You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wink.apache.org by ro...@apache.org on 2010/07/23 17:17:47 UTC
svn commit: r967127 - in /incubator/wink/trunk:
wink-client-apache-httpclient/src/main/java/org/apache/wink/client/internal/handlers/
wink-client/src/main/java/org/apache/wink/client/
wink-client/src/main/java/org/apache/wink/client/internal/handlers/
Author: rott
Date: Fri Jul 23 15:17:47 2010
New Revision: 967127
URL: http://svn.apache.org/viewvc?rev=967127&view=rev
Log:
WINK-242: support SSL hostname verifier bypass
Modified:
incubator/wink/trunk/wink-client-apache-httpclient/src/main/java/org/apache/wink/client/internal/handlers/ApacheHttpClientConnectionHandler.java
incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java
incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/internal/handlers/HttpURLConnectionHandler.java
Modified: incubator/wink/trunk/wink-client-apache-httpclient/src/main/java/org/apache/wink/client/internal/handlers/ApacheHttpClientConnectionHandler.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-client-apache-httpclient/src/main/java/org/apache/wink/client/internal/handlers/ApacheHttpClientConnectionHandler.java?rev=967127&r1=967126&r2=967127&view=diff
==============================================================================
--- incubator/wink/trunk/wink-client-apache-httpclient/src/main/java/org/apache/wink/client/internal/handlers/ApacheHttpClientConnectionHandler.java (original)
+++ incubator/wink/trunk/wink-client-apache-httpclient/src/main/java/org/apache/wink/client/internal/handlers/ApacheHttpClientConnectionHandler.java Fri Jul 23 15:17:47 2010
@@ -24,8 +24,15 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
import java.util.List;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.http.Header;
@@ -38,6 +45,9 @@ import org.apache.http.client.methods.Ht
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.params.ClientPNames;
import org.apache.http.conn.params.ConnRoutePNames;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.CoreConnectionPNames;
@@ -74,7 +84,7 @@ public class ApacheHttpClientConnectionH
}
private HttpResponse processRequest(ClientRequest request, HandlerContext context)
- throws IOException {
+ throws IOException, KeyManagementException, NoSuchAlgorithmException {
HttpClient client = openConnection(request);
// TODO: move this functionality to the base class
NonCloseableOutputStream ncos = new NonCloseableOutputStream();
@@ -123,7 +133,7 @@ public class ApacheHttpClientConnectionH
return httpRequest;
}
- private HttpClient openConnection(ClientRequest request) {
+ private HttpClient openConnection(ClientRequest request) throws NoSuchAlgorithmException, KeyManagementException {
if (this.httpclient != null) {
return this.httpclient;
}
@@ -145,7 +155,33 @@ public class ApacheHttpClientConnectionH
params.setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(config.getProxyHost(),
config.getProxyPort()));
}
+
HttpClient httpclient = new DefaultHttpClient(params);
+
+ if (config.getBypassHostnameVerification()) {
+ SSLContext sslcontext = SSLContext.getInstance("TLS");
+ sslcontext.init(null, null, null);
+
+ SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
+ sf.setHostnameVerifier(new X509HostnameVerifier() {
+
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+
+ public void verify(String host, String[] cns, String[] subjectAlts)
+ throws SSLException {
+ }
+
+ public void verify(String host, X509Certificate cert) throws SSLException {
+ }
+
+ public void verify(String host, SSLSocket ssl) throws IOException {
+ }
+ });
+ httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", sf,
+ 443));
+ }
return httpclient;
}
Modified: incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java?rev=967127&r1=967126&r2=967127&view=diff
==============================================================================
--- incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java (original)
+++ incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java Fri Jul 23 15:17:47 2010
@@ -61,6 +61,7 @@ public class ClientConfig implements Clo
private boolean modifiable;
private boolean isAcceptHeaderAutoSet;
private boolean loadWinkApplications = true;
+ private boolean bypassHostnameVerification = false;
private static final String WINK_CLIENT_CONNECTTIMEOUT =
"wink.client.connectTimeout"; //$NON-NLS-1$
@@ -483,4 +484,24 @@ public class ClientConfig implements Clo
this.properties = properties;
}
+ /**
+ * Get whether or not hostname verification will be bypassed for SSL
+ * certificates.
+ *
+ * @return Whether or not hostname verification will be bypassed for SSL
+ * certificates
+ */
+ public boolean getBypassHostnameVerification() {
+ return bypassHostnameVerification;
+ }
+
+ /**
+ * Set whether or not hostname verification to bypass hostname verification
+ * for SSL certificates. Default value is false.
+ *
+ * @param bypassHostnameVerification true to bypass hostname verification
+ */
+ public void setBypassHostnameVerification(boolean bypassHostnameVerification) {
+ this.bypassHostnameVerification = bypassHostnameVerification;
+ }
}
Modified: incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/internal/handlers/HttpURLConnectionHandler.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/internal/handlers/HttpURLConnectionHandler.java?rev=967127&r1=967126&r2=967127&view=diff
==============================================================================
--- incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/internal/handlers/HttpURLConnectionHandler.java (original)
+++ incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/internal/handlers/HttpURLConnectionHandler.java Fri Jul 23 15:17:47 2010
@@ -29,6 +29,9 @@ import java.net.Proxy;
import java.net.URL;
import java.util.List;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
@@ -39,9 +42,13 @@ import org.apache.wink.client.ClientResp
import org.apache.wink.client.handlers.HandlerContext;
import org.apache.wink.client.internal.ClientUtils;
import org.apache.wink.common.internal.WinkConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class HttpURLConnectionHandler extends AbstractConnectionHandler {
+ private static final Logger logger = LoggerFactory.getLogger(HttpURLConnectionHandler.class);
+
public ClientResponse handle(ClientRequest request, HandlerContext context) throws Exception {
try {
HttpURLConnection connection = processRequest(request, context);
@@ -58,7 +65,28 @@ public class HttpURLConnectionHandler ex
NonCloseableOutputStream ncos = new NonCloseableOutputStream();
OutputStream os = ncos;
processRequestHeaders(request, connection);
- connection.connect();
+ HostnameVerifier hv = null;
+ boolean bypassHostnameVerification =
+ ((ClientConfig)request.getAttribute(WinkConfiguration.class))
+ .getBypassHostnameVerification() && (connection instanceof HttpsURLConnection);
+ if (bypassHostnameVerification) {
+ HttpsURLConnection https = ((HttpsURLConnection)connection);
+ hv = https.getHostnameVerifier();
+ https.setHostnameVerifier(new HostnameVerifier() {
+ public boolean verify(String urlHostName, SSLSession session) {
+ logger.debug("Bypassing hostname verification: URL host is " + urlHostName
+ + ", SSLSession host is "
+ + session.getPeerHost());
+ return true;
+ }
+ });
+ }
+ try {
+ connection.connect();
+ } finally {
+ if (bypassHostnameVerification)
+ ((HttpsURLConnection)connection).setHostnameVerifier(hv);
+ }
if (request.getEntity() != null) {
ncos.setOutputStream(connection.getOutputStream());
os = adaptOutputStream(ncos, request, context.getOutputStreamAdapters());