You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ar...@apache.org on 2016/07/02 08:50:31 UTC
svn commit: r1751040 - in /ofbiz/trunk:
framework/base/src/org/ofbiz/base/util/
framework/service/src/org/ofbiz/service/xmlrpc/
framework/widget/src/org/ofbiz/widget/test/
specialpurpose/oagis/src/org/ofbiz/oagis/
Author: arunpatidar
Date: Sat Jul 2 08:50:31 2016
New Revision: 1751040
URL: http://svn.apache.org/viewvc?rev=1751040&view=rev
Log:
Applied patch from jira issue - OFBIZ-7551 - Enforce noninstantiability to SSLUtil class. Thanks Rishi solanki and Rohit Koushal for your contribution.
Modified:
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java
ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java
ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java
ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/HttpClient.java Sat Jul 2 08:50:31 2016
@@ -40,7 +40,7 @@ public class HttpClient {
public static final String module = HttpClient.class.getName();
- private int hostVerification = SSLUtil.HOSTCERT_NORMAL_CHECK;
+ private int hostVerification = SSLUtil.getHostCertNormalCheck();
private int timeout = 30000;
private boolean debug = false;
private boolean lineFeed = true;
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/SSLUtil.java Sat Jul 2 08:50:31 2016
@@ -49,20 +49,57 @@ import org.ofbiz.base.config.GenericConf
* KeyStoreUtil - Utilities for setting up SSL connections with specific client certificates
*
*/
-public class SSLUtil {
+public final class SSLUtil {
public static final String module = SSLUtil.class.getName();
- public static final int HOSTCERT_NO_CHECK = 0;
- public static final int HOSTCERT_MIN_CHECK = 1;
- public static final int HOSTCERT_NORMAL_CHECK = 2;
+ private static final int HOSTCERT_NO_CHECK = 0;
+ private static final int HOSTCERT_MIN_CHECK = 1;
+ private static final int HOSTCERT_NORMAL_CHECK = 2;
private static boolean loadedProps = false;
+ private SSLUtil () {}
+
static {
SSLUtil.loadJsseProperties();
}
+ private static class TrustAnyManager implements X509TrustManager {
+
+ public void checkClientTrusted(X509Certificate[] certs, String string) throws CertificateException {
+ Debug.logImportant("Trusting (un-trusted) client certificate chain:", module);
+ for (X509Certificate cert: certs) {
+ Debug.logImportant("---- " + cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(), module);
+
+ }
+ }
+
+ public void checkServerTrusted(X509Certificate[] certs, String string) throws CertificateException {
+ Debug.logImportant("Trusting (un-trusted) server certificate chain:", module);
+ for (X509Certificate cert: certs) {
+ Debug.logImportant("---- " + cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(), module);
+ }
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
+ }
+ }
+
+
+ public static int getHostCertNoCheck() {
+ return HOSTCERT_NO_CHECK;
+ }
+
+ public static int getHostCertMinCheck() {
+ return HOSTCERT_MIN_CHECK;
+ }
+
+ public static int getHostCertNormalCheck() {
+ return HOSTCERT_NORMAL_CHECK;
+ }
+
public static boolean isClientTrusted(X509Certificate[] chain, String authType) {
TrustManager[] mgrs = new TrustManager[0];
try {
@@ -278,26 +315,4 @@ public class SSLUtil {
loadedProps = true;
}
}
-
- static class TrustAnyManager implements X509TrustManager {
-
- public void checkClientTrusted(X509Certificate[] certs, String string) throws CertificateException {
- Debug.logImportant("Trusting (un-trusted) client certificate chain:", module);
- for (X509Certificate cert: certs) {
- Debug.logImportant("---- " + cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(), module);
-
- }
- }
-
- public void checkServerTrusted(X509Certificate[] certs, String string) throws CertificateException {
- Debug.logImportant("Trusting (un-trusted) server certificate chain:", module);
- for (X509Certificate cert: certs) {
- Debug.logImportant("---- " + cert.getSubjectX500Principal().getName() + " valid: " + cert.getNotAfter(), module);
- }
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
- }
}
Modified: ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java (original)
+++ ofbiz/trunk/framework/base/src/org/ofbiz/base/util/URLConnector.java Sat Jul 2 08:50:31 2016
@@ -81,11 +81,11 @@ public class URLConnector {
}
public static URLConnection openConnection(URL url, int timeout) throws IOException {
- return openConnection(url, timeout, null, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, timeout, null, SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openConnection(URL url, String clientCertAlias) throws IOException {
- return openConnection(url, 30000, clientCertAlias, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, 30000, clientCertAlias, SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openConnection(URL url, int timeout, String clientCertAlias, int hostCertLevel) throws IOException {
@@ -99,11 +99,11 @@ public class URLConnector {
}
public static URLConnection openUntrustedConnection(URL url, int timeout) throws IOException {
- return openConnection(url, timeout, null, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, timeout, null, SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openUntrustedConnection(URL url, String clientCertAlias) throws IOException {
- return openConnection(url, 30000, clientCertAlias, SSLUtil.HOSTCERT_NORMAL_CHECK);
+ return openConnection(url, 30000, clientCertAlias, SSLUtil.getHostCertNormalCheck());
}
public static URLConnection openUntrustedConnection(URL url, int timeout, String clientCertAlias, int hostCertLevel) throws IOException {
Modified: ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java (original)
+++ ofbiz/trunk/framework/service/src/org/ofbiz/service/xmlrpc/AliasSupportedTransportFactory.java Sat Jul 2 08:50:31 2016
@@ -98,7 +98,7 @@ public class AliasSupportedTransportFact
HttpsURLConnection scon = (HttpsURLConnection) con;
try {
scon.setSSLSocketFactory(SSLUtil.getSSLSocketFactory(ks, password, alias));
- scon.setHostnameVerifier(SSLUtil.getHostnameVerifier(SSLUtil.HOSTCERT_MIN_CHECK));
+ scon.setHostnameVerifier(SSLUtil.getHostnameVerifier(SSLUtil.getHostCertMinCheck()));
} catch (GeneralException e) {
throw new IOException(e.getMessage());
} catch (GeneralSecurityException e) {
Modified: ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java (original)
+++ ofbiz/trunk/framework/widget/src/org/ofbiz/widget/test/WidgetMacroLibraryTests.java Sat Jul 2 08:50:31 2016
@@ -50,7 +50,7 @@ public class WidgetMacroLibraryTests ext
HttpClient http = new HttpClient();
http.followRedirects(true);
http.setAllowUntrusted(true);
- http.setHostVerificationLevel(SSLUtil.HOSTCERT_NO_CHECK);
+ http.setHostVerificationLevel(SSLUtil.getHostCertNoCheck());
return http;
}
Modified: ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java?rev=1751040&r1=1751039&r2=1751040&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java (original)
+++ ofbiz/trunk/specialpurpose/oagis/src/org/ofbiz/oagis/OagisServices.java Sat Jul 2 08:50:31 2016
@@ -703,7 +703,7 @@ public class OagisServices {
HttpClient http = new HttpClient(sendToUrl);
// test parameters
- http.setHostVerificationLevel(SSLUtil.HOSTCERT_NO_CHECK);
+ http.setHostVerificationLevel(SSLUtil.getHostCertNoCheck());
http.setAllowUntrusted(true);
http.setDebug(true);