Fixes #327183 (Allow better configurability of HttpClient for TLS/SSL).
git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2329 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
parent
e574ba8b13
commit
cd7926584d
11
VERSION.txt
11
VERSION.txt
|
@ -1,20 +1,21 @@
|
||||||
jetty-7.2.0.RC1-SNAPSHOT
|
jetty-7.2.0.RC1-SNAPSHOT
|
||||||
+ 289540 added javadoc into distribution
|
+ 289540 added javadoc into distribution
|
||||||
+ 297154 add source distribution artifact
|
+ 297154 add source distribution artifact
|
||||||
+ 323985 Xmlconfiguration pulls start.jar config properties
|
+ 323985 Xmlconfiguration pulls start.jar config properties
|
||||||
+ 326734 Configure Digest maxNonceAge with Security handler init param
|
+ 326734 Configure Digest maxNonceAge with Security handler init param
|
||||||
+ 327109 Fixed AJP handling of empty packets
|
+ 327109 Fixed AJP handling of empty packets
|
||||||
|
+ 327183 Allow better configurability of HttpClient for TLS/SSL
|
||||||
|
|
||||||
jetty-7.2.0.RC0 1 Oct 2010
|
jetty-7.2.0.RC0 1 Oct 2010
|
||||||
+ 314087 Simplified SelectorManager
|
+ 314087 Simplified SelectorManager
|
||||||
+ 319334 Concurrent, sharable ResourceCache
|
+ 319334 Concurrent, sharable ResourceCache
|
||||||
+ 319370 WebAppClassLoader.Context
|
+ 319370 WebAppClassLoader.Context
|
||||||
+ 319444 Two nulls are appended to log statements from ContextHanler$Context
|
+ 319444 Two nulls are appended to log statements from ContextHanler$Context
|
||||||
+ 320073 Reconsile configuration mechanism
|
+ 320073 Reconsile configuration mechanism
|
||||||
+ 320112 Websocket in aggregate jars
|
+ 320112 Websocket in aggregate jars
|
||||||
+ 320264 Removed duplicate mime.property entries
|
+ 320264 Removed duplicate mime.property entries
|
||||||
+ 320457 Added rfc2045 support to B64Code
|
+ 320457 Added rfc2045 support to B64Code
|
||||||
+ 321232 BasicAuthenticator ignores bad Authorization header.
|
+ 321232 BasicAuthenticator ignores bad Authorization header.
|
||||||
+ 321307 HashSessionManager calls passivation listeners.
|
+ 321307 HashSessionManager calls passivation listeners.
|
||||||
+ 321730 SelectChannelEndPoint prints to System.err
|
+ 321730 SelectChannelEndPoint prints to System.err
|
||||||
+ 321735 HttpClient onException called for buffer overflow.
|
+ 321735 HttpClient onException called for buffer overflow.
|
||||||
|
@ -67,8 +68,8 @@ jetty-7.2.0.RC0 1 Oct 2010
|
||||||
|
|
||||||
jetty-7.1.6.v20100715
|
jetty-7.1.6.v20100715
|
||||||
+ 319519 Warn about duplicate configuration files
|
+ 319519 Warn about duplicate configuration files
|
||||||
+ 319655 Reset HEAD status
|
+ 319655 Reset HEAD status
|
||||||
+ JETTY-1247 synchronize recylcing of SSL NIO buffers
|
+ JETTY-1247 synchronize recylcing of SSL NIO buffers
|
||||||
+ JETTY-1248 fix parsing of bad multiparts
|
+ JETTY-1248 fix parsing of bad multiparts
|
||||||
+ JETTY-1249 Apply max idle time to all connectors
|
+ JETTY-1249 Apply max idle time to all connectors
|
||||||
+ JETTY-1251 Replace then close selector for JVM bugs
|
+ JETTY-1251 Replace then close selector for JVM bugs
|
||||||
|
|
|
@ -25,11 +25,9 @@ import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
import java.util.concurrent.ConcurrentMap;
|
import java.util.concurrent.ConcurrentMap;
|
||||||
import javax.net.ssl.HostnameVerifier;
|
|
||||||
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.KeyManager;
|
||||||
import javax.net.ssl.KeyManagerFactory;
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLSession;
|
|
||||||
import javax.net.ssl.TrustManager;
|
import javax.net.ssl.TrustManager;
|
||||||
import javax.net.ssl.TrustManagerFactory;
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
@ -101,7 +99,6 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
private int _maxRedirects = 20;
|
private int _maxRedirects = 20;
|
||||||
private LinkedList<String> _registeredListeners;
|
private LinkedList<String> _registeredListeners;
|
||||||
|
|
||||||
// TODO clean up and add getters/setters to some of this maybe
|
|
||||||
private String _keyStoreLocation;
|
private String _keyStoreLocation;
|
||||||
private String _keyStoreType = "JKS";
|
private String _keyStoreType = "JKS";
|
||||||
private String _keyStorePassword;
|
private String _keyStorePassword;
|
||||||
|
@ -111,13 +108,12 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
private String _trustStoreType = "JKS";
|
private String _trustStoreType = "JKS";
|
||||||
private String _trustStorePassword;
|
private String _trustStorePassword;
|
||||||
private String _trustManagerAlgorithm = (Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
|
private String _trustManagerAlgorithm = (Security.getProperty("ssl.TrustManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.TrustManagerFactory.algorithm"));
|
||||||
|
|
||||||
private SSLContext _sslContext;
|
|
||||||
|
|
||||||
private String _protocol = "TLS";
|
private String _protocol = "TLS";
|
||||||
private String _provider;
|
private String _provider;
|
||||||
private String _secureRandomAlgorithm;
|
private String _secureRandomAlgorithm;
|
||||||
|
|
||||||
|
private SSLContext _sslContext;
|
||||||
|
|
||||||
private RealmResolver _realmResolver;
|
private RealmResolver _realmResolver;
|
||||||
|
|
||||||
private AttributesMap _attributes=new AttributesMap();
|
private AttributesMap _attributes=new AttributesMap();
|
||||||
|
@ -242,7 +238,7 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
{
|
{
|
||||||
_timeoutQ.schedule(task);
|
_timeoutQ.schedule(task);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void schedule(Timeout.Task task, long timeout)
|
public void schedule(Timeout.Task task, long timeout)
|
||||||
{
|
{
|
||||||
_timeoutQ.schedule(task, timeout);
|
_timeoutQ.schedule(task, timeout);
|
||||||
|
@ -271,7 +267,7 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
/** Set a RealmResolver for client Authentication.
