src/main/java/com/gitblit/utils/ConnectionUtils.java - gitblit - Git at Google

 /*
  * Copyright 2011 gitblit.com.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.gitblit.utils;

 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.UnknownHostException;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;

 import javax.net.SocketFactory;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;


 /**
  * Utility class for establishing HTTP/HTTPS connections.
  *
  * @author James Moger
  *
  */
 public class ConnectionUtils {

 	static final String CHARSET;

 	private static final SSLContext SSL_CONTEXT;

 	private static final DummyHostnameVerifier HOSTNAME_VERIFIER;

 	static {
 		SSLContext context = null;
 		try {
 			context = SSLContext.getInstance("SSL");
 			context.init(null, new TrustManager[] { new DummyTrustManager() }, new SecureRandom());
 		} catch (Throwable t) {
 			t.printStackTrace();
 		}
 		SSL_CONTEXT = context;
 		HOSTNAME_VERIFIER = new DummyHostnameVerifier();
 		CHARSET = "UTF-8";

 		// Disable Java 7 SNI checks
 		// http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
 		System.setProperty("jsse.enableSNIExtension", "false");
 	}

 	public static void setAuthorization(URLConnection conn, String username, char[] password) {
 		if (!StringUtils.isEmpty(username) && (password != null && password.length > 0)) {
 			conn.setRequestProperty(
 					"Authorization",
 					"Basic "
 							+ Base64.encodeBytes((username + ":" + new String(password)).getBytes()));
 		}
 	}

 	public static URLConnection openReadConnection(String url, String username, char[] password)
 			throws IOException {
 		URLConnection conn = openConnection(url, username, password);
 		conn.setRequestProperty("Accept-Charset", ConnectionUtils.CHARSET);
 		return conn;
 	}

 	public static URLConnection openConnection(String url, String username, char[] password)
 			throws IOException {
 		URL urlObject = new URL(url);
 		URLConnection conn = urlObject.openConnection();
 		setAuthorization(conn, username, password);
 		conn.setUseCaches(false);
 		conn.setDoOutput(true);
 		if (conn instanceof HttpsURLConnection) {
 			HttpsURLConnection secureConn = (HttpsURLConnection) conn;
 			secureConn.setSSLSocketFactory(SSL_CONTEXT.getSocketFactory());
 			secureConn.setHostnameVerifier(HOSTNAME_VERIFIER);
 		}
 		return conn;
 	}

 	// Copyright (C) 2009 The Android Open Source Project
 	//
 	// Licensed under the Apache License, Version 2.0 (the "License");
 	// you may not use this file except in compliance with the License.
 	// You may obtain a copy of the License at
 	//
 	// http://www.apache.org/licenses/LICENSE-2.0
 	//
 	// Unless required by applicable law or agreed to in writing, software
 	// distributed under the License is distributed on an "AS IS" BASIS,
 	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 	// See the License for the specific language governing permissions and
 	// limitations under the License.
 	public static class BlindSSLSocketFactory extends SSLSocketFactory {
 		private static final BlindSSLSocketFactory INSTANCE;

 		static {
 			try {
 				final SSLContext context = SSLContext.getInstance("SSL");
 				final TrustManager[] trustManagers = { new DummyTrustManager() };
 				final SecureRandom rng = new SecureRandom();
 				context.init(null, trustManagers, rng);
 				INSTANCE = new BlindSSLSocketFactory(context.getSocketFactory());
 			} catch (GeneralSecurityException e) {
 				throw new RuntimeException("Cannot create BlindSslSocketFactory", e);
 			}
 		}

 		public static SocketFactory getDefault() {
 			return INSTANCE;
 		}

 		private final SSLSocketFactory sslFactory;

 		private BlindSSLSocketFactory(final SSLSocketFactory sslFactory) {
 			this.sslFactory = sslFactory;
 		}

