILL HAS DEPENDENCIES ON sun.* and com.sun.*
   *
   * @author Davanum Srinivas (dims@yahoo.com)
   */
  public class JDK14JSSESocketFactory extends DefaultSocketFactory {

      /** Field keystoreType           */
      private String keystoreType;

      /** Field defaultKeystoreType           */
      static String defaultKeystoreType = "JKS";

      /** Field defaultProtocol           */
      static String defaultProtocol = "TLS";

      /** Field defaultAlgorithm           */
      static String defaultAlgorithm = "SunX509";

      /** Field defaultClientAuth           */
      static boolean defaultClientAuth = false;

      /** Field clientAuth           */
      private boolean clientAuth = false;

      /** Field sslFactory           */
      private SSLSocketFactory sslFactory = null;

      /** Field defaultKeystoreFile           */
      static String defaultKeystoreFile =
          System.getProperty("user.home") + "/.keystore";

      /** Field defaultKeyPass           */
      static String defaultKeyPass = "changeit";

      /**
       * Constructor JSSESocketFactory
       *
       * @param attributes
       */
      public JDK14JSSESocketFactory(Hashtable attributes) {
          super(attributes);
      }

      /**
       * creates a secure socket
       *
       * @param host
       * @param port
       * @param otherHeaders
       * @param useFullURL
       *
       * @return Socket
       * @throws Exception
       */
      public Socket create(
              String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
              throws Exception {
          Socket sslSocket = null;
          if (sslFactory == null) {
              initFactory();
          }
          if (port == -1) {
              port = 443;
          }

          TransportClientProperties tcp =
TransportClientPropertiesFactory.create("https");

          boolean hostInNonProxyList = isHostInNonProxyList(host,
tcp.getNonProxyHosts());

          if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
              // direct SSL connection
              sslSocket = sslFactory.createSocket(host, port);
          } else {

              // Default proxy port is 80, even for https
              int tunnelPort = (tcp.getProxyPort().length() != 0)
                               ? Integer.parseInt(tcp.getProxyPort())
                               : 80;
              if (tunnelPort < 0)
                  tunnelPort = 80;

              // Create the regular socket connection to the proxy
              Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);

              // The tunnel handshake method (condensed and made 
reflexive)
              OutputStream tunnelOutputStream = tunnel.getOutputStream();
              PrintWriter out = new PrintWriter(
                      new BufferedWriter(new
OutputStreamWriter(tunnelOutputStream)));

              // More secure version... engage later?
              // PasswordAuthentication pa =
              // Authenticator.requestPasswordAuthentication(
              // InetAddress.getByName(tunnelHost),
              // tunnelPort, "SOCK", "Proxy","HTTP");
              // if(pa == null){
              // printDebug("No Authenticator set.");
              // }else{
              // printDebug("Using Authenticator.");
              // tunnelUser = pa.getUserName();
              // tunnelPassword = new String(pa.getPassword());
              // }
              out.print("CONNECT " + host + ":" + port + " HTTP/1.0\r\n"
                      + "User-Agent: AxisClient");
              if (tcp.getProxyUser().length() != 0 &&
                  tcp.getProxyPassword().length() != 0) {

                  // add basic authentication header for the proxy
                  String encodedPassword =
XMLUtils.base64encode((tcp.getProxyUser()
                          + ":"
                          + tcp.getProxyPassword()).getBytes());

                  out.print("\nProxy-Authorization: Basic " +
encodedPassword);
              }
              out.print("\nContent-Length: 0");
              out.print("\nPragma: no-cache");
              out.print("\r\n\r\n");
              out.flush();
              InputStream tunnelInputStream = tunnel.getInputStream();

              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("isNull00",
"tunnelInputStream",
                          "" + (tunnelInputStream
                          == null)));
              }
              String replyStr = "";

