cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sea...@apache.org
Subject svn commit: r745560 - in /cxf/trunk/rt/transports/http/src: main/java/org/apache/cxf/transport/https/ test/java/org/apache/cxf/transport/http/
Date Wed, 18 Feb 2009 16:28:31 GMT
Author: seanoc
Date: Wed Feb 18 16:28:31 2009
New Revision: 745560

URL: http://svn.apache.org/viewvc?rev=745560&view=rev
Log:
Fix fox CXF-2048 (patch provided by Ron Gavlin)

Modified:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionInfo.java
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitURLConnectionTest.java

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=745560&r1=745559&r2=745560&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Wed Feb 18 16:28:31 2009
@@ -20,6 +20,8 @@
 package org.apache.cxf.transport.https;
 
 import java.io.IOException;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
 import java.net.Proxy;
 import java.net.URL;
@@ -57,7 +59,7 @@
     private static final long serialVersionUID = 1L;
     private static final Logger LOG =
         LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
-    
+
     /*
      *  For development and testing only
      */
@@ -88,6 +90,10 @@
      */
     SSLSocketFactory socketFactory;
 
+    private Class deprecatedSunHttpsURLConnectionClass;
+
+    private Class deprecatedSunHostnameVerifierClass;
+    
     /**
      * This constructor initialized the factory with the configured TLS
      * Client Parameters for the HTTPConduit for which this factory is used.
@@ -122,8 +128,8 @@
                     + " for HTTPS URLConnection Factory.");
         }
         
-        HttpsURLConnection connection =
-            (HttpsURLConnection) (proxy != null 
+        HttpURLConnection connection =
+            (HttpURLConnection) (proxy != null 
                                    ? url.openConnection(proxy)
                                    : url.openConnection());
                                    
@@ -150,9 +156,11 @@
     
     /**
      * This method assigns the various TLS parameters on the HttpsURLConnection
-     * from the TLS Client Parameters.
+     * from the TLS Client Parameters. Connection parameter is of supertype HttpURLConnection,

+     * which allows internal cast to potentially divergent subtype (https) implementations.
      */
-    protected synchronized void decorateWithTLS(HttpsURLConnection connection)
+    @SuppressWarnings("deprecation")
+    protected synchronized void decorateWithTLS(HttpURLConnection connection)
         throws NoSuchAlgorithmException,
                NoSuchProviderException,
                KeyManagementException {
@@ -197,12 +205,55 @@
                                                         cipherSuites,
                                                         tlsClientParameters.getSecureSocketProtocol());
         }
-        if (tlsClientParameters.isDisableCNCheck()) {
-            connection.setHostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
+        
+        if (connection instanceof HttpsURLConnection) {
+            // handle the expected case (javax.net.ssl)
+            HttpsURLConnection conn = (HttpsURLConnection) connection;
+            if (tlsClientParameters.isDisableCNCheck()) {
+                conn.setHostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
+            } else {
+                conn.setHostnameVerifier(CertificateHostnameVerifier.DEFAULT);
+            }
+            conn.setSSLSocketFactory(socketFactory);
         } else {
-            connection.setHostnameVerifier(CertificateHostnameVerifier.DEFAULT);
+            // handle the deprecated sun case
+            try {
+                Class connectionClass = getDeprecatedSunHttpsURLConnectionClass();
+                Class verifierClass = getDeprecatedSunHostnameVerifierClass();
+                Method setHostnameVerifier = connectionClass.getMethod("setHostnameVerifier",
verifierClass);
+                InvocationHandler handler = new InvocationHandler() {
+                    public Object invoke(Object proxy, 
+                                         Method method, 
+                                         Object[] args) throws Throwable {
+                        return true;
+                    }
+                };
+                Object proxy = java.lang.reflect.Proxy.newProxyInstance(this.getClass().getClassLoader(),
+                                                                          new Class[] {verifierClass},
+                                                                          handler);
+                setHostnameVerifier.invoke(connectionClass.cast(connection), verifierClass.cast(proxy));
+                Method setSSLSocketFactory = connectionClass.getMethod("setSSLSocketFactory",

