You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by mi...@apache.org on 2017/05/22 20:18:35 UTC
[3/3] logging-log4j2 git commit: LOG4J2-1442 verifyHostname
LOG4J2-1442 verifyHostname
Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo
Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/8c10f781
Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/8c10f781
Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/8c10f781
Branch: refs/heads/LOG4J2-1442
Commit: 8c10f7818407c4962675adfdb8ee098ae4aa7ad3
Parents: 9b26bbe
Author: Mikael Ståldal <mi...@staldal.nu>
Authored: Mon May 22 22:18:11 2017 +0200
Committer: Mikael Ståldal <mi...@staldal.nu>
Committed: Mon May 22 22:18:11 2017 +0200
----------------------------------------------------------------------
.../log4j/core/appender/HttpAppender.java | 14 +++++++-
.../core/appender/HttpURLConnectionManager.java | 12 ++++++-
.../log4j/core/net/ssl/LaxHostnameVerifier.java | 38 ++++++++++++++++++++
.../log4j/core/appender/HttpAppenderTest.java | 6 ++--
src/site/xdoc/manual/appenders.xml | 6 ++++
5 files changed, 72 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/8c10f781/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java
----------------------------------------------------------------------
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java
index efc9942..40c387f 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpAppender.java
@@ -66,10 +66,13 @@ public final class HttpAppender extends AbstractAppender {
@PluginElement("SslConfiguration")
private SslConfiguration sslConfiguration;
+ @PluginBuilderAttribute
+ private boolean verifyHostname = true;
+
@Override
public HttpAppender build() {
final HttpManager httpManager = new HttpURLConnectionManager(getConfiguration(), getConfiguration().getLoggerContext(),
- getName(), url, method, connectTimeoutMillis, readTimeoutMillis, headers, sslConfiguration);
+ getName(), url, method, connectTimeoutMillis, readTimeoutMillis, headers, sslConfiguration, verifyHostname);
return new HttpAppender(getName(), getLayout(), getFilter(), isIgnoreExceptions(), httpManager);
}
@@ -97,6 +100,10 @@ public final class HttpAppender extends AbstractAppender {
return sslConfiguration;
}
+ public boolean isVerifyHostname() {
+ return verifyHostname;
+ }
+
public B setUrl(final String url) {
this.url = url;
return asBuilder();
@@ -126,6 +133,11 @@ public final class HttpAppender extends AbstractAppender {
this.sslConfiguration = sslConfiguration;
return asBuilder();
}
+
+ public B setVerifyHostname(boolean verifyHostname) {
+ this.verifyHostname = verifyHostname;
+ return asBuilder();
+ }
}
/**
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/8c10f781/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpURLConnectionManager.java
----------------------------------------------------------------------
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpURLConnectionManager.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpURLConnectionManager.java
index de9225c..a47684e 100644
--- a/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpURLConnectionManager.java
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/appender/HttpURLConnectionManager.java
@@ -34,6 +34,7 @@ import org.apache.logging.log4j.core.LoggerContext;
import org.apache.logging.log4j.core.config.Configuration;
import org.apache.logging.log4j.core.config.ConfigurationException;
import org.apache.logging.log4j.core.config.Property;
+import org.apache.logging.log4j.core.net.ssl.LaxHostnameVerifier;
import org.apache.logging.log4j.core.net.ssl.SslConfiguration;
import org.apache.logging.log4j.core.util.IOUtils;
@@ -47,13 +48,16 @@ public class HttpURLConnectionManager extends HttpManager {
private final int readTimeoutMillis;
private final Property[] headers;
private final SslConfiguration sslConfiguration;
+ private final boolean verifyHostname;
public HttpURLConnectionManager(final Configuration configuration, LoggerContext loggerContext, final String name,
final String url, final String method, final int connectTimeoutMillis,
final int readTimeoutMillis,
final Property[] headers,
- SslConfiguration sslConfiguration) {
+ SslConfiguration sslConfiguration,
+ boolean verifyHostname) {
super(configuration, loggerContext, name);
+ this.verifyHostname = verifyHostname;
try {
this.url = new URL(url);
} catch (MalformedURLException e) {
@@ -67,6 +71,9 @@ public class HttpURLConnectionManager extends HttpManager {
if (this.sslConfiguration != null && !this.url.getProtocol().equalsIgnoreCase("https")) {
throw new ConfigurationException("SSL configuration can only be specified with URL scheme https");
}
+ if (!this.verifyHostname && !this.url.getProtocol().equalsIgnoreCase("https")) {
+ throw new ConfigurationException("verifyHostname=false can only be specified with URL scheme https");
+ }
}
@Override
@@ -87,6 +94,9 @@ public class HttpURLConnectionManager extends HttpManager {
if (sslConfiguration != null) {
((HttpsURLConnection)urlConnection).setSSLSocketFactory(sslConfiguration.getSslSocketFactory());
}
+ if (!verifyHostname) {
+ ((HttpsURLConnection)urlConnection).setHostnameVerifier(LaxHostnameVerifier.INSTANCE);
+ }
byte[] msg = layout.toByteArray(event);
urlConnection.setFixedLengthStreamingMode(msg.length);
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/8c10f781/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/LaxHostnameVerifier.java
----------------------------------------------------------------------
diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/LaxHostnameVerifier.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/LaxHostnameVerifier.java
new file mode 100644
index 0000000..2431cde
--- /dev/null
+++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/LaxHostnameVerifier.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache license, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the license for the specific language governing permissions and
+ * limitations under the license.
