Author: arunpatidar
Date: Sat Jul 2 08:50:31 2016
New Revision: 1751040
URL: http://svn.apache.org/viewvc?rev=1751040&view=rev
Log:
Applied patch from jira issue - OFBIZ-7551 - Enforce noninstantiability to
SSLUtil class. Thanks Rishi solanki and Rohit Koushal for your contribution.
Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java
ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java
ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java
(original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java Sat Jul
2 08:50:31 2016
@@ -40,7 +40,7 @@ public class HttpClient {
public static final String module = HttpClient.class.getName();
- private int hostVerification = SSLUtil.HOSTCERT_NORMAL_CHECK;
+ private int hostVerification = SSLUtil.getHostCertNormalCheck();
private int timeout = 30000;
private boolean debug = false;
private boolean lineFeed = true;
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java Sat Jul 2
08:50:31 2016
@@ -49,20 +49,57 @@ import org.ofbiz.base.config.GenericConf
* KeyStoreUtil - Utilities for setting up SSL connections with specific
client certificates
*
*/
-public class SSLUtil {
+public final class SSLUtil {
public static final String module = SSLUtil.class.getName();
- public static final int HOSTCERT_NO_CHECK = 0;
- public static final int HOSTCERT_MIN_CHECK = 1;
- public static final int HOSTCERT_NORMAL_CHECK = 2;
+ private static final int HOSTCERT_NO_CHECK = 0;
+ private static final int HOSTCERT_MIN_CHECK = 1;
+ private static final int HOSTCERT_NORMAL_CHECK = 2;
private static boolean loadedProps = false;
+ private SSLUtil () {}
+
static {
SSLUtil.loadJsseProperties();
}
+ private static class TrustAnyManager implements X509TrustManager {
+
+ public void checkClientTrusted(X509Certificate[] certs, String string)
throws CertificateException {
+ Debug.logImportant("Trusting (un-trusted) client certificate
chain:", module);
+ for (X509Certificate cert: certs) {
+ Debug.logImportant("---- " +
cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(),
module);
+
+ }
+ }
+
+ public void checkServerTrusted(X509Certificate[] certs, String string)
throws CertificateException {
+ Debug.logImportant("Trusting (un-trusted) server certificate
chain:", module);
+ for (X509Certificate cert: certs) {
+ Debug.logImportant("---- " +
cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(),
module);
+ }
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
+ }
+ }
+
+
+ public static int getHostCertNoCheck() {
+ return HOSTCERT_NO_CHECK;
+ }
+
+ public static int getHostCertMinCheck() {
+ return HOSTCERT_MIN_CHECK;
+ }
+
+ public static int getHostCertNormalCheck() {
+ return HOSTCERT_NORMAL_CHECK;
+ }
+
public static boolean isClientTrusted(X509Certificate[] chain, String
authType) {
TrustManager[] mgrs = new TrustManager[0];
try {
@@ -278,26 +315,4 @@ public class SSLUtil {
loadedProps = true;
}
}
-
- static class TrustAnyManager implements X509TrustManager {
-
- public void checkClientTrusted(X509Certificate[] certs, String string)
throws CertificateException {
- Debug.logImportant("Trusting (un-trusted) client certificate
chain:", module);
- for (X509Certificate cert: certs) {
- Debug.logImportant("---- " +
cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(),
module);
-
- }
- }
-
- public void checkServerTrusted(X509Certificate[] certs, String string)
throws CertificateException {
- Debug.logImportant("Trusting (un-trusted) server certificate
chain:", module);
- for (X509Certificate cert: certs) {
- Debug.logImportant("---- " +
cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(),
module);
- }
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
- }
}
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java
(original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java Sat
Jul 2 08:50:31 2016
@@ -81,11 +81,11 @@ public class URLConnector {
}
public static URLConnection openConnection(URL url, int timeout) throws
IOException {
- return openConnection(url, timeout, null,
SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, timeout, null,
SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openConnection(URL url, String
clientCertAlias) throws IOException {
- return openConnection(url, 30000, clientCertAlias,
SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, 30000, clientCertAlias,
SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openConnection(URL url, int timeout, String
clientCertAlias, int hostCertLevel) throws IOException {
@@ -99,11 +99,11 @@ public class URLConnector {
}
public static URLConnection openUntrustedConnection(URL url, int timeout)
throws IOException {
- return openConnection(url, timeout, null,
SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, timeout, null,
SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openUntrustedConnection(URL url, String
clientCertAlias) throws IOException {
- return openConnection(url, 30000, clientCertAlias,
SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, 30000, clientCertAlias,
SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openUntrustedConnection(URL url, int timeout,
String clientCertAlias, int hostCertLevel) throws IOException {
Modified:
ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
---
ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
(original)
+++
ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
Sat Jul 2 08:50:31 2016
@@ -98,7 +98,7 @@ public class AliasSupportedTransportFact
HttpsURLConnection scon = (HttpsURLConnection) con;
try {
scon.setSSLSocketFactory(SSLUtil.getSSLSocketFactory(ks,
password, alias));
-
scon.setHostnameVerifier(SSLUtil.getHostnameVerifier(SSLUtil.HOSTCERT_MIN_CHECK));
+
scon.setHostnameVerifier(SSLUtil.getHostnameVerifier(SSLUtil.getHostCertMinCheck()));
} catch (GeneralException e) {
throw new IOException(e.getMessage());
} catch (GeneralSecurityException e) {
Modified:
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
---
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java
(original)
+++
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java
Sat Jul 2 08:50:31 2016
@@ -50,7 +50,7 @@ public class WidgetMacroLibraryTests ext
HttpClient http = new HttpClient();
http.followRedirects(true);
http.setAllowUntrusted(true);
- http.setHostVerificationLevel(SSLUtil.HOSTCERT_NO_CHECK);
+ http.setHostVerificationLevel(SSLUtil.getHostCertNoCheck());
return http;
}
Modified:
ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java
(original)
+++ ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java Sat
Jul 2 08:50:31 2016
@@ -703,7 +703,7 @@ public class OagisServices {
HttpClient http = new HttpClient(sendToUrl);
// test parameters
- http.setHostVerificationLevel(SSLUtil.HOSTCERT_NO_CHECK);
+ http.setHostVerificationLevel(SSLUtil.getHostCertNoCheck());
http.setAllowUntrusted(true);
http.setDebug(true);