+                                                                       SSLSocketFactory.class);
+                setSSLSocketFactory.invoke(connectionClass.cast(connection), socketFactory);
+            } catch (Exception ex) {
+                throw new IllegalArgumentException("Error decorating connection class " 
+                        + connection.getClass().getName(), ex);
+            }
+        }
+    }
+
+    private Class getDeprecatedSunHttpsURLConnectionClass() throws ClassNotFoundException
{
+        if (deprecatedSunHttpsURLConnectionClass == null) {
+            deprecatedSunHttpsURLConnectionClass = Class.forName("com.sun.net.ssl.HttpsURLConnection");
         }
-        connection.setSSLSocketFactory(socketFactory);
+        return deprecatedSunHttpsURLConnectionClass;
+    }
+
+    private Class getDeprecatedSunHostnameVerifierClass() throws ClassNotFoundException {
+        if (deprecatedSunHostnameVerifierClass == null) {
+            deprecatedSunHostnameVerifierClass = Class.forName("com.sun.net.ssl.HostnameVerifier");
+        }
+        return deprecatedSunHostnameVerifierClass;
     }
 
     /*
@@ -228,12 +279,13 @@
      * @return The HttpsURLConnectionInfo object for the given 
      *         HttpsURLConnection.
      * @throws IOException Normal IO Exceptions.
-     * @throws ClassCastException If "connection" is not an HttpsURLConnection.
+     * @throws ClassCastException If "connection" is not an HttpsURLConnection 
+     *         (or a supported subtype of HttpURLConnection)
      */
     public HttpURLConnectionInfo getConnectionInfo(
             HttpURLConnection connection
     ) throws IOException {  
-        return new HttpsURLConnectionInfo((HttpsURLConnection)connection);
+        return new HttpsURLConnectionInfo(connection);
     }
     
     public String getProtocol() {
@@ -243,3 +295,4 @@
 }
 
 
+

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionInfo.java?rev=745560&r1=745559&r2=745560&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionInfo.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionInfo.java
Wed Feb 18 16:28:31 2009
@@ -20,9 +20,12 @@
 package org.apache.cxf.transport.https;
 
 import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.HttpURLConnection;
 import java.security.Principal;
 import java.security.cert.Certificate;
 
+import javax.imageio.IIOException;
 import javax.net.ssl.HttpsURLConnection;
 
 import org.apache.cxf.transport.http.HttpURLConnectionInfo;
@@ -37,47 +40,85 @@
      * This field contains the cipherSuite enabled in the 
      * HTTPS URLconnection.
      */
-    protected final String enabledCipherSuite;
+    protected String enabledCipherSuite;
     
     /**
      * This field contains the certificates that were used to
      * authenticate the connection to the peer.
      */
-    protected final Certificate[] localCertificates;
+    protected Certificate[] localCertificates;
     
     /**
      * This field contains the Principal that authenticated to the
      * peer.
      */
-    protected final Principal localPrincipal;
+    protected Principal localPrincipal;
     
     /**
      * This field contains the certificates the server presented
      * to authenticate.
      */
-    protected final Certificate[] serverCertificates;
+    protected Certificate[] serverCertificates;
     
     /**
      * This field contains the Principal that represents the 
      * authenticated peer.
      */
-    protected final Principal peerPrincipal;
+    protected Principal peerPrincipal;
+
+    private Class deprecatedSunHttpsURLConnectionOldImplClass;
     
