Author: olamy Date: Mon Aug 29 13:00:32 2011 New Revision: 1162779 URL: http://svn.apache.org/viewvc?rev=1162779&view=rev Log: allow by default some easy ssl which disable ssl check : certificate validity, hostname verification
Added: maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java Modified: maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java maven/wagon/trunk/wagon-providers/wagon-http/pom.xml maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java Modified: maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java?rev=1162779&r1=1162778&r2=1162779&view=diff ============================================================================== --- maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java (original) +++ maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java Mon Aug 29 13:00:32 2011 @@ -37,6 +37,10 @@ import org.apache.http.client.params.Cli import org.apache.http.client.params.CookiePolicy; import org.apache.http.conn.ClientConnectionManager; import org.apache.http.conn.params.ConnRoutePNames; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.conn.ssl.X509HostnameVerifier; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.conn.SingleClientConnManager; import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; @@ -60,6 +64,9 @@ import org.apache.maven.wagon.resource.R import org.codehaus.plexus.util.IOUtil; import org.codehaus.plexus.util.StringUtils; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -67,6 +74,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.URLEncoder; +import java.security.cert.X509Certificate; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; @@ -212,16 +220,44 @@ public abstract class AbstractHttpClient private DefaultHttpClient client; + /** + * @since 2.0 + */ protected static ClientConnectionManager connectionManagerPooled; + /** + * @since 2.0 + */ protected ClientConnectionManager clientConnectionManager = new SingleClientConnManager(); - // olamy make pool option enable by default - protected static boolean useClientManagerSingle = Boolean.getBoolean( "maven.wagon.httpconnectionManager.notpooled" ); + /** + * olamy make pool option enable by default + * + * @since 2.0 + */ + protected static boolean useClientManagerPooled = + Boolean.valueOf( System.getProperty( "maven.wagon.http.pool", "true" ) ); + + /** + * @since 2.0 + */ + protected static boolean sslEasy = Boolean.valueOf( System.getProperty( "maven.wagon.http.ssl.easy", "true" ) ); + + /** + * @since 2.0 + */ + protected static boolean sslAllowAll = + Boolean.valueOf( System.getProperty( "maven.wagon.http.ssl.allowall", "true" ) ); + + /** + * @since 2.0 + */ + protected static boolean IGNORE_SSL_VALIDITY_DATES = + Boolean.valueOf( System.getProperty( "maven.wagon.http.ssl.ignore.validity.dates", "true" ) ); static { - if ( useClientManagerSingle ) + if ( !useClientManagerPooled ) { System.out.println( "http connection pool disabled in wagon http" ); } @@ -236,6 +272,23 @@ public abstract class AbstractHttpClient threadSafeClientConnManager.setDefaultMaxPerRoute( maxPerRoute ); threadSafeClientConnManager.setMaxTotal( maxTotal ); + if ( sslEasy ) + { + try + { + SSLSocketFactory sslSocketFactory = + new SSLSocketFactory( EasyX509TrustManager.createEasySSLContext(), sslAllowAll + ? new EasyHostNameVerifier() + : new BrowserCompatHostnameVerifier() ); + Scheme httpsScheme = new Scheme( "https", 443, sslSocketFactory ); + + threadSafeClientConnManager.getSchemeRegistry().register( httpsScheme ); + } + catch ( IOException e ) + { + throw new RuntimeException( "failed to init SSLSocket Factory " + e.getMessage(), e ); + } + } System.out.println( " wagon http use multi threaded http connection manager maxPerRoute " + threadSafeClientConnManager.getDefaultMaxPerRoute() + ", max total " + threadSafeClientConnManager.getMaxTotal() ); @@ -244,11 +297,42 @@ public abstract class AbstractHttpClient } } - protected ClientConnectionManager getConnectionManager() + /** + * disable all host name verification + * @since 2.0 + */ + private static class EasyHostNameVerifier + implements X509HostnameVerifier + { + public void verify( String s, SSLSocket sslSocket ) + throws IOException + { + //no op + } + + public void verify( String s, X509Certificate x509Certificate ) + throws SSLException + { + //no op + } + + public void verify( String s, String[] strings, String[] strings1 ) + throws SSLException + { + //no op + } + + public boolean verify( String s, SSLSession sslSession ) + { + return true; + } + } + + public ClientConnectionManager getConnectionManager() { - if ( useClientManagerSingle ) + if ( !useClientManagerPooled ) { - return clientConnectionManager; + return clientConnectionManager; } return connectionManagerPooled; } @@ -258,9 +342,9 @@ public abstract class AbstractHttpClient connectionManagerPooled = clientConnectionManager; } - public static void setUseNonPooledConnectionManager( boolean useNonPooledConnectionManager ) + public static void setUseClientManagerPooled( boolean pooledClientManager ) { - useClientManagerSingle = useNonPooledConnectionManager; + useClientManagerPooled = pooledClientManager; } /** @@ -275,7 +359,6 @@ public abstract class AbstractHttpClient repository.setUrl( getURL( repository ) ); client = new DefaultHttpClient( getConnectionManager() ); - // WAGON-273: default the cookie-policy to browser compatible client.getParams().setParameter( ClientPNames.