You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Richard Sitze <rs...@us.ibm.com> on 2002/10/09 01:40:58 UTC
Re: cvs commit: xml-axis/java/xmls targets.xml
Dug, you assume that I have a direction :-)
Seriously,
What I've done is
a) rename the files that had dependencies on com.sun.* to Sun*.
b) for symmetry, I added IBMFakeTrustSocketFactory. How it's used, I
don't know.
The JDK14 use the javax version of *some* of the classes, but there are
still sun.com.* dependencies. This could potentially be the common impl,
but it should be noted that the API's change... particularly between
Sun/IBMFakeTrustSocketFactory and JDK14FakeTrustSocketFactory.
Note also that this is for JDK14. It's not clear to me if someone
intended the sun/ibm for pre-1.4 or not. If it IS assumed that the base
for this level of support is 14, then having it as a default dependency is
even more wrong than it was originally (this is suppose to be 1.3+ based,
right?).
Regardless, I agree with your concerns, I'm simply trying to move some
small step forward. Dims really needs to step in here, or some one who
better understands the security. Minimum, we need a lively discussion to
make some decisions.
<ras>
*******************************************
Richard A. Sitze
IBM WebSphere WebServices Development
Doug Davis/Raleigh/IBM@IBMUS
10/08/2002 05:56 PM
Please respond to axis-dev
To: axis-dev@xml.apache.org
cc:
Subject: Re: cvs commit: xml-axis/java/xmls targets.xml
Richard,
I'm still confused by the direction you and Dims are going with all of
this - perhaps I just don't understand what's involved with j2ee but why
do
we need to have Sun, IBM and JDK14 versions of these files? Continuing
down this path we'll be force to add code to Axis for each and every impl.
We don't have this issue with parsers - people can any impl just so long
as
they adhere to the interfaces. Isn't J2EE the same way?
-Dug
rsitze@apache.org on 10/08/2002 06:24:00 PM
Please respond to axis-dev@xml.apache.org
To: xml-axis-cvs@apache.org
cc:
Subject: cvs commit: xml-axis/java/xmls targets.xml
rsitze 2002/10/08 15:24:00
Modified: java/src/org/apache/axis/components/net
SocketFactoryFactory.java
IBMJSSESocketFactory.java
java/lib commons-discovery.jar
java/src/org/apache/axis/transport/http HTTPSender.java
java/src/org/apache/axis/configuration
EngineConfigurationFactoryFinder.java
java/src/org/apache/axis AxisProperties.java
java build.xml
java/xmls targets.xml
Added: java/src/org/apache/axis/components/net
IBMFakeTrustSocketFactory.java
JDK14FakeTrustSocketFactory.java
SunFakeTrustSocketFactory.java
SecureSocketFactory.java SunJSSESocketFactory.java
JDK14JSSESocketFactory.java
Removed: java/src/org/apache/axis/components/net
FakeTrustSocketFactory.java JSSESocketFactory.java
java/src/org/apache/axis/discovery
DiscoverOldNamesInManagedProperties.java
DiscoverConstNames.java
Log:
work around components.net.*:
- Moved JSSE (and Fake*) classes to Sun*.
- Introduced JDK14* version, though they need more work/cleanup.
- No way to configure SocketFactory and SecureSocketFactories
separately, so added new interface SecureSocketFactory to
key off of during discovery process.
other:
- Moved discovery helper classes to discovery.
Revision Changes Path
1.8 +27 -35
xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java
Index: SocketFactoryFactory.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/SocketFactoryFactory.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- SocketFactoryFactory.java 8 Oct 2002 17:55:33 -0000
1.7
+++ SocketFactoryFactory.java 8 Oct 2002 22:23:59 -0000
1.8
@@ -79,53 +79,45 @@
LogFactory.getLog(SocketFactoryFactory.class.getName());
/** socket factory */
- private static SocketFactory theFactory = null;
-
- /** secure socket factory */
- private static SocketFactory theSecureFactory = null;
+ private static Hashtable factories = new Hashtable();
private static final Class classes[] = new Class[] {
Hashtable.class
};
/**
* Returns a copy of the environment's default socket factory.
- *
+ *
+ * @param protocol Today this only supports "http" & "https".
* @param attributes
*
* @return
*/
- public static synchronized SocketFactory getFactory(Hashtable
attributes) {
+ public static synchronized SocketFactory getFactory(String
protocol,
+ Hashtable
attributes) {
+ SocketFactory theFactory =
(SocketFactory)factories.get(protocol);
+
if (theFactory == null) {
Object objects[] = new Object[] { attributes };
-
- theFactory = (SocketFactory)AxisProperties.newInstance(
- new SPInterface(SocketFactory.class,
- "axis.socketFactory",
- classes,
- objects),
-
"org.apache.axis.components.net.DefaultSocketFactory");
+
+ if (protocol.equalsIgnoreCase("http")) {
+ theFactory = (SocketFactory)AxisProperties.newInstance(
+ new SPInterface(SocketFactory.class,
+ "axis.socketFactory",
+ classes,
+ objects),
+
"org.apache.axis.components.net.DefaultSocketFactory");
+ } else if (protocol.equalsIgnoreCase("https")) {
+ theFactory = (SocketFactory)AxisProperties.newInstance(
+ new SPInterface(SecureSocketFactory.class,
+ "axis.socketSecureFactory",
+ classes,
+ objects),
+
"org.apache.axis.components.net.DefaultSecureSocketFactory");
+ }
+
+ if (theFactory != null) {
+ factories.put(protocol, theFactory);
+ }
}
return theFactory;
- }
-
- /**
- * Returns a copy of the environment's default secure socket
factory.
