contrib/ssl/EasySSLProtocolSocketFactory.java

/*
 * $HeadURL$
 * $Revision$
 * $Date$
 * 
 * ====================================================================
 *
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 */

package org.apache.commons.httpclient.contrib.ssl;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;

import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * <p>
 * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s 
 * that accept self-signed certificates. 
 * </p>
 * <p>
 * This socket factory SHOULD NOT be used for productive systems 
 * due to security reasons, unless it is a concious decision and 
 * you are perfectly aware of security implications of accepting 
 * self-signed certificates
 * </p>
 *
 * <p>
 * Example of using custom protocol socket factory for a specific host:
 *     <pre>
 *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
 *
 *     URI uri = new URI("https://localhost/", true);
 *     // use relative url only
 *     GetMethod httpget = new GetMethod(uri.getPathQuery());
 *     HostConfiguration hc = new HostConfiguration();
 *     hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
 *     HttpClient client = new HttpClient();
 *     client.executeMethod(hc, httpget);
 *     </pre>
 * </p>
 * <p>
 * Example of using custom protocol socket factory per default instead of the standard one:
 *     <pre>
 *     Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
 *     Protocol.registerProtocol("https", easyhttps);
 *
 *     HttpClient client = new HttpClient();
 *     GetMethod httpget = new GetMethod("https://localhost/");
 *     client.executeMethod(httpget);
 *     </pre>
 * </p>
 * 
 * @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
 * 
 * <p>
 * DISCLAIMER: HttpClient developers DO NOT actively support this component.
 * The component is provided as a reference material, which may be inappropriate
 * for use without additional customization.
 * </p>
 */

public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {

    /** Log object for this class. */
    private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);

    private SSLContext sslcontext = null;

    /**
     * Constructor for EasySSLProtocolSocketFactory.
     */
    public EasySSLProtocolSocketFactory() {
        super();
    }

    private static SSLContext createEasySSLContext() {
        try {
            SSLContext context = SSLContext.getInstance("SSL");
            context.init(
              null, 
              new TrustManager[] {new EasyX509TrustManager(null)}, 
              null);
            return context;
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new HttpClientError(e.toString());
        }
    }

    private SSLContext getSSLContext() {
        if (this.sslcontext == null) {
            this.sslcontext = createEasySSLContext();
        }
        return this.sslcontext;
    }

    /**
     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
     */
    public Socket createSocket(
        String host,
        int port,
        InetAddress clientHost,
        int clientPort)
        throws IOException, UnknownHostException {

        return getSSLContext().getSocketFactory().createSocket(
            host,
            port,
            clientHost,
            clientPort
        );
    }

    /**
     * Attempts to get a new socket connection to the given host within the given time limit.
     * <p>
     * To circumvent the limitations of older JREs that do not support connect timeout a 
     * controller thread is executed. The controller thread attempts to create a new socket 
     * within the given limit of time. If socket constructor does not return until the 
     * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
     * </p>
     *  
     * @param host the host name/IP
     * @param port the port on the host
     * @param clientHost the local host name/IP to bind the socket to
     * @param clientPort the port on the local machine
     * @param params {@link HttpConnectionParams Http connection parameters}
     * 
     * @return Socket a new socket
     * 
     * @throws IOException if an I/O error occurs while creating the socket
     * @throws UnknownHostException if the IP address of the host cannot be
     * determined
     */
    public Socket createSocket(
        final String host,
        final int port,
        final InetAddress localAddress,
        final int localPort,
        final HttpConnectionParams params
    ) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (params == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int timeout = params.getConnectionTimeout();
        SocketFactory socketfactory = getSSLContext().getSocketFactory();
        if (timeout == 0) {
            return socketfactory.createSocket(host, port, localAddress, localPort);
        } else {
            Socket socket = socketfactory.createSocket();
            SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
            SocketAddress remoteaddr = new InetSocketAddress(host, port);
            socket.bind(localaddr);
            socket.connect(remoteaddr, timeout);
            return socket;
        }
    }

    /**
     * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
     */
    public Socket createSocket(String host, int port)
        throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(
            host,
            port
        );
    }

    /**
     * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
     */
    public Socket createSocket(
        Socket socket,
        String host,
        int port,
        boolean autoClose)
        throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(
            socket,
            host,
            port,
            autoClose
        );
    }

    public boolean equals(Object obj) {
        return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
    }

    public int hashCode() {
        return EasySSLProtocolSocketFactory.class.hashCode();
    }

