- * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s - * that accept self-signed certificates. + * EasySSLProtocolSocketFactory can be used to creats SSL {@link Socket}s + * that accept self-signed certificates. *
*- * This socket factory SHOULD NOT be used for productive systems - * due to security reasons, unless it is a concious decision and - * you are perfectly aware of security implications of accepting + * This socket factory SHOULD NOT be used for productive systems + * due to security reasons, unless it is a concious decision and + * you are perfectly aware of security implications of accepting * self-signed certificates *
- * + * ** Example of using custom protocol socket factory for a specific host: - *
+ *
* Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
*
* URI uri = new URI("https://localhost/", true);
@@ -76,7 +72,7 @@ import org.apache.commons.logging.LogFactory;
*
*
* Example of using custom protocol socket factory per default instead of the standard one:
- *
+ *
* Protocol easyhttps = new Protocol("https", new EasySSLProtocolSocketFactory(), 443);
* Protocol.registerProtocol("https", easyhttps);
*
@@ -85,148 +81,153 @@ import org.apache.commons.logging.LogFactory;
* client.executeMethod(httpget);
*
*
- *
+ *
* @author Oleg Kalnichevski
- *
- *
- * DISCLAIMER: HttpClient developers DO NOT actively support this component.
- * The component is provided as a reference material, which may be inappropriate
- * for use without additional customization.
- *
+ *
+ *
+ * DISCLAIMER: HttpClient developers DO NOT actively support this component.
+ * The component is provided as a reference material, which may be inappropriate
+ * for use without additional customization.
+ *
*/
public class EasySSLProtocolSocketFactory implements SecureProtocolSocketFactory {
- /** Log object for this class. */
- private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
+ /**
+ * Log object for this class.
+ */
+ private static final Log LOG = LogFactory.getLog(EasySSLProtocolSocketFactory.class);
- private SSLContext sslcontext = null;
+ private SSLContext sslcontext = null;
- /**
- * Constructor for EasySSLProtocolSocketFactory.
- */
- public EasySSLProtocolSocketFactory() {
- super();
- }
+ /**
+ * Constructor for EasySSLProtocolSocketFactory.
+ */
+ public EasySSLProtocolSocketFactory() {
+ super();
+ }
- private static SSLContext createEasySSLContext() {
- try {
- SSLContext context = SSLContext.getInstance("SSL");
- context.init(
- null,
- new TrustManager[] {new EasyX509TrustManager(null)},
+ private static SSLContext createEasySSLContext() {
+ try {
+ SSLContext context = SSLContext.getInstance("SSL");
+ context.init(
+ null,
+ new TrustManager[]{new EasyX509TrustManager(null)},
null);
- return context;
- } catch (Exception e) {
- LOG.error(e.getMessage(), e);
- throw new HttpClientError(e.toString());
- }
+ return context;
+ } catch (Exception e) {
+ LOG.error(e.getMessage(), e);
+ throw new HttpClientError(e.toString());
}
+ }
- private SSLContext getSSLContext() {
- if (this.sslcontext == null) {
- this.sslcontext = createEasySSLContext();
- }
- return this.sslcontext;
+ private SSLContext getSSLContext() {
+ if (this.sslcontext == null) {
+ this.sslcontext = createEasySSLContext();
}
+ return this.sslcontext;
+ }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort)
- throws IOException, UnknownHostException {
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort)
+ throws IOException, UnknownHostException {
- return getSSLContext().getSocketFactory().createSocket(
+ Socket socket = getSSLContext().getSocketFactory().createSocket(
host,
port,
clientHost,
clientPort
- );
- }
+ );
+ return socket;
+ }
- /**
- * Attempts to get a new socket connection to the given host within the given time limit.
