You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2018/10/30 15:36:23 UTC
svn commit: r1845245 - in
/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud:
AbstractStreamProvider.java CertificateStreamProvider.java
InsecureStreamProvider.java TokenStreamProvider.java
Author: remm
Date: Tue Oct 30 15:36:22 2018
New Revision: 1845245
URL: http://svn.apache.org/viewvc?rev=1845245&view=rev
Log:
Refactor to reduce code duplication (the default host verification behavior should be better to use).
Modified:
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java
tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java
Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java?rev=1845245&r1=1845244&r2=1845245&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java (original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/AbstractStreamProvider.java Tue Oct 30 15:36:22 2018
@@ -18,12 +18,15 @@
package org.apache.catalina.tribes.membership.cloud;
import java.io.IOException;
+import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
@@ -50,6 +53,11 @@ public abstract class AbstractStreamProv
};
/**
+ * @return the socket factory, or null if not needed
+ */
+ protected abstract SSLSocketFactory getSocketFactory();
+
+ /**
* Open URL connection to the specified URL.
* @param url the url
* @param headers the headers map
@@ -79,4 +87,21 @@ public abstract class AbstractStreamProv
return connection;
}
+ @Override
+ public InputStream openStream(String url, Map<String, String> headers,
+ int connectTimeout, int readTimeout) throws IOException {
+ URLConnection connection = openConnection(url, headers, connectTimeout, readTimeout);
+ if (connection instanceof HttpsURLConnection) {
+ ((HttpsURLConnection) connection).setSSLSocketFactory(getSocketFactory());
+ if (log.isDebugEnabled()) {
+ log.debug(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].", getSocketFactory(), url));
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug(String.format("Using URLConnection for url [%s].", url));
+ }
+ }
+ return connection.getInputStream();
+ }
+
}
Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java?rev=1845245&r1=1845244&r2=1845245&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java (original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java Tue Oct 30 15:36:22 2018
@@ -20,15 +20,12 @@ package org.apache.catalina.tribes.membe
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URLConnection;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.Map;
-import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -56,21 +53,8 @@ public class CertificateStreamProvider e
}
@Override
- public InputStream openStream(String url, Map<String, String> headers, int connectTimeout, int readTimeout) throws IOException {
- URLConnection connection = openConnection(url, headers, connectTimeout, readTimeout);
- if (connection instanceof HttpsURLConnection) {
- HttpsURLConnection httpsConnection = HttpsURLConnection.class.cast(connection);
- //httpsConnection.setHostnameVerifier(InsecureStreamProvider.INSECURE_HOSTNAME_VERIFIER);
- httpsConnection.setSSLSocketFactory(factory);
- if (log.isDebugEnabled()) {
- log.debug(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].", factory, url));
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug(String.format("Using URLConnection for url [%s].", url));
- }
- }
- return connection.getInputStream();
+ protected SSLSocketFactory getSocketFactory() {
+ return factory;
}
private static KeyManager[] configureClientCert(String clientCertFile, String clientKeyFile, char[] clientKeyPassword, String clientKeyAlgo) throws Exception {
Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java?rev=1845245&r1=1845244&r2=1845245&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java (original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/InsecureStreamProvider.java Tue Oct 30 15:36:22 2018
@@ -17,54 +17,20 @@
package org.apache.catalina.tribes.membership.cloud;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URLConnection;
-import java.util.Map;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
-import org.apache.juli.logging.Log;
-import org.apache.juli.logging.LogFactory;
-
public class InsecureStreamProvider extends AbstractStreamProvider {
- private static final Log log = LogFactory.getLog(InsecureStreamProvider.class);
-
- private static final HostnameVerifier INSECURE_HOSTNAME_VERIFIER = new HostnameVerifier() {
- @Override
- public boolean verify(String arg0, SSLSession arg1) {
- return true;
- }
- };
-
private final SSLSocketFactory factory;
InsecureStreamProvider() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
- context.init(null, INSECURE_TRUST_MANAGERS, null);
+ context.init(null, INSECURE_TRUST_MANAGERS, null);
factory = context.getSocketFactory();
}
@Override
- public InputStream openStream(String url, Map<String, String> headers, int connectTimeout, int readTimeout) throws IOException {
- URLConnection connection = openConnection(url, headers, connectTimeout, readTimeout);
- if (connection instanceof HttpsURLConnection) {
- HttpsURLConnection httpsConnection = HttpsURLConnection.class.cast(connection);
- httpsConnection.setHostnameVerifier(INSECURE_HOSTNAME_VERIFIER);
- httpsConnection.setSSLSocketFactory(factory);
- if (log.isDebugEnabled()) {
- log.debug(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].", factory, url));
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug(String.format("Using URLConnection for url [%s].", url));
- }
- }
- return connection.getInputStream();
+ protected SSLSocketFactory getSocketFactory() {
+ return factory;
}
-
}
\ No newline at end of file
Modified: tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java?rev=1845245&r1=1845244&r2=1845245&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java (original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java Tue Oct 30 15:36:22 2018
@@ -22,13 +22,11 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URLConnection;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Map;
-import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
@@ -45,9 +43,18 @@ public class TokenStreamProvider extends
private String caCertFile;
private SSLSocketFactory factory;
- TokenStreamProvider(String token, String caCertFile) {
+ TokenStreamProvider(String token, String caCertFile) throws Exception {
this.token = token;
this.caCertFile = caCertFile;
+ TrustManager[] trustManagers = configureCaCert(this.caCertFile);
+ SSLContext context = SSLContext.getInstance("TLS");
+ context.init(null, trustManagers, null);
+ this.factory = context.getSocketFactory();
+ }
+
+ @Override
+ protected SSLSocketFactory getSocketFactory() {
+ return factory;
}
@Override
@@ -57,26 +64,10 @@ public class TokenStreamProvider extends
if (token != null) {
headers.put("Authorization", "Bearer " + token);
}
-
- // Open HTTP connection
- URLConnection connection = openConnection(url, headers, connectTimeout, readTimeout);
-
- if (connection instanceof HttpsURLConnection) {
- HttpsURLConnection httpsConnection = HttpsURLConnection.class.cast(connection);
- //httpsConnection.setHostnameVerifier(InsecureStreamProvider.INSECURE_HOSTNAME_VERIFIER);
- httpsConnection.setSSLSocketFactory(getSSLSocketFactory());
- if (log.isDebugEnabled()) {
- log.debug(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].", factory, url));
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug(String.format("Using URLConnection for url [%s].", url));
- }
- }
-
try {
- return connection.getInputStream();
+ return super.openStream(url, headers, connectTimeout, readTimeout);
} catch (IOException e) {
+ // Add debug information
throw new IOException(sm.getString("tokenStream.failedConnection", url, token, caCertFile), e);
}
}
@@ -110,22 +101,4 @@ public class TokenStreamProvider extends
}
}
- private SSLSocketFactory getSSLSocketFactory() throws IOException {
- if(this.factory == null) {
- synchronized(this) {
- if(this.factory == null) {
- try {
- TrustManager[] trustManagers = configureCaCert(this.caCertFile);
- SSLContext context = SSLContext.getInstance("TLS");
- context.init(null, trustManagers, null);
- this.factory = context.getSocketFactory();
- } catch(Exception e) {
- throw new IOException(e);
- }
- }
- }
- }
- return this.factory;
- }
-
}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org