source: main/trunk/gli/src/org/greenstone/gatherer/download/URLConnectionManager.java@ 31843

Last change on this file since 31843 was 31843, checked in by ak19, 7 years ago
  1. Adding new Java class URLConnectionManager to get an (Http)URLConnection depending on whether you're using a proxy or not, whether the URL is over Http or Https, and whether to set the no_check_certificate setting for Https URLs. Additional methods to set or unset this flag globally on all subsequent URL connections. 2. DownloadPane.getRedirectURL() now calls this and avoids the SSLHandShakeException discovered on Toro yesterday: not just wget but also Java code that makes a URL connection to an Https site that does not have a valid certificate will need to have no_check_certificate turned on if we want to download from there. Even if getRedirectURL() is found to no longer be useful, the new class URLConnectionManager is reusable. 4. Adding GS copyright header to SafeProcess.java.
File size: 6.0 KB
Line 
1/**
2 *#########################################################################
3 *
4 * A component of the Gatherer application, part of the Greenstone digital
5 * library suite from the New Zealand Digital Library Project at the
6 * University of Waikato, New Zealand.
7 *
8 * Author: Greenstone Digital Library, University of Waikato
9 *
10 * Copyright (C) 1999 New Zealand Digital Library Project
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 *########################################################################
26 */
27package org.greenstone.gatherer.download;
28
29import java.net.InetSocketAddress;
30import java.net.Proxy;
31import java.net.URL;
32import java.net.URLConnection;
33import javax.net.ssl.HostnameVerifier;
34import javax.net.ssl.HttpsURLConnection;
35import javax.net.ssl.SSLSocketFactory;
36import javax.net.ssl.SSLContext;
37import javax.net.ssl.SSLSession;
38import javax.net.ssl.TrustManager;
39import javax.net.ssl.X509TrustManager;
40import java.security.cert.X509Certificate;
41
42
43/** Use this class to get a URL connection with or without proxy settings, for Http or Https URLS,
44 * and with no-check-certificate on or off for Https URLs.
45 * This class has the ability to turn off checking security certificates for Https URLs to allow us to do
46 * the Java equivalent to running wget with --no-check-certificate. That part of the code is from
47 * https://stackoverflow.com/questions/6659360/how-to-solve-javax-net-ssl-sslhandshakeexception-error
48 * http://www.nakov.com/blog/2009/07/16/disable-certificate-validation-in-java-ssl-connections/
49*/
50public class URLConnectionManager implements HostnameVerifier, X509TrustManager
51{
52 // Create a reusable trust manager that does not validate certificate chains and considers all hosts valid
53 private static final URLConnectionManager allTrustingSSLTrustManager = new URLConnectionManager();
54 private static final TrustManager[] trustAllCerts = new TrustManager[] {allTrustingSSLTrustManager};
55
56 // save original defaults, in case we want to start restoring these in future
57 private static final HostnameVerifier restoreDefaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
58 private static final SSLSocketFactory restoreDefaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
59
60 //********** THE METHODS TO USE TO GET A URL CONNECTION *************//
61 //********** BASED ON PROXY, URL PROTOCOL (HTTPS) AND IF NO_CHECK_CERTIFICATES IS TO BE ON OR OFF FOR HTTPS *************//
62 public static void setNoCheckCertificates(boolean noCheckCertificates) throws Exception {
63 if(noCheckCertificates) {
64 // Install the all-trusting trust manager
65 SSLContext sc = SSLContext.getInstance("SSL");
66 sc.init(null, trustAllCerts, new java.security.SecureRandom());
67 HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
68 HttpsURLConnection.setDefaultHostnameVerifier(allTrustingSSLTrustManager);
69 } else {
70 HttpsURLConnection.setDefaultSSLSocketFactory(restoreDefaultSSLSocketFactory);
71 HttpsURLConnection.setDefaultHostnameVerifier(restoreDefaultHostnameVerifier);
72 }
73 }
74
75 public static URLConnection getConnection(String url_str, Proxy proxy) throws Exception {
76 // use existing settings for noCheckCertificates -- caller would have called setNoCheckCertificates to set this up at some time in the past
77
78 URL url = new URL(url_str);
79 // if we're given a proxy to access the URL with, use it
80 if(proxy == null) {
81 return url.openConnection();
82 } else {
83 return url.openConnection(proxy);
84 }
85 }
86
87 public static URLConnection getConnection(String url_str, Proxy proxy, boolean noCheckCertificates) throws Exception {
88 URL url = new URL(url_str);
89 if(url_str.startsWith("https:") && noCheckCertificates) { // requested to turn off certificate validation for HTTPs URLS
90 setNoCheckCertificates(noCheckCertificates);
91
92 } else { // no certificate checking needed if noCheckCertificates is false or if the url is anything other than HTTPS
93 setNoCheckCertificates(false);
94 }
95
96 // if we're given a proxy to access the URL with, use it
97 if(proxy == null) {
98 return url.openConnection();
99 } else {
100 return url.openConnection(proxy);
101 }
102 }
103
104 public static URLConnection getConnection(String url_str, String proxy_host, String proxy_port, boolean noCheckCertificates) throws Exception {
105 Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxy_host, Integer.parseInt(proxy_port)));
106 return getConnection(url_str, proxy, noCheckCertificates);
107 }
108
109 public static URLConnection getConnection(String url_str, String proxy_host, int proxy_port, boolean noCheckCertificates) throws Exception {
110 Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxy_host, proxy_port));
111 return getConnection(url_str, proxy, noCheckCertificates);
112 }
113
114 //********************** IMPLEMENTED METHODS **********************//
115
116 //*********** interface X509TrustManager *************//
117 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
118 return null;
119 }
120 public void checkClientTrusted(X509Certificate[] certs, String authType) {}
121 public void checkServerTrusted(X509Certificate[] certs, String authType) {}
122
123 //*********** interface HostnameVerifier *************//
124 // all hosts are considered valid
125 public boolean verify(String hostname, SSLSession session) {
126 return true;
127 }
128
129}
Note: See TracBrowser for help on using the repository browser.