You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by ol...@apache.org on 2013/01/28 14:37:58 UTC
[1/3] git commit: [WAGON-372] SSL client-side certificates stopped
working in maven 3.0.4 Submitted by Oleg Kalnichevski
[WAGON-372] SSL client-side certificates stopped working in maven 3.0.4
Submitted by Oleg Kalnichevski
Project: http://git-wip-us.apache.org/repos/asf/maven-wagon/repo
Commit: http://git-wip-us.apache.org/repos/asf/maven-wagon/commit/f72f643b
Tree: http://git-wip-us.apache.org/repos/asf/maven-wagon/tree/f72f643b
Diff: http://git-wip-us.apache.org/repos/asf/maven-wagon/diff/f72f643b
Branch: refs/heads/master
Commit: f72f643b6dfa559b6c9d874f2be7460db1c97f8f
Parents: d8b1974
Author: olivier lamy <ol...@apache.org>
Authored: Mon Jan 28 14:15:00 2013 +0100
Committer: olivier lamy <ol...@apache.org>
Committed: Mon Jan 28 14:15:00 2013 +0100
----------------------------------------------------------------------
.../shared/http4/AbstractHttpClientWagon.java | 90 ++++++++-------
.../shared/http4/ConfigurableSSLSocketFactory.java | 1 +
.../ConfigurableSSLSocketFactoryDecorator.java | 88 ++++++++++++++
3 files changed, 139 insertions(+), 40 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/maven-wagon/blob/f72f643b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/AbstractHttpClientWagon.java
----------------------------------------------------------------------
diff --git a/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/AbstractHttpClientWagon.java b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/AbstractHttpClientWagon.java
index 8fc61e4..1b79094 100644
--- a/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/AbstractHttpClientWagon.java
+++ b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/AbstractHttpClientWagon.java
@@ -19,6 +19,27 @@ package org.apache.maven.wagon.shared.http4;
* under the License.
*/
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URLEncoder;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Properties;
+import java.util.TimeZone;
+import java.util.zip.GZIPInputStream;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
@@ -39,7 +60,9 @@ import org.apache.http.client.params.CookiePolicy;
import org.apache.http.client.protocol.ClientContext;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnRoutePNames;
+import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
@@ -47,9 +70,9 @@ import org.apache.http.entity.AbstractHttpEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
-import org.apache.http.impl.conn.SingleClientConnManager;
-import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
+import org.apache.http.impl.conn.SchemeRegistryFactory;
import org.apache.http.impl.cookie.DateParseException;
import org.apache.http.impl.cookie.DateUtils;
import org.apache.http.message.BasicHeader;
@@ -72,26 +95,6 @@ import org.apache.maven.wagon.resource.Resource;
import org.codehaus.plexus.util.IOUtil;
import org.codehaus.plexus.util.StringUtils;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URLEncoder;
-import java.nio.ByteBuffer;
-import java.security.cert.X509Certificate;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Properties;
-import java.util.TimeZone;
-import java.util.zip.GZIPInputStream;
-
/**
* @author <a href="michal.maczka@dimatics.com">Michal Maczka</a>
* @author <a href="mailto:james@atlassian.com">James William Dumay</a>
@@ -238,7 +241,8 @@ public abstract class AbstractHttpClientWagon
/**
* @since 2.0
*/
- protected ClientConnectionManager clientConnectionManager = new SingleClientConnManager();
+ protected ClientConnectionManager clientConnectionManager = new BasicClientConnectionManager(
+ SchemeRegistryFactory.createSystemDefault());
/**
* use http(s) connection pool mechanism.