              // Make sure to read all the response from the proxy to
prevent SSL negotiation failure
              // Response message terminated by two sequential newlines
              int newlinesSeen = 0;
              boolean headerDone = false;    /* Done on first newline */

              while (newlinesSeen < 2) {
                  int i = tunnelInputStream.read();

                  if (i < 0) {
                      throw new IOException("Unexpected EOF from proxy");
                  }
                  if (i == '\n') {
                      headerDone = true;
                      ++newlinesSeen;
                  } else if (i != '\r') {
                      newlinesSeen = 0;
                      if (!headerDone) {
                          replyStr += String.valueOf((char) i);
                      }
                  }
              }
              if (!replyStr.startsWith("HTTP/1.0 200")
                      && !replyStr.startsWith("HTTP/1.1 200")) {
                  throw new 
IOException(Messages.getMessage("cantTunnel00",
                          new String[]{
                              tcp.getProxyHost(),
                              "" + tunnelPort,
                              replyStr}));
              }

              // End of condensed reflective tunnel handshake method
              sslSocket = sslFactory.createSocket(tunnel, host, port,
true);
              if (log.isDebugEnabled()) {
                  log.debug(Messages.getMessage("setupTunnel00",
                            tcp.getProxyHost(),
                          "" + tunnelPort));
              }
          }
          ((SSLSocket) sslSocket).startHandshake();
          if (log.isDebugEnabled()) {
              log.debug(Messages.getMessage("createdSSL00"));
          }
          return sslSocket;
      }

      /**
       * Read the keystore, init the SSL socket factory
       *
       * @throws IOException
       */
      private void initFactory() throws IOException {

          try {
              Security.addProvider(new sun.security.provider.Sun());
              Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());

              if(attributes == null) {
                  //No configuration specified. Get the default.
                  sslFactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
              } else {
                  //Configuration specified in wsdd.
                  SSLContext context = getContext();
                  sslFactory = context.getSocketFactory();
              }
          } catch (Exception e) {
              if (e instanceof IOException) {
                  throw (IOException) e;
              }
              throw new IOException(e.getMessage());
          }
      }

      /**
       * gets a SSL Context
       *
       * @return SSLContext
       * @throws Exception
       */
      protected SSLContext getContext() throws Exception {
          // Please don't change the name of the attribute - other
          // software may depend on it ( j2ee for sure )
          String keystoreFile = (String) attributes.get("keystore");
          if (keystoreFile == null) {
              keystoreFile = defaultKeystoreFile;
          }

          keystoreType = (String) attributes.get("keystoreType");
          if (keystoreType == null) {
              keystoreType = defaultKeystoreType;
          }

          // determine whether we want client authentication
          // the presence of the attribute enables client auth
          clientAuth = null != (String) attributes.get("clientauth");
          String keyPass = (String) attributes.get("keypass");
          if (keyPass == null) {
              keyPass = defaultKeyPass;
          }

          String keystorePass = (String) attributes.get("keystorePass");
          if (keystorePass == null) {
              keystorePass = keyPass;
          }

          // protocol for the SSL ie - TLS, SSL v3 etc.
          String protocol = (String) attributes.get("protocol");
          if (protocol == null) {
              protocol = defaultProtocol;
          }

          // Algorithm used to encode the certificate ie - SunX509
          String algorithm = (String) attributes.get("algorithm");
          if (algorithm == null) {
              algorithm = defaultAlgorithm;
          }

          // You can't use ssl without a server certificate.
          // Create a KeyStore ( to get server certs )
          KeyStore kstore = initKeyStore(keystoreFile, keystorePass);

          // Key manager will extract the server key
          KeyManagerFactory kmf = 
KeyManagerFactory.getInstance(algorithm);

          kmf.init(kstore, keyPass.toCharArray());

          // If client authentication is needed, set up TrustManager
          TrustManager[] tm = null;

          if (clientAuth) {
              TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");

              tmf.init(kstore);
              tm = tmf.getTrustManagers();
          }

          // Create a SSLContext ( to create the ssl factory )
          // This is the only way to use server sockets with JSSE 1.0.1
          SSLContext context = SSLContext.getInstance(protocol);    // SSL

          // init context with the key managers
          context.init(kmf.getKeyManagers(), tm,
                  new java.security.SecureRandom());
          return context;
      }

