cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r828789 - /cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Date Thu, 22 Oct 2009 17:22:31 GMT
Author: dkulp
Date: Thu Oct 22 17:22:30 2009
New Revision: 828789

URL: http://svn.apache.org/viewvc?rev=828789&view=rev
Log:
[CXF-1459] Another attempt at trying to get https working with weblogic

Modified:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=828789&r1=828788&r2=828789&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Thu Oct 22 17:22:30 2009
@@ -20,6 +20,7 @@
 package org.apache.cxf.transport.https;
 
 import java.io.IOException;
+import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
@@ -32,12 +33,14 @@
 import java.util.logging.Logger;
 
 import javax.imageio.IIOException;
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.ReflectionInvokationHandler;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.HttpURLConnectionFactory;
@@ -61,17 +64,7 @@
     private static final Logger LOG =
         LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
 
-    /*
-     *  For development and testing only
-     */
-    private static final String[] UNSUPPORTED =
-    {"SessionCaching", "SessionCacheKey", "MaxChainLength",
-     "CertValidator", "ProxyHost", "ProxyPort"};
-    
-    /*
-     *  For development and testing only
-     */
-    private static final String[] DERIVATIVE = {"CiphersuiteFilters"};
+    private static boolean weblogicWarned;
     
     /**
      * This field holds the conduit to which this connection factory
@@ -218,14 +211,12 @@
                                                         tlsClientParameters.getSecureSocketProtocol());
         }
         
+        HostnameVerifier verifier = tlsClientParameters.isDisableCNCheck() 
+            ? CertificateHostnameVerifier.ALLOW_ALL : CertificateHostnameVerifier.DEFAULT;
         if (connection instanceof HttpsURLConnection) {
             // handle the expected case (javax.net.ssl)
             HttpsURLConnection conn = (HttpsURLConnection) connection;
-            if (tlsClientParameters.isDisableCNCheck()) {
-                conn.setHostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
-            } else {
-                conn.setHostnameVerifier(CertificateHostnameVerifier.DEFAULT);
-            }
+            conn.setHostnameVerifier(verifier);
             conn.setSSLSocketFactory(socketFactory);
         } else {
             // handle the deprecated sun case and other possible hidden API's 
@@ -233,11 +224,15 @@
             try {
                 Method method = connection.getClass().getMethod("getHostnameVerifier");
                 
-                InvocationHandler handler = new InvocationHandler() {
+                InvocationHandler handler = new ReflectionInvokationHandler(verifier) {
                     public Object invoke(Object proxy, 
                                          Method method, 
                                          Object[] args) throws Throwable {
-                        return true;
+                        try {
+                            return super.invoke(proxy, method, args);
+                        } catch (Exception ex) {
+                            return true;
+                        }
                     }
                 };
                 Object proxy = java.lang.reflect.Proxy.newProxyInstance(this.getClass().getClassLoader(),
@@ -247,14 +242,32 @@
                 method = connection.getClass().getMethod("setHostnameVerifier", method.getReturnType());
                 method.invoke(connection, proxy);
             } catch (Exception ex) {
-                //Ignore this one, we're just setting it to a completely stupid verifier
anyway
-                //that is pretty pointless.
+                //Ignore this one
             }
             try {
-                Method setSSLSocketFactory = connection.getClass().getMethod("setSSLSocketFactory",

-                                                                             SSLSocketFactory.class);
-                setSSLSocketFactory.invoke(connection, socketFactory);
+                Method getSSLSocketFactory =  connection.getClass().getMethod("getSSLSocketFactory");
+                Method setSSLSocketFactory = connection.getClass()
+                    .getMethod("setSSLSocketFactory", getSSLSocketFactory.getReturnType());
+                if (getSSLSocketFactory.getReturnType().isInstance(socketFactory)) {
+                    setSSLSocketFactory.invoke(connection, socketFactory);
+                } else {
+                    //need to see if we can create one - mostly the weblogic case.   The

+                    //weblogic SSLSocketFactory has a protected constructor that can take
+                    //a JSSE SSLSocketFactory so we'll try and use that
+                    Constructor c = getSSLSocketFactory.getReturnType()
+                        .getDeclaredConstructor(SSLSocketFactory.class);
+                    c.setAccessible(true);
+                    setSSLSocketFactory.invoke(connection, c.newInstance(socketFactory));
+                }
             } catch (Exception ex) {
+                if (connection.getClass().getName().contains("weblogic")) {
+                    if (!weblogicWarned) {
+                        weblogicWarned = true;
+                        LOG.warning("Could not configure SSLSocketFactory on Weblogic.  "
+                                    + " Use the Weblogic control panel to configure the SSL
settings.");
+                    }
+                    return;
+                } 
                 //if we cannot set the SSLSocketFactor, we're in serious trouble.
                 throw new IllegalArgumentException("Error decorating connection class " 
                         + connection.getClass().getName(), ex);
@@ -268,14 +281,6 @@
     protected void addLogHandler(Handler handler) {
         LOG.addHandler(handler);
     }
-       
-    protected String[] getUnSupported() {
-        return UNSUPPORTED;
-    }
-    
-    protected String[] getDerivative() {
-        return DERIVATIVE;
-    }
 
     /**
      * This operation returns an HttpsURLConnectionInfo for the 



Mime
View raw message