Author: dkulp Date: Fri Oct 23 20:53:29 2009 New Revision: 829232 URL: http://svn.apache.org/viewvc?rev=829232&view=rev Log: Merged revisions 828790 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.2.x-fixes
................ r828790 | dkulp | 2009-10-22 13:25:29 -0400 (Thu, 22 Oct 2009) | 9 lines Merged revisions 828789 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r828789 | dkulp | 2009-10-22 13:22:30 -0400 (Thu, 22 Oct 2009) | 1 line [CXF-1459] Another attempt at trying to get https working with weblogic ........ ................ Modified: cxf/branches/2.1.x-fixes/ (props changed) cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Propchange: cxf/branches/2.1.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java URL: http://svn.apache.org/viewvc/cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=829232&r1=829231&r2=829232&view=diff ============================================================================== --- cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original) +++ cxf/branches/2.1.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Fri Oct 23 20:53:29 2009 @@ -20,6 +20,7 @@ package org.apache.cxf.transport.https; import java.io.IOException; +import java.lang.reflect.Constructor; import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; import java.net.HttpURLConnection; @@ -32,11 +33,14 @@ import java.util.logging.Logger; import javax.imageio.IIOException; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.common.util.ReflectionInvokationHandler; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.transport.http.HttpURLConnectionFactory; @@ -60,17 +64,7 @@ private static final Logger LOG = LogUtils.getL7dLogger(HttpsURLConnectionFactory.class); - /* - * For development and testing only - */ - private static final String[] UNSUPPORTED = - {"SessionCaching", "SessionCacheKey", "MaxChainLength", - "CertValidator", "ProxyHost", "ProxyPort"}; - - /* - * For development and testing only - */ - private static final String[] DERIVATIVE = {"CiphersuiteFilters"}; + private static boolean weblogicWarned; /** * This field holds the conduit to which this connection factory @@ -89,10 +83,6 @@ * Cache the last SSLContext to avoid recreation */ SSLSocketFactory socketFactory; - - private Class deprecatedSunHttpsURLConnectionClass; - - private Class deprecatedSunHostnameVerifierClass; /** * This constructor initialized the factory with the configured TLS @@ -147,8 +137,6 @@ throw new IIOException("Error while initializing secure socket", ex); } } - } else { - assert false; } return connection; @@ -187,9 +175,27 @@ ? SSLContext.getInstance(protocol) : SSLContext.getInstance(protocol, provider); + + + TrustManager[] trustAllCerts = tlsClientParameters.getTrustManagers(); + /* + TrustManager[] trustAllCerts = new TrustManager[] { + new javax.net.ssl.X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + */ ctx.init( - tlsClientParameters.getKeyManagers(), - tlsClientParameters.getTrustManagers(), + tlsClientParameters.getKeyManagers(), + trustAllCerts, tlsClientParameters.getSecureRandom()); // The "false" argument means opposite of exclude. @@ -205,70 +211,76 @@ tlsClientParameters.getSecureSocketProtocol()); } + HostnameVerifier verifier = tlsClientParameters.isDisableCNCheck() + ? CertificateHostnameVerifier.ALLOW_ALL : CertificateHostnameVerifier.DEFAULT; if (connection instanceof HttpsURLConnection) { // handle the expected case (javax.net.ssl) HttpsURLConnection conn = (HttpsURLConnection) connection; - if (tlsClientParameters.isDisableCNCheck()) { - conn.setHostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL); - } else { - conn.setHostnameVerifier(CertificateHostnameVerifier.DEFAULT); - } + conn.setHostnameVerifier(verifier); conn.setSSLSocketFactory(socketFactory); } else { - // handle the deprecated sun case + // handle the deprecated sun case and other possible hidden API's + // that are similar to the Sun cases try { - Class<?> connectionClass = getDeprecatedSunHttpsURLConnectionClass(); - Class<?> verifierClass = getDeprecatedSunHostnameVerifierClass(); - Method setHostnameVerifier = connectionClass.getMethod("setHostnameVerifier", verifierClass); - InvocationHandler handler = new InvocationHandler() { + Method method = connection.getClass().getMethod("getHostnameVerifier"); + + InvocationHandler handler = new ReflectionInvokationHandler(verifier) { public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { - return true; + try { + return super.invoke(proxy, method, args); + } catch (Exception ex) { + return true; + } } }; Object proxy = java.lang.reflect.Proxy.newProxyInstance(this.getClass().getClassLoader(), - new Class[] {verifierClass}, - handler); - setHostnameVerifier.invoke(connectionClass.cast(connection), verifierClass.cast(proxy)); - Method setSSLSocketFactory = connectionClass.getMethod("setSSLSocketFactory", - SSLSocketFactory.class); - setSSLSocketFactory.invoke(connectionClass.cast(connection), socketFactory); + new Class[] {method.getReturnType()}, + handler); + + method = connection.getClass().getMethod("setHostnameVerifier", method.getReturnType()); + method.invoke(connection, proxy); + } catch (Exception ex) { + //Ignore this one + } + try { + Method getSSLSocketFactory = connection.getClass().getMethod("getSSLSocketFactory"); + Method setSSLSocketFactory = connection.getClass() + .getMethod("setSSLSocketFactory", getSSLSocketFactory.getReturnType()); + if (getSSLSocketFactory.getReturnType().isInstance(socketFactory)) { + setSSLSocketFactory.invoke(connection, socketFactory); + } else { + //need to see if we can create one - mostly the weblogic case. The + //weblogic SSLSocketFactory has a protected constructor that can take + //a JSSE SSLSocketFactory so we'll try and use that + Constructor c = getSSLSocketFactory.getReturnType() + .getDeclaredConstructor(SSLSocketFactory.class); + c.setAccessible(true); + setSSLSocketFactory.invoke(connection, c.newInstance(socketFactory)); + } } catch (Exception ex) { + if (connection.getClass().getName().contains("weblogic")) { + if (!weblogicWarned) { + weblogicWarned = true; + LOG.warning("Could not configure SSLSocketFactory on Weblogic. " + + " Use the Weblogic control panel to configure the SSL settings."); + } + return; + } + //if we cannot set the SSLSocketFactor, we're in serious trouble. throw new IllegalArgumentException("Error decorating connection class " + connection.getClass().getName(), ex); } } } - private Class getDeprecatedSunHttpsURLConnectionClass() throws ClassNotFoundException { - if (deprecatedSunHttpsURLConnectionClass == null) { - deprecatedSunHttpsURLConnectionClass = Class.forName("com.sun.net.ssl.HttpsURLConnection"); - } - return deprecatedSunHttpsURLConnectionClass; - } - - private Class getDeprecatedSunHostnameVerifierClass() throws ClassNotFoundException { - if (deprecatedSunHostnameVerifierClass == null) { - deprecatedSunHostnameVerifierClass = Class.forName("com.sun.net.ssl.HostnameVerifier"); - } - return deprecatedSunHostnameVerifierClass; - } - /* * For development and testing only */ protected void addLogHandler(Handler handler) { LOG.addHandler(handler); } - - protected String[] getUnSupported() { - return UNSUPPORTED; - } - - protected String[] getDerivative() { - return DERIVATIVE; - } /** * This operation returns an HttpsURLConnectionInfo for the
