Accept all SSL-certificates (not only valid and self-signed), but put a warning into log file

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@4888 6c8d7289-2bf4-0310-a012-ef5d649a1542

source/de/anomic/http/AcceptEverythingSSLProtcolSocketFactory.java

@@ -0,0 +1,107 @@
+package de.anomic.http;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+/**
+ * accepts every Certificate
+ * 
+ * @author danielr
+ * @since 12.05.2008
+ */
+class AcceptEverythingSSLProtcolSocketFactory implements SecureProtocolSocketFactory {
+    private SSLContext sslContext = null;
+
+    /**
+     * constructor
+     */
+    public AcceptEverythingSSLProtcolSocketFactory() {
+        super();
+        try {
+            sslContext = SSLContext.getInstance("SSL");
+            sslContext.init(null, new TrustManager[] { new AcceptEverythingTrustManager() }, null);
+        } catch (final NoSuchAlgorithmException e) {
+            // SSL should be supported
+            e.printStackTrace();
+        } catch (final KeyManagementException e) {
+            e.printStackTrace();
+        } catch (final KeyStoreException e) {
+            // should never happen, because we don't use a keystore
+            e.printStackTrace();
+        }
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket,
+     *      java.lang.String, int, boolean)
+     */
+    public Socket createSocket(final Socket socket, final String host, final int port, final boolean autoClose)
+            throws IOException, UnknownHostException {
+        return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+     */
+    public Socket createSocket(final String host, final int port) throws IOException, UnknownHostException {
+        return sslContext.getSocketFactory().createSocket(host, port);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int,
+     *      java.net.InetAddress, int)
+     */
+    public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort)
+            throws IOException, UnknownHostException {
+        return sslContext.getSocketFactory().createSocket(host, port, localAddress, localPort);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int,
+     *      java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+     */
+    public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort,
+            final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException {
+        if (params == null) {
+            throw new IllegalArgumentException("Parameters may not be null");
+        }
+        final Socket socket = sslContext.getSocketFactory().createSocket();
+        // apply params
+        if (params.getLinger() > -1) {
+            socket.setSoLinger((params.getLinger() != 0), params.getLinger());
+        }
+        if (params.getReceiveBufferSize() > 0) {
+            socket.setReceiveBufferSize(params.getReceiveBufferSize());
+        }
+        if (params.getSendBufferSize() > 0) {
+            socket.setSendBufferSize(params.getSendBufferSize());
+        }
+        socket.setSoTimeout(params.getSoTimeout());
+        socket.setTcpNoDelay(params.getTcpNoDelay());
+
+        socket.bind(new InetSocketAddress(localAddress, localPort));
+        socket.connect(new InetSocketAddress(host, port), params.getConnectionTimeout());
+        return socket;
+    }
+}

source/de/anomic/http/AcceptEverythingTrustManager.java

@@ -0,0 +1,46 @@
+package de.anomic.http;
+
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+import de.anomic.server.logging.serverLog;
+
+/**
+ * trust every server
+ * 
+ * @author daniel
+ * 
+ */
+class AcceptEverythingTrustManager extends EasyX509TrustManager implements X509TrustManager {
+
+    /**
+     * constructor
+     * 
+     * @param keystore
+     * @throws NoSuchAlgorithmException
+     * @throws KeyStoreException
+     */
+    public AcceptEverythingTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
+        super(null);
+    }
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
+     */
+    @Override
+    public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
+        try {
+            super.checkServerTrusted(chain, authType);
+        } catch (final Exception e) {
+            // trusted but logged
+            serverLog.logWarning("HTTPC", "trusting SSL certificate with " + e.getClass() + ": " + e.getMessage());
+        }
+    }
+
+}

source/de/anomic/http/HttpClient.java

@@ -37,14 +37,13 @@ import de.anomic.server.logging.serverLog;
  * some methods must be implemented (the "socket-layer")
  */
 public abstract class HttpClient {
-    
+
     /**
      * provide system information for client identification
      */
-    private static final String systemOST =
+    private static final String systemOST = System.getProperty("os.arch", "no-os-arch") + " " +
-        System.getProperty("os.arch", "no-os-arch") + " " + System.getProperty("os.name", "no-os-name") +
+            System.getProperty("os.name", "no-os-name") + " " + System.getProperty("os.version", "no-os-version") +
-                " " + System.getProperty("os.version", "no-os-version") + "; " + "java " +
+            "; " + "java " + System.getProperty("java.version", "no-java-version") + "; " + generateLocation();
-                System.getProperty("java.version", "no-java-version") + "; " + generateLocation();
 
     /**
      * generating the location string
@@ -99,7 +98,7 @@ public abstract class HttpClient {
     public static byte[] wget(final String uri, final String vhost) {
         return wget(uri, null, vhost);
     }
-    
+
     /**
      * Gets a page (as raw bytes) aborting after timeout
      * 
@@ -129,12 +128,12 @@ public abstract class HttpClient {
      * @param header
      * @param vhost
      * @return
-     * @assert uri != null
+     * @require uri != null
      */
-    public static byte[] wget(final String uri, httpHeader header, final String vhost) {
+    public static byte[] wget(final String uri, final httpHeader header, final String vhost) {
         return wget(uri, header, vhost, 10000);
     }
-    
+
     /**
      * Gets a page (as raw bytes) addressing vhost at host in uri with specified header and timeout
      * 
@@ -144,7 +143,7 @@ public abstract class HttpClient {
      * @param timeout in milliseconds
      * @return
      */
-    public static byte[] wget(final String uri, httpHeader header, final String vhost, int timeout) {
+    public static byte[] wget(final String uri, httpHeader header, final String vhost, final int timeout) {
         assert uri != null : "precondition violated: uri != null";
         final JakartaCommonsHttpClient client = new JakartaCommonsHttpClient(timeout, null, null);
 