}
1	/*
2	* $HeadURL$
3	* $Revision$
4	* $Date$
5	*
6	* ====================================================================
7	*
8	* Licensed to the Apache Software Foundation (ASF) under one or more
9	* contributor license agreements. See the NOTICE file distributed with
10	* this work for additional information regarding copyright ownership.
11	* The ASF licenses this file to You under the Apache License, Version 2.0
12	* (the "License"); you may not use this file except in compliance with
13	* the License. You may obtain a copy of the License at
14	*
15	* http://www.apache.org/licenses/LICENSE-2.0
16	*
17	* Unless required by applicable law or agreed to in writing, software
18	* distributed under the License is distributed on an "AS IS" BASIS,
19	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20	* See the License for the specific language governing permissions and
21	* limitations under the License.
22	* ====================================================================
23	*
24	* This software consists of voluntary contributions made by many
25	* individuals on behalf of the Apache Software Foundation. For more
26	* information on the Apache Software Foundation, please see
27	* <http://www.apache.org/>.
28	*
29	*/
30
31	package org.apache.commons.httpclient.contrib.ssl;
32
33	import java.io.IOException;
34	import java.net.InetAddress;
35	import java.net.InetSocketAddress;
36	import java.net.Socket;
37	import java.net.SocketAddress;
38	import java.net.UnknownHostException;
39
40	import javax.net.SocketFactory;
41	import javax.net.ssl.SSLContext;
42	import javax.net.ssl.TrustManager;
43
44	import org.apache.commons.httpclient.ConnectTimeoutException;
45	import org.apache.commons.httpclient.HttpClientError;
46	import org.apache.commons.httpclient.params.HttpConnectionParams;
47	import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
48	import org.apache.commons.logging.Log;
49	import org.apache.commons.logging.LogFactory;
50
51	/**
52	* <p>
53	* EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s
54	* that accept self-signed certificates.
55	* </p>
56	* <p>
57	* This socket factory SHOULD NOT be used for productive systems
58	* due to security reasons, unless it is a concious decision and
59	* you are perfectly aware of security implications of accepting
60	* self-signed certificates
61	* </p>
62	*
63	* <p>
64	* Example of using custom protocol socket factory for a specific host:
65	* <pre>
66	* Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
67	*
68	* URI uri = new URI("https://localhost/", true);
69	* // use relative url only
70	* GetMethod httpget = new GetMethod(uri.getPathQuery());
71	* HostConfiguration hc = new HostConfiguration();
72	* hc.setHost(uri.getHost(), uri.getPort(), easyhttps);
73	* HttpClient client = new HttpClient();
74	* client.executeMethod(hc, httpget);
75	* </pre>
76	* </p>
77	* <p>
78	* Example of using custom protocol socket factory per default instead of the standard one:
79	* <pre>
80	* Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
81	* Protocol.registerProtocol("https", easyhttps);
82	*
83	* HttpClient client = new HttpClient();
84	* GetMethod httpget = new GetMethod("https://localhost/");
85	* client.executeMethod(httpget);
86	* </pre>
87	* </p>
88	*
89	* @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
90	*
91	* <p>
92	* DISCLAIMER: HttpClient developers DO NOT actively support this component.
93	* The component is provided as a reference material, which may be inappropriate
94	* for use without additional customization.
95	* </p>
96	*/
97
98	public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {
99
100	/** Log object for this class. */
101	private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
102
103	private SSLContext sslcontext = null;
104
105	/**
106	* Constructor for EasySSLProtocolSocketFactory.
107	*/
108	public EasySSLProtocolSocketFactory() {
109	super();
110	}
111
112	private static SSLContext createEasySSLContext() {
113	try {
114	SSLContext context = SSLContext.getInstance("SSL");
115	context.init(
116	null,
117	new TrustManager[] {new EasyX509TrustManager(null)},
118	null);
119	return context;
120	} catch (Exception e) {
121	LOG.error(e.getMessage(), e);
122	throw new HttpClientError(e.toString());
123	}
124	}
125
126	private SSLContext getSSLContext() {
127	if (this.sslcontext == null) {
128	this.sslcontext = createEasySSLContext();
129	}
130	return this.sslcontext;
131	}
132
133	/**
134	* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
135	*/
136	public Socket createSocket(
137	String host,
138	int port,
139	InetAddress clientHost,
140	int clientPort)
141	throws IOException, UnknownHostException {
142
143	return getSSLContext().getSocketFactory().createSocket(
144	host,
145	port,
146	clientHost,
147	clientPort
148	);
149	}
150
151	/**
152	* Attempts to get a new socket connection to the given host within the given time limit.
153	* <p>
154	* To circumvent the limitations of older JREs that do not support connect timeout a
155	* controller thread is executed. The controller thread attempts to create a new socket
156	* within the given limit of time. If socket constructor does not return until the
157	* timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
158	* </p>
159	*
160	* @param host the host name/IP
161	* @param port the port on the host
162	* @param clientHost the local host name/IP to bind the socket to
163	* @param clientPort the port on the local machine
164	* @param params {@link HttpConnectionParams Http connection parameters}
165	*
166	* @return Socket a new socket
167	*
168	* @throws IOException if an I/O error occurs while creating the socket
169	* @throws UnknownHostException if the IP address of the host cannot be
170	* determined
171	*/
172	public Socket createSocket(
173	final String host,
174	final int port,
175	final InetAddress localAddress,
176	final int localPort,
177	final HttpConnectionParams params
178	) throws IOException, UnknownHostException, ConnectTimeoutException {
179	if (params == null) {
180	throw new IllegalArgumentException("Parameters may not be null");
181	}
182	int timeout = params.getConnectionTimeout();
183	SocketFactory socketfactory = getSSLContext().getSocketFactory();
184	if (timeout == 0) {
185	return socketfactory.createSocket(host, port, localAddress, localPort);
186	} else {
187	Socket socket = socketfactory.createSocket();
188	SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
189	SocketAddress remoteaddr = new InetSocketAddress(host, port);
190	socket.bind(localaddr);
191	socket.connect(remoteaddr, timeout);
192	return socket;
193	}
194	}
195
196	/**
197	* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
198	*/
199	public Socket createSocket(String host, int port)
200	throws IOException, UnknownHostException {
201	return getSSLContext().getSocketFactory().createSocket(
202	host,
203	port
204	);
205	}
206
207	/**
208	* @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
209	*/
210	public Socket createSocket(
211	Socket socket,
212	String host,
213	int port,
214	boolean autoClose)
215	throws IOException, UnknownHostException {
216	return getSSLContext().getSocketFactory().createSocket(
217	socket,
218	host,
219	port,
220	autoClose
221	);
222	}
223
224	public boolean equals(Object obj) {
225	return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
226	}
227
228	public int hashCode() {
229	return EasySSLProtocolSocketFactory.class.hashCode();
230	}
231
232	}
Name	Value
svn:eol-style	native
svn:keywords	Date Author Id Revision HeadURL