It's a mess, we all agree.
That something changed between Beta3 and RC1/2, no doubt. But the issue
was NOT pluggability, the issue is about change of default implementation.
I agree that you should NOT be required to make changes to axis to use it
out-of-box. HOWEVER (that's a BIG HOWEVER), if you are running in a
non-standard environment, then all bets are off.
So, let's step back and take a look at "standard" the environment in which
AXIS is expected to run (out-of-box), relevant to this discussion:
1. 1.3.1 level JDK.
2. JSSE 1.0.3 (Java 1.3.1).
The issue is that either JSSE is not portable, or we are not using it in a
correct/portable manner. Either way, we've broken our open-source AXIS
solution. If it's simply not portable then the solution for the IBM JSSE
is going to be plugging the IBM version via the pluggable interfaces.
We can discuss (and we should vote) on eliminating the default dependency
on com.sun.* (which is what Dug did yesterday).
We do have one solution to consider, but I must say up-front that I *DO
NOT* like it:
- We can create a list of default implementations.
- In this case: SunJSSESocketFactory, IBMJSSESocketFactory,
DefaultSecureSocketFactory
- Try to load each one. First one to load successfully wins.
The problem here is that you have NO idea what your behaviour really is.
You have expected behaviour based on your understanding of your
environment, but if something happens it falls through to a functioning
factory (DefaultSecureSocketFactory) without warning. In a production
environment, I want it to BREAK if my environment is messed up, not
pretend to move forward with a (at worst) less secure functioning system.
With regards to discovery, yes it can be complicated at one level. Yes,
the documention needs improvement. Yet, at another level, it's very
straight forward: "please give me a class that implements this interface"
(see integration.html). Either way, it's required by the users - never
mind that it provides a way out of the current mire.
*******************************************
Richard A. Sitze
IBM WebSphere WebServices Development
Rick Rineholt/Raleigh/IBM@IBMUS
10/08/2002 11:07 PM
Please respond to axis-dev
To: [EMAIL PROTECTED]
cc:
Subject: Re: cvs commit: xml-axis/java/xmls targets.xml
Richard,
Without the great insight and vision you see in this work, I too also
would like to lend my concern where all this is going. I just recently
had to go in and fix something that had been working. I'm not complaining
about that, things do break, but the time to understand all of this
compared to what once was contained in a single file and could be
understood with the just the basic understand of Java class library and
sockets is slowing becoming "daunting" to figure out all the pluggablity
and configuration. There was the need to go and investigate the jakarta
commons discovery package which seemed to be "sparsely" documented which I
finally concluded that if I really wanted to figure out I would need to
down load its source and investigate. Mind you there might be more there,
but I was in rush to get something working again and move on!! I really
question the requirement th! at all of this fills too; who will really
needs to use this? Was what we had sufficient to meet their needs? The
complexity of just all this configuration stuff is just another bar raised
for people wanting to join Axis to contribute. It makes understand and
maintaining a whole lot more difficult. At one time I could look at
HTTPSender.java all by itself and within very short time feel comfortable
with modifying it; now I need to scour through several different Axis
classes and some other package is see a being "lightly" documented. What's
there now also means another package to maintain in sync with in the
future too. In most systems I have seen configuration and pluggablity is
just a class or two and most often just a few lines of code; however, in
Axis it has become it own whole subsystem architecture! Do we have
testcases for all this? How about for all those socket factories? I was
sure while I! was working on this the change I did by modifying the !
default secure socket implementation would break some tests... it didn't
as far as I could tell. So do we have any test coverage here? I have a
some real reservations whether the benefit derived to anyone warrants its
*total* cost.
"In practicality, most systems versatility is seldom a product of the
quantity of features, but of its simplicity."
Rick Rineholt
"The truth is out there... All you need is a better search engine!"
[EMAIL PROTECTED]
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Subject: Re: cvs commit: xml-axis/java/xmls targets.xml
Richard,
I'm still confused by the direction you and Dims are going with all of
this - perhaps I just don't understand what's involved with j2ee but why
do
we need to have Sun, IBM and JDK14 versions of these files? Continuing
down this path we'll be force to add code to Axis for each and every impl.
We don't have this issue with parsers - people can any impl just so long
as
they adhere to the interfaces. Isn't J2EE the same way?