- *
- * @param attributes
- *
- * @return
- */
- public static synchronized SocketFactory getSecureFactory(
- Hashtable attributes) {
- if (theSecureFactory == null) {
- Object objects[] = new Object[] { attributes };
-
- theSecureFactory =
(SocketFactory)AxisProperties.newInstance(
- new SPInterface(SocketFactory.class,
- "axis.socketSecureFactory",
- classes,
- objects),
-
"org.apache.axis.components.net.DefaultSecureSocketFactory");
- }
- return theSecureFactory;
}
}
1.2 +10 -8
xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java
Index: IBMJSSESocketFactory.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/components/net/IBMJSSESocketFactory.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- IBMJSSESocketFactory.java 8 Oct 2002 12:12:47 -0000
1.1
+++ IBMJSSESocketFactory.java 8 Oct 2002 22:23:59 -0000
1.2
@@ -55,6 +55,11 @@
package org.apache.axis.components.net;
import com.ibm.net.ssl.SSLContext;
+import com.ibm.net.ssl.KeyManagerFactory;
+import com.ibm.net.ssl.TrustManager;
+import com.ibm.net.ssl.TrustManagerFactory;
+import com.ibm.jsse.JSSEProvider;
+
import org.apache.axis.AxisProperties;
import org.apache.axis.utils.JavaUtils;
import org.apache.axis.utils.Messages;
@@ -281,7 +286,7 @@
* @return SSLContext
* @throws Exception
*/
- protected com.ibm.net.ssl.SSLContext getContext() throws Exception
{
+ protected SSLContext getContext() throws Exception {
// Please don't change the name of the attribute - other
// software may depend on it ( j2ee for sure )
String keystoreFile = (String) attributes.get("keystore");
@@ -324,17 +329,15 @@
KeyStore kstore = initKeyStore(keystoreFile, keystorePass);
// Key manager will extract the server key
- com.ibm.net.ssl.KeyManagerFactory kmf =
-
com.ibm.net.ssl.KeyManagerFactory.getInstance(algorithm);
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(algorithm);
kmf.init(kstore, keyPass.toCharArray());
// If client authentication is needed, set up TrustManager
- com.ibm.net.ssl.TrustManager[] tm = null;
+ TrustManager[] tm = null;
if (clientAuth) {
- com.ibm.net.ssl.TrustManagerFactory tmf =
-
com.ibm.net.ssl.TrustManagerFactory.getInstance("SunX509");
+ TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(kstore);
tm = tmf.getTrustManagers();
@@ -342,8 +345,7 @@
// Create a SSLContext ( to create the ssl factory )
// This is the only way to use server sockets with JSSE 1.0.1
- com.ibm.net.ssl.SSLContext context =
- com.ibm.net.ssl.SSLContext.getInstance(protocol); //
SSL
+ SSLContext context = SSLContext.getInstance(protocol); //
SSL
// init context with the key managers
context.init(kmf.getKeyManagers(), tm,
1.1
xml-axis/java/src/org/apache/axis/components/net/IBMFakeTrustSocketFactory.java
Index: IBMFakeTrustSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software
itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import java.util.Hashtable;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
import com.ibm.net.ssl.SSLContext;
import com.ibm.net.ssl.TrustManager;
import com.ibm.net.ssl.X509TrustManager;
/**
* Hook for Axis sender, allowing unsigned server certs
*/
public class IBMFakeTrustSocketFactory extends IBMJSSESocketFactory {
/** Field log */
protected static Log log =
LogFactory.getLog(IBMFakeTrustSocketFactory.class.getName());
/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/
public IBMFakeTrustSocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* Method getContext
*
* @return
*
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom());
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00"));
}
return sc;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
}
}
/**
* Class FakeX509TrustManager
*/
public static class FakeX509TrustManager implements X509TrustManager
{
/** Field log */
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/
public boolean isClientTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03"));
}
return true;
}
/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/
public boolean isServerTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04"));
}
return true;
}
/**
* Method getAcceptedIssuers
*
* @return
*/
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05"));
}
return null;
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/JDK14FakeTrustSocketFactory.java
Index: JDK14FakeTrustSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software
itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import java.util.Hashtable;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* Hook for Axis sender, allowing unsigned server certs
*/
public class JDK14FakeTrustSocketFactory extends JDK14JSSESocketFactory
{
/** Field log */
protected static Log log =
LogFactory.getLog(JDK14FakeTrustSocketFactory.class.getName());
/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/
public JDK14FakeTrustSocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* Method getContext
*
* @return
*
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom());
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00"));
}
return sc;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
}
}
/**
* Class FakeX509TrustManager
*/
public static class FakeX509TrustManager implements X509TrustManager
{
/** Field log */
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/
public void
checkClientTrusted(java.security.cert.X509Certificate[] chain,
String arg)
throws java.security.cert.CertificateException
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03"));
}
}
/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/
