You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by rs...@apache.org on 2002/10/10 00:08:27 UTC
cvs commit: xml-axis/java/src/org/apache/axis/components/net JDK14FakeTrustSocketFactory.java JDK14JSSESocketFactory.java
rsitze 2002/10/09 15:08:27
Modified: java/src/org/apache/axis/components/net
JDK14FakeTrustSocketFactory.java
JDK14JSSESocketFactory.java
Log:
Moving toward portable JSSE solution..
Revision Changes Path
1.2 +67 -66 xml-axis/java/src/org/apache/axis/components/net/JDK14FakeTrustSocketFactory.java
Index: JDK14FakeTrustSocketFactory.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/components/net/JDK14FakeTrustSocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JDK14FakeTrustSocketFactory.java 8 Oct 2002 22:23:59 -0000 1.1
+++ JDK14FakeTrustSocketFactory.java 9 Oct 2002 22:08:26 -0000 1.2
@@ -60,9 +60,8 @@
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.SSLSocketFactory;
+
/**
* Hook for Axis sender, allowing unsigned server certs
@@ -89,18 +88,20 @@
*
* @throws Exception
*/
- protected SSLContext getContext() throws Exception {
+ protected SSLSocketFactory createSocketFactory() throws Exception {
try {
- SSLContext sc = SSLContext.getInstance("SSL");
-
- sc.init(null, // we don't need no stinkin KeyManager
- new TrustManager[]{new FakeX509TrustManager()},
- new java.security.SecureRandom());
- if (log.isDebugEnabled()) {
- log.debug(Messages.getMessage("ftsf00"));
- }
- return sc;
+// SSLContext sc = SSLContext.getInstance("SSL");
+//
+// sc.init(null, // we don't need no stinkin KeyManager
+// new TrustManager[]{new FakeX509TrustManager()},
+// new java.security.SecureRandom());
+// if (log.isDebugEnabled()) {
+// log.debug(Messages.getMessage("ftsf00"));
+// }
+// return sc.getSocketFactory();
+/* don't break build */
+return null;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
@@ -110,57 +111,57 @@
/**
* Class FakeX509TrustManager
*/
- public static class FakeX509TrustManager implements X509TrustManager {
-
- /** Field log */
- protected static Log log =
- LogFactory.getLog(FakeX509TrustManager.class.getName());
-
- /**
- * Method isClientTrusted
- *
- * @param chain
- *
- * @return
- */
- public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
- String arg)
- throws java.security.cert.CertificateException
- {
-
- if (log.isDebugEnabled()) {
- log.debug(Messages.getMessage("ftsf03"));
- }
- }
-
- /**
- * Method isServerTrusted
- *
- * @param chain
- *
- * @return
- */
- public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
- String arg)
- throws java.security.cert.CertificateException
- {
-
- if (log.isDebugEnabled()) {
- log.debug(Messages.getMessage("ftsf04"));
- }
- }
-
- /**
- * Method getAcceptedIssuers
- *
- * @return
- */
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-
- if (log.isDebugEnabled()) {
- log.debug(Messages.getMessage("ftsf05"));
- }
- return null;
- }
- }
+// public static class FakeX509TrustManager implements X509TrustManager {
+//
+// /** Field log */
+// protected static Log log =
+// LogFactory.getLog(FakeX509TrustManager.class.getName());
+//
+// /**
+// * Method isClientTrusted
+// *
+// * @param chain
+// *
+// * @return
+// */
+// public void checkClientTrusted(java.security.cert.X509Certificate[] chain,
+// String arg)
+// throws java.security.cert.CertificateException
+// {
+//
+// if (log.isDebugEnabled()) {
+// log.debug(Messages.getMessage("ftsf03"));
+// }
+// }
+//
+// /**
+// * Method isServerTrusted
+// *
+// * @param chain
+// *
+// * @return
+// */
+// public void checkServerTrusted(java.security.cert.X509Certificate[] chain,
+// String arg)
+// throws java.security.cert.CertificateException
+// {
+//
+// if (log.isDebugEnabled()) {
+// log.debug(Messages.getMessage("ftsf04"));
+// }
+// }
+//
+// /**
+// * Method getAcceptedIssuers
+// *
+// * @return
+// */
+// public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+//
+// if (log.isDebugEnabled()) {
+// log.debug(Messages.getMessage("ftsf05"));
+// }
+// return null;
+// }
+// }
}
1.2 +68 -63 xml-axis/java/src/org/apache/axis/components/net/JDK14JSSESocketFactory.java
Index: JDK14JSSESocketFactory.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/components/net/JDK14JSSESocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- JDK14JSSESocketFactory.java 8 Oct 2002 22:23:59 -0000 1.1
+++ JDK14JSSESocketFactory.java 9 Oct 2002 22:08:26 -0000 1.2
@@ -54,18 +54,6 @@
*/
package org.apache.axis.components.net;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.axis.AxisProperties;
-import org.apache.axis.utils.JavaUtils;
-import org.apache.axis.utils.Messages;
-import org.apache.axis.utils.XMLUtils;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -76,9 +64,16 @@
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;
-import java.security.Security;
import java.util.Hashtable;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.axis.AxisProperties;
+import org.apache.axis.utils.Messages;
+import org.apache.axis.utils.XMLUtils;
+
+
/**
* SSL socket factory. It _requires_ a valid RSA key and
* JSSE. (borrowed code from tomcat)
@@ -89,12 +84,6 @@
*/
public class JDK14JSSESocketFactory extends DefaultSocketFactory {
- /** Field keystoreType */
- private String keystoreType;
-
- /** Field defaultKeystoreType */
- static String defaultKeystoreType = "JKS";
-
/** Field defaultProtocol */
static String defaultProtocol = "TLS";
@@ -114,8 +103,6 @@
static String defaultKeystoreFile =
System.getProperty("user.home") + "/.keystore";
- /** Field defaultKeyPass */
- static String defaultKeyPass = "changeit";
/**
* Constructor JSSESocketFactory
@@ -262,16 +249,15 @@
private void initFactory() throws IOException {
try {
- Security.addProvider(new sun.security.provider.Sun());
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
-
- if(attributes == null) {
+ sslFactory = null;
+
+ if (attributes != null) {
+ sslFactory = createSocketFactory();
+ }
+
+ if(sslFactory == null) {
//No configuration specified. Get the default.
- sslFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
- } else {
- //Configuration specified in wsdd.
- SSLContext context = getContext();
- sslFactory = context.getSocketFactory();
+ sslFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
}
} catch (Exception e) {
if (e instanceof IOException) {
@@ -287,26 +273,39 @@
* @return SSLContext
* @throws Exception
*/
- protected SSLContext getContext() throws Exception {
+ protected SSLSocketFactory createSocketFactory() throws Exception {
// Please don't change the name of the attribute - other
// software may depend on it ( j2ee for sure )
- String keystoreFile = (String) attributes.get("keystore");
+ //
+ // Adding checks for system property as-per JSSE 1.0.3 users guide.
+ // Added alternate 'attribute' name also, just to be thorough.
+
+ String keystoreFile = AxisProperties.getProperty("javax.net.ssl.keyStore");
if (keystoreFile == null) {
- keystoreFile = defaultKeystoreFile;
+ keystoreFile = (String) attributes.get("javax.net.ssl.keyStore");
+ if (keystoreFile == null) {
+ keystoreFile = (String) attributes.get("keystore");
+ if (keystoreFile == null) {
+ keystoreFile = defaultKeystoreFile;
+ }
+ }
}
- keystoreType = (String) attributes.get("keystoreType");
+ String keystoreType = AxisProperties.getProperty("javax.net.ssl.keyStoreType");
if (keystoreType == null) {
- keystoreType = defaultKeystoreType;
+ keystoreType = (String) attributes.get("javax.net.ssl.keyStoreType");
+ if (keystoreType == null) {
+ keystoreType = (String) attributes.get("keystoreType");
+ if (keystoreType == null) {
+ keystoreType = KeyStore.getDefaultType();
+ }
+ }
}
// determine whether we want client authentication
// the presence of the attribute enables client auth
clientAuth = null != (String) attributes.get("clientauth");
String keyPass = (String) attributes.get("keypass");
- if (keyPass == null) {
- keyPass = defaultKeyPass;
- }
String keystorePass = (String) attributes.get("keystorePass");
if (keystorePass == null) {
@@ -327,31 +326,34 @@
// You can't use ssl without a server certificate.
// Create a KeyStore ( to get server certs )
- KeyStore kstore = initKeyStore(keystoreFile, keystorePass);
+ KeyStore kstore = initKeyStore(keystoreFile, keystorePass, keystoreType);
// Key manager will extract the server key
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
-
- kmf.init(kstore, keyPass.toCharArray());
-
- // If client authentication is needed, set up TrustManager
- TrustManager[] tm = null;
-
- if (clientAuth) {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-
- tmf.init(kstore);
- tm = tmf.getTrustManagers();
- }
-
- // Create a SSLContext ( to create the ssl factory )
- // This is the only way to use server sockets with JSSE 1.0.1
- SSLContext context = SSLContext.getInstance(protocol); // SSL
-
- // init context with the key managers
- context.init(kmf.getKeyManagers(), tm,
- new java.security.SecureRandom());
- return context;
+// KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
+//
+// kmf.init(kstore, keyPass.toCharArray());
+//
+// // If client authentication is needed, set up TrustManager
+// TrustManager[] tm = null;
+//
+// if (clientAuth) {
+// TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+//
+// tmf.init(kstore);
+// tm = tmf.getTrustManagers();
+// }
+//
+// // Create a SSLContext ( to create the ssl factory )
+// // This is the only way to use server sockets with JSSE 1.0.1
+// SSLContext context = SSLContext.getInstance(protocol); // SSL
+//
+// // init context with the key managers
+// context.init(kmf.getKeyManagers(), tm,
+// new java.security.SecureRandom());
+//
+// return context.getSocketFactory();
+/* don't break build */
+return null;
}
/**
@@ -363,8 +365,11 @@
* @return keystore
* @throws IOException
*/
- private KeyStore initKeyStore(String keystoreFile, String keyPass)
- throws IOException {
+ private static KeyStore initKeyStore(String keystoreFile,
+ String keyPass,
+ String keystoreType)
+ throws IOException
+ {
try {
KeyStore kstore = KeyStore.getInstance(keystoreType);