-Dug
[EMAIL PROTECTED] on 10/08/2002 06:24:00 PM
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:
Subject: cvs commit: xml-axis/java/xmls targets.xml
rsitze 2002/10/08 15:24:00
Modified: java/src/org/apache/axis/components/net
SocketFactoryFactory.java IBMJSSESocketFactory.java
java/lib commons-discovery.jar
java/src/org/apache/axis/transport/http HTTPSender.java
java/src/org/apache/axis/configuration
EngineConfigurationFactoryFinder.java
java/src/org/apache/axis AxisProperties.java
java build.xml
java/xmls targets.xml
Added: java/src/org/apache/axis/components/net
IBMFakeTrustSocketFactory.java
JDK14FakeTrustSocketFactory.java
SunFakeTrustSocketFactory.java
SecureSocketFactory.java SunJSSESocketFactory.java
JDK14JSSESocketFactory.java
Removed: java/src/org/apache/axis/components/net
FakeTrustSocketFactory.java JSSESocketFactory.java
java/src/org/apache/axis/discovery
DiscoverOldNamesInManagedProperties.java
DiscoverConstNames.java
Log:
work around components.net.*:
- Moved JSSE (and Fake*) classes to Sun*.
- Introduced JDK14* version, though they need more work/cleanup.
- No way to configure SocketFactory and SecureSocketFactories
separately, so added new interface SecureSocketFactory to
key off of during discovery process.
other:
- Moved discovery helper classes to discovery.
Revision Changes Path
1.8 +27 -35
xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java
Index: SocketFactoryFactory.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- SocketFactoryFactory.java 8 Oct 2002 17:55:33 -0000
1.7
+++ SocketFactoryFactory.java 8 Oct 2002 22:23:59 -0000
1.8
@@ -79,53 +79,45 @@
LogFactory.getLog(SocketFactoryFactory.class.getName());
/** socket factory */
- private static SocketFactory theFactory = null;
-
- /** secure socket factory */
- private static SocketFactory theSecureFactory = null;
+ private static Hashtable factories = new Hashtable();
private static final Class classes[] = new Class[] { Hashtable.class
};
/**
* Returns a copy of the environment's default socket factory.
- *
+ *
+ * @param protocol Today this only supports "http" & "https".
* @param attributes
*
* @return
*/
- public static synchronized SocketFactory getFactory(Hashtable
attributes) {
+ public static synchronized SocketFactory getFactory(String protocol,
+ Hashtable
attributes) {
+ SocketFactory theFactory =
(SocketFactory)factories.get(protocol);
+
if (theFactory == null) {
Object objects[] = new Object[] { attributes };
-
- theFactory = (SocketFactory)AxisProperties.newInstance(
- new SPInterface(SocketFactory.class,
- "axis.socketFactory",
- classes,
- objects),
-
"org.apache.axis.components.net.DefaultSocketFactory");
+
+ if (protocol.equalsIgnoreCase("http")) {
+ theFactory = (SocketFactory)AxisProperties.newInstance(
+ new SPInterface(SocketFactory.class,
+ "axis.socketFactory",
+ classes,
+ objects),
+
"org.apache.axis.components.net.DefaultSocketFactory");
+ } else if (protocol.equalsIgnoreCase("https")) {
+ theFactory = (SocketFactory)AxisProperties.newInstance(
+ new SPInterface(SecureSocketFactory.class,
+ "axis.socketSecureFactory",
+ classes,
+ objects),
+
"org.apache.axis.components.net.DefaultSecureSocketFactory");
+ }
+
+ if (theFactory != null) {
+ factories.put(protocol, theFactory);
+ }
}
return theFactory;
- }
-
- /**
- * Returns a copy of the environment's default secure socket
factory.