public void
checkServerTrusted(java.security.cert.X509Certificate[] chain,
String arg)
throws java.security.cert.CertificateException
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04"));
}
}
/**
* Method getAcceptedIssuers
*
* @return
*/
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05"));
}
return null;
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/SunFakeTrustSocketFactory.java
Index: SunFakeTrustSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software
itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import java.util.Hashtable;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.utils.Messages;
import org.apache.commons.logging.Log;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;
/**
* Hook for Axis sender, allowing unsigned server certs
*/
public class SunFakeTrustSocketFactory extends SunJSSESocketFactory {
/** Field log */
protected static Log log =
LogFactory.getLog(SunFakeTrustSocketFactory.class.getName());
/**
* Constructor FakeTrustSocketFactory
*
* @param attributes
*/
public SunFakeTrustSocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* Method getContext
*
* @return
*
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, // we don't need no stinkin KeyManager
new TrustManager[]{new FakeX509TrustManager()},
new java.security.SecureRandom());
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf00"));
}
return sc;
} catch (Exception exc) {
log.error(Messages.getMessage("ftsf01"), exc);
throw new Exception(Messages.getMessage("ftsf02"));
}
}
/**
* Class FakeX509TrustManager
*/
public static class FakeX509TrustManager implements X509TrustManager
{
/** Field log */
protected static Log log =
LogFactory.getLog(FakeX509TrustManager.class.getName());
/**
* Method isClientTrusted
*
* @param chain
*
* @return
*/
public boolean isClientTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf03"));
}
return true;
}
/**
* Method isServerTrusted
*
* @param chain
*
* @return
*/
public boolean isServerTrusted(java.security.cert
.X509Certificate[] chain) {
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf04"));
}
return true;
}
/**
* Method getAcceptedIssuers
*
* @return
*/
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("ftsf05"));
}
return null;
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/SecureSocketFactory.java
Index: SecureSocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2002 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software
itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
/**
* Secure Socket factory.
* This has a separate interface to allow discovery (by interface)
* and runtime distinction to be made between Socket & SecureSockets.
*
* @author Richard A. Sitze
* @author Davanum Srinivas (dims@yahoo.com)
*/
public interface SecureSocketFactory extends SocketFactory {
}
1.1
xml-axis/java/src/org/apache/axis/components/net/SunJSSESocketFactory.java
Index: SunJSSESocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software
itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import com.sun.net.ssl.SSLContext;
import org.apache.axis.AxisProperties;
import org.apache.axis.utils.JavaUtils;
import org.apache.axis.utils.Messages;
import org.apache.axis.utils.XMLUtils;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Security;
import java.util.Hashtable;
/**
* SSL socket factory. It _requires_ a valid RSA key and
* JSSE. (borrowed code from tomcat)
*
* @author Davanum Srinivas (dims@yahoo.com)
*/
public class SunJSSESocketFactory extends DefaultSocketFactory {
/** Field keystoreType */
private String keystoreType;
/** Field defaultKeystoreType */
static String defaultKeystoreType = "JKS";
/** Field defaultProtocol */
static String defaultProtocol = "TLS";
/** Field defaultAlgorithm */
static String defaultAlgorithm = "SunX509";
/** Field defaultClientAuth */
static boolean defaultClientAuth = false;
/** Field clientAuth */
private boolean clientAuth = false;
/** Field sslFactory */
private SSLSocketFactory sslFactory = null;
/** Field defaultKeystoreFile */
static String defaultKeystoreFile =
System.getProperty("user.home") + "/.keystore";
/** Field defaultKeyPass */
static String defaultKeyPass = "changeit";
/**
* Constructor JSSESocketFactory
*
* @param attributes
*/
public SunJSSESocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* creates a secure socket
*
* @param host
* @param port
* @param otherHeaders
* @param useFullURL
*
* @return Socket
* @throws Exception
*/
public Socket create(
String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
throws Exception {
Socket sslSocket = null;
if (sslFactory == null) {
initFactory();
}
if (port == -1) {
port = 443;
}
TransportClientProperties tcp =
TransportClientPropertiesFactory.create("https");
boolean hostInNonProxyList = isHostInNonProxyList(host,
tcp.getNonProxyHosts());
if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
// direct SSL connection
sslSocket = sslFactory.createSocket(host, port);
} else {
// Default proxy port is 80, even for https
int tunnelPort = (tcp.getProxyPort().length() != 0)
? Integer.parseInt(tcp.getProxyPort())
: 80;
if (tunnelPort < 0)
tunnelPort = 80;
// Create the regular socket connection to the proxy
Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
// The tunnel handshake method (condensed and made
reflexive)
OutputStream tunnelOutputStream = tunnel.getOutputStream();
PrintWriter out = new PrintWriter(
new BufferedWriter(new
OutputStreamWriter(tunnelOutputStream)));
// More secure version... engage later?
