| // |
| // Licensed to the Apache Software Foundation (ASF) under one |
| // or more contributor license agreements. See the NOTICE file |
| // distributed with this work for additional information |
| // regarding copyright ownership. The ASF licenses this file |
| // to you under the Apache License, Version 2.0 (the |
| // "License"); you may not use this file except in compliance |
| // with the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, |
| // software distributed under the License is distributed on an |
| // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // KIND, either express or implied. See the License for the |
| // specific language governing permissions and limitations |
| // under the License. |
| // |
| |
| package com.cloud.network.bigswitch; |
| |
| import java.io.IOException; |
| import java.net.InetAddress; |
| import java.net.InetSocketAddress; |
| import java.net.Socket; |
| import java.net.UnknownHostException; |
| import java.security.KeyManagementException; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.cert.X509Certificate; |
| |
| import javax.net.ssl.SSLContext; |
| import javax.net.ssl.SSLSocketFactory; |
| import javax.net.ssl.TrustManager; |
| import javax.net.ssl.X509TrustManager; |
| |
| import org.apache.commons.httpclient.ConnectTimeoutException; |
| import org.apache.commons.httpclient.params.HttpConnectionParams; |
| import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; |
| |
| /* |
| * The TrustingProtocolSocketFactory will accept any provided |
| * certificate, i.e., in a sticky mode certificate management scheme, |
| * when making an SSL connection to the Big Switch Controller |
| */ |
| public class TrustingProtocolSocketFactory implements SecureProtocolSocketFactory { |
| private SSLSocketFactory ssf; |
| |
| public TrustingProtocolSocketFactory() throws IOException { |
| // Create a trust manager that does not validate certificate chains |
| TrustManager[] trustAllCerts = new TrustManager[] { |
| new X509TrustManager() { |
| @Override |
| public X509Certificate[] getAcceptedIssuers() { |
| return null; |
| } |
| |
| @Override |
| public void checkClientTrusted(X509Certificate[] certs, String authType) { |
| // Trust always |
| } |
| |
| @Override |
| public void checkServerTrusted(X509Certificate[] certs, String authType) { |
| // Trust always |
| } |
| } |
| }; |
| |
| try { |
| // Install the all-trusting trust manager |
| SSLContext sc = SSLContext.getInstance("SSL"); |
| sc.init(null, trustAllCerts, new java.security.SecureRandom()); |
| ssf = sc.getSocketFactory(); |
| } catch (KeyManagementException e) { |
| throw new IOException(e); |
| } catch (NoSuchAlgorithmException e) { |
| throw new IOException(e); |
| } |
| } |
| |
| @Override |
| public Socket createSocket(String host, int port) throws IOException, |
| UnknownHostException { |
| return ssf.createSocket(host, port); |
| } |
| |
| @Override |
| public Socket createSocket(String address, int port, InetAddress localAddress, |
| int localPort) throws IOException, UnknownHostException { |
| return ssf.createSocket(address, port, localAddress, localPort); |
| } |
| |
| @Override |
| public Socket createSocket(Socket socket, String host, int port, |
| boolean autoClose) throws IOException, UnknownHostException { |
| return ssf.createSocket(socket, host, port, autoClose); |
| } |
| |
| @Override |
| public Socket createSocket(String host, int port, InetAddress localAddress, |
| int localPort, HttpConnectionParams params) throws IOException, |
| UnknownHostException, ConnectTimeoutException { |
| int timeout = params.getConnectionTimeout(); |
| if (timeout == 0) { |
| return createSocket(host, port, localAddress, localPort); |
| } |
| else { |
| Socket s = ssf.createSocket(); |
| s.bind(new InetSocketAddress(localAddress, localPort)); |
| s.connect(new InetSocketAddress(host, port), timeout); |
| return s; |
| } |
| } |
| } |