Accept all SSL-certificates (not only valid and self-signed), but put a warning into log file

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@4888 6c8d7289-2bf4-0310-a012-ef5d649a1542
17 years ago · d3037c2950
parent 1b906053ad
commit d3037c2950
4 changed files with 185 additions and 32 deletions
--- a/source/de/anomic/http/AcceptEverythingSSLProtcolSocketFactory.java
+++ b/source/de/anomic/http/AcceptEverythingSSLProtcolSocketFactory.java
@ -0,0 +1,107 @@
+package de.anomic.http;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+/**
+ * accepts every Certificate
+ * 
+ * @author danielr
+ * @since 12.05.2008
+ */
+class AcceptEverythingSSLProtcolSocketFactory implements SecureProtocolSocketFactory {
+    private SSLContext sslContext = null;
+
+    /**
+     * constructor
+     */
+    public AcceptEverythingSSLProtcolSocketFactory() {
+        super();
+        try {
+            sslContext = SSLContext.getInstance("SSL");
+            sslContext.init(null, new TrustManager[] { new AcceptEverythingTrustManager() }, null);
+        } catch (final NoSuchAlgorithmException e) {
+            // SSL should be supported
+            e.printStackTrace();
+        } catch (final KeyManagementException e) {
+            e.printStackTrace();
+        } catch (final KeyStoreException e) {
+            // should never happen, because we don't use a keystore
+            e.printStackTrace();
+        }
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket,
+     *      java.lang.String, int, boolean)
+     */
+    public Socket createSocket(final Socket socket, final String host, final int port, final boolean autoClose)
+            throws IOException, UnknownHostException {
+        return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+     */
+    public Socket createSocket(final String host, final int port) throws IOException, UnknownHostException {
+        return sslContext.getSocketFactory().createSocket(host, port);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int,
+     *      java.net.InetAddress, int)
+     */
+    public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort)
+            throws IOException, UnknownHostException {
+        return sslContext.getSocketFactory().createSocket(host, port, localAddress, localPort);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int,
+     *      java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+     */
+    public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort,
+            final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
+        if (params == null) {
+            throw new IllegalArgumentException("Parameters may not be null");
+        }
+        final Socket socket = sslContext.getSocketFactory().createSocket();
+        // apply params
+        if (params.getLinger() > -1) {
+            socket.setSoLinger((params.getLinger() != 0), params.getLinger());
+        }
+        if (params.getReceiveBufferSize() > 0) {
+            socket.setReceiveBufferSize(params.getReceiveBufferSize());
+        }
+        if (params.getSendBufferSize() > 0) {
+            socket.setSendBufferSize(params.getSendBufferSize());
+        }
+        socket.setSoTimeout(params.getSoTimeout());
+        socket.setTcpNoDelay(params.getTcpNoDelay());
+
+        socket.bind(new InetSocketAddress(localAddress, localPort));
+        socket.connect(new InetSocketAddress(host, port), params.getConnectionTimeout());
+        return socket;
+    }
+}
--- a/source/de/anomic/http/AcceptEverythingTrustManager.java
+++ b/source/de/anomic/http/AcceptEverythingTrustManager.java
@ -0,0 +1,46 @@
+package de.anomic.http;
+
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+import de.anomic.server.logging.serverLog;
+
+/**
+ * trust every server
+ * 
+ * @author daniel
+ * 
+ */
+class AcceptEverythingTrustManager extends EasyX509TrustManager implements X509TrustManager {
+
+    /**
+     * constructor
+     * 
+     * @param keystore
+     * @throws NoSuchAlgorithmException
+     * @throws KeyStoreException
+     */
+    public AcceptEverythingTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
+        super(null);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
+     */
+    @Override
+    public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
+        try {
+            super.checkServerTrusted(chain, authType);
+        } catch (final Exception e) {
+            // trusted but logged
+            serverLog.logWarning("HTTPC", "trusting SSL certificate with " + e.getClass() + ": " + e.getMessage());
+        }
+    }
+
+}
--- a/source/de/anomic/http/HttpClient.java
+++ b/source/de/anomic/http/HttpClient.java
@ -37,14 +37,13 @@ import de.anomic.server.logging.serverLog;
 * some methods must be implemented (the "socket-layer")
 */
 public abstract class HttpClient {
-    
+
    /**
     * provide system information for client identification
     */
-    private static final String systemOST =
-        System.getProperty("os.arch", "no-os-arch") + " " + System.getProperty("os.name", "no-os-name") +
-                " " + System.getProperty("os.version", "no-os-version") + "; " + "java " +
-                System.getProperty("java.version", "no-java-version") + "; " + generateLocation();
+    private static final String systemOST = System.getProperty("os.arch", "no-os-arch") + " " +
+            System.getProperty("os.name", "no-os-name") + " " + System.getProperty("os.version", "no-os-version") +
+            "; " + "java " + System.getProperty("java.version", "no-java-version") + "; " + generateLocation();