      /**
       * intializes a keystore.
       *
       * @param keystoreFile
       * @param keyPass
       *
       * @return keystore
       * @throws IOException
       */
      private KeyStore initKeyStore(String keystoreFile, String keyPass)
              throws IOException {
          try {
              KeyStore kstore = KeyStore.getInstance(keystoreType);

              InputStream istream = new FileInputStream(keystoreFile);
              kstore.load(istream, keyPass.toCharArray());
              return kstore;
          } catch (FileNotFoundException fnfe) {
              throw fnfe;
          } catch (IOException ioe) {
              throw ioe;
          } catch (Exception ex) {
              ex.printStackTrace();
              throw new IOException("Exception trying to load keystore "
                      + keystoreFile + ": " + ex.getMessage());
          }
      }
  }



  1.14      +114 -86   xml-axis/java/lib/commons-discovery.jar

             <<Binary file>>


  1.88      +5 -25
xml-axis/java/src/org/apache/axis/transport/http/HTTPSender.java

  Index: HTTPSender.java
  ===================================================================
  RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/transport/http/HTTPSender.java,v

  retrieving revision 1.87
  retrieving revision 1.88
  diff -u -r1.87 -r1.88
  --- HTTPSender.java          18 Sep 2002 16:10:30 -0000          1.87
  +++ HTTPSender.java          8 Oct 2002 22:23:59 -0000           1.88
  @@ -111,12 +111,7 @@
               Socket sock = null;


  -            // create socket based on the url protocol type
  -            if (targetURL.getProtocol().equalsIgnoreCase("https")) {
  -                sock = getSecureSocket(host, port, otherHeaders,
useFullURL);
  -            } else {
  -                sock = getSocket(host, port, otherHeaders, useFullURL);
  -            }
  +            sock = getSocket(targetURL.getProtocol(), host, port,
otherHeaders, useFullURL);

               // optionally set a timeout for the request
               if (msgContext.getTimeout() != 0) {
  @@ -140,25 +135,9 @@
       }

       /**
  -     * getSecureSocket is used when we need a secure SSL connection to
the SOAP Server
  -     *
  -     * @param host host name
  -     * @param port port that we need to connect to
  -     *
  -     * @return a secure socket
  -     *
  -     * @throws Exception
  -     */
  -    private Socket getSecureSocket(
  -            String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
  -            throws Exception {
  -        SocketFactory factory =
SocketFactoryFactory.getSecureFactory(getOptions());
  -        return factory.create(host, port, otherHeaders, useFullURL);
  -    }
  -
  -    /**
  -     * Creates a non-ssl socket connection to the SOAP server
  +     * Creates a socket connection to the SOAP server
        *
  +     * @param protocol "http" for standard, "https" for ssl.
        * @param host host name
        * @param port port to connect to
        * @param otherHeaders buffer for storing additional headers that
need to be sent
  @@ -169,9 +148,10 @@
        * @throws IOException
        */
       private Socket getSocket(
  +            String protocol,
               String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
               throws Exception {
  -        SocketFactory factory =
SocketFactoryFactory.getFactory(getOptions());
  +        SocketFactory factory =
SocketFactoryFactory.getFactory(protocol, getOptions());
           return factory.create(host, port, otherHeaders, useFullURL);
       }




  1.19      +7 -7
xml-axis/java/src/org/apache/axis/configuration/EngineConfigurationFactoryFinder.java


  Index: EngineConfigurationFactoryFinder.java
  ===================================================================
  RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/configuration/EngineConfigurationFactoryFinder.java,v

  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- EngineConfigurationFactoryFinder.java            1 Oct 2002 14:33:45
-0000        1.18
  +++ EngineConfigurationFactoryFinder.java            8 Oct 2002 22:23:59
-0000        1.19
  @@ -55,20 +55,20 @@

   package org.apache.axis.configuration;

  -import java.lang.reflect.Method;
   import java.lang.reflect.InvocationTargetException;
  +import java.lang.reflect.Method;
   import java.security.AccessController;
   import java.security.PrivilegedAction;