// PasswordAuthentication pa =
// Authenticator.requestPasswordAuthentication(
// InetAddress.getByName(tunnelHost),
// tunnelPort, "SOCK", "Proxy","HTTP");
// if(pa == null){
// printDebug("No Authenticator set.");
// }else{
// printDebug("Using Authenticator.");
// tunnelUser = pa.getUserName();
// tunnelPassword = new String(pa.getPassword());
// }
out.print("CONNECT " + host + ":" + port + " HTTP/1.0\r\n"
+ "User-Agent: AxisClient");
if (tcp.getProxyUser().length() != 0 &&
tcp.getProxyPassword().length() != 0) {
// add basic authentication header for the proxy
String encodedPassword =
XMLUtils.base64encode((tcp.getProxyUser()
+ ":"
+ tcp.getProxyPassword()).getBytes());
out.print("\nProxy-Authorization: Basic " +
encodedPassword);
}
out.print("\nContent-Length: 0");
out.print("\nPragma: no-cache");
out.print("\r\n\r\n");
out.flush();
InputStream tunnelInputStream = tunnel.getInputStream();
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("isNull00",
"tunnelInputStream",
"" + (tunnelInputStream
== null)));
}
String replyStr = "";
// Make sure to read all the response from the proxy to
prevent SSL negotiation failure
// Response message terminated by two sequential newlines
int newlinesSeen = 0;
boolean headerDone = false; /* Done on first newline */
while (newlinesSeen < 2) {
int i = tunnelInputStream.read();
if (i < 0) {
throw new IOException("Unexpected EOF from proxy");
}
if (i == '\n') {
headerDone = true;
++newlinesSeen;
} else if (i != '\r') {
newlinesSeen = 0;
if (!headerDone) {
replyStr += String.valueOf((char) i);
}
}
}
if (!replyStr.startsWith("HTTP/1.0 200")
&& !replyStr.startsWith("HTTP/1.1 200")) {
throw new
IOException(Messages.getMessage("cantTunnel00",
new String[]{
tcp.getProxyHost(),
"" + tunnelPort,
replyStr}));
}
// End of condensed reflective tunnel handshake method
sslSocket = sslFactory.createSocket(tunnel, host, port,
true);
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("setupTunnel00",
tcp.getProxyHost(),
"" + tunnelPort));
}
}
((SSLSocket) sslSocket).startHandshake();
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("createdSSL00"));
}
return sslSocket;
}
/**
* Read the keystore, init the SSL socket factory
*
* @throws IOException
*/
private void initFactory() throws IOException {
try {
Security.addProvider(new sun.security.provider.Sun());
Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
if(attributes == null) {
//No configuration specified. Get the default.
sslFactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
} else {
//Configuration specified in wsdd.
SSLContext context = getContext();
sslFactory = context.getSocketFactory();
}
} catch (Exception e) {
if (e instanceof IOException) {
throw (IOException) e;
}
throw new IOException(e.getMessage());
}
}
/**
* gets a SSL Context
*
* @return SSLContext
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
// Please don't change the name of the attribute - other
// software may depend on it ( j2ee for sure )
String keystoreFile = (String) attributes.get("keystore");
if (keystoreFile == null) {
keystoreFile = defaultKeystoreFile;
}
keystoreType = (String) attributes.get("keystoreType");
if (keystoreType == null) {
keystoreType = defaultKeystoreType;
}
// determine whether we want client authentication
// the presence of the attribute enables client auth
clientAuth = null != (String) attributes.get("clientauth");
String keyPass = (String) attributes.get("keypass");
if (keyPass == null) {
keyPass = defaultKeyPass;
}
String keystorePass = (String) attributes.get("keystorePass");
if (keystorePass == null) {
keystorePass = keyPass;
}
// protocol for the SSL ie - TLS, SSL v3 etc.
String protocol = (String) attributes.get("protocol");
if (protocol == null) {
protocol = defaultProtocol;
}
// Algorithm used to encode the certificate ie - SunX509
String algorithm = (String) attributes.get("algorithm");
if (algorithm == null) {
algorithm = defaultAlgorithm;
}
// You can't use ssl without a server certificate.
// Create a KeyStore ( to get server certs )
KeyStore kstore = initKeyStore(keystoreFile, keystorePass);
// Key manager will extract the server key
com.sun.net.ssl.KeyManagerFactory kmf =
com.sun.net.ssl.KeyManagerFactory.getInstance(algorithm);
kmf.init(kstore, keyPass.toCharArray());
// If client authentication is needed, set up TrustManager
com.sun.net.ssl.TrustManager[] tm = null;
if (clientAuth) {
com.sun.net.ssl.TrustManagerFactory tmf =
com.sun.net.ssl.TrustManagerFactory.getInstance("SunX509");
tmf.init(kstore);
tm = tmf.getTrustManagers();
}
// Create a SSLContext ( to create the ssl factory )
// This is the only way to use server sockets with JSSE 1.0.1
SSLContext context =
com.sun.net.ssl.SSLContext.getInstance(protocol); //
SSL
// init context with the key managers
context.init(kmf.getKeyManagers(), tm,
new java.security.SecureRandom());
return context;
}
/**
* intializes a keystore.
