You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by ol...@apache.org on 2011/08/29 15:00:32 UTC
svn commit: r1162779 - in /maven/wagon/trunk/wagon-providers:
wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/
wagon-http/ wagon-http/src/test/java/org/apache/maven/wagon/providers/http/
Author: olamy
Date: Mon Aug 29 13:00:32 2011
New Revision: 1162779
URL: http://svn.apache.org/viewvc?rev=1162779&view=rev
Log:
allow by default some easy ssl which disable ssl check : certificate validity, hostname verification
Added:
maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java
Modified:
maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java
maven/wagon/trunk/wagon-providers/wagon-http/pom.xml
maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java
Modified: maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java
URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java?rev=1162779&r1=1162778&r2=1162779&view=diff
==============================================================================
--- maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java (original)
+++ maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/AbstractHttpClientWagon.java Mon Aug 29 13:00:32 2011
@@ -37,6 +37,10 @@ import org.apache.http.client.params.Cli
import org.apache.http.client.params.CookiePolicy;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnRoutePNames;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
@@ -60,6 +64,9 @@ import org.apache.maven.wagon.resource.R
import org.codehaus.plexus.util.IOUtil;
import org.codehaus.plexus.util.StringUtils;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
@@ -67,6 +74,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URLEncoder;
+import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
@@ -212,16 +220,44 @@ public abstract class AbstractHttpClient
private DefaultHttpClient client;
+ /**
+ * @since 2.0
+ */
protected static ClientConnectionManager connectionManagerPooled;
+ /**
+ * @since 2.0
+ */
protected ClientConnectionManager clientConnectionManager = new SingleClientConnManager();
- // olamy make pool option enable by default
- protected static boolean useClientManagerSingle = Boolean.getBoolean( "maven.wagon.httpconnectionManager.notpooled" );
+ /**
+ * olamy make pool option enable by default
+ *
+ * @since 2.0
+ */
+ protected static boolean useClientManagerPooled =
+ Boolean.valueOf( System.getProperty( "maven.wagon.http.pool", "true" ) );
+
+ /**
+ * @since 2.0
+ */
+ protected static boolean sslEasy = Boolean.valueOf( System.getProperty( "maven.wagon.http.ssl.easy", "true" ) );
+
+ /**
+ * @since 2.0
+ */
+ protected static boolean sslAllowAll =
+ Boolean.valueOf( System.getProperty( "maven.wagon.http.ssl.allowall", "true" ) );
+
+ /**
+ * @since 2.0
+ */
+ protected static boolean IGNORE_SSL_VALIDITY_DATES =
+ Boolean.valueOf( System.getProperty( "maven.wagon.http.ssl.ignore.validity.dates", "true" ) );
static
{
- if ( useClientManagerSingle )
+ if ( !useClientManagerPooled )
{
System.out.println( "http connection pool disabled in wagon http" );
}
@@ -236,6 +272,23 @@ public abstract class AbstractHttpClient
threadSafeClientConnManager.setDefaultMaxPerRoute( maxPerRoute );
threadSafeClientConnManager.setMaxTotal( maxTotal );
+ if ( sslEasy )
+ {
+ try
+ {
+ SSLSocketFactory sslSocketFactory =
+ new SSLSocketFactory( EasyX509TrustManager.createEasySSLContext(), sslAllowAll
+ ? new EasyHostNameVerifier()
+ : new BrowserCompatHostnameVerifier() );
+ Scheme httpsScheme = new Scheme( "https", 443, sslSocketFactory );
+
+ threadSafeClientConnManager.getSchemeRegistry().register( httpsScheme );
+ }
+ catch ( IOException e )
+ {
+ throw new RuntimeException( "failed to init SSLSocket Factory " + e.getMessage(), e );
+ }
+ }
System.out.println( " wagon http use multi threaded http connection manager maxPerRoute "
+ threadSafeClientConnManager.getDefaultMaxPerRoute() + ", max total "
+ threadSafeClientConnManager.getMaxTotal() );
@@ -244,11 +297,42 @@ public abstract class AbstractHttpClient
}
}
- protected ClientConnectionManager getConnectionManager()
+ /**
+ * disable all host name verification
+ * @since 2.0
+ */
+ private static class EasyHostNameVerifier
+ implements X509HostnameVerifier
+ {
+ public void verify( String s, SSLSocket sslSocket )
+ throws IOException
+ {
+ //no op
+ }
+
+ public void verify( String s, X509Certificate x509Certificate )
+ throws SSLException
+ {
+ //no op
+ }
+
+ public void verify( String s, String[] strings, String[] strings1 )
+ throws SSLException
+ {
+ //no op
+ }
+
+ public boolean verify( String s, SSLSession sslSession )
+ {
+ return true;
+ }
+ }
+
+ public ClientConnectionManager getConnectionManager()
{
- if ( useClientManagerSingle )
+ if ( !useClientManagerPooled )
{
- return clientConnectionManager;
+ return clientConnectionManager;
}
return connectionManagerPooled;
}
@@ -258,9 +342,9 @@ public abstract class AbstractHttpClient
connectionManagerPooled = clientConnectionManager;
}
- public static void setUseNonPooledConnectionManager( boolean useNonPooledConnectionManager )
+ public static void setUseClientManagerPooled( boolean pooledClientManager )
{
- useClientManagerSingle = useNonPooledConnectionManager;
+ useClientManagerPooled = pooledClientManager;
}
/**
@@ -275,7 +359,6 @@ public abstract class AbstractHttpClient
repository.setUrl( getURL( repository ) );
client = new DefaultHttpClient( getConnectionManager() );
-
// WAGON-273: default the cookie-policy to browser compatible
client.getParams().setParameter( ClientPNames.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY );
@@ -337,7 +420,7 @@ public abstract class AbstractHttpClient
public void closeConnection()
{
- if ( useClientManagerSingle )
+ if ( !useClientManagerPooled )
{
getConnectionManager().shutdown();
}
Added: maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java
URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java?rev=1162779&view=auto
==============================================================================
--- maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java (added)
+++ maven/wagon/trunk/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http/EasyX509TrustManager.java Mon Aug 29 13:00:32 2011
@@ -0,0 +1,127 @@
+package org.apache.maven.wagon.shared.http;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author Olivier Lamy
+ * @since 2.0
+ */
+public class EasyX509TrustManager
+ implements X509TrustManager
+{
+ private X509TrustManager standardTrustManager = null;
+
+
+ protected static SSLContext createEasySSLContext()
+ throws IOException
+ {
+ try
+ {
+ SSLContext context = SSLContext.getInstance( "SSL" );
+ context.init( null, new TrustManager[]{ new EasyX509TrustManager( null ) }, null );
+ return context;
+ }
+ catch ( Exception e )
+ {
+ throw new IOException( e.getMessage(), e );
+ }
+ }
+
+ /**
+ * Constructor for EasyX509TrustManager.