@@ -283,33 +287,39 @@ public abstract class AbstractHttpClientWagon
}
else
{
-
- PoolingClientConnectionManager poolingClientConnectionManager = new PoolingClientConnectionManager();
- int maxPerRoute =
- Integer.parseInt( System.getProperty( "maven.wagon.httpconnectionManager.maxPerRoute", "20" ) );
- poolingClientConnectionManager.setDefaultMaxPerRoute( maxPerRoute );
- int maxTotal = Integer.parseInt( System.getProperty( "maven.wagon.httpconnectionManager.maxTotal", "40" ) );
- poolingClientConnectionManager.setDefaultMaxPerRoute( maxPerRoute );
- poolingClientConnectionManager.setMaxTotal( maxTotal );
-
+ SchemeRegistry schemeRegistry = new SchemeRegistry();
+ schemeRegistry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
+ SSLSocketFactory sslSocketFactory;
if ( sslEasy )
{
try
{
- ConfigurableSSLSocketFactory sslSocketFactory =
- new ConfigurableSSLSocketFactory( EasyX509TrustManager.createEasySSLContext(), sslAllowAll
- ? new EasyHostNameVerifier()
- : new BrowserCompatHostnameVerifier() );
-
- Scheme httpsScheme = new Scheme( "https", 443, sslSocketFactory );
-
- poolingClientConnectionManager.getSchemeRegistry().register( httpsScheme );
+ sslSocketFactory = new SSLSocketFactory(
+ EasyX509TrustManager.createEasySSLContext(),
+ sslAllowAll ? new EasyHostNameVerifier() : new BrowserCompatHostnameVerifier() );
}
catch ( IOException e )
{
throw new RuntimeException( "failed to init SSLSocket Factory " + e.getMessage(), e );
}
}
+ else
+ {
+ sslSocketFactory = SSLSocketFactory.getSystemSocketFactory();
+ }
+ Scheme httpsScheme = new Scheme( "https", 443,
+ new ConfigurableSSLSocketFactoryDecorator( sslSocketFactory ));
+ schemeRegistry.register(httpsScheme);
+
+ PoolingClientConnectionManager poolingClientConnectionManager = new PoolingClientConnectionManager(
+ schemeRegistry);
+ int maxPerRoute =
+ Integer.parseInt( System.getProperty( "maven.wagon.httpconnectionManager.maxPerRoute", "20" ) );
+ poolingClientConnectionManager.setDefaultMaxPerRoute( maxPerRoute );
+ int maxTotal = Integer.parseInt( System.getProperty( "maven.wagon.httpconnectionManager.maxTotal", "40" ) );
+ poolingClientConnectionManager.setDefaultMaxPerRoute( maxPerRoute );
+ poolingClientConnectionManager.setMaxTotal( maxTotal );
+
connectionManagerPooled = poolingClientConnectionManager;
}
}
http://git-wip-us.apache.org/repos/asf/maven-wagon/blob/f72f643b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactory.java
----------------------------------------------------------------------
diff --git a/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactory.java b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactory.java
index 821c2f0..dec0013 100644
--- a/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactory.java
+++ b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactory.java
@@ -36,6 +36,7 @@ import java.net.UnknownHostException;
* @author Olivier Lamy
* @since 2.4
*/
+@Deprecated
public class ConfigurableSSLSocketFactory
extends SSLSocketFactory
{
http://git-wip-us.apache.org/repos/asf/maven-wagon/blob/f72f643b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactoryDecorator.java
----------------------------------------------------------------------
diff --git a/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactoryDecorator.java b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactoryDecorator.java
new file mode 100644
index 0000000..3a047e0
--- /dev/null
+++ b/wagon-providers/wagon-http-shared4/src/main/java/org/apache/maven/wagon/shared/http4/ConfigurableSSLSocketFactoryDecorator.java
@@ -0,0 +1,88 @@
+package org.apache.maven.wagon.shared.http4;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocket;
+
+import org.apache.http.conn.ConnectTimeoutException;
+import org.apache.http.conn.scheme.SchemeLayeredSocketFactory;
+import org.apache.http.params.HttpParams;
+import org.codehaus.plexus.util.StringUtils;
+
+class ConfigurableSSLSocketFactoryDecorator implements SchemeLayeredSocketFactory
+{
+
+ private final SchemeLayeredSocketFactory sslSocketFactory;
+
+ public ConfigurableSSLSocketFactoryDecorator( SchemeLayeredSocketFactory sslSocketFactory )
+ {
+ super();
+ this.sslSocketFactory = sslSocketFactory;
+ }
+
+ public Socket createSocket(final HttpParams params) throws IOException
+ {
+ return enableSslProtocols( this.sslSocketFactory.createSocket(params) );
+ }
+
+ public Socket createLayeredSocket(
+ final Socket socket,
+ final String target,
+ int port,
+ final HttpParams params) throws IOException, UnknownHostException
+ {
+ return enableSslProtocols(
+ this.sslSocketFactory.createLayeredSocket(socket, target, port, params));
+ }
+
+ public Socket connectSocket(
+ final Socket sock,
+ final InetSocketAddress remoteAddress,
+ final InetSocketAddress localAddress,
+ final HttpParams params) throws IOException, UnknownHostException, ConnectTimeoutException
+ {
+ return this.sslSocketFactory.connectSocket(sock, remoteAddress, localAddress, params);
+ }
+
+ public boolean isSecure(final Socket sock) throws IllegalArgumentException
+ {
+ return this.sslSocketFactory.isSecure(sock);
+ }
+
+ protected Socket enableSslProtocols( Socket socket )
+ {
+ String httpsProtocols = System.getProperty( "https.protocols" );
+ if ( StringUtils.isNotEmpty( httpsProtocols ) )
+ {
+ String[] protocols = StringUtils.split( httpsProtocols, "," );
+ if ( socket instanceof SSLSocket )
+ {
+ ( (SSLSocket) socket ).setEnabledProtocols( protocols );
+ }
+ }
+
+ return socket;
+ }
+
+}