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY ); @@ -337,7 +420,7 @@ public abstract class AbstractHttpClient public void closeConnection() { - if ( useClientManagerSingle ) + if ( !useClientManagerPooled ) { getConnectionManager().shutdown(); } Added: maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java?rev=1162779&view=auto ============================================================================== --- maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java (added) +++ maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java Mon Aug 29 13:00:32 2011 @@ -0,0 +1,127 @@ +package org.apache.maven.wagon.shared.http; +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; + +/** + * @author Olivier Lamy + * @since 2.0 + */ +public class EasyX509TrustManager + implements X509TrustManager +{ + private X509TrustManager standardTrustManager = null; + + + protected static SSLContext createEasySSLContext() + throws IOException + { + try + { + SSLContext context = SSLContext.getInstance( "SSL" ); + context.init( null, new TrustManager[]{ new EasyX509TrustManager( null ) }, null ); + return context; + } + catch ( Exception e ) + { + throw new IOException( e.getMessage(), e ); + } + } + + /** + * Constructor for EasyX509TrustManager. + */ + public EasyX509TrustManager( KeyStore keystore ) + throws NoSuchAlgorithmException, KeyStoreException + { + super(); + TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() ); + factory.init( keystore ); + TrustManager[] trustmanagers = factory.getTrustManagers(); + if ( trustmanagers.length == 0 ) + { + throw new NoSuchAlgorithmException( "no trust manager found" ); + } + this.standardTrustManager = (X509TrustManager) trustmanagers[0]; + } + + /** + * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String authType) + */ + public void checkClientTrusted( X509Certificate[] certificates, String authType ) + throws CertificateException + { + System.out.println( "checkClientTrusted" ); + standardTrustManager.checkClientTrusted( certificates, authType ); + } + + /** + * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType) + */ + public void checkServerTrusted( X509Certificate[] certificates, String authType ) + throws CertificateException + { + + if ( ( certificates != null ) && ( certificates.length == 1 ) ) + { + try + { + certificates[0].checkValidity(); + } + catch ( CertificateExpiredException e ) + { + if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES ) + { + throw e; + } + } + catch ( CertificateNotYetValidException e ) + { + if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES ) + { + throw e; + } + } + } + else + { + standardTrustManager.checkServerTrusted( certificates, authType ); + } + } + + /** + * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() + */ + public X509Certificate[] getAcceptedIssuers() + { + return this.standardTrustManager.getAcceptedIssuers(); + } +} Modified: maven/wagon/trunk/wagon-providers/wagon-http/pom.xml URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http/pom.xml?rev=1162779&r1=1162778&r2=1162779&view=diff ============================================================================== --- maven/wagon/trunk/wagon-providers/wagon-http/pom.xml (original) +++ maven/wagon/trunk/wagon-providers/wagon-http/pom.xml Mon Aug 29 13:00:32 2011 @@ -112,7 +112,7 @@ under the License. <artifactId>maven-surefire-plugin</artifactId> <configuration> <systemPropertyVariables> - <maven.wagon.httpconnectionManager.notpooled>${http.pool}</maven.wagon.httpconnectionManager.notpooled> + <maven.wagon.http.pool>${http.pool}</maven.wagon.http.pool> </systemPropertyVariables> </configuration> </plugin> Modified: maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java?rev=1162779&r1=1162778&r2=1162779&view=diff ============================================================================== --- maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java (original) +++ maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java Mon Aug 29 13:00:32 2011 @@ -19,7 +19,9 @@ package org.apache.maven.wagon.providers * under the License. */ +import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager; import org.apache.maven.wagon.StreamingWagon; +import org.apache.maven.wagon.Wagon; import org.apache.maven.wagon.http.HttpWagonTestCase; import org.apache.maven.wagon.shared.http.HttpConfiguration; import org.apache.maven.wagon.shared.http.HttpMethodConfiguration; @@ -50,6 +52,14 @@ public class HttpWagonTest HttpMethodConfiguration methodConfiguration = new HttpMethodConfiguration(); methodConfiguration.setHeaders( properties ); config.setAll( methodConfiguration ); - ((HttpWagon) wagon).setHttpConfiguration( config ); + ( (HttpWagon) wagon ).setHttpConfiguration( config ); + } + + public void testDefaultPooledConnectionManager() + throws Exception + { + HttpWagon wagon = (HttpWagon) lookup( Wagon.class, "http" ); + assertTrue( wagon.getConnectionManager() instanceof ThreadSafeClientConnManager ); + } }