 		@Override
 		public Socket createSocket(Socket s, String host, int port, boolean autoClose)
 				throws IOException {
 			return sslFactory.createSocket(s, host, port, autoClose);
 		}

 		@Override
 		public String[] getDefaultCipherSuites() {
 			return sslFactory.getDefaultCipherSuites();
 		}

 		@Override
 		public String[] getSupportedCipherSuites() {
 			return sslFactory.getSupportedCipherSuites();
 		}

 		@Override
 		public Socket createSocket() throws IOException {
 			return sslFactory.createSocket();
 		}

 		@Override
 		public Socket createSocket(String host, int port) throws IOException,
 		UnknownHostException {
 			return sslFactory.createSocket(host, port);
 		}

 		@Override
 		public Socket createSocket(InetAddress host, int port) throws IOException {
 			return sslFactory.createSocket(host, port);
 		}

 		@Override
 		public Socket createSocket(String host, int port, InetAddress localHost,
 				int localPort) throws IOException, UnknownHostException {
 			return sslFactory.createSocket(host, port, localHost, localPort);
 		}

 		@Override
 		public Socket createSocket(InetAddress address, int port,
 				InetAddress localAddress, int localPort) throws IOException {
 			return sslFactory.createSocket(address, port, localAddress, localPort);
 		}
 	}

 	/**
 	 * DummyTrustManager trusts all certificates.
 	 *
 	 * @author James Moger
 	 */
 	private static class DummyTrustManager implements X509TrustManager {

 		@Override
 		public void checkClientTrusted(X509Certificate[] certs, String authType)
 				throws CertificateException {
 		}

 		@Override
 		public void checkServerTrusted(X509Certificate[] certs, String authType)
 				throws CertificateException {
 		}

 		@Override
 		public X509Certificate[] getAcceptedIssuers() {
 			return null;
 		}
 	}

 	/**
 	 * Trusts all hostnames from a certificate, including self-signed certs.
 	 *
 	 * @author James Moger
 	 */
 	private static class DummyHostnameVerifier implements HostnameVerifier {
 		@Override
 		public boolean verify(String hostname, SSLSession session) {
 			return true;
 		}
 	}
 }
	/*
	* Copyright 2011 gitblit.com.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.gitblit.utils;

	import java.io.IOException;
	import java.net.InetAddress;
	import java.net.Socket;
	import java.net.URL;
	import java.net.URLConnection;
	import java.net.UnknownHostException;
	import java.security.GeneralSecurityException;
	import java.security.SecureRandom;
	import java.security.cert.CertificateException;
	import java.security.cert.X509Certificate;

	import javax.net.SocketFactory;
	import javax.net.ssl.HostnameVerifier;
	import javax.net.ssl.HttpsURLConnection;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLSession;
	import javax.net.ssl.SSLSocketFactory;
	import javax.net.ssl.TrustManager;
	import javax.net.ssl.X509TrustManager;


	/**
	* Utility class for establishing HTTP/HTTPS connections.
	*
	* @author James Moger
	*
	*/
	public class ConnectionUtils {

	static final String CHARSET;

	private static final SSLContext SSL_CONTEXT;

	private static final DummyHostnameVerifier HOSTNAME_VERIFIER;

	static {
	SSLContext context = null;
	try {
	context = SSLContext.getInstance("SSL");
	context.init(null, new TrustManager[] { new DummyTrustManager() }, new SecureRandom());
	} catch (Throwable t) {
	t.printStackTrace();
	}
	SSL_CONTEXT = context;
	HOSTNAME_VERIFIER = new DummyHostnameVerifier();
	CHARSET = "UTF-8";

