taverna-wsdl-activity/src/main/java/net/sf/taverna/t2/activities/wsdl/security/SSLUtilities.java - incubator-taverna-common-activities - Git at Google

 package net.sf.taverna.t2.activities.wsdl.security;

 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;

 /**
  * This class provide various static methods that relax X509 certificate and
  * hostname verification while using the SSL over the HTTP protocol.
  * <p>
  * Call:
  * SSLUtilities.trustAllHostnames() to turn off the default hostname verification on HTTPS connection;
  * SSLUtilities.trustAllHttpsCertificates() to turn off the default certificate validation on HTTPS connection.
  * SSLUtilities.stopTrustingAllHttpsCertificates() to stop trusting all hosts' certificates and go back to default Java settings.
  *
  * @author    Francis Labrie
  */
 public final class SSLUtilities {

   /**
    * Hostname verifier.
    */
   private static HostnameVerifier hostnameVerifier;
   /**
    * Thrust managers.
    */
   private static TrustManager[] trustManagers;

   /**
    * Set the default Hostname Verifier to an instance of a fake class that
    * trust all hostnames.
    */
   public static void trustAllHostnames() {
       // Create a trust manager that does not validate certificate chains
       if(hostnameVerifier == null) {
           hostnameVerifier = new FakeHostnameVerifier();
       } // if
         // Install the all-trusting host name verifier:
       HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
   } // _trustAllHttpsCertificates

   /**
    * Set the default X509 Trust Manager to an instance of a fake class that
    * trust all certificates, even the self-signed ones.
    */
   public static void trustAllHttpsCertificates() {
       SSLContext context;

       // Create a trust manager that does not validate certificate chains
       if(trustManagers == null) {
           trustManagers = new TrustManager[] {new FakeX509TrustManager()};
       } // if
       // Install the all-trusting trust manager:
       try {
       context = SSLContext.getInstance("SSL");
       context.init(null, trustManagers, new SecureRandom());
       } catch(GeneralSecurityException gse) {
           throw new IllegalStateException(gse.getMessage());
       } // catch
       HttpsURLConnection.setDefaultSSLSocketFactory(context.
           getSocketFactory());
   } // _trustAllHttpsCertificates

   /**
    * This class implements a fake hostname verificator, trusting any host
    * name.
    *
    * @author    Francis Labrie
    */
   public static class FakeHostnameVerifier implements HostnameVerifier {

       /**
        * Always return true, indicating that the host name is
        * an acceptable match with the server's authentication scheme.
        *
        * @param hostname        the host name.
        * @param session         the SSL session used on the connection to
        * host.
        * @return                the true boolean value
        * indicating the host name is trusted.
        */
       public boolean verify(String hostname,
           javax.net.ssl.SSLSession session) {
           return(true);
       } // verify
   } // FakeHostnameVerifier

   /**
    * This class allow any X509 certificates to be used to authenticate the
    * remote side of a secure socket, including self-signed certificates.
    *
    * @author    Francis Labrie
    */
   public static class FakeX509TrustManager implements X509TrustManager {

       /**
        * Empty array of certificate authority certificates.
        */
       private static final X509Certificate[] _AcceptedIssuers =
           new X509Certificate[] {};

       /**
        * Always trust for client SSL chain peer certificate
        * chain with any authType authentication types.
        *
        * @param chain           the peer certificate chain.
        * @param authType        the authentication type based on the client
        * certificate.
        */
       public void checkClientTrusted(X509Certificate[] chain,
           String authType) {
       } // checkClientTrusted

       /**
        * Always trust for server SSL chain peer certificate
        * chain with any authType exchange algorithm types.
        *
        * @param chain           the peer certificate chain.
        * @param authType        the key exchange algorithm used.
        */
       public void checkServerTrusted(X509Certificate[] chain,
           String authType) {
       } // checkServerTrusted

       /**
        * Return an empty array of certificate authority certificates which
        * are trusted for authenticating peers.
        *
        * @return                a empty array of issuer certificates.
        */
       public X509Certificate[] getAcceptedIssuers() {
           return(_AcceptedIssuers);
       } // getAcceptedIssuers
   } // FakeX509TrustManager

   /**
    * Stop trusting all certificates and go back to the default settings.
    *
    * @author Alex Nenadic
    */
   public static void stopTrustingAllHttpsCertificates(){
       HttpsURLConnection.setDefaultSSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
   }
 } // SSLUtilities
	package net.sf.taverna.t2.activities.wsdl.security;

	import java.security.GeneralSecurityException;
	import java.security.SecureRandom;
	import java.security.cert.X509Certificate;
	import javax.net.ssl.HostnameVerifier;
	import javax.net.ssl.HttpsURLConnection;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLSocketFactory;
	import javax.net.ssl.TrustManager;
	import javax.net.ssl.X509TrustManager;