    /**
     * generating the location string
@ -99,7 +98,7 @@ public abstract class HttpClient {
    public static byte[] wget(final String uri, final String vhost) {
        return wget(uri, null, vhost);
    }
-    
+
    /**
     * Gets a page (as raw bytes) aborting after timeout
     * 
@ -129,12 +128,12 @@ public abstract class HttpClient {
     * @param header
     * @param vhost
     * @return
-     * @assert uri != null
+     * @require uri != null
     */
-    public static byte[] wget(final String uri, httpHeader header, final String vhost) {
+    public static byte[] wget(final String uri, final httpHeader header, final String vhost) {
        return wget(uri, header, vhost, 10000);
    }
-    
+
    /**
     * Gets a page (as raw bytes) addressing vhost at host in uri with specified header and timeout
     * 
@ -144,7 +143,7 @@ public abstract class HttpClient {
     * @param timeout in milliseconds
     * @return
     */
-    public static byte[] wget(final String uri, httpHeader header, final String vhost, int timeout) {
+    public static byte[] wget(final String uri, httpHeader header, final String vhost, final int timeout) {
        assert uri != null : "precondition violated: uri != null";
        final JakartaCommonsHttpClient client = new JakartaCommonsHttpClient(timeout, null, null);

@ -206,7 +205,7 @@ public abstract class HttpClient {
        } catch (final IOException e) {
            serverLog.logWarning("HTTPC", "whead(" + uri + ") failed: " + e.getMessage());
        } finally {
-            if(response != null) {
+            if (response != null) {
                response.closeStream();
            }
        }
--- a/source/de/anomic/http/JakartaCommonsHttpClient.java
+++ b/source/de/anomic/http/JakartaCommonsHttpClient.java
@ -68,6 +68,7 @@ import de.anomic.server.logging.serverLog;
 * 
 */
 public class JakartaCommonsHttpClient {
+
    /**
     * "the HttpClient instance and connection manager should be shared among all threads for maximum efficiency."
     * (Concurrent execution of HTTP methods, http://hc.apache.org/httpclient-3.x/performance.html)
@ -99,7 +100,7 @@ public class JakartaCommonsHttpClient {

        // accept self-signed or untrusted certificates
        Protocol.registerProtocol("https", new Protocol("https",
-                (ProtocolSocketFactory) new EasySSLProtocolSocketFactory(), 443));
+                (ProtocolSocketFactory) new AcceptEverythingSSLProtcolSocketFactory(), 443));

        /**
         * set network timeout properties. see: http://java.sun.com/j2se/1.5.0/docs/guide/net/properties.html These
@ -166,7 +167,7 @@ public class JakartaCommonsHttpClient {
     * @see de.anomic.http.HttpClient#setHeader(de.anomic.http.httpHeader)
     */
    public void setHeader(final httpHeader header) {
-        this.headers = convertHeaders(header);
+        headers = convertHeaders(header);
    }

