/* | |
* Copyright 2011 gitblit.com. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, | |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
*/ | |
package com.gitblit.utils; | |
import java.io.IOException; | |
import java.net.InetAddress; | |
import java.net.Socket; | |
import java.net.URL; | |
import java.net.URLConnection; | |
import java.net.UnknownHostException; | |
import java.security.GeneralSecurityException; | |
import java.security.SecureRandom; | |
import java.security.cert.CertificateException; | |
import java.security.cert.X509Certificate; | |
import javax.net.SocketFactory; | |
import javax.net.ssl.HostnameVerifier; | |
import javax.net.ssl.HttpsURLConnection; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.SSLSession; | |
import javax.net.ssl.SSLSocketFactory; | |
import javax.net.ssl.TrustManager; | |
import javax.net.ssl.X509TrustManager; | |
/** | |
* Utility class for establishing HTTP/HTTPS connections. | |
* | |
* @author James Moger | |
* | |
*/ | |
public class ConnectionUtils { | |
static final String CHARSET; | |
private static final SSLContext SSL_CONTEXT; | |
private static final DummyHostnameVerifier HOSTNAME_VERIFIER; | |
static { | |
SSLContext context = null; | |
try { | |
context = SSLContext.getInstance("SSL"); | |
context.init(null, new TrustManager[] { new DummyTrustManager() }, new SecureRandom()); | |
} catch (Throwable t) { | |
t.printStackTrace(); | |
} | |
SSL_CONTEXT = context; | |
HOSTNAME_VERIFIER = new DummyHostnameVerifier(); | |
CHARSET = "UTF-8"; | |
// Disable Java 7 SNI checks | |
// http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0 | |
System.setProperty("jsse.enableSNIExtension", "false"); | |
} | |
public static void setAuthorization(URLConnection conn, String username, char[] password) { | |
if (!StringUtils.isEmpty(username) && (password != null && password.length > 0)) { | |
conn.setRequestProperty( | |
"Authorization", | |
"Basic " | |
+ Base64.encodeBytes((username + ":" + new String(password)).getBytes())); | |
} | |
} | |
public static URLConnection openReadConnection(String url, String username, char[] password) | |
throws IOException { | |
URLConnection conn = openConnection(url, username, password); | |
conn.setRequestProperty("Accept-Charset", ConnectionUtils.CHARSET); | |
return conn; | |
} | |
public static URLConnection openConnection(String url, String username, char[] password) | |
throws IOException { | |
URL urlObject = new URL(url); | |
URLConnection conn = urlObject.openConnection(); | |
setAuthorization(conn, username, password); | |
conn.setUseCaches(false); | |
conn.setDoOutput(true); | |
if (conn instanceof HttpsURLConnection) { | |
HttpsURLConnection secureConn = (HttpsURLConnection) conn; | |
secureConn.setSSLSocketFactory(SSL_CONTEXT.getSocketFactory()); | |
secureConn.setHostnameVerifier(HOSTNAME_VERIFIER); | |
} | |
return conn; | |
} | |
// Copyright (C) 2009 The Android Open Source Project | |
// | |
// Licensed under the Apache License, Version 2.0 (the "License"); | |
// you may not use this file except in compliance with the License. | |
// You may obtain a copy of the License at | |
// | |
// http://www.apache.org/licenses/LICENSE-2.0 | |
// | |
// Unless required by applicable law or agreed to in writing, software | |
// distributed under the License is distributed on an "AS IS" BASIS, | |
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
// See the License for the specific language governing permissions and | |
// limitations under the License. | |
public static class BlindSSLSocketFactory extends SSLSocketFactory { | |
private static final BlindSSLSocketFactory INSTANCE; | |
static { | |
try { | |
final SSLContext context = SSLContext.getInstance("SSL"); | |
final TrustManager[] trustManagers = { new DummyTrustManager() }; | |
final SecureRandom rng = new SecureRandom(); | |
context.init(null, trustManagers, rng); | |
INSTANCE = new BlindSSLSocketFactory(context.getSocketFactory()); | |
} catch (GeneralSecurityException e) { | |
throw new RuntimeException("Cannot create BlindSslSocketFactory", e); | |
} | |
} | |
public static SocketFactory getDefault() { | |
return INSTANCE; | |
} | |
private final SSLSocketFactory sslFactory; | |
private BlindSSLSocketFactory(final SSLSocketFactory sslFactory) { | |
this.sslFactory = sslFactory; | |
} | |
@Override | |
public Socket createSocket(Socket s, String host, int port, boolean autoClose) | |
throws IOException { | |
return sslFactory.createSocket(s, host, port, autoClose); | |
} | |
@Override | |
public String[] getDefaultCipherSuites() { | |
return sslFactory.getDefaultCipherSuites(); | |
} | |
@Override | |
public String[] getSupportedCipherSuites() { | |
return sslFactory.getSupportedCipherSuites(); | |
} | |
@Override | |
public Socket createSocket() throws IOException { | |
return sslFactory.createSocket(); | |
} | |
@Override | |
public Socket createSocket(String host, int port) throws IOException, | |
UnknownHostException { | |
return sslFactory.createSocket(host, port); | |
} | |
@Override | |
public Socket createSocket(InetAddress host, int port) throws IOException { | |
return sslFactory.createSocket(host, port); | |
} | |
@Override | |
public Socket createSocket(String host, int port, InetAddress localHost, | |
int localPort) throws IOException, UnknownHostException { | |
return sslFactory.createSocket(host, port, localHost, localPort); | |
} | |
@Override | |
public Socket createSocket(InetAddress address, int port, | |
InetAddress localAddress, int localPort) throws IOException { | |
return sslFactory.createSocket(address, port, localAddress, localPort); | |
} | |
} | |
/** | |
* DummyTrustManager trusts all certificates. | |
* | |
* @author James Moger | |
*/ | |
private static class DummyTrustManager implements X509TrustManager { | |
@Override | |
public void checkClientTrusted(X509Certificate[] certs, String authType) | |
throws CertificateException { | |
} | |
@Override | |
public void checkServerTrusted(X509Certificate[] certs, String authType) | |
throws CertificateException { | |
} | |
@Override | |
public X509Certificate[] getAcceptedIssuers() { | |
return null; | |
} | |
} | |
/** | |
* Trusts all hostnames from a certificate, including self-signed certs. | |
* | |
* @author James Moger | |
*/ | |
private static class DummyHostnameVerifier implements HostnameVerifier { | |
@Override | |
public boolean verify(String hostname, SSLSession session) { | |
return true; | |
} | |
} | |
} |