+ */
+ public EasyX509TrustManager( KeyStore keystore )
+ throws NoSuchAlgorithmException, KeyStoreException
+ {
+ super();
+ TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
+ factory.init( keystore );
+ TrustManager[] trustmanagers = factory.getTrustManagers();
+ if ( trustmanagers.length == 0 )
+ {
+ throw new NoSuchAlgorithmException( "no trust manager found" );
+ }
+ this.standardTrustManager = (X509TrustManager) trustmanagers[0];
+ }
+
+ /**
+ * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String authType)
+ */
+ public void checkClientTrusted( X509Certificate[] certificates, String authType )
+ throws CertificateException
+ {
+ System.out.println( "checkClientTrusted" );
+ standardTrustManager.checkClientTrusted( certificates, authType );
+ }
+
+ /**
+ * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType)
+ */
+ public void checkServerTrusted( X509Certificate[] certificates, String authType )
+ throws CertificateException
+ {
+
+ if ( ( certificates != null ) && ( certificates.length == 1 ) )
+ {
+ try
+ {
+ certificates[0].checkValidity();
+ }
+ catch ( CertificateExpiredException e )
+ {
+ if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
+ {
+ throw e;
+ }
+ }
+ catch ( CertificateNotYetValidException e )
+ {
+ if ( !AbstractHttpClientWagon.IGNORE_SSL_VALIDITY_DATES )
+ {
+ throw e;
+ }
+ }
+ }
+ else
+ {
+ standardTrustManager.checkServerTrusted( certificates, authType );
+ }
+ }
+
+ /**
+ * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
+ */
+ public X509Certificate[] getAcceptedIssuers()
+ {
+ return this.standardTrustManager.getAcceptedIssuers();
+ }
+}
Modified: maven/wagon/trunk/wagon-providers/wagon-http/pom.xml
URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http/pom.xml?rev=1162779&r1=1162778&r2=1162779&view=diff
==============================================================================
--- maven/wagon/trunk/wagon-providers/wagon-http/pom.xml (original)
+++ maven/wagon/trunk/wagon-providers/wagon-http/pom.xml Mon Aug 29 13:00:32 2011
@@ -112,7 +112,7 @@ under the License.
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<systemPropertyVariables>
- <maven.wagon.httpconnectionManager.notpooled>${http.pool}</maven.wagon.httpconnectionManager.notpooled>
+ <maven.wagon.http.pool>${http.pool}</maven.wagon.http.pool>
</systemPropertyVariables>
</configuration>
</plugin>
Modified: maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java
URL: http://svn.apache.org/viewvc/maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java?rev=1162779&r1=1162778&r2=1162779&view=diff
==============================================================================
--- maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java (original)
+++ maven/wagon/trunk/wagon-providers/wagon-http/src/test/java/org/apache/maven/wagon/providers/http/HttpWagonTest.java Mon Aug 29 13:00:32 2011
@@ -19,7 +19,9 @@ package org.apache.maven.wagon.providers
* under the License.
*/
+import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.maven.wagon.StreamingWagon;
+import org.apache.maven.wagon.Wagon;
import org.apache.maven.wagon.http.HttpWagonTestCase;
import org.apache.maven.wagon.shared.http.HttpConfiguration;
import org.apache.maven.wagon.shared.http.HttpMethodConfiguration;
@@ -50,6 +52,14 @@ public class HttpWagonTest
HttpMethodConfiguration methodConfiguration = new HttpMethodConfiguration();
methodConfiguration.setHeaders( properties );
config.setAll( methodConfiguration );
- ((HttpWagon) wagon).setHttpConfiguration( config );
+ ( (HttpWagon) wagon ).setHttpConfiguration( config );
+ }
+
+ public void testDefaultPooledConnectionManager()
+ throws Exception
+ {
+ HttpWagon wagon = (HttpWagon) lookup( Wagon.class, "http" );
+ assertTrue( wagon.getConnectionManager() instanceof ThreadSafeClientConnManager );
+
}
}