    /*
@ -184,7 +185,7 @@ public class JakartaCommonsHttpClient {
     * @param follow
     */
    public void setFollowRedirects(final boolean follow) {
-        this.followRedirects = follow;
+        followRedirects = follow;
    }

    /*
@ -205,7 +206,7 @@ public class JakartaCommonsHttpClient {
     */
    public JakartaCommonsHttpResponse GET(final String uri) throws IOException {
        final HttpMethod get = new GetMethod(uri);
-        get.setFollowRedirects(this.followRedirects);
+        get.setFollowRedirects(followRedirects);
        return execute(get);
    }

@ -220,7 +221,7 @@ public class JakartaCommonsHttpClient {
    public JakartaCommonsHttpResponse HEAD(final String uri) throws IOException {
        assert uri != null : "precondition violated: uri != null";
        final HttpMethod head = new HeadMethod(uri);
-        head.setFollowRedirects(this.followRedirects);
+        head.setFollowRedirects(followRedirects);
        return execute(head);
    }

@ -374,7 +375,7 @@ public class JakartaCommonsHttpClient {
    private JakartaCommonsHttpResponse execute(final HttpMethod method) throws IOException, HttpException {
        assert method != null : "precondition violated: method != null";
        // set header
-        for (final Header header : this.headers) {
+        for (final Header header : headers) {
            method.setRequestHeader(header);
        }

@ -418,9 +419,9 @@ public class JakartaCommonsHttpClient {
        } catch (final URIException e) {
            // should not happen, because method is already executed
        }
-        final String query = (method.getQueryString() != null) ? "?" + method.getQueryString() : "";
-        return new HttpConnectionInfo(protocol, (port == -1 || port == 80) ? host : host + ":" + port,
-                method.getName() + " " + method.getPath() + query, method.hashCode(), System.currentTimeMillis());
+        final String query = method.getQueryString() != null ? "?" + method.getQueryString() : "";
+        return new HttpConnectionInfo(protocol, port == -1 || port == 80 ? host : host + ":" + port, method.getName() +
+                " " + method.getPath() + query, method.hashCode(), System.currentTimeMillis());
    }

    /**
@ -452,9 +453,9 @@ public class JakartaCommonsHttpClient {
     */
    private httpRemoteProxyConfig getProxyConfig(final String hostname) {
        final httpRemoteProxyConfig hostProxyConfig;
-        if (this.proxyConfig != null) {
+        if (proxyConfig != null) {
            // client specific
-            hostProxyConfig = httpdProxyHandler.getProxyConfig(hostname, this.proxyConfig);
+            hostProxyConfig = httpdProxyHandler.getProxyConfig(hostname, proxyConfig);
        } else {
            // default settings
            hostProxyConfig = httpdProxyHandler.getProxyConfig(hostname, 0);
@ -518,7 +519,7 @@ public class JakartaCommonsHttpClient {
    public static void main(final String[] args) {
        JakartaCommonsHttpResponse resp = null;
        String url = args[0];
-        if (!(url.toUpperCase().startsWith("HTTP://"))) {
+        if (!url.toUpperCase().startsWith("HTTP://")) {
            url = "http://" + url;
        }
        try {
@ -571,15 +572,6 @@ public class JakartaCommonsHttpClient {
        apacheHttpClient.getParams().setParameter(HttpMethodParams.USER_AGENT, userAgent + jakartaUserAgent);
    }

-    /**
-     * number of active connections
-     * 
-     * @return
-     */
-    public static int connectionCount() {
-        return conManager.getConnectionsInPool();
-    }
-
    /**
     * remove unused connections
     */
@ -593,4 +585,13 @@ public class JakartaCommonsHttpClient {
            HttpConnectionInfo.cleanUp();
        }
    }
+
+    /**
+     * number of active connections
+     * 
+     * @return
+     */
+    public static int connectionCount() {
+        return conManager.getConnectionsInPool();
+    }
 }