- *
- * To circumvent the limitations of older JREs that do not support connect timeout a
- * controller thread is executed. The controller thread attempts to create a new socket
- * within the given limit of time. If socket constructor does not return until the
- * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
- *
- *
- * @param host the host name/IP
- * @param port the port on the host
- * @param clientHost the local host name/IP to bind the socket to
- * @param clientPort the port on the local machine
- * @param params {@link HttpConnectionParams Http connection parameters}
- *
- * @return Socket a new socket
- *
- * @throws IOException if an I/O error occurs while creating the socket
- * @throws UnknownHostException if the IP address of the host cannot be
- * determined
- */
- public Socket createSocket(
- final String host,
- final int port,
- final InetAddress localAddress,
- final int localPort,
- final HttpConnectionParams params
- ) throws IOException, UnknownHostException, ConnectTimeoutException {
- if (params == null) {
- throw new IllegalArgumentException("Parameters may not be null");
- }
- int timeout = params.getConnectionTimeout();
- SocketFactory socketfactory = getSSLContext().getSocketFactory();
- if (timeout == 0) {
- return socketfactory.createSocket(host, port, localAddress, localPort);
- } else {
- Socket socket = socketfactory.createSocket();
- SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
- SocketAddress remoteaddr = new InetSocketAddress(host, port);
- socket.bind(localaddr);
- socket.connect(remoteaddr, timeout);
- return socket;
- }
+ /**
+ * Attempts to get a new socket connection to the given host within the given time limit.
+ *
+ * To circumvent the limitations of older JREs that do not support connect timeout a
+ * controller thread is executed. The controller thread attempts to create a new socket
+ * within the given limit of time. If socket constructor does not return until the
+ * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
+ *
+ *
+ * @param host the host name/IP
+ * @param port the port on the host
+ * @param clientHost the local host name/IP to bind the socket to
+ * @param clientPort the port on the local machine
+ * @param params {@link HttpConnectionParams Http connection parameters}
+ * @return Socket a new socket
+ * @throws IOException if an I/O error occurs while creating the socket
+ * @throws UnknownHostException if the IP address of the host cannot be
+ * determined
+ */
+ public Socket createSocket(
+ final String host,
+ final int port,
+ final InetAddress localAddress,
+ final int localPort,
+ final HttpConnectionParams params
+ ) throws IOException, UnknownHostException, ConnectTimeoutException {
+ if (params == null) {
+ throw new IllegalArgumentException("Parameters may not be null");
}
+ int timeout = params.getConnectionTimeout();
+ SocketFactory socketfactory = getSSLContext().getSocketFactory();
+ Socket socket;
+ if (timeout == 0) {
+ socket = socketfactory.createSocket(host, port, localAddress, localPort);
+ } else {
+ socket = socketfactory.createSocket();
+ SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
+ SocketAddress remoteaddr = new InetSocketAddress(host, port);
+ socket.bind(localaddr);
+ socket.connect(remoteaddr, timeout);
+ }
+ SSLSocket sslSocket = (SSLSocket) socket;
+ String[] protocolsWithoutSSLv2Hello = {"SSLv3", "TLSv1"};
+ sslSocket.setEnabledProtocols(protocolsWithoutSSLv2Hello);
+ return socket;
+ }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
- */
- public Socket createSocket(String host, int port)
- throws IOException, UnknownHostException {
- return getSSLContext().getSocketFactory().createSocket(
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String, int)
+ */
+ public Socket createSocket(String host, int port)
+ throws IOException, UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(
host,
port
- );
- }
+ );
+ }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
- */
- public Socket createSocket(
- Socket socket,
- String host,
- int port,
- boolean autoClose)
- throws IOException, UnknownHostException {
- return getSSLContext().getSocketFactory().createSocket(
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+ */
+ public Socket createSocket(
+ Socket socket,
+ String host,
+ int port,
+ boolean autoClose)
+ throws IOException, UnknownHostException {
+ return getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
- );
- }
+ );
+ }
- public boolean equals(Object obj) {
- return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
- }
+ public boolean equals(Object obj) {
+ return ((obj != null) && obj.getClass().equals(EasySSLProtocolSocketFactory.class));
+ }
- public int hashCode() {
- return EasySSLProtocolSocketFactory.class.hashCode();
- }
+ public int hashCode() {
+ return EasySSLProtocolSocketFactory.class.hashCode();
+ }
}