You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by ol...@apache.org on 2013/10/22 05:04:43 UTC
[5/9] git commit: Use SSLContextBuilder provided by HttpClient to
create custom SSL contexts
Use SSLContextBuilder provided by HttpClient to create custom SSL contexts
Project: http://git-wip-us.apache.org/repos/asf/maven-wagon/repo
Commit: http://git-wip-us.apache.org/repos/asf/maven-wagon/commit/008accb6
Tree: http://git-wip-us.apache.org/repos/asf/maven-wagon/tree/008accb6
Diff: http://git-wip-us.apache.org/repos/asf/maven-wagon/diff/008accb6
Branch: refs/heads/master
Commit: 008accb65f4c49d20c9ca2117ad9a71e4eb3d2a6
Parents: dc8f00e
Author: Oleg Kalnichevski <ol...@apache.org>
Authored: Tue Sep 24 14:55:23 2013 +0200
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Tue Sep 24 14:55:23 2013 +0200
----------------------------------------------------------------------
.../providers/http/AbstractHttpClientWagon.java | 26 +++-
.../providers/http/RelaxedTrustStrategy.java | 85 ++++++++++++
.../providers/http/RelaxedX509TrustManager.java | 132 -------------------
3 files changed, 106 insertions(+), 137 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/maven-wagon/blob/008accb6/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/AbstractHttpClientWagon.java
----------------------------------------------------------------------
diff --git a/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/AbstractHttpClientWagon.java b/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/AbstractHttpClientWagon.java
index 0b683ae..0fd7ada 100755
--- a/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/AbstractHttpClientWagon.java
+++ b/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/AbstractHttpClientWagon.java
@@ -28,6 +28,9 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
@@ -37,6 +40,7 @@ import java.util.TimeZone;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
@@ -63,6 +67,8 @@ import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.SSLInitializationException;
import org.apache.http.entity.AbstractHttpEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
@@ -281,11 +287,21 @@ public abstract class AbstractHttpClientWagon
SSLConnectionSocketFactory sslConnectionSocketFactory;
if ( SSL_INSECURE )
{
- sslConnectionSocketFactory = new SSLConnectionSocketFactory(
- RelaxedX509TrustManager.createRelaxedSSLContext(IGNORE_SSL_VALIDITY_DATES),
- sslProtocols,
- cipherSuites,
- SSL_ALLOW_ALL ? SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER );
+ try {
+ SSLContext sslContext = new SSLContextBuilder()
+ .useSSL()
+ .loadTrustMaterial(null, new RelaxedTrustStrategy(IGNORE_SSL_VALIDITY_DATES))
+ .build();
+ sslConnectionSocketFactory = new SSLConnectionSocketFactory(
+ sslContext,
+ sslProtocols,
+ cipherSuites,
+ SSL_ALLOW_ALL ? SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER );
+ }
+ catch (Exception ex)
+ {
+ throw new SSLInitializationException(ex.getMessage(), ex);
+ }
}
else
{
http://git-wip-us.apache.org/repos/asf/maven-wagon/blob/008accb6/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedTrustStrategy.java
----------------------------------------------------------------------
diff --git a/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedTrustStrategy.java b/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedTrustStrategy.java
new file mode 100644
index 0000000..c700218
--- /dev/null
+++ b/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedTrustStrategy.java
@@ -0,0 +1,85 @@
+package org.apache.maven.wagon.providers.http;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.http.conn.ssl.SSLInitializationException;
+import org.apache.http.conn.ssl.TrustStrategy;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+
+/**
+ * Relaxed X509 certificate trust manager: can ignore invalid certificate date.
+ *
+ * @author Olivier Lamy
+ * @since 2.0
+ */
+public class RelaxedTrustStrategy
+ implements TrustStrategy
+{
+ private final boolean ignoreSSLValidityDates;
+
+ public RelaxedTrustStrategy(boolean ignoreSSLValidityDates)
+ {
+ this.ignoreSSLValidityDates = ignoreSSLValidityDates;
+ }
+
+ public boolean isTrusted(X509Certificate[] certificates, String authType)
+ throws CertificateException
+ {
+ if ( ( certificates != null ) && ( certificates.length == 1 ) )
+ {
+ try
+ {
+ certificates[0].checkValidity();
+ }
+ catch ( CertificateExpiredException e )
+ {
+ if ( !ignoreSSLValidityDates )
+ {
+ throw e;
+ }
+ }
+ catch ( CertificateNotYetValidException e )
+ {
+ if ( !ignoreSSLValidityDates )
+ {
+ throw e;
+ }
+ }
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/maven-wagon/blob/008accb6/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedX509TrustManager.java
----------------------------------------------------------------------
diff --git a/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedX509TrustManager.java b/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedX509TrustManager.java
deleted file mode 100644
index 6d54059..0000000
--- a/wagon-providers/wagon-http/src/main/java/org/apache/maven/wagon/providers/http/RelaxedX509TrustManager.java
+++ /dev/null
@@ -1,132 +0,0 @@
-package org.apache.maven.wagon.providers.http;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.http.conn.ssl.SSLInitializationException;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-
-/**
- * Relaxed X509 certificate trust manager: can ignore invalid certificate date.
- *
- * @author Olivier Lamy
- * @since 2.0
- */
-public class RelaxedX509TrustManager
- implements X509TrustManager
-{
- private final X509TrustManager standardTrustManager;
- private final boolean ignoreSSLValidityDates;
-
- public static SSLContext createRelaxedSSLContext( boolean ignoreSSLValidityDates )
- {
- try
- {
- SSLContext context = SSLContext.getInstance( "SSL" );
- context.init( null, new TrustManager[]{
- new RelaxedX509TrustManager( null, ignoreSSLValidityDates ) }, null );
- return context;
- }
- catch ( Exception e )
- {
- throw new SSLInitializationException(e.getMessage(), e);
- }
- }
-
- /**
- * Constructor for EasyX509TrustManager.
- */
- public RelaxedX509TrustManager( KeyStore keystore, boolean ignoreSSLValidityDates )
- throws NoSuchAlgorithmException, KeyStoreException
- {
- super();
- TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
- factory.init( keystore );
- TrustManager[] trustmanagers = factory.getTrustManagers();
- if ( trustmanagers.length == 0 )
- {
- throw new NoSuchAlgorithmException( "no trust manager found" );
- }
- this.standardTrustManager = (X509TrustManager) trustmanagers[0];
- this.ignoreSSLValidityDates = ignoreSSLValidityDates;
- }
-
- /**
- * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String authType)
- */
- public void checkClientTrusted( X509Certificate[] certificates, String authType )
- throws CertificateException
- {
- standardTrustManager.checkClientTrusted( certificates, authType );
- }
-
- /**
- * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String authType)
- */
- public void checkServerTrusted( X509Certificate[] certificates, String authType )
- throws CertificateException
- {
-
- if ( ( certificates != null ) && ( certificates.length == 1 ) )
- {
- try
- {
- certificates[0].checkValidity();
- }
- catch ( CertificateExpiredException e )
- {
- if ( !ignoreSSLValidityDates )
- {
- throw e;
- }
- }
- catch ( CertificateNotYetValidException e )
- {
- if ( !ignoreSSLValidityDates )
- {
- throw e;
- }
- }
- }
- else
- {
- standardTrustManager.checkServerTrusted( certificates, authType );
- }
- }
-
- /**
- * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
- */
- public X509Certificate[] getAcceptedIssuers()
- {
- return this.standardTrustManager.getAcceptedIssuers();
- }
-}