Hi,
Attached is a patch that adds a hook for creating a different
"SocketFactory" for SSL. It
is very hacky, but solves a very common problem - connecting with SSL
with servers
without a signed certificate. Many people have a lot of pain because of
that, so
it would be great if you could commit this.
The "FakeTrustSocketFactory" is a special factory that uses the hook to plug
a trusting SSL factory.
If someone more familiar with the axis config can make the hook configurable
per service - it would be great. Right now it uses a global system
property.
Please let me know if there's any problem with the patch or anything I can
do.
Thanks,
Costin
Index: build.xml
===================================================================
RCS file: /home/cvs/xml-axis/java/build.xml,v
retrieving revision 1.125
diff -u -r1.125 build.xml
--- build.xml 15 Mar 2002 17:35:50 -0000 1.125
+++ build.xml 15 Mar 2002 23:03:30 -0000
@@ -87,6 +87,7 @@
<property name="regexp.jar" value="test/lib/jakarta-oro-2.0.5.jar"/>
<property name="junit.jar" value="lib/junit.jar"/>
+ <property name="jsse.home" value="/usr/share/java/jsse1.0.3"/>
<property name="packages" value="org.*,javax.*"/>
@@ -113,6 +114,9 @@
<pathelement location="${xerces.jar}"/>
<pathelement location="${regexp.jar}"/>
<pathelement location="${junit.jar}"/>
+ <pathelement location="${jsse.home}/lib/jcert.jar"/>
+ <pathelement location="${jsse.home}/lib/jnet.jar"/>
+ <pathelement location="${jsse.home}/lib/jsse.jar"/>
<pathelement location="${excalibur.jar}"/>
<pathelement location="${java.home}/../lib/tools.jar"/>
<fileset dir="lib">
@@ -165,6 +169,10 @@
classname="org.apache.xml.security.Init"
classpathref="classpath"/>
+ <available property="jsse.present"
+ classname="com.sun.net.ssl.X509TrustManager"
+ classpathref="classpath"/>
+
<available property="mailapi.present"
classname="javax.mail.internet.MimeMessage"
classpathref="classpath"/>
@@ -243,6 +251,7 @@
<exclude name="**/org/apache/axis/transport/http/AxisHttpSession.java"
unless="servlet.present"/>
<exclude name="**/org/apache/axis/transport/http/AxisServlet.java"
unless="servlet.present"/>
<exclude name="**/org/apache/axis/server/JNDIAxisServerFactory.java"
unless="servlet.present"/>
+ <exclude name="**/org/apache/axis/transport/http/FakeTrustSocketFactory.java"
+unless="jsse.present"/>
<exclude name="**/org/apache/axis/security/servlet/*" unless="servlet.present"/>
<exclude name="**/javax/xml/soap/*.java" unless="attachments.present"/>
<exclude name="**/javax/xml/rpc/handler/soap/*.java"
unless="attachments.present"/>
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.transport.http;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.encoding.Base64;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.MessageElement;
import org.apache.axis.utils.JavaUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.net.Socket;
import java.net.URL;
import java.util.Hashtable;
import java.util.StringTokenizer;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.KeyManager;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.SSLContext;
import java.security.cert.X509Certificate;
import java.security.cert.X509Certificate;
import com.sun.net.ssl.X509TrustManager;
public class FakeTrustSocketFactory extends HTTPSender.SocketFactoryFactory {
protected static Log log =
LogFactory.getLog(FakeTrustSocketFactory.class.getName());
public Object createFactory() throws IOException {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(
null, // we don't need no stinkin KeyManager
new TrustManager[] { new FakeX509TrustManager()},
new java.security.SecureRandom()
);
if (log.isDebugEnabled()) {
log.debug("Creating trusting socket factory");
}
return sc.getSocketFactory();
} catch (Exception exc) {
log.error("Exception creating factory ", exc);
throw new IOException("SSL setup failed");
}
}
public static class FakeX509TrustManager implements X509TrustManager {
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
public boolean isClientTrusted(java.security.cert.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug("isClientTrusted: yes");
}
return true;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug("isServerTrusted: yes");
}
return true;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
if (log.isDebugEnabled()) {
log.debug("getAcceptedIssuers: none");
}
return null;
}
}
}