*
* @param keystoreFile
* @param keyPass
*
* @return keystore
* @throws IOException
*/
private KeyStore initKeyStore(String keystoreFile, String keyPass)
throws IOException {
try {
KeyStore kstore = KeyStore.getInstance(keystoreType);
InputStream istream = new FileInputStream(keystoreFile);
kstore.load(istream, keyPass.toCharArray());
return kstore;
} catch (FileNotFoundException fnfe) {
throw fnfe;
} catch (IOException ioe) {
throw ioe;
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException("Exception trying to load keystore "
+ keystoreFile + ": " + ex.getMessage());
}
}
}
1.1
xml-axis/java/src/org/apache/axis/components/net/JDK14JSSESocketFactory.java
Index: JDK14JSSESocketFactory.java
===================================================================
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software
itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.axis.components.net;
import javax.net.ssl.SSLContext;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.axis.AxisProperties;
import org.apache.axis.utils.JavaUtils;
import org.apache.axis.utils.Messages;
import org.apache.axis.utils.XMLUtils;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import java.io.BufferedWriter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Security;
import java.util.Hashtable;
/**
* SSL socket factory. It _requires_ a valid RSA key and
* JSSE. (borrowed code from tomcat)
*
* THIS CODE STILL HAS DEPENDENCIES ON sun.* and com.sun.*
*
* @author Davanum Srinivas (dims@yahoo.com)
*/
public class JDK14JSSESocketFactory extends DefaultSocketFactory {
/** Field keystoreType */
private String keystoreType;
/** Field defaultKeystoreType */
static String defaultKeystoreType = "JKS";
/** Field defaultProtocol */
static String defaultProtocol = "TLS";
/** Field defaultAlgorithm */
static String defaultAlgorithm = "SunX509";
/** Field defaultClientAuth */
static boolean defaultClientAuth = false;
/** Field clientAuth */
private boolean clientAuth = false;
/** Field sslFactory */
private SSLSocketFactory sslFactory = null;
/** Field defaultKeystoreFile */
static String defaultKeystoreFile =
System.getProperty("user.home") + "/.keystore";
/** Field defaultKeyPass */
static String defaultKeyPass = "changeit";
/**
* Constructor JSSESocketFactory
*
* @param attributes
*/
public JDK14JSSESocketFactory(Hashtable attributes) {
super(attributes);
}
/**
* creates a secure socket
*
* @param host
* @param port
* @param otherHeaders
* @param useFullURL
*
* @return Socket
* @throws Exception
*/
public Socket create(
String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
throws Exception {
Socket sslSocket = null;
if (sslFactory == null) {
initFactory();
}
if (port == -1) {
port = 443;
}
TransportClientProperties tcp =
TransportClientPropertiesFactory.create("https");
boolean hostInNonProxyList = isHostInNonProxyList(host,
tcp.getNonProxyHosts());
if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
// direct SSL connection
sslSocket = sslFactory.createSocket(host, port);
} else {
// Default proxy port is 80, even for https
int tunnelPort = (tcp.getProxyPort().length() != 0)
? Integer.parseInt(tcp.getProxyPort())
: 80;
if (tunnelPort < 0)
tunnelPort = 80;
// Create the regular socket connection to the proxy
Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
// The tunnel handshake method (condensed and made
reflexive)
OutputStream tunnelOutputStream = tunnel.getOutputStream();
PrintWriter out = new PrintWriter(
new BufferedWriter(new
OutputStreamWriter(tunnelOutputStream)));
// More secure version... engage later?