  +import org.apache.axis.AxisProperties;
   import org.apache.axis.EngineConfigurationFactory;
   import org.apache.axis.components.logger.LogFactory;
  -import org.apache.axis.discovery.DiscoverConstNames;
  -import org.apache.axis.discovery.DiscoverOldNamesInManagedProperties;
   import org.apache.axis.utils.Messages;
   import org.apache.commons.discovery.ResourceClassIterator;
   import org.apache.commons.discovery.ResourceNameIterator;
   import org.apache.commons.discovery.resource.ClassLoaders;
   import org.apache.commons.discovery.resource.classes.DiscoverClasses;
  +import org.apache.commons.discovery.resource.names.DiscoverConstNames;
   import
org.apache.commons.discovery.resource.names.DiscoverNamesInManagedProperties;

   import 
org.apache.commons.discovery.resource.names.DiscoverServiceNames;
   import org.apache.commons.discovery.resource.names.NameDiscoverers;
  @@ -152,7 +152,7 @@
                               ClassLoaders.getAppLoaders(mySpi, 
myFactory,
true);

                           NameDiscoverers nameDiscoverers = new
NameDiscoverers();
  -                        nameDiscoverers.addResourceNameDiscover(new
DiscoverOldNamesInManagedProperties());
  +
nameDiscoverers.addResourceNameDiscover(AxisProperties.getAlternatePropertyNameDiscoverer());

                           nameDiscoverers.addResourceNameDiscover(new
DiscoverNamesInManagedProperties());
                           nameDiscoverers.addResourceNameDiscover(new
DiscoverServiceNames(loaders));
                           nameDiscoverers.addResourceNameDiscover(new
DiscoverConstNames(
  @@ -161,12 +161,12 @@

"org.apache.axis.configuration.EngineConfigurationFactoryDefault",
                                   })
                               );
  -
  +
                           ResourceNameIterator it =
nameDiscoverers.findResourceNames(mySpi.getName());
  -
  +
                           ResourceClassIterator services =
                               new
DiscoverClasses(loaders).findResourceClasses(it);
  -
  +
                           EngineConfigurationFactory factory = null;

                           while (factory == null  &&  services.hasNext())
{



  1.17      +21 -3
xml-axis/java/src/org/apache/axis/AxisProperties.java

  Index: AxisProperties.java
  ===================================================================
  RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/AxisProperties.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- AxisProperties.java            18 Sep 2002 16:10:31 -0000
1.16
  +++ AxisProperties.java            8 Oct 2002 22:24:00 -0000
1.17
  @@ -61,15 +61,16 @@
   import java.util.Map;
   import java.util.Properties;

  -import org.apache.axis.utils.JavaUtils;
  +import org.apache.axis.components.logger.LogFactory;
  +import org.apache.axis.components.net.SocketFactory;
   import org.apache.axis.utils.Messages;
  +import org.apache.commons.discovery.ResourceNameDiscover;
  +import
org.apache.commons.discovery.resource.names.DiscoverNamesInAlternateManagedProperties;

   import org.apache.commons.discovery.tools.DefaultClassHolder;
   import org.apache.commons.discovery.tools.DiscoverClass;
   import org.apache.commons.discovery.tools.ManagedProperties;
   import org.apache.commons.discovery.tools.PropertiesHolder;
   import org.apache.commons.discovery.tools.SPInterface;
  -
  -import org.apache.axis.components.logger.LogFactory;
   import org.apache.commons.logging.Log;


  @@ -106,6 +107,8 @@
   public class AxisProperties {
       protected static Log log =
           LogFactory.getLog(AxisProperties.class.getName());
  +
  +    private static DiscoverNamesInAlternateManagedProperties
altNameDiscoverer;

       public static Object newInstance(Class spiClass, String
defaultClass)
       {
  @@ -216,6 +219,21 @@
           return ManagedProperties.getProperties();
       }

  +
  +    public static final ResourceNameDiscover
getAlternatePropertyNameDiscoverer() {
  +        if (altNameDiscoverer == null) {
  +            altNameDiscoverer = new
DiscoverNamesInAlternateManagedProperties();
  +            altNameDiscoverer.addClassToPropertyNameMapping(
  +                    EngineConfigurationFactory.class.getName(),
  +                    EngineConfigurationFactory.SYSTEM_PROPERTY_NAME);
  +
  +            altNameDiscoverer.addClassToPropertyNameMapping(
  +                    SocketFactory.class.getName(),
  +                    "axis.socketFactory");
  +        }
  +
  +        return altNameDiscoverer;
  +    }

       /**
        * !WARNING!