     /**
      * This constructor is used to create the info object
-     * representing the this HttpsURLConnection.
+     * representing the this HttpsURLConnection. Connection parameter is 
+     * of supertype HttpURLConnection, which allows internal cast to 
+     * potentially divergent subtype (Https) implementations.
      */
-    HttpsURLConnectionInfo(HttpsURLConnection connection)
+    HttpsURLConnectionInfo(HttpURLConnection connection)
         throws IOException {
         super(connection);
-        
-        enabledCipherSuite = connection.getCipherSuite();
-        localCertificates  = connection.getLocalCertificates();
-        localPrincipal     = connection.getLocalPrincipal();
-        serverCertificates = connection.getServerCertificates();
-        peerPrincipal      = connection.getPeerPrincipal();
+        if (connection instanceof HttpsURLConnection) {
+            HttpsURLConnection conn = (HttpsURLConnection) connection;
+            enabledCipherSuite = conn.getCipherSuite();
+            localCertificates  = conn.getLocalCertificates();
+            localPrincipal     = conn.getLocalPrincipal();
+            serverCertificates = conn.getServerCertificates();
+            peerPrincipal      = conn.getPeerPrincipal();
+        } else {
+            Exception ex = null;
+            try {
+                Class deprecatedSunClass = getDeprecatedSunHttpsURLConnectionOldImplClass();
+                Method method = null;
+                method = deprecatedSunClass.getMethod("getCipherSuite", (Class[]) null);
+                enabledCipherSuite = (String) method.invoke(connection, (Object[]) null);
+                method = deprecatedSunClass.getMethod("getLocalCertificates", (Class[]) null);
+                localCertificates = (Certificate[]) method.invoke(connection, (Object[])
null);
+                method = deprecatedSunClass.getMethod("getServerCertificates", (Class[])
null);
+                serverCertificates = (Certificate[]) method.invoke(connection, (Object[])
null);
+                
+                //TODO Obtain localPrincipal and peerPrincipal using the com.sun.net.ssl
api
+            } catch (Exception e) {
+                ex = e;
+            } finally {
+                if (ex != null) {
+                    if (ex instanceof IOException) {
+                        throw (IOException) ex;
+                    }
+                    throw new IIOException("Error constructing HttpsURLConnectionInfo for
connection class "
+                            + connection.getClass().getName(), ex);
+                }
+            }
+        }
+    }
+
+    private Class getDeprecatedSunHttpsURLConnectionOldImplClass() throws ClassNotFoundException
{
+        if (deprecatedSunHttpsURLConnectionOldImplClass == null) {
+            deprecatedSunHttpsURLConnectionOldImplClass = 
+                    Class.forName("com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl");
+        }
+        return deprecatedSunHttpsURLConnectionOldImplClass;
     }
-
+        
     /**
      * This method returns the cipher suite employed in this
      * HttpsURLConnection.

Modified: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitURLConnectionTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitURLConnectionTest.java?rev=745560&r1=745559&r2=745560&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitURLConnectionTest.java
(original)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/HTTPConduitURLConnectionTest.java
Wed Feb 18 16:28:31 2009
@@ -122,6 +122,36 @@
      */
     @Test
     public void testTLSServerParameters() throws Exception {
+        Object connection = doTestTLSServerParameters();
+        assertTrue("TLS Client Parameters should generate an HttpsURLConnection",
+                HttpsURLConnection.class.isInstance(connection));
+    }
+
+    /**
+     * This verifys that the underlying connection is an HttpsURLConnection.
+     */
+    @Test
+    public void testTLSServerParametersWithDeprecatedSunSSLProtocol() throws Exception {
+        if (!System.getProperty("java.vm.vendor").toLowerCase().contains("sun")) {
+            return;
+        }
+        String javaProtocolHandlerPkgsKey = "java.protocol.handler.pkgs";
+        String javaProtocolHandlerPkgsValue = System.getProperty(javaProtocolHandlerPkgsKey);
+        try {
+            System.setProperty(javaProtocolHandlerPkgsKey, "com.sun.net.ssl.internal.www.protocol");
+            Object connection = doTestTLSServerParameters();
+            assertTrue("TLS Client Parameters should generate an HttpsURLConnection",
+                    connection.getClass().getName().contains("HttpsURLConnection"));
+        } finally {
+            if (javaProtocolHandlerPkgsValue == null) {
+                System.clearProperty(javaProtocolHandlerPkgsKey);
+            } else {
+                System.setProperty(javaProtocolHandlerPkgsKey, javaProtocolHandlerPkgsValue);
+            }
+        }
+    }
+    
+    private Object doTestTLSServerParameters() throws Exception {
         Bus bus = new CXFBusImpl();
         EndpointInfo ei = new EndpointInfo();
         ei.setAddress("https://secure.nowhere.null/" + "bar/foo");
@@ -135,9 +165,7 @@
         // Test call
         conduit.prepare(message);
         
-        assertTrue("TLS Client Parameters should generate an HttpsURLConnection",
-                HttpsURLConnection.class.isInstance(
-                        message.get("http.connection")));
+        return message.get("http.connection");
     }
 
 



Mime
View raw message