[GitHub] incubator-griffin pull request #441: [GRIFFIN-207] LDAP login service improv...

Mon, 22 Oct 2018 18:45:20 -0700 

Github user whhe commented on a diff in the pull request:

    https://github.com/apache/incubator-griffin/pull/441#discussion_r227194519
  
    --- Diff: 
service/src/main/java/org/apache/griffin/core/login/ldap/SelfSignedSocketFactory.java
 ---
    @@ -0,0 +1,100 @@
    +/*
    +Licensed to the Apache Software Foundation (ASF) under one
    +or more contributor license agreements.  See the NOTICE file
    +distributed with this work for additional information
    +regarding copyright ownership.  The ASF licenses this file
    +to you under the Apache License, Version 2.0 (the
    +"License"); you may not use this file except in compliance
    +with the License.  You may obtain a copy of the License at
    +
    +  http://www.apache.org/licenses/LICENSE-2.0
    +
    +Unless required by applicable law or agreed to in writing,
    +software distributed under the License is distributed on an
    +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    +KIND, either express or implied.  See the License for the
    +specific language governing permissions and limitations
    +under the License.
    +*/
    +
    +package org.apache.griffin.core.login.ldap;
    +
    +import javax.net.SocketFactory;
    +import javax.net.ssl.SSLContext;
    +import javax.net.ssl.SSLSocketFactory;
    +import javax.net.ssl.TrustManager;
    +import javax.net.ssl.X509TrustManager;
    +import java.io.IOException;
    +import java.net.InetAddress;
    +import java.net.Socket;
    +import java.net.UnknownHostException;
    +import java.security.cert.CertificateException;
    +import java.security.cert.X509Certificate;
    +
    +/**
    + * SocketFactory ignoring insecure (self-signed, expired) certificates.
    + *
    + * Maintains internal {@code SSLSocketFactory} configured with {@code 
NoopTrustManager}.
    + * All SocketFactory methods are proxied to internal SSLSocketFactory 
instance.
    + * Accepts all client and server certificates, from any issuers.
    + */
    +public class SelfSignedSocketFactory extends SocketFactory {
    +    private SSLSocketFactory sf;
    +
    +    private SelfSignedSocketFactory() throws Exception {
    +        SSLContext ctx = SSLContext.getInstance("TLS");
    +        ctx.init(null, new TrustManager[]{new NoopTrustManager()}, null);
    +        sf = ctx.getSocketFactory();
    +    }
    +
    +    /**
    +     * Part of SocketFactory contract, used by javax.net internals to 
create new instance.
    +     */
    +    public static SocketFactory getDefault() {
    +        try {
    +            return new SelfSignedSocketFactory();
    +        } catch (Exception e) {
    +            throw new RuntimeException(e);
    --- End diff --
    
    It is not recommended to throw RuntimeException directly in Griffin, maybe 
you can use ServiceException from GriffinException class instead.


---

Reply via email to