|
/** Set a RealmResolver for client Authentication.
|
||||||
* If a realmResolver is set, then the HttpDestinations created by
|
* If a realmResolver is set, then the HttpDestinations created by
|
||||||
* this client will instantiate a {@link SecurityListener} so that
|
* this client will instantiate a {@link SecurityListener} so that
|
||||||
* BASIC and DIGEST authentication can be performed.
|
* BASIC and DIGEST authentication can be performed.
|
||||||
* @param resolver
|
* @param resolver
|
||||||
|
@ -318,7 +314,7 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
}
|
}
|
||||||
_registeredListeners.add(listenerClass);
|
_registeredListeners.add(listenerClass);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
public LinkedList<String> getRegisteredListeners()
|
public LinkedList<String> getRegisteredListeners()
|
||||||
{
|
{
|
||||||
|
@ -548,7 +544,6 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
|
|
||||||
protected SSLContext getStrictSSLContext() throws IOException
|
protected SSLContext getStrictSSLContext() throws IOException
|
||||||
{
|
{
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
if (_trustStoreLocation == null)
|
if (_trustStoreLocation == null)
|
||||||
|
@ -557,45 +552,36 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
_trustStoreType = _keyStoreType;
|
_trustStoreType = _keyStoreType;
|
||||||
}
|
}
|
||||||
|
|
||||||
KeyManager[] keyManagers = null;
|
InputStream keyStoreInputStream = Resource.newResource(_keyStoreLocation).getInputStream();
|
||||||
InputStream keystoreInputStream = null;
|
|
||||||
|
|
||||||
keystoreInputStream = Resource.newResource(_keyStoreLocation).getInputStream();
|
|
||||||
KeyStore keyStore = KeyStore.getInstance(_keyStoreType);
|
KeyStore keyStore = KeyStore.getInstance(_keyStoreType);
|
||||||
keyStore.load(keystoreInputStream, _keyStorePassword == null ? null : _keyStorePassword.toString().toCharArray());
|
keyStore.load(keyStoreInputStream, _keyStorePassword == null ? null : _keyStorePassword.toCharArray());
|
||||||
|
|
||||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm);
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerAlgorithm);
|
||||||
keyManagerFactory.init(keyStore, _keyManagerPassword == null ? null : _keyManagerPassword.toString().toCharArray());
|
keyManagerFactory.init(keyStore, _keyManagerPassword == null ? null : _keyManagerPassword.toCharArray());
|
||||||
keyManagers = keyManagerFactory.getKeyManagers();
|
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
|
||||||
|
|
||||||
TrustManager[] trustManagers = null;
|
InputStream trustStoreInputStream = Resource.newResource(_trustStoreLocation).getInputStream();
|
||||||
InputStream truststoreInputStream = null;
|
|
||||||
|
|
||||||
truststoreInputStream = Resource.newResource(_trustStoreLocation).getInputStream();
|
|
||||||
KeyStore trustStore = KeyStore.getInstance(_trustStoreType);
|
KeyStore trustStore = KeyStore.getInstance(_trustStoreType);
|
||||||
trustStore.load(truststoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toString().toCharArray());
|
trustStore.load(trustStoreInputStream, _trustStorePassword == null ? null : _trustStorePassword.toCharArray());
|
||||||
|
|
||||||
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerAlgorithm);
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerAlgorithm);
|
||||||
trustManagerFactory.init(trustStore);
|
trustManagerFactory.init(trustStore);
|
||||||
trustManagers = trustManagerFactory.getTrustManagers();
|
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
|
||||||
|
|
||||||
SecureRandom secureRandom = _secureRandomAlgorithm == null ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
|
SecureRandom secureRandom = _secureRandomAlgorithm == null ? null : SecureRandom.getInstance(_secureRandomAlgorithm);
|
||||||
SSLContext context = _provider == null ? SSLContext.getInstance(_protocol) : SSLContext.getInstance(_protocol, _provider);
|
SSLContext context = _provider == null ? SSLContext.getInstance(_protocol) : SSLContext.getInstance(_protocol, _provider);
|
||||||
context.init(keyManagers, trustManagers, secureRandom);
|
context.init(keyManagers, trustManagers, secureRandom);
|
||||||
return context;
|
return context;
|
||||||
}
|
}
|
||||||
catch (Exception e)
|
catch (Exception x)
|
||||||
{
|
{
|
||||||
e.printStackTrace();
|
throw (IOException)new IOException("Error generating SSLContext for keystore " + _keyStoreLocation).initCause(x);
|
||||||
throw new IOException("error generating ssl context for " + _keyStoreLocation + " " + e.getMessage());