// PasswordAuthentication pa =
// Authenticator.requestPasswordAuthentication(
// InetAddress.getByName(tunnelHost),
// tunnelPort, "SOCK", "Proxy","HTTP");
// if(pa == null){
// printDebug("No Authenticator set.");
// }else{
// printDebug("Using Authenticator.");
// tunnelUser = pa.getUserName();
// tunnelPassword = new String(pa.getPassword());
// }
out.print("CONNECT " + host + ":" + port + " HTTP/1.0\r\n"
+ "User-Agent: AxisClient");
if (tcp.getProxyUser().length() != 0 &&
tcp.getProxyPassword().length() != 0) {
// add basic authentication header for the proxy
String encodedPassword =
XMLUtils.base64encode((tcp.getProxyUser()
+ ":"
+ tcp.getProxyPassword()).getBytes());
out.print("\nProxy-Authorization: Basic " +
encodedPassword);
}
out.print("\nContent-Length: 0");
out.print("\nPragma: no-cache");
out.print("\r\n\r\n");
out.flush();
InputStream tunnelInputStream = tunnel.getInputStream();
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("isNull00",
"tunnelInputStream",
"" + (tunnelInputStream
== null)));
}
String replyStr = "";
// Make sure to read all the response from the proxy to
prevent SSL negotiation failure
// Response message terminated by two sequential newlines
int newlinesSeen = 0;
boolean headerDone = false; /* Done on first newline */
while (newlinesSeen < 2) {
int i = tunnelInputStream.read();
if (i < 0) {
throw new IOException("Unexpected EOF from proxy");
}
if (i == '\n') {
headerDone = true;
++newlinesSeen;
} else if (i != '\r') {
newlinesSeen = 0;
if (!headerDone) {
replyStr += String.valueOf((char) i);
}
}
}
if (!replyStr.startsWith("HTTP/1.0 200")
&& !replyStr.startsWith("HTTP/1.1 200")) {
throw new
IOException(Messages.getMessage("cantTunnel00",
new String[]{
tcp.getProxyHost(),
"" + tunnelPort,
replyStr}));
}
// End of condensed reflective tunnel handshake method
sslSocket = sslFactory.createSocket(tunnel, host, port,
true);
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("setupTunnel00",
tcp.getProxyHost(),
"" + tunnelPort));
}
}
((SSLSocket) sslSocket).startHandshake();
if (log.isDebugEnabled()) {
log.debug(Messages.getMessage("createdSSL00"));
}
return sslSocket;
}
/**
* Read the keystore, init the SSL socket factory
*
* @throws IOException
*/
private void initFactory() throws IOException {
try {
Security.addProvider(new sun.security.provider.Sun());
Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider());
if(attributes == null) {
//No configuration specified. Get the default.
sslFactory = (SSLSocketFactory)
SSLSocketFactory.getDefault();
} else {
//Configuration specified in wsdd.
SSLContext context = getContext();
sslFactory = context.getSocketFactory();
}
} catch (Exception e) {
if (e instanceof IOException) {
throw (IOException) e;
}
throw new IOException(e.getMessage());
}
}
/**
* gets a SSL Context
*
* @return SSLContext
* @throws Exception
*/
protected SSLContext getContext() throws Exception {
// Please don't change the name of the attribute - other
// software may depend on it ( j2ee for sure )
String keystoreFile = (String) attributes.get("keystore");
if (keystoreFile == null) {
keystoreFile = defaultKeystoreFile;
}
keystoreType = (String) attributes.get("keystoreType");
if (keystoreType == null) {
keystoreType = defaultKeystoreType;
}
// determine whether we want client authentication
// the presence of the attribute enables client auth
clientAuth = null != (String) attributes.get("clientauth");
String keyPass = (String) attributes.get("keypass");
if (keyPass == null) {
keyPass = defaultKeyPass;
}
String keystorePass = (String) attributes.get("keystorePass");
if (keystorePass == null) {
keystorePass = keyPass;
}
// protocol for the SSL ie - TLS, SSL v3 etc.
String protocol = (String) attributes.get("protocol");
if (protocol == null) {
protocol = defaultProtocol;
}
// Algorithm used to encode the certificate ie - SunX509
String algorithm = (String) attributes.get("algorithm");
if (algorithm == null) {
algorithm = defaultAlgorithm;
}
// You can't use ssl without a server certificate.
// Create a KeyStore ( to get server certs )
KeyStore kstore = initKeyStore(keystoreFile, keystorePass);
// Key manager will extract the server key
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(algorithm);
kmf.init(kstore, keyPass.toCharArray());
// If client authentication is needed, set up TrustManager
TrustManager[] tm = null;
if (clientAuth) {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance("SunX509");
tmf.init(kstore);
tm = tmf.getTrustManagers();
}
// Create a SSLContext ( to create the ssl factory )
// This is the only way to use server sockets with JSSE 1.0.1
SSLContext context = SSLContext.getInstance(protocol); // SSL
// init context with the key managers
context.init(kmf.getKeyManagers(), tm,
new java.security.SecureRandom());
return context;
}
/**
* intializes a keystore.
*
* @param keystoreFile
* @param keyPass
*
* @return keystore
* @throws IOException
*/
private KeyStore initKeyStore(String keystoreFile, String keyPass)
throws IOException {
try {
KeyStore kstore = KeyStore.getInstance(keystoreType);
InputStream istream = new FileInputStream(keystoreFile);
kstore.load(istream, keyPass.toCharArray());
return kstore;
} catch (FileNotFoundException fnfe) {
throw fnfe;
} catch (IOException ioe) {
throw ioe;
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException("Exception trying to load keystore "
+ keystoreFile + ": " + ex.getMessage());
}
}
}
1.14 +114 -86 xml-axis/java/lib/commons-discovery.jar
<<Binary file>>
1.88 +5 -25
xml-axis/java/src/org/apache/axis/transport/http/HTTPSender.java
Index: HTTPSender.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/transport/http/HTTPSender.java,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- HTTPSender.java 18 Sep 2002 16:10:30 -0000 1.87
+++ HTTPSender.java 8 Oct 2002 22:23:59 -0000 1.88
@@ -111,12 +111,7 @@
Socket sock = null;
- // create socket based on the url protocol type
- if (targetURL.getProtocol().equalsIgnoreCase("https")) {
- sock = getSecureSocket(host, port, otherHeaders,
useFullURL);
- } else {
- sock = getSocket(host, port, otherHeaders, useFullURL);
- }
+ sock = getSocket(targetURL.getProtocol(), host, port,
otherHeaders, useFullURL);
// optionally set a timeout for the request
if (msgContext.getTimeout() != 0) {
@@ -140,25 +135,9 @@
}
/**
- * getSecureSocket is used when we need a secure SSL connection to
the SOAP Server
- *
- * @param host host name
- * @param port port that we need to connect to
- *
- * @return a secure socket
- *
- * @throws Exception
- */
- private Socket getSecureSocket(
- String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
- throws Exception {
- SocketFactory factory =
SocketFactoryFactory.getSecureFactory(getOptions());
- return factory.create(host, port, otherHeaders, useFullURL);
- }
-
- /**
- * Creates a non-ssl socket connection to the SOAP server
+ * Creates a socket connection to the SOAP server
*
+ * @param protocol "http" for standard, "https" for ssl.
