Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.axis2.transport.nhttp; import org.apache.axiom.om.OMElement; import org.apache.axis2.AxisFault; import org.apache.axis2.description.Parameter; import org.apache.axis2.description.TransportOutDescription; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.http.impl.nio.reactor.SSLIOSessionHandler; import org.apache.http.nio.NHttpClientHandler; import org.apache.http.nio.reactor.IOEventDispatch; import org.apache.http.params.HttpParams; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.xml.namespace.QName; import java.io.IOException; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; public class HttpCoreNIOSSLSender extends HttpCoreNIOSender { private static final Log log = LogFactory.getLog(HttpCoreNIOSSLSender.class); protected IOEventDispatch getEventDispatch(NHttpClientHandler handler, SSLContext sslContext, SSLIOSessionHandler sslIOSessionHandler, HttpParams params) { return new SSLClientIOEventDispatch(handler, sslContext, sslIOSessionHandler, params); } /* * * Create the SSLContext to be used by this listener * @param transportOut the Axis2 transport configuration * @return the SSLContext to be used */ protected SSLContext getSSLContext(TransportOutDescription transportOut) throws AxisFault { KeyManager[] keymanagers = null; TrustManager[] trustManagers = null; Parameter keyParam = transportOut.getParameter("keystore"); Parameter trustParam = transportOut.getParameter("truststore"); if (keyParam != null) { OMElement ksEle = keyParam.getParameterElement().getFirstElement(); String location = ksEle.getFirstChildWithName(new QName("Location")).getText(); String type = ksEle.getFirstChildWithName(new QName("Type")).getText(); String storePassword = ksEle.getFirstChildWithName(new QName("Password")).getText(); String keyPassword = ksEle.getFirstChildWithName(new QName("KeyPassword")).getText(); try { KeyStore keyStore = KeyStore.getInstance(type); URL url = getClass().getClassLoader().getResource(location); log.debug("Loading Key Store from URL : " + url); keyStore.load(url.openStream(), storePassword.toCharArray()); KeyManagerFactory kmfactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keyStore, keyPassword.toCharArray()); keymanagers = kmfactory.getKeyManagers(); } catch (GeneralSecurityException gse) { log.error("Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error("Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } } if (trustParam != null) { OMElement tsEle = trustParam.getParameterElement().getFirstElement(); String location = tsEle.getFirstChildWithName(new QName("Location")).getText(); String type = tsEle.getFirstChildWithName(new QName("Type")).getText(); String storePassword = tsEle.getFirstChildWithName(new QName("Password")).getText(); try { KeyStore trustStore = KeyStore.getInstance(type); URL url = getClass().getClassLoader().getResource(location); log.debug("Loading Trust Key Store from URL : " + url); trustStore.load(url.openStream(), storePassword.toCharArray()); TrustManagerFactory trustManagerfactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerfactory.init(trustStore); trustManagers = trustManagerfactory.getTrustManagers(); } catch (GeneralSecurityException gse) { log.error("Error loading Key store : " + location, gse); throw new AxisFault("Error loading Key store : " + location, gse); } catch (IOException ioe) { log.error("Error opening Key store : " + location, ioe); throw new AxisFault("Error opening Key store : " + location, ioe); } } try { SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(keymanagers, trustManagers, null); return sslcontext; } catch (GeneralSecurityException gse) { log.error("Unable to create SSL context with the given configuration", gse); throw new AxisFault("Unable to create SSL context with the given configuration", gse); } } /* * * Create the SSLIOSessionHandler to initialize the host name verification at the following * levels, through an Axis2 transport configuration parameter as follows: * HostnameVerifier - Default, DefaultAndLocalhost, Strict, AllowAll * * @param transportOut the Axis2 transport configuration * @return the SSLIOSessionHandler to be used * @throws AxisFault if a configuration error occurs */ protected SSLIOSessionHandler getSSLIOSessionHandler(TransportOutDescription transportOut) throws AxisFault { final Parameter hostnameVerifier = transportOut.getParameter("HostnameVerifier"); return new SSLIOSessionHandler() { public void initalize(SSLEngine sslengine, HttpParams params) { } public void verify(SocketAddress remoteAddress, SSLSession session) throws SSLException { String address = null; if (remoteAddress instanceof InetSocketAddress) { address = ((InetSocketAddress) remoteAddress).getHostName(); } else { address = remoteAddress.toString(); } boolean valid = false; if (hostnameVerifier != null) { if ("Strict".equals(hostnameVerifier.getValue())) { valid = HostnameVerifier.STRICT.verify(address, session); } else if ("AllowAll".equals(hostnameVerifier.getValue())) { valid = HostnameVerifier.ALLOW_ALL.verify(address, session); } else if ("DefaultAndLocalhost".equals(hostnameVerifier.getValue())) { valid = HostnameVerifier.DEFAULT_AND_LOCALHOST.verify(address, session); } } else { valid = HostnameVerifier.DEFAULT.verify(address, session); } if (!valid) { throw new SSLException("Host name verification failed for host : " + address); } } }; } }