	// Disable Java 7 SNI checks
	// http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
	System.setProperty("jsse.enableSNIExtension", "false");
	}

	public static void setAuthorization(URLConnection conn, String username, char[] password) {
	if (!StringUtils.isEmpty(username) && (password != null && password.length > 0)) {
	conn.setRequestProperty(
	"Authorization",
	"Basic "
	+ Base64.encodeBytes((username + ":" + new String(password)).getBytes()));
	}
	}

	public static URLConnection openReadConnection(String url, String username, char[] password)
	throws IOException {
	URLConnection conn = openConnection(url, username, password);
	conn.setRequestProperty("Accept-Charset", ConnectionUtils.CHARSET);
	return conn;
	}

	public static URLConnection openConnection(String url, String username, char[] password)
	throws IOException {
	URL urlObject = new URL(url);
	URLConnection conn = urlObject.openConnection();
	setAuthorization(conn, username, password);
	conn.setUseCaches(false);
	conn.setDoOutput(true);
	if (conn instanceof HttpsURLConnection) {
	HttpsURLConnection secureConn = (HttpsURLConnection) conn;
	secureConn.setSSLSocketFactory(SSL_CONTEXT.getSocketFactory());
	secureConn.setHostnameVerifier(HOSTNAME_VERIFIER);
	}
	return conn;
	}

	// Copyright (C) 2009 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	public static class BlindSSLSocketFactory extends SSLSocketFactory {
	private static final BlindSSLSocketFactory INSTANCE;

	static {
	try {
	final SSLContext context = SSLContext.getInstance("SSL");
	final TrustManager[] trustManagers = { new DummyTrustManager() };
	final SecureRandom rng = new SecureRandom();
	context.init(null, trustManagers, rng);
	INSTANCE = new BlindSSLSocketFactory(context.getSocketFactory());
	} catch (GeneralSecurityException e) {
	throw new RuntimeException("Cannot create BlindSslSocketFactory", e);
	}
	}

	public static SocketFactory getDefault() {
	return INSTANCE;
	}

	private final SSLSocketFactory sslFactory;

	private BlindSSLSocketFactory(final SSLSocketFactory sslFactory) {
	this.sslFactory = sslFactory;
	}

	@Override
	public Socket createSocket(Socket s, String host, int port, boolean autoClose)
	throws IOException {
	return sslFactory.createSocket(s, host, port, autoClose);
	}

	@Override
	public String[] getDefaultCipherSuites() {
	return sslFactory.getDefaultCipherSuites();
	}

	@Override
	public String[] getSupportedCipherSuites() {
	return sslFactory.getSupportedCipherSuites();
	}

	@Override
	public Socket createSocket() throws IOException {
	return sslFactory.createSocket();
	}

	@Override
	public Socket createSocket(String host, int port) throws IOException,
	UnknownHostException {
	return sslFactory.createSocket(host, port);
	}

	@Override
	public Socket createSocket(InetAddress host, int port) throws IOException {
	return sslFactory.createSocket(host, port);
	}

	@Override
	public Socket createSocket(String host, int port, InetAddress localHost,
	int localPort) throws IOException, UnknownHostException {
	return sslFactory.createSocket(host, port, localHost, localPort);
	}

	@Override
	public Socket createSocket(InetAddress address, int port,
	InetAddress localAddress, int localPort) throws IOException {
	return sslFactory.createSocket(address, port, localAddress, localPort);
	}
	}

	/**
	* DummyTrustManager trusts all certificates.
	*
	* @author James Moger
	*/
	private static class DummyTrustManager implements X509TrustManager {

	@Override
	public void checkClientTrusted(X509Certificate[] certs, String authType)
	throws CertificateException {
	}

	@Override
	public void checkServerTrusted(X509Certificate[] certs, String authType)
	throws CertificateException {
	}

	@Override
	public X509Certificate[] getAcceptedIssuers() {
	return null;
	}
	}

	/**
	* Trusts all hostnames from a certificate, including self-signed certs.
	*
	* @author James Moger
	*/
	private static class DummyHostnameVerifier implements HostnameVerifier {
	@Override
	public boolean verify(String hostname, SSLSession session) {
	return true;
	}
	}
	}