taverna-wsdl-activity/src/main/java/net/sf/taverna/t2/activities/wsdl/security/ThreadLocalSSLSocketFactory.java

/*******************************************************************************
 * Copyright (C) 2007 The University of Manchester   
 * 
 *  Modifications to the initial code base are copyright of their
 *  respective authors, or their employers as appropriate.
 * 
 *  This program is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public License
 *  as published by the Free Software Foundation; either version 2.1 of
 *  the License, or (at your option) any later version.
 *    
 *  This program is distributed in the hope that it will be useful, but
 *  WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *    
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 ******************************************************************************/
package net.sf.taverna.t2.activities.wsdl.security;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.log4j.Logger;

/**
 * An implementation of SSLSocketFactory which delegates to one of two internal
 * SSLSocketFactory implementations. The implementation delegated to is
 * determined by a thread local property and is either the default SSL socket or
 * a customized one with a trust manager that allows the use of unsigned server
 * certificates.
 * <p>
 * To set this as the default call install() prior to making any HTTPS
 * connections, then bracket code which needs to trust unsigned certificates in
 * the startTrustingEverything() and stopTrustingEverything() methods.
 * 
 * @author Tom Oinn
 * 
 */
public class ThreadLocalSSLSocketFactory extends SSLSocketFactory {

	private static Logger logger = Logger
	.getLogger(ThreadLocalSSLSocketFactory.class);

	/**
	 * Calls to open HTTPS connections will trust unsigned certificates afer
	 * this call is made, this is scoped to the current thread only.
	 */
	public static void startTrustingEverything() {
		threadLocalFactory.set(createAlwaysTrustingFactory());
	}

	/**
	 * Stop trusting unsigned certificates, reverting to the default behaviour
	 * for the current thread.
	 */
	public static void stopTrustingEverything() {
		threadLocalFactory.set(null);
	}

	/**
	 * Set this as the default global socket factory for HTTPS connections
	 */
	public static void install() {
		HttpsURLConnection
				.setDefaultSSLSocketFactory(new ThreadLocalSSLSocketFactory());
	}

	/**
	 * Determine whether the current thread will trust unsigned certificates
	 */
	public static boolean isTrustingEverything() {
		return (threadLocalFactory.get() != null);
	}

	/**
	 * Never construct manually
	 */
	private ThreadLocalSSLSocketFactory() {
		super();
	}

	private static ThreadLocal<SSLSocketFactory> threadLocalFactory = new ThreadLocal<SSLSocketFactory>();

	private static SSLSocketFactory createAlwaysTrustingFactory() {
		SSLContext sc = null;
		try {
			sc = SSLContext.getInstance("SSL");
		} catch (NoSuchAlgorithmException e1) {

			logger.error("No SSL algorithm", e1);
		}
		TrustManager overlyTrusting = new X509TrustManager() {

			public void checkClientTrusted(X509Certificate[] arg0, String arg1)
					throws CertificateException {

			}

			public void checkServerTrusted(X509Certificate[] arg0, String arg1)
					throws CertificateException {

			}

			public X509Certificate[] getAcceptedIssuers() {
				return null;
			}

		};
		try {
			sc.init(null, new TrustManager[] { overlyTrusting },
					new SecureRandom());
		} catch (KeyManagementException e) {
			logger.error("Unable to initialize SSLContext", e);
		}
		return sc.getSocketFactory();

	}

	private SSLSocketFactory getFactory() {
		if (threadLocalFactory.get() == null) {
			return (SSLSocketFactory) SSLSocketFactory.getDefault();
		} else {
			return threadLocalFactory.get();
		}
	}

	@Override
	public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
			throws IOException {
		return getFactory().createSocket(arg0, arg1, arg2, arg3);
	}

	@Override
	public String[] getDefaultCipherSuites() {
		return getFactory().getDefaultCipherSuites();
	}

	@Override
	public String[] getSupportedCipherSuites() {
		return getFactory().getSupportedCipherSuites();
	}

	@Override
	public Socket createSocket() throws IOException {
		return getFactory().createSocket();
	}

	@Override
	public Socket createSocket(String arg0, int arg1) throws IOException,
			UnknownHostException {
		return getFactory().createSocket(arg0, arg1);
	}

	@Override
	public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
		return getFactory().createSocket(arg0, arg1);
	}

	@Override
	public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
			throws IOException, UnknownHostException {
		return getFactory().createSocket(arg0, arg1, arg2, arg3);
	}

	@Override
	public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
			int arg3) throws IOException {
		return getFactory().createSocket(arg0, arg1, arg2, arg3);
	}
}