Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use SSLContextBuilder from HttpCore 

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1631230 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2014-10-12 17:43:08 +00:00
parent 4c9577a08f
commit 2c0bf9ac10
15 changed files with 17 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
httpclient/src/examples/org/apache/http/examples/client/ClientConfiguration.java
View File

@ -61,7 +61,6 @@ import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.impl.DefaultHttpResponseFactory;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
@ -80,6 +79,7 @@ import org.apache.http.io.SessionInputBuffer;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicLineParser;
import org.apache.http.message.LineParser;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.CharArrayBuffer;
/**

2
httpclient/src/examples/org/apache/http/examples/client/ClientCustomSSL.java
View File

@ -36,10 +36,10 @@ import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
/**

3
httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyDetails.java → httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyDetails.java
View File

@ -35,7 +35,10 @@ import java.util.Arrays;
* Private key details.
*
* @since 4.3
*
* @deprecated (4.4) use {@link org.apache.http.ssl.PrivateKeyDetails}.
*/
@Deprecated
public final class PrivateKeyDetails {
private final String type;

3
httpclient/src/main/java/org/apache/http/conn/ssl/PrivateKeyStrategy.java → httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/PrivateKeyStrategy.java
View File

@ -33,7 +33,10 @@ import java.util.Map;
* A strategy allowing for a choice of an alias during SSL authentication.
*
* @since 4.3
*
* @deprecated (4.4) use {@link org.apache.http.ssl.PrivateKeyStrategy}.
*/
@Deprecated
public interface PrivateKeyStrategy {
/**

3
httpclient/src/main/java/org/apache/http/conn/ssl/SSLContextBuilder.java → httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContextBuilder.java
View File

@ -57,8 +57,11 @@ import org.apache.http.annotation.NotThreadSafe;
* Builder for {@link SSLContext} instances.
*
* @since 4.3
*
* @deprecated (4.4) use {@link org.apache.http.ssl.SSLContextBuilder}.
*/
@NotThreadSafe
@Deprecated
public class SSLContextBuilder {
static final String TLS = "TLS";

3
httpclient/src/main/java/org/apache/http/conn/ssl/SSLContexts.java → httpclient/src/main/java-deprecated/org/apache/http/conn/ssl/SSLContexts.java
View File

@ -38,8 +38,11 @@ import org.apache.http.annotation.Immutable;
* {@link SSLContext} factory methods.
*
* @since 4.3
*
* @deprecated (4.4) use {@link org.apache.http.ssl.SSLContexts}.
*/
@Immutable
@Deprecated
public class SSLContexts {
/**

1
httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java
View File

@ -48,6 +48,7 @@ import org.apache.http.annotation.ThreadSafe;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.Args;
import org.apache.http.util.TextUtils;

21
httpclient/src/main/java/org/apache/http/conn/ssl/TrustStrategy.java
View File

@ -26,9 +26,6 @@
*/
package org.apache.http.conn.ssl;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* A strategy to establish trustworthiness of certificates without consulting the trust manager
* configured in the actual SSL context. This interface can be used to override the standard
@ -36,22 +33,6 @@ import java.security.cert.X509Certificate;
*
* @since 4.1
*/
public interface TrustStrategy {
/**
* Determines whether the certificate chain can be trusted without consulting the trust manager
* configured in the actual SSL context. This method can be used to override the standard JSSE
* certificate verification process.
* <p>
* Please note that, if this method returns {@code false}, the trust manager configured
* in the actual SSL context can still clear the certificate as trusted.
*
* @param chain the peer certificate chain
* @param authType the authentication type based on the client certificate
* @return {@code true} if the certificate can be trusted without verification by
* the trust manager, {@code false} otherwise.
* @throws CertificateException thrown if the certificate is not trusted or invalid.
*/
boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException;
public interface TrustStrategy extends org.apache.http.ssl.TrustStrategy {
}

2
httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java
View File

@ -83,7 +83,6 @@ import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.conn.util.PublicSuffixMatcher;
import org.apache.http.conn.util.PublicSuffixMatcherLoader;
@ -118,6 +117,7 @@ import org.apache.http.protocol.ImmutableHttpProcessor;
import org.apache.http.protocol.RequestContent;
import org.apache.http.protocol.RequestTargetHost;
import org.apache.http.protocol.RequestUserAgent;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.TextUtils;
import org.apache.http.util.VersionInfo;

100
httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLContextBuilder.java
View File

