| 1 | /**
|
|---|
| 2 | *#########################################################################
|
|---|
| 3 | *
|
|---|
| 4 | * A component of the Gatherer application, part of the Greenstone digital
|
|---|
| 5 | * library suite from the New Zealand Digital Library Project at the
|
|---|
| 6 | * University of Waikato, New Zealand.
|
|---|
| 7 | *
|
|---|
| 8 | * Author: Greenstone Digital Library, University of Waikato
|
|---|
| 9 | *
|
|---|
| 10 | * Copyright (C) 1999 New Zealand Digital Library Project
|
|---|
| 11 | *
|
|---|
| 12 | * This program is free software; you can redistribute it and/or modify
|
|---|
| 13 | * it under the terms of the GNU General Public License as published by
|
|---|
| 14 | * the Free Software Foundation; either version 2 of the License, or
|
|---|
| 15 | * (at your option) any later version.
|
|---|
| 16 | *
|
|---|
| 17 | * This program is distributed in the hope that it will be useful,
|
|---|
| 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 20 | * GNU General Public License for more details.
|
|---|
| 21 | *
|
|---|
| 22 | * You should have received a copy of the GNU General Public License
|
|---|
| 23 | * along with this program; if not, write to the Free Software
|
|---|
| 24 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|---|
| 25 | *########################################################################
|
|---|
| 26 | */
|
|---|
| 27 | package org.greenstone.gatherer.download;
|
|---|
| 28 |
|
|---|
| 29 | import java.net.InetSocketAddress;
|
|---|
| 30 | import java.net.Proxy;
|
|---|
| 31 | import java.net.URL;
|
|---|
| 32 | import java.net.URLConnection;
|
|---|
| 33 | import javax.net.ssl.HostnameVerifier;
|
|---|
| 34 | import javax.net.ssl.HttpsURLConnection;
|
|---|
| 35 | import javax.net.ssl.SSLSocketFactory;
|
|---|
| 36 | import javax.net.ssl.SSLContext;
|
|---|
| 37 | import javax.net.ssl.SSLSession;
|
|---|
| 38 | import javax.net.ssl.TrustManager;
|
|---|
| 39 | import javax.net.ssl.X509TrustManager;
|
|---|
| 40 | import java.security.cert.X509Certificate;
|
|---|
| 41 |
|
|---|
| 42 |
|
|---|
| 43 | /** Use this class to get a URL connection with or without proxy settings, for http or https URLS,
|
|---|
| 44 | * and with no-check-certificate on or off for https URLs.
|
|---|
| 45 | * This class has the ability to turn off checking security certificates for https URLs to allow us to do
|
|---|
| 46 | * the Java equivalent to running wget with --no-check-certificate. That part of the code is from
|
|---|
| 47 | * https://stackoverflow.com/questions/6659360/how-to-solve-javax-net-ssl-sslhandshakeexception-error
|
|---|
| 48 | * http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/
|
|---|
| 49 | */
|
|---|
| 50 | public class URLConnectionManager implements HostnameVerifier, X509TrustManager
|
|---|
| 51 | {
|
|---|
| 52 | // Create a reusable trust manager that does not validate certificate chains and considers all hosts valid
|
|---|
| 53 | private static final URLConnectionManager allTrustingSSLTrustManager = new URLConnectionManager();
|
|---|
| 54 | private static final TrustManager[] trustAllCerts = new TrustManager[] {allTrustingSSLTrustManager};
|
|---|
| 55 |
|
|---|
| 56 | // save original defaults, in case we want to start restoring these in future
|
|---|
| 57 | private static final HostnameVerifier restoreDefaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
|
|---|
| 58 | private static final SSLSocketFactory restoreDefaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
|
|---|
| 59 |
|
|---|
| 60 | //********** THE METHODS TO USE TO GET A URL CONNECTION *************//
|
|---|
| 61 | //********** BASED ON PROXY, URL PROTOCOL (HTTPS) AND IF NO_CHECK_CERTIFICATES IS TO BE ON OR OFF FOR HTTPS *************//