+ */
+package org.apache.logging.log4j.core.net.ssl;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+
+/**
+ * An HostnameVerifier which accepts everything.
+ */
+public final class LaxHostnameVerifier implements HostnameVerifier {
+ /**
+ * Singleton instance.
+ */
+ public static final HostnameVerifier INSTANCE = new LaxHostnameVerifier();
+
+ private LaxHostnameVerifier() {
+ }
+
+ @Override
+ public boolean verify(String s, SSLSession sslSession) {
+ return true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/8c10f781/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/HttpAppenderTest.java
----------------------------------------------------------------------
diff --git a/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/HttpAppenderTest.java b/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/HttpAppenderTest.java
index 3f55adc..419d340 100644
--- a/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/HttpAppenderTest.java
+++ b/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/HttpAppenderTest.java
@@ -13,6 +13,7 @@ import org.apache.logging.log4j.core.lookup.JavaLookup;
import org.apache.logging.log4j.core.net.ssl.KeyStoreConfiguration;
import org.apache.logging.log4j.core.net.ssl.SslConfiguration;
import org.apache.logging.log4j.core.net.ssl.TestConstants;
+import org.apache.logging.log4j.core.net.ssl.TrustStoreConfiguration;
import org.apache.logging.log4j.junit.LoggerContextRule;
import org.apache.logging.log4j.message.SimpleMessage;
import org.apache.logging.log4j.status.StatusData;
@@ -86,9 +87,10 @@ public class HttpAppenderTest {
.withLayout(JsonLayout.createDefaultLayout())
.setConfiguration(ctx.getConfiguration())
.setUrl("https://localhost:" + wireMockRule.httpsPort() + "/test/log4j/")
- .setSslConfiguration(SslConfiguration.createSSLConfiguration("TLS",
+ .setSslConfiguration(SslConfiguration.createSSLConfiguration(null,
KeyStoreConfiguration.createKeyStoreConfiguration(TestConstants.KEYSTORE_FILE, TestConstants.KEYSTORE_PWD, TestConstants.KEYSTORE_TYPE, null),
- null))
+ TrustStoreConfiguration.createKeyStoreConfiguration(TestConstants.TRUSTSTORE_FILE, TestConstants.TRUSTSTORE_PWD, TestConstants.TRUSTSTORE_TYPE, null)))
+ .setVerifyHostname(false)
.build();
appender.append(createLogEvent());
http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/8c10f781/src/site/xdoc/manual/appenders.xml
----------------------------------------------------------------------
diff --git a/src/site/xdoc/manual/appenders.xml b/src/site/xdoc/manual/appenders.xml
index f26dd35..60a3e96 100644
--- a/src/site/xdoc/manual/appenders.xml
+++ b/src/site/xdoc/manual/appenders.xml
@@ -1584,6 +1584,12 @@ public class JpaLogEntity extends AbstractLogEventWrapperEntity {
Optional, uses Java runtime defaults if not specified.</td>
</tr>
<tr>
+ <td>verifyHostname</td>
+ <td>boolean</td>
+ <td>Whether to verify server hostname against certificate. Only valid for https.
+ Optional, defaults to true</td>
+ </tr>
+ <tr>
<td>url</td>
<td>string</td>
<td>The URL to use. The URL scheme must be "http" or "https".</td>