- *
- * @param attributes
- *
- * @return
- */
- public static synchronized SocketFactory getSecureFactory(
- Hashtable attributes) {
- if (theSecureFactory == null) {
- Object objects[] = new Object[] { attributes };
-
- theSecureFactory =
(SocketFactory)AxisProperties.newInstance(
- new SPInterface(SocketFactory.class,
- "axis.socketSecureFactory",
- classes,
- objects),
-
"org.apache.axis.components.net.DefaultSecureSocketFactory");
- }
- return theSecureFactory;
}
}
1.2 +10 -8
xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java
Index: IBMJSSESocketFactory.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- IBMJSSESocketFactory.java 8 Oct 2002 12:12:47 -0000
1.1
+++ IBMJSSESocketFactory.java 8 Oct 2002 22:23:59 -0000
1.2
@@ -55,6 +55,11 @@
package org.apache.axis.components.net;
import com.ibm.net.ssl.SSLContext;
+import com.ibm.net.ssl.KeyManagerFactory;
+import com.ibm.net.ssl.TrustManager;
+import com.ibm.net.ssl.TrustManagerFactory;
+import com.ibm.jsse.JSSEProvider;
+
import org.apache.axis.AxisProperties;
import org.apache.axis.utils.JavaUtils;
import org.apache.axis.utils.Messages;
@@ -281,7 +286,7 @@
* @return SSLContext
* @throws Exception
*/
- protected com.ibm.net.ssl.SSLContext getContext() throws Exception {
+ protected SSLContext getContext() throws Exception {
// Please don't change the name of the attribute - other
// software may depend on it ( j2ee for sure )
String keystoreFile = (String) attributes.get("keystore");
@@ -324,17 +329,15 @@
KeyStore kstore = initKeyStore(keystoreFile, keystorePass);
// Key manager will extract the server key
- com.ibm.net.ssl.KeyManagerFactory kmf =
-
com.ibm.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(algorithm);
kmf.init(kstore, keyPass.toCharArray());
// If client authentication is needed, set up TrustManager
- com.ibm.net.ssl.TrustManager[] tm = null;
+ TrustManager[] tm = null;
if (clientAuth) {
- com.ibm.net.ssl.TrustManagerFactory tmf =
-
com.ibm.net.ssl.TrustManagerFactory.getInstance("SunX509");
+ TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(kstore);
tm = tmf.getTrustManagers();
@@ -342,8 +345,7 @@
// Create a SSLContext ( to create the ssl factory )
// This is the only way to use server sockets with JSSE 1.0.1
- com.ibm.net.ssl.SSLContext context =
- com.ibm.net.ssl.SSLContext.getInstance(protocol); //
SSL
+ SSLContext context = SSLContext.getInstance(protocol); // SSL
// init context with the key managers
context.init(kmf.getKeyManagers(), tm,
1.1
xml-axis/java/src/org/apache/axis/components/net/IBMFakeTrustSocketFactory.java
Index: IBMFakeTrustSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import java.util.Hashtable;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.X509TrustManager;
/**
* Hook for Axis sender, allowing unsigned server certs
*/
public class IBMFakeTrustSocketFactory extends IBMJSSESocketFactory {
/** Field log */
protected static Log log =
LogFactory.getLog(IBMFakeTrustSocketFactory.class.getName());
/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/
public IBMFakeTrustSocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* Method getContext
*
* @return
*
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom());
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00"));
}
return sc;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
}
}
/**
* Class FakeX509TrustManager
*/
public static class FakeX509TrustManager implements X509TrustManager
{
/** Field log */
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/
public boolean isClientTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03"));
}
return true;
}
/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/
public boolean isServerTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04"));
}
return true;
}
/**
* Method getAcceptedIssuers
*
* @return
*/
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05"));
}
return null;
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/JDK14FakeTrustSocketFactory.java
Index: JDK14FakeTrustSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import java.util.Hashtable;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* Hook for Axis sender, allowing unsigned server certs
*/
public class JDK14FakeTrustSocketFactory extends JDK14JSSESocketFactory {
/** Field log */
protected static Log log =
LogFactory.getLog(JDK14FakeTrustSocketFactory.class.getName());
/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/
public JDK14FakeTrustSocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* Method getContext
*
* @return
*
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom());
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00"));
}
return sc;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
}
}
/**
* Class FakeX509TrustManager
*/
public static class FakeX509TrustManager implements X509TrustManager
{
/** Field log */
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/
public void
checkClientTrusted(java.security.cert.X509Certificate[] chain,
String arg)
throws java.security.cert.CertificateException
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03"));
}
}
/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/
public void
checkServerTrusted(java.security.cert.X509Certificate[] chain,
String arg)
throws java.security.cert.CertificateException
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04"));
}
}
/**
* Method getAcceptedIssuers
*
* @return
*/
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05"));
}
return null;
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/SunFakeTrustSocketFactory.java
Index: SunFakeTrustSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import java.util.Hashtable;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
/**
* Hook for Axis sender, allowing unsigned server certs
*/
public class SunFakeTrustSocketFactory extends SunJSSESocketFactory {
/** Field log */
protected static Log log =
LogFactory.getLog(SunFakeTrustSocketFactory.class.getName());
/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/
public SunFakeTrustSocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* Method getContext
*
* @return
*
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom());
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00"));
}
return sc;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
}
}
/**
* Class FakeX509TrustManager
*/
public static class FakeX509TrustManager implements X509TrustManager
{
/** Field log */
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/
public boolean isClientTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03"));
}
return true;
}
/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/
public boolean isServerTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04"));
}
return true;
}
/**
* Method getAcceptedIssuers
*
* @return
*/
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05"));
}
return null;
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/SecureSocketFactory.java
Index: SecureSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2002 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
/**
* Secure Socket factory.
* This has a separate interface to allow discovery (by interface)
* and runtime distinction to be made between Socket & SecureSockets.
*
* @author Richard A. Sitze
* @author Davanum Srinivas ([EMAIL PROTECTED])
*/
public interface SecureSocketFactory extends SocketFactory {
}
1.1
