added options to disable ssl verification

2025-11-09 06:55:47 +01:00 · 2012-06-04 13:59:52 +02:00
parent d9cedfd8b1
commit 12e56b46d8
4 changed files with 247 additions and 2 deletions
--- a/scm-webapp/src/main/java/sonia/scm/net/TrustAllHostnameVerifier.java
+++ b/scm-webapp/src/main/java/sonia/scm/net/TrustAllHostnameVerifier.java
@@ -0,0 +1,60 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.net;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class TrustAllHostnameVerifier implements HostnameVerifier
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param hostname
+   * @param session
+   *
+   * @return
+   */
+  @Override
+  public boolean verify(String hostname, SSLSession session)
+  {
+    return true;
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/net/TrustAllTrustManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/net/TrustAllTrustManager.java
@@ -0,0 +1,87 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.net;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class TrustAllTrustManager implements X509TrustManager
+{
+
+  /**
+   * Method description
+   *
+   *
+   * @param chain
+   * @param authType
+   *
+   * @throws CertificateException
+   */
+  @Override
+  public void checkClientTrusted(X509Certificate[] chain, String authType)
+          throws CertificateException {}
+
+  /**
+   * Method description
+   *
+   *
+   * @param chain
+   * @param authType
+   *
+   * @throws CertificateException
+   */
+  @Override
+  public void checkServerTrusted(X509Certificate[] chain, String authType)
+          throws CertificateException {}
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @Override
+  public X509Certificate[] getAcceptedIssuers()
+  {
+    return null;
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/net/URLHttpClient.java
+++ b/scm-webapp/src/main/java/sonia/scm/net/URLHttpClient.java
@@ -64,6 +64,10 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;

+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
 /**
 *
 * @author Sebastian Sdorra
@@ -383,6 +387,39 @@ public class URLHttpClient implements HttpClient
    }
  }

+  /**
+   * Method description
+   *
+   *
+   * @param request
+   * @param connection
+   */
+  private void applySSLSettings(HttpRequest request,
+                                HttpsURLConnection connection)
+  {
+    if (request.isDisableCertificateValidation())
+    {
+      try
+      {
+        TrustManager[] trustAllCerts = new TrustManager[] {
+                                         new TrustAllTrustManager() };
+        SSLContext sc = SSLContext.getInstance("SSL");
+
+        sc.init(null, trustAllCerts, new java.security.SecureRandom());
+        connection.setSSLSocketFactory(sc.getSocketFactory());
+      }
+      catch (Exception ex)
+      {
+        logger.error("could not disable certificate validation", ex);
+      }
+    }
+
+    if (request.isDisableHostnameValidation())
+    {
+      connection.setHostnameVerifier(new TrustAllHostnameVerifier());
+    }
+  }
+
  /**
   * Method description
   *
@@ -514,6 +551,11 @@ public class URLHttpClient implements HttpClient
      connection = (HttpURLConnection) url.openConnection();
    }

+    if (connection instanceof HttpsURLConnection)
+    {
+      applySSLSettings(request, (HttpsURLConnection) connection);
+    }
+
    connection.setReadTimeout(TIMEOUT_RAED);
    connection.setConnectTimeout(TIMEOUT_CONNECTION);