1 | /**
|
---|
2 | *#########################################################################
|
---|
3 | *
|
---|
4 | * A component of the Gatherer application, part of the Greenstone digital
|
---|
5 | * library suite from the New Zealand Digital Library Project at the
|
---|
6 | * University of Waikato, New Zealand.
|
---|
7 | *
|
---|
8 | * Author: Greenstone Digital Library, University of Waikato
|
---|
9 | *
|
---|
10 | * Copyright (C) 1999 New Zealand Digital Library Project
|
---|
11 | *
|
---|
12 | * This program is free software; you can redistribute it and/or modify
|
---|
13 | * it under the terms of the GNU General Public License as published by
|
---|
14 | * the Free Software Foundation; either version 2 of the License, or
|
---|
15 | * (at your option) any later version.
|
---|
16 | *
|
---|
17 | * This program is distributed in the hope that it will be useful,
|
---|
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
20 | * GNU General Public License for more details.
|
---|
21 | *
|
---|
22 | * You should have received a copy of the GNU General Public License
|
---|
23 | * along with this program; if not, write to the Free Software
|
---|
24 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
---|
25 | *########################################################################
|
---|
26 | */
|
---|
27 | package org.greenstone.gatherer.download;
|
---|
28 |
|
---|
29 | import java.net.InetSocketAddress;
|
---|
30 | import java.net.Proxy;
|
---|
31 | import java.net.URL;
|
---|
32 | import java.net.URLConnection;
|
---|
33 | import javax.net.ssl.HostnameVerifier;
|
---|
34 | import javax.net.ssl.HttpsURLConnection;
|
---|
35 | import javax.net.ssl.SSLSocketFactory;
|
---|
36 | import javax.net.ssl.SSLContext;
|
---|
37 | import javax.net.ssl.SSLSession;
|
---|
38 | import javax.net.ssl.TrustManager;
|
---|
39 | import javax.net.ssl.X509TrustManager;
|
---|
40 | import java.security.cert.X509Certificate;
|
---|
41 |
|
---|
42 |
|
---|
43 | /** Use this class to get a URL connection with or without proxy settings, for Http or Https URLS,
|
---|
44 | * and with no-check-certificate on or off for Https URLs.
|
---|
45 | * This class has the ability to turn off checking security certificates for Https URLs to allow us to do
|
---|
46 | * the Java equivalent to running wget with --no-check-certificate. That part of the code is from
|
---|
47 | * https://stackoverflow.com/questions/6659360/how-to-solve-javax-net-ssl-sslhandshakeexception-error
|
---|
48 | * http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/
|
---|
49 | */
|
---|
50 | public class URLConnectionManager implements HostnameVerifier, X509TrustManager
|
---|
51 | {
|
---|
52 | // Create a reusable trust manager that does not validate certificate chains and considers all hosts valid
|
---|
53 | private static final URLConnectionManager allTrustingSSLTrustManager = new URLConnectionManager();
|
---|
54 | private static final TrustManager[] trustAllCerts = new TrustManager[] {allTrustingSSLTrustManager};
|
---|
55 |
|
---|
56 | // save original defaults, in case we want to start restoring these in future
|
---|
57 | private static final HostnameVerifier restoreDefaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
|
---|
58 | private static final SSLSocketFactory restoreDefaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
|
---|
59 |
|
---|
60 | //********** THE METHODS TO USE TO GET A URL CONNECTION *************//
|
---|
61 | //********** BASED ON PROXY, URL PROTOCOL (HTTPS) AND IF NO_CHECK_CERTIFICATES IS TO BE ON OR OFF FOR HTTPS *************//
|
---|
62 | public static void setNoCheckCertificates(boolean noCheckCertificates) throws Exception {
|
---|
63 | if(noCheckCertificates) {
|
---|
64 | // Install the all-trusting trust manager
|
---|
65 | SSLContext sc = SSLContext.getInstance("SSL");
|
---|
66 | sc.init(null, trustAllCerts, new java.security.SecureRandom());
|
---|
67 | HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
---|
68 | HttpsURLConnection.setDefaultHostnameVerifier(allTrustingSSLTrustManager);
|
---|
69 | } else {
|
---|
70 | HttpsURLConnection.setDefaultSSLSocketFactory(restoreDefaultSSLSocketFactory);
|
---|
71 | HttpsURLConnection.setDefaultHostnameVerifier(restoreDefaultHostnameVerifier);
|
---|
72 | }
|
---|
73 | }
|
---|
74 |
|
---|
75 | public static URLConnection getConnection(String url_str, Proxy proxy) throws Exception {
|
---|
76 | // use existing settings for noCheckCertificates -- caller would have called setNoCheckCertificates to set this up at some time in the past
|
---|
77 |
|
---|
78 | URL url = new URL(url_str);
|
---|
79 | // if we're given a proxy to access the URL with, use it
|
---|
80 | if(proxy == null) {
|
---|
81 | return url.openConnection();
|
---|
82 | } else {
|
---|
83 | return url.openConnection(proxy);
|
---|
84 | }
|
---|
85 | }
|
---|
86 |
|
---|
87 | public static URLConnection getConnection(String url_str, Proxy proxy, boolean noCheckCertificates) throws Exception {
|
---|
88 | URL url = new URL(url_str);
|
---|
89 | if(url_str.startsWith("https:") && noCheckCertificates) { // requested to turn off certificate validation for HTTPs URLS
|
---|
90 | setNoCheckCertificates(noCheckCertificates);
|
---|
91 |
|
---|
92 | } else { // no certificate checking needed if noCheckCertificates is false or if the url is anything other than HTTPS
|
---|
93 | setNoCheckCertificates(false);
|
---|
94 | }
|
---|
95 |
|
---|
96 | // if we're given a proxy to access the URL with, use it
|
---|
97 | if(proxy == null) {
|
---|
98 | return url.openConnection();
|
---|
99 | } else {
|
---|
100 | return url.openConnection(proxy);
|
---|
101 | }
|
---|
102 | }
|
---|
103 |
|
---|
104 | public static URLConnection getConnection(String url_str, String proxy_host, String proxy_port, boolean noCheckCertificates) throws Exception {
|
---|
105 | Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxy_host, Integer.parseInt(proxy_port)));
|
---|
106 | return getConnection(url_str, proxy, noCheckCertificates);
|
---|
107 | }
|
---|
108 |
|
---|
109 | public static URLConnection getConnection(String url_str, String proxy_host, int proxy_port, boolean noCheckCertificates) throws Exception {
|
---|
110 | Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxy_host, proxy_port));
|
---|
111 | return getConnection(url_str, proxy, noCheckCertificates);
|
---|
112 | }
|
---|
113 |
|
---|
114 | //********************** IMPLEMENTED METHODS **********************//
|
---|
115 |
|
---|
116 | //*********** interface X509TrustManager *************//
|
---|
117 | public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
---|
118 | return null;
|
---|
119 | }
|
---|
120 | public void checkClientTrusted(X509Certificate[] certs, String authType) {}
|
---|
121 | public void checkServerTrusted(X509Certificate[] certs, String authType) {}
|
---|
122 |
|
---|
123 | //*********** interface HostnameVerifier *************//
|
---|
124 | // all hosts are considered valid
|
---|
125 | public boolean verify(String hostname, SSLSession session) {
|
---|
126 | return true;
|
---|
127 | }
|
---|
128 |
|
---|
129 | } |
---|