httpsconnection.java.sun

关于Ultraseek的一些用法,刚初学,所以都是比较简单

/* -*- mode:java; indent-tabs-mode:nil; c-basic-offset:3 -*-
 *  $Id: HTTPSConnection.java.Sun,v 1.3 2006/01/28 01:05:13 davidsch Exp $
 */

/**
 * This file may be used to support HTTPS connections when using JDK 1.3
 * with the optional JSSE package.
 * <p>
 * If your environment uses non-com.sun.net.ssl classes to implement Security,
 * modify to use the appropriate classes.
 * <p>
 * Install this file as:
 * <pre><code>
 *    com/ultraseek/HTTPClient/HTTPSConnection.java
 * </code></pre>
 * and ensure it is in the classpath prior to xpasearch.jar.
 * <p>
 * This class can also be used for testing, as it performs no
 * server authentication.
 *
 * @since XPA 2.3
 */

package com.ultraseek.HTTPClient;
 
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;

import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.X509TrustManager;

import java.net.Socket;
import java.security.Security;
import java.security.cert.X509Certificate;

import java.io.IOException;

import org.apache.commons.logging.Log; 
import org.apache.commons.logging.LogFactory;

/**
 * A wrapper utility class for JSSE implementation so that users 
 * of HTTPConnection class can still use the HTTP functionality without 
 * downloading JSSE, of course HTTPS will not work. This class can also be used
 * as a stand alone utility class for secure server sockets. This class uses its 
 * own TrustManager, so that the servers and clients are always trusted
 * and all issuers are allowed without adding to the keys repository.
 * <pre>
     Usage:
        try {
          // Set Security wide properties for 
          // java.protocol.handler.pkgs and javax.net.debug .Default values 
          // com.sun.net.ssl.internal.www.protocol and ssl,handshake,data,trustmanager
          // are used if not set.
          // Add Provider, if none is added default
          // new com.sun.net.ssl.internal.ssl.Provider() is used.
          // Create a socket between this client and a secure server
          Socket sock;// ....
          sock = HTTPSConnection.createSSLSocket(sock, 
                                  host, port, keepAlive);
        } catch (Exception e) { e.printStackTrace();}
 * </pre>
 * @author Sailendra K Padala
 * @see HTTPConnection
 * @version 1.0
 * @author Inktomi Corporation, 10/16/2001. Modified package to let 
 *   different versions of HTTPClient packages to exist together.
 * @author Daniel Brown, dbrown@verity.com. Using a redefined trust manager.
 */
public class HTTPSConnection {    

   // Diagnostic logging
   private static Log log = LogFactory.getLog(HTTPSConnection.class);
        
   /** Our own SSL Socket Factory.*/
   public static SSLSocketFactory sslFactory = null;
    
   /** check cert enabled, default is false */
   private static boolean checkCertEnabled = false;

   /** 
    * Set the checkCertEnabled flag. Set this
    * flag to false if the host certificate 
    * is not required to be checked (Server auth).
    * Note the set method is not synchronized.
    * @param flag, boolean true or false, Default is true.
    */
   public static void setCheckCertEnabled (boolean flag) {
      checkCertEnabled = flag;
   }
    
   /**
    * Get the value of checkCertEnabled.
    * Note that the access method is not synchronized.
    * @return boolean.
    */
   public static boolean getCheckCertEnabled() {
      return checkCertEnabled;  
   }
    
   static {
      
      /*
       * Let's try and set the JSSE default property & provider values required for secure 
       * connections. Will set only if these values are not set by any other program.
       */
      
      try {

         log.debug("HTTPSConnection.java.sun is installed.");
        
         // Set security-wide properties
         if(System.getProperty("java.protocol.handler.pkgs") == null) {
            System.setProperty("java.protocol.handler.pkgs",
                               "com.sun.net.ssl.internal.www.protocol");
         }
         // Add provider
         Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
        
         SSLContext sslContext = SSLContext.getInstance("SSLv3");
         HTTPSConnection con = new HTTPSConnection();
         HTTPSConnection.TrustingTrustManager trustManager = con.new TrustingTrustManager(); 
         sslContext.init(null, new TrustManager[] { trustManager }, null);
         sslFactory = sslContext.getSocketFactory();

      } catch (Throwable e) {
         log.warn("Unable to configure SSL", e);
      }
   }
    
   /**
    * Gets a SSLSocketFactory, creates a secure socket.
    * @param sock Socket
    * @param host Host of the url (server)
    * @param port Port of the url (server)
    * @param keepAlive Keep the socket connection alive
    * @return Socket
    */
   public static Socket createSSLSocket(Socket sock, String host, int port, boolean keepAlive) 
      throws IOException {
      Socket sslSock = sslFactory.createSocket(sock, host, port, true);
      checkCert(sslSock, host);
      return sslSock;               
   }
    
   /**
    * Check whether the name in the certificate matches the host
    * we're talking to (server authentication).
    * @param sock SSL Socket for which X509Certificate needs to be checked
    * @param host Host name of the Server
    */  
   public static void checkCert(Socket sslSock, String host)
      throws IOException {
      if(!HTTPSConnection.getCheckCertEnabled()) {
         return;
      }  
      javax.security.cert.X509Certificate cert = ((SSLSocket) sslSock).getSession().getPeerCertificateChain()[0];

      String name;
      try {
         name = ((sun.security.x509.X500Name) cert.getSubjectDN()).
            getCommonName().toLowerCase();
      } catch (Throwable t)
         { return; }    // Oh well, can't check the name in that case

      if (name.equals(host))
         return;
      
      if (name.charAt(0) == '*'  &&  host.endsWith(name.substring(1)))
         return;

      if (name.charAt(0) == '.'  &&  host.endsWith(name.substring(1)))
         return;

      throw new SSLException("Name in certificate `" + name + "' does not " +
                             "match host name `" + host + "'");
   }
  
   /* A Trust Manager that trusts everything, all the time.
    * <P>
    * Trust managers are used to handle authentication of SSL connections,
    * using certificate chains to confirm the identity of the client, or server.
    * <P>
    * This is fine if the certificate chains end in the certificate of a known
    * root certificate authority. If this is not the case, 'untrusted cert chain'
    * errors are generated by default.
    * <P>
    * This TrustManager does not use certificate chains, but instead assumes that
    * all clients and all servers should be trusted.
    * <P>
    * getAcceptedIssuers returns null, always.
    * <P>
    * isClientTrusted() and isServerTrusted() return true, always.
    * @author Daniel Brown, dbrown@verity.com
    */
   
   class TrustingTrustManager implements X509TrustManager {
      public X509Certificate[] getAcceptedIssuers() { return null; }
      public boolean isClientTrusted(X509Certificate[] c) { return true; }
      public boolean isServerTrusted(X509Certificate[] c) { return true; }
   }    
}