From 12e56b46d8a246f8bfb1e3206cadf9aaf8f919b9 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Mon, 4 Jun 2012 13:59:52 +0200 Subject: [PATCH] added options to disable ssl verification --- .../main/java/sonia/scm/net/HttpRequest.java | 60 ++++++++++++- .../scm/net/TrustAllHostnameVerifier.java | 60 +++++++++++++ .../sonia/scm/net/TrustAllTrustManager.java | 87 +++++++++++++++++++ .../java/sonia/scm/net/URLHttpClient.java | 42 +++++++++ 4 files changed, 247 insertions(+), 2 deletions(-) create mode 100644 scm-webapp/src/main/java/sonia/scm/net/TrustAllHostnameVerifier.java create mode 100644 scm-webapp/src/main/java/sonia/scm/net/TrustAllTrustManager.java diff --git a/scm-core/src/main/java/sonia/scm/net/HttpRequest.java b/scm-core/src/main/java/sonia/scm/net/HttpRequest.java index 588e4dd111..ff4989e1a2 100644 --- a/scm-core/src/main/java/sonia/scm/net/HttpRequest.java +++ b/scm-core/src/main/java/sonia/scm/net/HttpRequest.java @@ -174,7 +174,7 @@ public class HttpRequest * * * @return - * + * * @since 1.14 */ public boolean isDecodeGZip() @@ -182,6 +182,30 @@ public class HttpRequest return decodeGZip; } + /** + * Method description + * + * + * @return + * @since 1.17 + */ + public boolean isDisableCertificateValidation() + { + return disableCertificateValidation; + } + + /** + * Method description + * + * + * @return + * @since 1.17 + */ + public boolean isDisableHostnameValidation() + { + return disableHostnameValidation; + } + //~--- set methods ---------------------------------------------------------- /** @@ -208,15 +232,41 @@ public class HttpRequest * @param decodeGZip * * @return - * + * * @since 1.14 */ public HttpRequest setDecodeGZip(boolean decodeGZip) { this.decodeGZip = decodeGZip; + return this; } + /** + * Method description + * + * + * @param disableCertificateValidation + * @since 1.17 + */ + public void setDisableCertificateValidation( + boolean disableCertificateValidation) + { + this.disableCertificateValidation = disableCertificateValidation; + } + + /** + * Method description + * + * + * @param disableHostnameValidation + * @since 1.17 + */ + public void setDisableHostnameValidation(boolean disableHostnameValidation) + { + this.disableHostnameValidation = disableHostnameValidation; + } + /** * Method description * @@ -276,6 +326,12 @@ public class HttpRequest //~--- fields --------------------------------------------------------------- + /** Field description */ + private boolean disableHostnameValidation = false; + + /** Field description */ + private boolean disableCertificateValidation = false; + /** Field description */ private boolean decodeGZip = false; diff --git a/scm-webapp/src/main/java/sonia/scm/net/TrustAllHostnameVerifier.java b/scm-webapp/src/main/java/sonia/scm/net/TrustAllHostnameVerifier.java new file mode 100644 index 0000000000..437216a3ca --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/net/TrustAllHostnameVerifier.java @@ -0,0 +1,60 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.net; + +//~--- JDK imports ------------------------------------------------------------ + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSession; + +/** + * + * @author Sebastian Sdorra + */ +public class TrustAllHostnameVerifier implements HostnameVerifier +{ + + /** + * Method description + * + * + * @param hostname + * @param session + * + * @return + */ + @Override + public boolean verify(String hostname, SSLSession session) + { + return true; + } +} diff --git a/scm-webapp/src/main/java/sonia/scm/net/TrustAllTrustManager.java b/scm-webapp/src/main/java/sonia/scm/net/TrustAllTrustManager.java new file mode 100644 index 0000000000..7f89682d30 --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/net/TrustAllTrustManager.java @@ -0,0 +1,87 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.net; + +//~--- JDK imports ------------------------------------------------------------ + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.X509TrustManager; + +/** + * + * @author Sebastian Sdorra + */ +public class TrustAllTrustManager implements X509TrustManager +{ + + /** + * Method description + * + * + * @param chain + * @param authType + * + * @throws CertificateException + */ + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException {} + + /** + * Method description + * + * + * @param chain + * @param authType + * + * @throws CertificateException + */ + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException {} + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @return + */ + @Override + public X509Certificate[] getAcceptedIssuers() + { + return null; + } +} diff --git a/scm-webapp/src/main/java/sonia/scm/net/URLHttpClient.java b/scm-webapp/src/main/java/sonia/scm/net/URLHttpClient.java index 3fecc05d91..62c2e67c0e 100644 --- a/scm-webapp/src/main/java/sonia/scm/net/URLHttpClient.java +++ b/scm-webapp/src/main/java/sonia/scm/net/URLHttpClient.java @@ -64,6 +64,10 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; + /** * * @author Sebastian Sdorra @@ -383,6 +387,39 @@ public class URLHttpClient implements HttpClient } } + /** + * Method description + * + * + * @param request + * @param connection + */ + private void applySSLSettings(HttpRequest request, + HttpsURLConnection connection) + { + if (request.isDisableCertificateValidation()) + { + try + { + TrustManager[] trustAllCerts = new TrustManager[] { + new TrustAllTrustManager() }; + SSLContext sc = SSLContext.getInstance("SSL"); + + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + connection.setSSLSocketFactory(sc.getSocketFactory()); + } + catch (Exception ex) + { + logger.error("could not disable certificate validation", ex); + } + } + + if (request.isDisableHostnameValidation()) + { + connection.setHostnameVerifier(new TrustAllHostnameVerifier()); + } + } + /** * Method description * @@ -514,6 +551,11 @@ public class URLHttpClient implements HttpClient connection = (HttpURLConnection) url.openConnection(); } + if (connection instanceof HttpsURLConnection) + { + applySSLSettings(request, (HttpsURLConnection) connection); + } + connection.setReadTimeout(TIMEOUT_RAED); connection.setConnectTimeout(TIMEOUT_CONNECTION);