I already sent this few months ago, maybe now there's a chance someone
will at least -1 it.
This creates a hook to allow a SSLSocketFactory that will connect
with SSL servers ( tomcat, apache, etc ) without requiring a signed cert
on the server.
The current solution is either buy a signature, or self-sign and
import the signature in each client. AFAIK there is no other way
to communicate between a java SSL client and a server.
Of course, production sites should have signed certs - but for
development and testing it's hugely painfull. It uses a system
property - if someone understand how the options are set it
should be possible to put this in the configuration file.
( jsse.jar is required to compile it, with conditional compilation
in build.xml )
Costin
Index: build.xml
===================================================================
RCS file: /home/cvs/xml-axis/java/build.xml,v
retrieving revision 1.138
diff -u -r1.138 build.xml
--- build.xml 23 May 2002 18:53:30 -0000 1.138
+++ build.xml 29 May 2002 21:44:16 -0000
@@ -80,6 +80,7 @@
<property name="lib.dir" location="./lib"/>
<property name="wsdl4j.jar" location="lib/wsdl4j.jar"/>
+ <property name="jsse.jar" location="lib/jsse.jar"/>
<property name="commons-logging.jar" location="lib/commons-logging.jar"/>
<property name="log4j-core.jar" location="lib/log4j-core.jar"/>
<property name="tt-bytecode.jar" location="lib/tt-bytecode.jar"/>
@@ -117,6 +118,7 @@
<pathelement location="${junit.jar}"/>
<pathelement location="${excalibur.jar}"/>
<pathelement location="${j2ee.jar}"/>
+ <pathelement location="${jsse.jar}"/>
<pathelement location="${tools.jar}"/>
<fileset dir="${axis.lib.dir}">
<include name="*.jar"/>
@@ -172,6 +174,9 @@
classname="javax.mail.internet.MimeMessage"
classpathref="classpath"/>
+ <available property="jsse.present"
+ file="jsse.jar" />
+
<condition property="attachments.present" >
<and>
<available classname="javax.activation.DataHandler" classpathref="classpath"
/>
@@ -267,6 +272,7 @@
<exclude name="**/javax/xml/soap/*.java" unless="attachments.present"/>
<exclude name="**/javax/xml/rpc/handler/soap/*.java"
unless="attachments.present"/>
<exclude name="**/javax/xml/rpc/server/Servlet*.java" unless="servlet.present"/>
+ <exclude name="**/org/apache/axis/transport/http/FakeTrustSocketFactory.java"
+unless="jsse.present"/>
<exclude name="**/*TestSuite.java" unless="junit.present"/>
</javac>
<copy file="${src.dir}/org/apache/axis/server/server-config.wsdd"
Index: src/org/apache/axis/transport/http/HTTPSender.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/transport/http/HTTPSender.java,v
retrieving revision 1.62
diff -u -r1.62 HTTPSender.java
--- src/org/apache/axis/transport/http/HTTPSender.java 29 May 2002 14:30:01 -0000
1.62
+++ src/org/apache/axis/transport/http/HTTPSender.java 29 May 2002 21:44:16 -0000
@@ -90,6 +90,19 @@
protected static Log log = LogFactory.getLog(HTTPSender.class.getName());
+ /** Hook for creating a different SSL socket factory
+ * XXX The whole thing can be refactored to use something like tomcat.util, which
+ * is cleaner and support PureTLS.
+ */
+ public static interface SocketFactoryFactory {
+
+ /** Returns an instance of SSLSocketFactory, possibly with
+ * different parameters ( like different trust policies )
+ */
+ public Object createFactory() throws Exception;
+ }
+
+
/**
* Utility Class BooleanHolder
*/
@@ -200,7 +213,26 @@
SSLSocketFactoryClass.getMethod("getDefault", new Class[]{});
Method startHandshakeMethod =
SSLSocketClass.getMethod("startHandshake", new Class[]{});
- Object factory = getDefaultMethod.invoke(null,new Object[]{});
+
+ Object factory=null;
+
+ // Hook in a different SSL socket factory
+ String socketFactoryClass=System.getProperty( "axis.socketFactory" );
+ if( socketFactoryClass !=null ) {
+ try {
+ Class c1=Class.forName( socketFactoryClass);
+ SocketFactoryFactory sff=(SocketFactoryFactory)c1.newInstance();
+ factory=sff.createFactory();
+ if (log.isDebugEnabled()) {
+ log.debug( "Created socket factory " +
+sff.getClass().getName() );
+ }
+ } catch( Exception ex ) {
+ }
+ }
+
+
+ if( factory==null)
+ factory = getDefaultMethod.invoke(null,new Object[]{});
Object sslSocket = null;
if ((tunnelHost == null) || tunnelHost.equals("")) {
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.transport.http;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.encoding.Base64;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.MessageElement;
import org.apache.axis.utils.JavaUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.net.Socket;
import java.net.URL;
import java.util.Hashtable;
import java.util.StringTokenizer;
import com.sun.net.ssl.X509TrustManager;
import com.sun.net.ssl.KeyManager;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.SSLContext;
import java.security.cert.X509Certificate;
import java.security.cert.X509Certificate;
import com.sun.net.ssl.X509TrustManager;
/** Hook for Axis sender, allowing unsigned server certs
*/
public class FakeTrustSocketFactory implements HTTPSender.SocketFactoryFactory {
protected static Log log =
LogFactory.getLog(FakeTrustSocketFactory.class.getName());
public Object createFactory() throws IOException {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(
null, // we don't need no stinkin KeyManager
new TrustManager[] { new FakeX509TrustManager()},
new java.security.SecureRandom()
);
if (log.isDebugEnabled()) {
log.debug("Creating trusting socket factory");
}
return sc.getSocketFactory();
} catch (Exception exc) {
log.error("Exception creating factory ", exc);
throw new IOException("SSL setup failed");
}
}
public static class FakeX509TrustManager implements X509TrustManager {
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
public boolean isClientTrusted(java.security.cert.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug("isClientTrusted: yes");
}
return true;
}
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug("isServerTrusted: yes");
}
return true;
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
if (log.isDebugEnabled()) {
log.debug("getAcceptedIssuers: none");
}
return null;
}
}
}