  1.204     +2 -2      xml-axis/java/build.xml

  Index: build.xml
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/build.xml,v
  retrieving revision 1.203
  retrieving revision 1.204
  diff -u -r1.203 -r1.204
  --- build.xml          8 Oct 2002 12:12:46 -0000           1.203
  +++ build.xml          8 Oct 2002 22:24:00 -0000           1.204
  @@ -79,9 +79,9 @@
         classpathref="classpath">
         <exclude name="**/old/**/*" />
         <exclude name="**/bak/**"/>
  -      <exclude name="**/org/apache/axis/components/net/JSSE*.java"
unless="jsse.present"/>
  +      <exclude name="**/org/apache/axis/components/net/JDK14*.java"
unless="jdk14.jsse.present"/>
  +      <exclude name="**/org/apache/axis/components/net/Sun*.java"
unless="sun.jsse.present"/>
         <exclude name="**/org/apache/axis/components/net/IBM*.java"
unless="ibmjsse.present"/>
  -      <exclude name="**/org/apache/axis/components/net/Fake*.java"
unless="jsse.present"/>
         <exclude name="**/org/apache/axis/components/image/JimiIO.java"
unless="jimi.present"/>
               <exclude
name="**/org/apache/axis/components/image/MerlinIO.java"
unless="merlinio.present"/>
         <exclude
name="**/org/apache/axis/attachments/AttachmentsImpl.java"
unless="attachments.present"/>



  1.41      +14 -3     xml-axis/java/xmls/targets.xml

  Index: targets.xml
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/xmls/targets.xml,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -u -r1.40 -r1.41
  --- targets.xml        8 Oct 2002 17:55:33 -0000           1.40
  +++ targets.xml        8 Oct 2002 22:24:00 -0000           1.41
  @@ -115,7 +115,16 @@
         classname="com.meterware.httpunit.GetMethodWebRequest"
         classpathref="classpath"/>

  -    <condition property="jsse.present" >
  +    <condition property="jdk14.jsse.present" >
  +      <and>
  +        <available classname="javax.net.ssl.X509TrustManager"
classpathref="classpath" />
  +        <available classname="javax.net.SocketFactory"
classpathref="classpath" />
  +        <available classname="javax.net.ssl.SSLContext"
classpathref="classpath" />
  +        <available classname="javax.net.ssl.SSLSocketFactory"
classpathref="classpath" />
  +      </and>
  +    </condition>
  +
  +    <condition property="sun.jsse.present" >
         <and>
           <available classname="com.sun.net.ssl.X509TrustManager"
classpathref="classpath" />
           <available classname="javax.net.SocketFactory"
classpathref="classpath" />
  @@ -124,7 +133,7 @@
         </and>
       </condition>

  -    <condition property="ibmjsse.present" >
  +    <condition property="ibm.jsse.present" >
         <and>
           <available classname="com.ibm.net.ssl.X509TrustManager"
classpathref="classpath" />
           <available classname="javax.net.SocketFactory"
classpathref="classpath" />
  @@ -220,7 +229,9 @@
       <echo message="attachments.present=${attachments.present}" />
       <echo message="jimi.present=${jimi.present}" />
       <echo message="security.present=${security.present}" />
  -    <echo message="jsse.present=${jsse.present}" />
  +    <echo message="jdk14.jsse.present=${jdk14.jsse.present}" />
  +    <echo message="sun.jsse.present=${sun.jsse.present}" />
  +    <echo message="ibm.jsse.present=${ibm.jsse.present}" />
       <echo
message="commons-httpclient.present=${commons-httpclient.present}" />
       <echo message="axis-ant.present=${axis-ant.present}" />
       <echo message="httpunit.present=${httpunit.present}" />









Mime
View raw message