* @param host host name
* @param port port to connect to
* @param otherHeaders buffer for storing additional headers that
need to be sent
@@ -169,9 +148,10 @@
* @throws IOException
*/
private Socket getSocket(
+ String protocol,
String host, int port, StringBuffer otherHeaders,
BooleanHolder useFullURL)
throws Exception {
- SocketFactory factory =
SocketFactoryFactory.getFactory(getOptions());
+ SocketFactory factory =
SocketFactoryFactory.getFactory(protocol, getOptions());
return factory.create(host, port, otherHeaders, useFullURL);
}
1.19 +7 -7
xml-axis/java/src/org/apache/axis/configuration/EngineConfigurationFactoryFinder.java
Index: EngineConfigurationFactoryFinder.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/configuration/EngineConfigurationFactoryFinder.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- EngineConfigurationFactoryFinder.java 1 Oct 2002 14:33:45
-0000 1.18
+++ EngineConfigurationFactoryFinder.java 8 Oct 2002 22:23:59
-0000 1.19
@@ -55,20 +55,20 @@
package org.apache.axis.configuration;
-import java.lang.reflect.Method;
import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import org.apache.axis.AxisProperties;
import org.apache.axis.EngineConfigurationFactory;
import org.apache.axis.components.logger.LogFactory;
-import org.apache.axis.discovery.DiscoverConstNames;
-import org.apache.axis.discovery.DiscoverOldNamesInManagedProperties;
import org.apache.axis.utils.Messages;
import org.apache.commons.discovery.ResourceClassIterator;
import org.apache.commons.discovery.ResourceNameIterator;
import org.apache.commons.discovery.resource.ClassLoaders;
import org.apache.commons.discovery.resource.classes.DiscoverClasses;
+import org.apache.commons.discovery.resource.names.DiscoverConstNames;
import
org.apache.commons.discovery.resource.names.DiscoverNamesInManagedProperties;
import
org.apache.commons.discovery.resource.names.DiscoverServiceNames;
import org.apache.commons.discovery.resource.names.NameDiscoverers;
@@ -152,7 +152,7 @@
ClassLoaders.getAppLoaders(mySpi,
myFactory,
true);
NameDiscoverers nameDiscoverers = new
NameDiscoverers();
- nameDiscoverers.addResourceNameDiscover(new
DiscoverOldNamesInManagedProperties());
+
nameDiscoverers.addResourceNameDiscover(AxisProperties.getAlternatePropertyNameDiscoverer());
nameDiscoverers.addResourceNameDiscover(new
DiscoverNamesInManagedProperties());
nameDiscoverers.addResourceNameDiscover(new
DiscoverServiceNames(loaders));
nameDiscoverers.addResourceNameDiscover(new
DiscoverConstNames(
@@ -161,12 +161,12 @@
"org.apache.axis.configuration.EngineConfigurationFactoryDefault",
})
);
-
+
ResourceNameIterator it =
nameDiscoverers.findResourceNames(mySpi.getName());
-
+
ResourceClassIterator services =
new
DiscoverClasses(loaders).findResourceClasses(it);
-
+
EngineConfigurationFactory factory = null;
while (factory == null && services.hasNext())
{
1.17 +21 -3
xml-axis/java/src/org/apache/axis/AxisProperties.java
Index: AxisProperties.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/AxisProperties.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- AxisProperties.java 18 Sep 2002 16:10:31 -0000
1.16
+++ AxisProperties.java 8 Oct 2002 22:24:00 -0000
1.17
@@ -61,15 +61,16 @@
import java.util.Map;
import java.util.Properties;
-import org.apache.axis.utils.JavaUtils;
+import org.apache.axis.components.logger.LogFactory;
+import org.apache.axis.components.net.SocketFactory;
import org.apache.axis.utils.Messages;
+import org.apache.commons.discovery.ResourceNameDiscover;
+import
org.apache.commons.discovery.resource.names.DiscoverNamesInAlternateManagedProperties;
import org.apache.commons.discovery.tools.DefaultClassHolder;
import org.apache.commons.discovery.tools.DiscoverClass;
import org.apache.commons.discovery.tools.ManagedProperties;
import org.apache.commons.discovery.tools.PropertiesHolder;
import org.apache.commons.discovery.tools.SPInterface;
-
-import org.apache.axis.components.logger.LogFactory;
import org.apache.commons.logging.Log;
@@ -106,6 +107,8 @@
public class AxisProperties {
protected static Log log =
LogFactory.getLog(AxisProperties.class.getName());
+
+ private static DiscoverNamesInAlternateManagedProperties
altNameDiscoverer;
public static Object newInstance(Class spiClass, String
defaultClass)
{
@@ -216,6 +219,21 @@
return ManagedProperties.getProperties();
}
+
+ public static final ResourceNameDiscover
getAlternatePropertyNameDiscoverer() {
+ if (altNameDiscoverer == null) {
+ altNameDiscoverer = new
DiscoverNamesInAlternateManagedProperties();
+ altNameDiscoverer.addClassToPropertyNameMapping(
+ EngineConfigurationFactory.class.getName(),
+ EngineConfigurationFactory.SYSTEM_PROPERTY_NAME);
+
+ altNameDiscoverer.addClassToPropertyNameMapping(
+ SocketFactory.class.getName(),
+ "axis.socketFactory");
+ }
+
+ return altNameDiscoverer;
+ }
/**
* !WARNING!
