cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r829232 - in /cxf/branches/2.1.x-fixes: ./ rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Date Fri, 23 Oct 2009 20:53:29 GMT
Author: dkulp
Date: Fri Oct 23 20:53:29 2009
New Revision: 829232

URL: http://svn.apache.org/viewvc?rev=829232&view=rev
Log:
Merged revisions 828790 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/branches/2.2.x-fixes

................
  r828790 | dkulp | 2009-10-22 13:25:29 -0400 (Thu, 22 Oct 2009) | 9 lines
  
  Merged revisions 828789 via svnmerge from 
  https://svn.apache.org/repos/asf/cxf/trunk
  
  ........
    r828789 | dkulp | 2009-10-22 13:22:30 -0400 (Thu, 22 Oct 2009) | 1 line
    
    [CXF-1459] Another attempt at trying to get https working with weblogic
  ........
................

Modified:
    cxf/branches/2.1.x-fixes/   (props changed)
    cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java

Propchange: cxf/branches/2.1.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=829232&r1=829231&r2=829232&view=diff
==============================================================================
--- cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Fri Oct 23 20:53:29 2009
@@ -20,6 +20,7 @@
 package org.apache.cxf.transport.https;
 
 import java.io.IOException;
+import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
 import java.net.HttpURLConnection;
@@ -32,11 +33,14 @@
 import java.util.logging.Logger;
 
 import javax.imageio.IIOException;
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.ReflectionInvokationHandler;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.HttpURLConnectionFactory;
@@ -60,17 +64,7 @@
     private static final Logger LOG =
         LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
 
-    /*
-     *  For development and testing only
-     */
-    private static final String[] UNSUPPORTED =
-    {"SessionCaching", "SessionCacheKey", "MaxChainLength",
-     "CertValidator", "ProxyHost", "ProxyPort"};
-    
-    /*
-     *  For development and testing only
-     */
-    private static final String[] DERIVATIVE = {"CiphersuiteFilters"};
+    private static boolean weblogicWarned;
     
     /**
      * This field holds the conduit to which this connection factory
@@ -89,10 +83,6 @@
      * Cache the last SSLContext to avoid recreation
      */
     SSLSocketFactory socketFactory;
-
-    private Class deprecatedSunHttpsURLConnectionClass;
-
-    private Class deprecatedSunHostnameVerifierClass;
     
     /**
      * This constructor initialized the factory with the configured TLS
@@ -147,8 +137,6 @@
                     throw new IIOException("Error while initializing secure socket", ex);
                 }
             }
-        } else {
-            assert false;
         }
 
         return connection;
@@ -187,9 +175,27 @@
                       ? SSLContext.getInstance(protocol)
                       : SSLContext.getInstance(protocol, provider);
             
+                      
+
+            TrustManager[] trustAllCerts = tlsClientParameters.getTrustManagers();
+            /*
+            TrustManager[] trustAllCerts = new TrustManager[] {
+                new javax.net.ssl.X509TrustManager() {
+                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                        return null;
+                    }
+                    public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+                    public void checkServerTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+                }
+            };
+            */         
             ctx.init(
-                tlsClientParameters.getKeyManagers(), 
-                tlsClientParameters.getTrustManagers(), 
+                tlsClientParameters.getKeyManagers(),
+                trustAllCerts, 
                 tlsClientParameters.getSecureRandom());
             
             // The "false" argument means opposite of exclude.
@@ -205,70 +211,76 @@
                                                         tlsClientParameters.getSecureSocketProtocol());
         }
         
