You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@synapse.apache.org by ve...@apache.org on 2009/03/18 20:39:22 UTC

svn commit: r755711 - in /synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp: HttpCoreNIOSSLSender.java NoValidateCertTrustManager.java

Author: veithen
Date: Wed Mar 18 19:39:22 2009
New Revision: 755711

URL: http://svn.apache.org/viewvc?rev=755711&view=rev
Log:
Allow to disable server certificate validation (trust) in HttpCoreNIOSSLSender. This is useful in dev and test environments and when doing proof-of-concepts. Of course it should not be used in production and a warning is logged to remind the user of this when validation is disabled. (No documentation update because there is no documentation for the HTTP NIO transport yet) 

Added:
    synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java   (with props)
Modified:
    synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java

Modified: synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java?rev=755711&r1=755710&r2=755711&view=diff
==============================================================================
--- synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java (original)
+++ synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java Wed Mar 18 19:39:22 2009
@@ -28,6 +28,7 @@
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.description.Parameter;
 import org.apache.axis2.description.TransportOutDescription;
+import org.apache.axis2.transport.base.ParamUtils;
 import org.apache.axiom.om.OMElement;
 
 import javax.net.ssl.*;
@@ -97,7 +98,13 @@
             }
         }
 
+        boolean novalidatecert = ParamUtils.getOptionalParamBoolean(transportOut, "novalidatecert", false);
+
         if (trustParam != null) {
+            if (novalidatecert) {
+                log.warn("Ignoring novalidatecert parameter since a truststore has been specified");
+            }
+            
             OMElement tsEle      = trustParam.getParameterElement().getFirstElement();
             String location      = tsEle.getFirstChildWithName(new QName("Location")).getText();
             String type          = tsEle.getFirstChildWithName(new QName("Type")).getText();
@@ -128,6 +135,9 @@
                     } catch (IOException ignore) {}
                 }
             }
+        } else if (novalidatecert) {
+            log.warn("Server certificate validation (trust) has been disabled. DO NOT USE IN PRODUCTION!");
+            trustManagers = new TrustManager[] { new NoValidateCertTrustManager() };
         }
 
         try {

Added: synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java?rev=755711&view=auto
==============================================================================
--- synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java (added)
+++ synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java Wed Mar 18 19:39:22 2009
@@ -0,0 +1,44 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ */
+
+package org.apache.synapse.transport.nhttp;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * Trust manager accepting any certificate.
+ */
+public class NoValidateCertTrustManager implements X509TrustManager {
+    public void checkClientTrusted(X509Certificate[] chain, String authType)
+            throws CertificateException {
+        // Do nothing: we accept any certificate
+    }
+
+    public void checkServerTrusted(X509Certificate[] chain, String authType)
+            throws CertificateException {
+        // Do nothing: we accept any certificate
+    }
+
+    public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+    }
+}

Propchange: synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java
------------------------------------------------------------------------------
    svn:eol-style = native