@ -1,100 +0,0 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.conn.ssl;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import org.junit.Test;
/**
* Unit tests for {@link org.apache.http.conn.ssl.SSLContextBuilder}.
*/
public class TestSSLContextBuilder {
private static KeyStore load(final String res, final char[] passwd) throws Exception {
final KeyStore keystore = KeyStore.getInstance("jks");
final ClassLoader cl = TestSSLContextBuilder.class.getClassLoader();
final URL url = cl.getResource(res);
final InputStream instream = url.openStream();
try {
keystore.load(instream, passwd);
} finally {
instream.close();
}
return keystore;
}
@Test
public void testBuildDefault() throws Exception {
new SSLContextBuilder().build();
}
@Test
public void testBuildAllNull() throws Exception {
new SSLContextBuilder()
.useProtocol(null)
.setSecureRandom(null)
.loadTrustMaterial(null)
.loadKeyMaterial(null, null)
.build();
}
@Test
public void testLoadTrustMultipleMaterial() throws Exception {
final KeyStore truststore1 = load("hc-test-1.truststore", "nopassword".toCharArray());
final KeyStore truststore2 = load("hc-test-2.truststore", "nopassword".toCharArray());
new SSLContextBuilder()
.loadTrustMaterial(truststore1)
.loadTrustMaterial(truststore2)
.build();
}
@Test
public void testKeyWithAlternatePassword() throws Exception {
final KeyStore keystore = load("test-keypasswd.keystore", "nopassword".toCharArray());
final String keyPassword = "password";
new SSLContextBuilder()
.loadKeyMaterial(keystore, keyPassword.toCharArray())
.loadTrustMaterial(keystore)
.build();
}
@Test(expected=UnrecoverableKeyException.class)
public void testKeyWithAlternatePasswordInvalid() throws Exception {
final KeyStore keystore = load("test-keypasswd.keystore", "nopassword".toCharArray());
final String keyPassword = "!password";
new SSLContextBuilder()
.loadKeyMaterial(keystore, keyPassword.toCharArray())
.loadTrustMaterial(keystore)
.build();
}
}

286
httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
View File

@ -1,286 +0,0 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.conn.ssl;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.HttpHost;
import org.apache.http.impl.bootstrap.HttpServer;
import org.apache.http.impl.bootstrap.ServerBootstrap;
import org.apache.http.localserver.LocalServerTestBase;
import org.apache.http.localserver.SSLTestContexts;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.junit.After;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;
/**
* Unit tests for {@link SSLConnectionSocketFactory}.
*/
public class TestSSLSocketFactory {
private HttpServer server;
@After
public void shutDown() throws Exception {
if (this.server != null) {
this.server.shutdown(10, TimeUnit.SECONDS);
}
}
static class TestX509HostnameVerifier implements HostnameVerifier {
private boolean fired = false;
@Override
public boolean verify(final String host, final SSLSession session) {
this.fired = true;
return true;
}
public boolean isFired() {
return this.fired;
}
}
@Test
public void testBasicSSL() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext(), hostVerifier);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
try {
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
Assert.assertTrue(hostVerifier.isFired());
} finally {
sslSocket.close();
}
}
@Test
public void testBasicDefaultHostnameVerifier() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext(), SSLConnectionSocketFactory.getDefaultHostnameVerifier());
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
try {
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
} finally {
sslSocket.close();
}
}
@Test
public void testClientAuthSSL() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext(), hostVerifier);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
try {
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
Assert.assertTrue(hostVerifier.isFired());
} finally {
sslSocket.close();
}
}
@Ignore("There is no way to force client auth with HttpServer in 4.4a1")
@Test(expected=IOException.class)
public void testClientAuthSSLFailure() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext(), hostVerifier);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
try {
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
Assert.assertTrue(hostVerifier.isFired());
} finally {
sslSocket.close();
}
}
@Test
public void testClientAuthSSLAliasChoice() throws Exception {
// TODO unused - is there a bug in the test?
final PrivateKeyStrategy aliasStrategy = new PrivateKeyStrategy() {
@Override
public String chooseAlias(
final Map<String, PrivateKeyDetails> aliases, final Socket socket) {
Assert.assertEquals(2, aliases.size());
Assert.assertTrue(aliases.containsKey("hc-test-key-1"));
Assert.assertTrue(aliases.containsKey("hc-test-key-2"));
return "hc-test-key-2";
}
};
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final TestX509HostnameVerifier hostVerifier = new TestX509HostnameVerifier();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
SSLTestContexts.createClientSSLContext(), hostVerifier);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
try {
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
Assert.assertTrue(hostVerifier.isFired());
} finally {
sslSocket.close();
}
}
@Test(expected=SSLHandshakeException.class)
public void testSSLTrustVerification() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
// Use default SSL context
final SSLContext defaultsslcontext = SSLContexts.createDefault();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(defaultsslcontext,
NoopHostnameVerifier.INSTANCE);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
sslSocket.close();
}
@Test
public void testSSLTrustVerificationOverride() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
final TrustStrategy trustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(
final X509Certificate[] chain, final String authType) throws CertificateException {
return chain.length == 1;
}
};
final SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(null, trustStrategy)
.build();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
sslcontext,
NoopHostnameVerifier.INSTANCE);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
sslSocket.close();
}
}

BIN
httpclient/src/test/resources/hc-test-1.truststore
View File

Binary file not shown.

BIN
httpclient/src/test/resources/hc-test-2.truststore
View File

Binary file not shown.

BIN
httpclient/src/test/resources/test-keypasswd.keystore
View File

Binary file not shown.

BIN
httpclient/src/test/resources/test.keystore
View File

Binary file not shown.