1.204 +2 -2 xml-axis/java/build.xml
Index: build.xml
===================================================================
RCS file: /home/cvs/xml-axis/java/build.xml,v
retrieving revision 1.203
retrieving revision 1.204
diff -u -r1.203 -r1.204
--- build.xml 8 Oct 2002 12:12:46 -0000 1.203
+++ build.xml 8 Oct 2002 22:24:00 -0000 1.204
@@ -79,9 +79,9 @@
classpathref="classpath">
<exclude name="**/old/**/*" />
<exclude name="**/bak/**"/>
- <exclude name="**/org/apache/axis/components/net/JSSE*.java"
unless="jsse.present"/>
+ <exclude name="**/org/apache/axis/components/net/JDK14*.java"
unless="jdk14.jsse.present"/>
+ <exclude name="**/org/apache/axis/components/net/Sun*.java"
unless="sun.jsse.present"/>
<exclude name="**/org/apache/axis/components/net/IBM*.java"
unless="ibmjsse.present"/>
- <exclude name="**/org/apache/axis/components/net/Fake*.java"
unless="jsse.present"/>
<exclude name="**/org/apache/axis/components/image/JimiIO.java"
unless="jimi.present"/>
<exclude
name="**/org/apache/axis/components/image/MerlinIO.java"
unless="merlinio.present"/>
<exclude
name="**/org/apache/axis/attachments/AttachmentsImpl.java"
unless="attachments.present"/>
1.41 +14 -3 xml-axis/java/xmls/targets.xml
Index: targets.xml
===================================================================
RCS file: /home/cvs/xml-axis/java/xmls/targets.xml,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- targets.xml 8 Oct 2002 17:55:33 -0000 1.40
+++ targets.xml 8 Oct 2002 22:24:00 -0000 1.41
@@ -115,7 +115,16 @@
classname="com.meterware.httpunit.GetMethodWebRequest"
classpathref="classpath"/>
- <condition property="jsse.present" >
+ <condition property="jdk14.jsse.present" >
+ <and>
+ <available classname="javax.net.ssl.X509TrustManager"
classpathref="classpath" />
+ <available classname="javax.net.SocketFactory"
classpathref="classpath" />
+ <available classname="javax.net.ssl.SSLContext"
classpathref="classpath" />
+ <available classname="javax.net.ssl.SSLSocketFactory"
classpathref="classpath" />
+ </and>
+ </condition>
+
+ <condition property="sun.jsse.present" >
<and>
<available classname="com.sun.net.ssl.X509TrustManager"
classpathref="classpath" />
<available classname="javax.net.SocketFactory"
classpathref="classpath" />
@@ -124,7 +133,7 @@
</and>
</condition>
- <condition property="ibmjsse.present" >
+ <condition property="ibm.jsse.present" >
<and>
<available classname="com.ibm.net.ssl.X509TrustManager"
classpathref="classpath" />
<available classname="javax.net.SocketFactory"
classpathref="classpath" />
@@ -220,7 +229,9 @@
<echo message="attachments.present=${attachments.present}" />
<echo message="jimi.present=${jimi.present}" />
<echo message="security.present=${security.present}" />
- <echo message="jsse.present=${jsse.present}" />
+ <echo message="jdk14.jsse.present=${jdk14.jsse.present}" />
+ <echo message="sun.jsse.present=${sun.jsse.present}" />
+ <echo message="ibm.jsse.present=${ibm.jsse.present}" />
<echo
message="commons-httpclient.present=${commons-httpclient.present}" />
<echo message="axis-ant.present=${axis-ant.present}" />
<echo message="httpunit.present=${httpunit.present}" />