@@ -206,7 +205,7 @@ public abstract class HttpClient {
         } catch (final IOException e) {
             serverLog.logWarning("HTTPC", "whead(" + uri + ") failed: " + e.getMessage());
         } finally {
-            if(response != null) {
+            if (response != null) {
                 response.closeStream();
             }
         }

source/de/anomic/http/JakartaCommonsHttpClient.java

@@ -68,6 +68,7 @@ import de.anomic.server.logging.serverLog;
  * 
  */
 public class JakartaCommonsHttpClient {
+
     /**
      * "the HttpClient instance and connection manager should be shared among all threads for maximum efficiency."
      * (Concurrent execution of HTTP methods, http://hc.apache.org/httpclient-3.x/performance.html)
@@ -99,7 +100,7 @@ public class JakartaCommonsHttpClient {
 
         // accept self-signed or untrusted certificates
         Protocol.registerProtocol("https", new Protocol("https",
-                (ProtocolSocketFactory) new EasySSLProtocolSocketFactory(), 443));
+                (ProtocolSocketFactory) new AcceptEverythingSSLProtcolSocketFactory(), 443));
 
         /**
          * set network timeout properties. see: http://java.sun.com/j2se/1.5.0/docs/guide/net/properties.html These
@@ -166,7 +167,7 @@ public class JakartaCommonsHttpClient {
      * @see de.anomic.http.HttpClient#setHeader(de.anomic.http.httpHeader)
      */
     public void setHeader(final httpHeader header) {
-        this.headers = convertHeaders(header);
+        headers = convertHeaders(header);
     }
 
     /*
@@ -184,7 +185,7 @@ public class JakartaCommonsHttpClient {
      * @param follow
      */
     public void setFollowRedirects(final boolean follow) {
-        this.followRedirects = follow;
+        followRedirects = follow;
     }
 
     /*
@@ -205,7 +206,7 @@ public class JakartaCommonsHttpClient {
      */
     public JakartaCommonsHttpResponse GET(final String uri) throws IOException {
         final HttpMethod get = new GetMethod(uri);
-        get.setFollowRedirects(this.followRedirects);
+        get.setFollowRedirects(followRedirects);
         return execute(get);
     }
 
@@ -220,7 +221,7 @@ public class JakartaCommonsHttpClient {
     public JakartaCommonsHttpResponse HEAD(final String uri) throws IOException {
         assert uri != null : "precondition violated: uri != null";
         final HttpMethod head = new HeadMethod(uri);
-        head.setFollowRedirects(this.followRedirects);
+        head.setFollowRedirects(followRedirects);
         return execute(head);
     }
 
@@ -374,7 +375,7 @@ public class JakartaCommonsHttpClient {
     private JakartaCommonsHttpResponse execute(final HttpMethod method) throws IOException, HttpException {
         assert method != null : "precondition violated: method != null";
         // set header
-        for (final Header header : this.headers) {
+        for (final Header header : headers) {
             method.setRequestHeader(header);
         }
 
@@ -418,9 +419,9 @@ public class JakartaCommonsHttpClient {
         } catch (final URIException e) {
             // should not happen, because method is already executed
         }
-        final String query = (method.getQueryString() != null) ? "?" + method.getQueryString() : "";
+        final String query = method.getQueryString() != null ? "?" + method.getQueryString() : "";
-        return new HttpConnectionInfo(protocol, (port == -1 || port == 80) ? host : host + ":" + port,
+        return new HttpConnectionInfo(protocol, port == -1 || port == 80 ? host : host + ":" + port, method.getName() +
-                method.getName() + " " + method.getPath() + query, method.hashCode(), System.currentTimeMillis());
+                " " + method.getPath() + query, method.hashCode(), System.currentTimeMillis());
     }
 
     /**
@@ -452,9 +453,9 @@ public class JakartaCommonsHttpClient {
      */
     private httpRemoteProxyConfig getProxyConfig(final String hostname) {
         final httpRemoteProxyConfig hostProxyConfig;
-        if (this.proxyConfig != null) {
+        if (proxyConfig != null) {
             // client specific
-            hostProxyConfig = httpdProxyHandler.getProxyConfig(hostname, this.proxyConfig);
+            hostProxyConfig = httpdProxyHandler.getProxyConfig(hostname, proxyConfig);
         } else {
             // default settings
             hostProxyConfig = httpdProxyHandler.getProxyConfig(hostname, 0);
@@ -518,7 +519,7 @@ public class JakartaCommonsHttpClient {
     public static void main(final String[] args) {
         JakartaCommonsHttpResponse resp = null;
         String url = args[0];
-        if (!(url.toUpperCase().startsWith("HTTP://"))) {
+        if (!url.toUpperCase().startsWith("HTTP://")) {
             url = "http://" + url;
         }
         try {
@@ -571,15 +572,6 @@ public class JakartaCommonsHttpClient {
         apacheHttpClient.getParams().setParameter(HttpMethodParams.USER_AGENT, userAgent + jakartaUserAgent);
     }
 
-    /**
-     * number of active connections
-     * 
-     * @return
-     */
-    public static int connectionCount() {
-        return conManager.getConnectionsInPool();
-    }
-
     /**
      * remove unused connections
      */
@@ -593,4 +585,13 @@ public class JakartaCommonsHttpClient {
             HttpConnectionInfo.cleanUp();
         }
     }
+
+    /**
+     * number of active connections
+     * 
+     * @return
+     */
+    public static int connectionCount() {
+        return conManager.getConnectionsInPool();
+    }
 }