	/**
	* This class provide various static methods that relax X509 certificate and
	* hostname verification while using the SSL over the HTTP protocol.
	* <p>
	* Call:
	* SSLUtilities.trustAllHostnames() to turn off the default hostname verification on HTTPS connection;
	* SSLUtilities.trustAllHttpsCertificates() to turn off the default certificate validation on HTTPS connection.
	* SSLUtilities.stopTrustingAllHttpsCertificates() to stop trusting all hosts' certificates and go back to default Java settings.
	*
	* @author Francis Labrie
	*/
	public final class SSLUtilities {

	/**
	* Hostname verifier.
	*/
	private static HostnameVerifier hostnameVerifier;
	/**
	* Thrust managers.
	*/
	private static TrustManager[] trustManagers;

	/**
	* Set the default Hostname Verifier to an instance of a fake class that
	* trust all hostnames.
	*/
	public static void trustAllHostnames() {
	// Create a trust manager that does not validate certificate chains
	if(hostnameVerifier == null) {
	hostnameVerifier = new FakeHostnameVerifier();
	} // if
	// Install the all-trusting host name verifier:
	HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
	} // _trustAllHttpsCertificates

	/**
	* Set the default X509 Trust Manager to an instance of a fake class that
	* trust all certificates, even the self-signed ones.
	*/
	public static void trustAllHttpsCertificates() {
	SSLContext context;

	// Create a trust manager that does not validate certificate chains
	if(trustManagers == null) {
	trustManagers = new TrustManager[] {new FakeX509TrustManager()};
	} // if
	// Install the all-trusting trust manager:
	try {
	context = SSLContext.getInstance("SSL");
	context.init(null, trustManagers, new SecureRandom());
	} catch(GeneralSecurityException gse) {
	throw new IllegalStateException(gse.getMessage());
	} // catch
	HttpsURLConnection.setDefaultSSLSocketFactory(context.
	getSocketFactory());
	} // _trustAllHttpsCertificates

	/**
	* This class implements a fake hostname verificator, trusting any host
	* name.
	*
	* @author Francis Labrie
	*/
	public static class FakeHostnameVerifier implements HostnameVerifier {

	/**
	* Always return true, indicating that the host name is
	* an acceptable match with the server's authentication scheme.
	*
	* @param hostname the host name.
	* @param session the SSL session used on the connection to
	* host.
	* @return the true boolean value
	* indicating the host name is trusted.
	*/
	public boolean verify(String hostname,
	javax.net.ssl.SSLSession session) {
	return(true);
	} // verify
	} // FakeHostnameVerifier

	/**
	* This class allow any X509 certificates to be used to authenticate the
	* remote side of a secure socket, including self-signed certificates.
	*
	* @author Francis Labrie
	*/
	public static class FakeX509TrustManager implements X509TrustManager {

	/**
	* Empty array of certificate authority certificates.
	*/
	private static final X509Certificate[] _AcceptedIssuers =
	new X509Certificate[] {};

	/**
	* Always trust for client SSL chain peer certificate
	* chain with any authType authentication types.
	*
	* @param chain the peer certificate chain.
	* @param authType the authentication type based on the client
	* certificate.
	*/
	public void checkClientTrusted(X509Certificate[] chain,
	String authType) {
	} // checkClientTrusted

	/**
	* Always trust for server SSL chain peer certificate
	* chain with any authType exchange algorithm types.
	*
	* @param chain the peer certificate chain.
	* @param authType the key exchange algorithm used.
	*/
	public void checkServerTrusted(X509Certificate[] chain,
	String authType) {
	} // checkServerTrusted

	/**
	* Return an empty array of certificate authority certificates which
	* are trusted for authenticating peers.
	*
	* @return a empty array of issuer certificates.
	*/
	public X509Certificate[] getAcceptedIssuers() {
	return(_AcceptedIssuers);
	} // getAcceptedIssuers
	} // FakeX509TrustManager

	/**
	* Stop trusting all certificates and go back to the default settings.
	*
	* @author Alex Nenadic
	*/
	public static void stopTrustingAllHttpsCertificates(){
	HttpsURLConnection.setDefaultSSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
	}
	} // SSLUtilities