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected SSLContext getLooseSSLContext() throws IOException
|
protected SSLContext getLooseSSLContext() throws IOException
|
||||||
{
|
{
|
||||||
|
// Create a trust manager that does not validate certificate chains
|
||||||
// Create a trust manager that does not validate certificate
|
|
||||||
// chains
|
|
||||||
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
|
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
|
||||||
{
|
{
|
||||||
public java.security.cert.X509Certificate[] getAcceptedIssuers()
|
public java.security.cert.X509Certificate[] getAcceptedIssuers()
|
||||||
|
@ -612,26 +598,16 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
}
|
}
|
||||||
}};
|
}};
|
||||||
|
|
||||||
HostnameVerifier hostnameVerifier = new HostnameVerifier()
|
|
||||||
{
|
|
||||||
public boolean verify(String urlHostName, SSLSession session)
|
|
||||||
{
|
|
||||||
Log.warn("Warning: URL Host: " + urlHostName + " vs." + session.getPeerHost());
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
// Install the all-trusting trust manager
|
// Install the all-trusting trust manager
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// TODO real trust manager
|
SSLContext sslContext = SSLContext.getInstance(_protocol);
|
||||||
SSLContext sslContext = SSLContext.getInstance("SSL");
|
sslContext.init(null, trustAllCerts, null);
|
||||||
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
|
|
||||||
return sslContext;
|
return sslContext;
|
||||||
}
|
}
|
||||||
catch (Exception e)
|
catch (Exception x)
|
||||||
{
|
{
|
||||||
throw new IOException("issue ignoring certs");
|
throw (IOException)new IOException("Error generating loose SSLContext").initCause(x);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -814,28 +790,88 @@ public class HttpClient extends HttpBuffers implements Attributes
|
||||||
{
|
{
|
||||||
this._trustStorePassword = new Password(trustStorePassword).toString();
|
this._trustStorePassword = new Password(trustStorePassword).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
public String getKeyStoreType()
|
public String getKeyStoreType()
|
||||||
{
|
{
|
||||||
return this._keyStoreType;
|
return this._keyStoreType;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
public void setKeyStoreType(String keyStoreType)
|
public void setKeyStoreType(String keyStoreType)
|
||||||
{
|
{
|
||||||
this._keyStoreType = keyStoreType;
|
this._keyStoreType = keyStoreType;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
public String getTrustStoreType()
|
public String getTrustStoreType()
|
||||||
{
|
{
|
||||||
return this._trustStoreType;
|
return this._trustStoreType;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ------------------------------------------------------------ */
|
/* ------------------------------------------------------------ */
|
||||||
public void setTrustStoreType(String trustStoreType)
|
public void setTrustStoreType(String trustStoreType)
|
||||||
{
|
{
|
||||||
this._trustStoreType = trustStoreType;
|
this._trustStoreType = trustStoreType;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public String getKeyManagerAlgorithm()
|
||||||
|
{
|
||||||
|
return _keyManagerAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
|
||||||
|
{
|
||||||
|
this._keyManagerAlgorithm = keyManagerAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public String getTrustManagerAlgorithm()
|
||||||
|
{
|
||||||
|
return _trustManagerAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
|
||||||
|
{
|
||||||
|
this._trustManagerAlgorithm = trustManagerAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public String getProtocol()
|
||||||
|
{
|
||||||
|
return _protocol;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public void setProtocol(String protocol)
|
||||||
|
{
|
||||||
|
this._protocol = protocol;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public String getProvider()
|
||||||
|
{
|
||||||
|
return _provider;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public void setProvider(String provider)
|
||||||
|
{
|
||||||
|
this._provider = provider;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public String getSecureRandomAlgorithm()
|
||||||
|
{
|
||||||
|
return _secureRandomAlgorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ------------------------------------------------------------ */
|
||||||
|
public void setSecureRandomAlgorithm(String secureRandomAlgorithm)
|
||||||
|
{
|
||||||
|
this._secureRandomAlgorithm = secureRandomAlgorithm;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue