You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@synapse.apache.org by ve...@apache.org on 2009/03/18 20:39:22 UTC
svn commit: r755711 - in
/synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp:
HttpCoreNIOSSLSender.java NoValidateCertTrustManager.java
Author: veithen
Date: Wed Mar 18 19:39:22 2009
New Revision: 755711
URL: http://svn.apache.org/viewvc?rev=755711&view=rev
Log:
Allow to disable server certificate validation (trust) in HttpCoreNIOSSLSender. This is useful in dev and test environments and when doing proof-of-concepts. Of course it should not be used in production and a warning is logged to remind the user of this when validation is disabled. (No documentation update because there is no documentation for the HTTP NIO transport yet)
Added:
synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java (with props)
Modified:
synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
Modified: synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java?rev=755711&r1=755710&r2=755711&view=diff
==============================================================================
--- synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java (original)
+++ synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java Wed Mar 18 19:39:22 2009
@@ -28,6 +28,7 @@
import org.apache.axis2.AxisFault;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.description.TransportOutDescription;
+import org.apache.axis2.transport.base.ParamUtils;
import org.apache.axiom.om.OMElement;
import javax.net.ssl.*;
@@ -97,7 +98,13 @@
}
}
+ boolean novalidatecert = ParamUtils.getOptionalParamBoolean(transportOut, "novalidatecert", false);
+
if (trustParam != null) {
+ if (novalidatecert) {
+ log.warn("Ignoring novalidatecert parameter since a truststore has been specified");
+ }
+
OMElement tsEle = trustParam.getParameterElement().getFirstElement();
String location = tsEle.getFirstChildWithName(new QName("Location")).getText();
String type = tsEle.getFirstChildWithName(new QName("Type")).getText();
@@ -128,6 +135,9 @@
} catch (IOException ignore) {}
}
}
+ } else if (novalidatecert) {
+ log.warn("Server certificate validation (trust) has been disabled. DO NOT USE IN PRODUCTION!");
+ trustManagers = new TrustManager[] { new NoValidateCertTrustManager() };
}
try {
Added: synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java?rev=755711&view=auto
==============================================================================
--- synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java (added)
+++ synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java Wed Mar 18 19:39:22 2009
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.synapse.transport.nhttp;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * Trust manager accepting any certificate.
+ */
+public class NoValidateCertTrustManager implements X509TrustManager {
+ public void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ // Do nothing: we accept any certificate
+ }
+
+ public void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException {
+ // Do nothing: we accept any certificate
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
+ }
+}
Propchange: synapse/trunk/java/modules/transports/src/main/java/org/apache/synapse/transport/nhttp/NoValidateCertTrustManager.java
------------------------------------------------------------------------------
svn:eol-style = native