|
|---|
| 62 | public static void setNoCheckCertificates(boolean noCheckCertificates) throws Exception {
|
|---|
| 63 | if(noCheckCertificates) {
|
|---|
| 64 | // Install the all-trusting trust manager
|
|---|
| 65 | SSLContext sc = SSLContext.getInstance("SSL");
|
|---|
| 66 | sc.init(null, trustAllCerts, new java.security.SecureRandom());
|
|---|
| 67 | HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
|---|
| 68 | HttpsURLConnection.setDefaultHostnameVerifier(allTrustingSSLTrustManager);
|
|---|
| 69 | } else {
|
|---|
| 70 | HttpsURLConnection.setDefaultSSLSocketFactory(restoreDefaultSSLSocketFactory);
|
|---|
| 71 | HttpsURLConnection.setDefaultHostnameVerifier(restoreDefaultHostnameVerifier);
|
|---|
| 72 | }
|
|---|
| 73 | }
|
|---|
| 74 |
|
|---|
| 75 | public static URLConnection getConnection(String url_str, Proxy proxy) throws Exception {
|
|---|
| 76 | // use existing settings for noCheckCertificates -- caller would have called setNoCheckCertificates to set this up at some time in the past
|
|---|
| 77 |
|
|---|
| 78 | URL url = new URL(url_str);
|
|---|
| 79 | // if we're given a proxy to access the URL with, use it
|
|---|
| 80 | if(proxy == null) {
|
|---|
| 81 | return url.openConnection();
|
|---|
| 82 | } else {
|
|---|
| 83 | return url.openConnection(proxy);
|
|---|
| 84 | }
|
|---|
| 85 | }
|
|---|
| 86 |
|
|---|
| 87 | public static URLConnection getConnection(String url_str, Proxy proxy, boolean noCheckCertificates) throws Exception {
|
|---|
| 88 | URL url = new URL(url_str);
|
|---|
| 89 | if(url_str.startsWith("https:") && noCheckCertificates) { // requested to turn off certificate validation for HTTPs URLS
|
|---|
| 90 | setNoCheckCertificates(noCheckCertificates);
|
|---|
| 91 |
|
|---|
| 92 | } else { // no certificate checking needed if noCheckCertificates is false or if the url is anything other than HTTPS
|
|---|
| 93 | setNoCheckCertificates(false);
|
|---|
| 94 | }
|
|---|
| 95 |
|
|---|
| 96 | // if we're given a proxy to access the URL with, use it
|
|---|
| 97 | if(proxy == null) {
|
|---|
| 98 | return url.openConnection();
|
|---|
| 99 | } else {
|
|---|
| 100 | return url.openConnection(proxy);
|
|---|
| 101 | }
|
|---|
| 102 | }
|
|---|
| 103 |
|
|---|
| 104 | public static URLConnection getConnection(String url_str, String proxy_host, String proxy_port, boolean noCheckCertificates) throws Exception {
|
|---|
| 105 | Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxy_host, Integer.parseInt(proxy_port)));
|
|---|
| 106 | return getConnection(url_str, proxy, noCheckCertificates);
|
|---|
| 107 | }
|
|---|
| 108 |
|
|---|
| 109 | public static URLConnection getConnection(String url_str, String proxy_host, int proxy_port, boolean noCheckCertificates) throws Exception {
|
|---|
| 110 | Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxy_host, proxy_port));
|
|---|
| 111 | return getConnection(url_str, proxy, noCheckCertificates);
|
|---|
| 112 | }
|
|---|
| 113 |
|
|---|
| 114 | //********************** IMPLEMENTED METHODS **********************//
|
|---|
| 115 |
|
|---|
| 116 | //*********** interface X509TrustManager *************//
|
|---|
| 117 | public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
|---|
| 118 | return null;
|
|---|
| 119 | }
|
|---|
| 120 | public void checkClientTrusted(X509Certificate[] certs, String authType) {}
|
|---|
| 121 | public void checkServerTrusted(X509Certificate[] certs, String authType) {}
|
|---|
| 122 |
|
|---|
| 123 | //*********** interface HostnameVerifier *************//
|
|---|
| 124 | // all hosts are considered valid
|
|---|
| 125 | public boolean verify(String hostname, SSLSession session) {
|
|---|
| 126 | return true;
|
|---|
| 127 | }
|
|---|
| 128 |
|
|---|
| 129 | }
|
|---|