+        HostnameVerifier verifier = tlsClientParameters.isDisableCNCheck() 
+            ? CertificateHostnameVerifier.ALLOW_ALL : CertificateHostnameVerifier.DEFAULT;
         if (connection instanceof HttpsURLConnection) {
             // handle the expected case (javax.net.ssl)
             HttpsURLConnection conn = (HttpsURLConnection) connection;
-            if (tlsClientParameters.isDisableCNCheck()) {
-                conn.setHostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
-            } else {
-                conn.setHostnameVerifier(CertificateHostnameVerifier.DEFAULT);
-            }
+            conn.setHostnameVerifier(verifier);
             conn.setSSLSocketFactory(socketFactory);
         } else {
-            // handle the deprecated sun case
+            // handle the deprecated sun case and other possible hidden API's 
+            // that are similar to the Sun cases
             try {
-                Class<?> connectionClass = getDeprecatedSunHttpsURLConnectionClass();
-                Class<?> verifierClass = getDeprecatedSunHostnameVerifierClass();
-                Method setHostnameVerifier = connectionClass.getMethod("setHostnameVerifier",
verifierClass);
-                InvocationHandler handler = new InvocationHandler() {
+                Method method = connection.getClass().getMethod("getHostnameVerifier");
+                
+                InvocationHandler handler = new ReflectionInvokationHandler(verifier) {
                     public Object invoke(Object proxy, 
                                          Method method, 
                                          Object[] args) throws Throwable {
-                        return true;
+                        try {
+                            return super.invoke(proxy, method, args);
+                        } catch (Exception ex) {
+                            return true;
+                        }
                     }
                 };
                 Object proxy = java.lang.reflect.Proxy.newProxyInstance(this.getClass().getClassLoader(),
-                                                                          new Class[] {verifierClass},
-                                                                          handler);
-                setHostnameVerifier.invoke(connectionClass.cast(connection), verifierClass.cast(proxy));
-                Method setSSLSocketFactory = connectionClass.getMethod("setSSLSocketFactory",

-                                                                       SSLSocketFactory.class);
-                setSSLSocketFactory.invoke(connectionClass.cast(connection), socketFactory);
+                                                                        new Class[] {method.getReturnType()},
+                                                                        handler);
+
+                method = connection.getClass().getMethod("setHostnameVerifier", method.getReturnType());
+                method.invoke(connection, proxy);
+            } catch (Exception ex) {
+                //Ignore this one
+            }
+            try {
+                Method getSSLSocketFactory =  connection.getClass().getMethod("getSSLSocketFactory");
+                Method setSSLSocketFactory = connection.getClass()
+                    .getMethod("setSSLSocketFactory", getSSLSocketFactory.getReturnType());
+                if (getSSLSocketFactory.getReturnType().isInstance(socketFactory)) {
+                    setSSLSocketFactory.invoke(connection, socketFactory);
+                } else {
+                    //need to see if we can create one - mostly the weblogic case.   The

+                    //weblogic SSLSocketFactory has a protected constructor that can take
+                    //a JSSE SSLSocketFactory so we'll try and use that
+                    Constructor c = getSSLSocketFactory.getReturnType()
+                        .getDeclaredConstructor(SSLSocketFactory.class);
+                    c.setAccessible(true);
+                    setSSLSocketFactory.invoke(connection, c.newInstance(socketFactory));
+                }
             } catch (Exception ex) {
+                if (connection.getClass().getName().contains("weblogic")) {
+                    if (!weblogicWarned) {
+                        weblogicWarned = true;
+                        LOG.warning("Could not configure SSLSocketFactory on Weblogic.  "
+                                    + " Use the Weblogic control panel to configure the SSL
settings.");
+                    }
+                    return;
+                } 
+                //if we cannot set the SSLSocketFactor, we're in serious trouble.
                 throw new IllegalArgumentException("Error decorating connection class " 
                         + connection.getClass().getName(), ex);
             }
         }
     }
 
-    private Class getDeprecatedSunHttpsURLConnectionClass() throws ClassNotFoundException
{
-        if (deprecatedSunHttpsURLConnectionClass == null) {
-            deprecatedSunHttpsURLConnectionClass = Class.forName("com.sun.net.ssl.HttpsURLConnection");
-        }
-        return deprecatedSunHttpsURLConnectionClass;
-    }
-
-    private Class getDeprecatedSunHostnameVerifierClass() throws ClassNotFoundException {
-        if (deprecatedSunHostnameVerifierClass == null) {
-            deprecatedSunHostnameVerifierClass = Class.forName("com.sun.net.ssl.HostnameVerifier");
-        }
-        return deprecatedSunHostnameVerifierClass;
-    }
-
     /*
      *  For development and testing only
      */
     protected void addLogHandler(Handler handler) {
         LOG.addHandler(handler);
     }
-       
-    protected String[] getUnSupported() {
-        return UNSUPPORTED;
-    }
-    
-    protected String[] getDerivative() {
-        return DERIVATIVE;
-    }
 
     /**
      * This operation returns an HttpsURLConnectionInfo for the 



Mime
View raw message