enterprise/j2ee.sun.appsrv/src/org/netbeans/modules/j2ee/sun/appsrvapi/PortDetector.java - netbeans - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.netbeans.modules.j2ee.sun.appsrvapi;

 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.PrintWriter;
 import java.net.ConnectException;
 import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.net.SocketException;
 import java.net.SocketTimeoutException;

 /* new algo to test of an app server(8.1 and 9.0) is secured or not
  * @author ludo champenois, and Jean Francois Arcand
  *
  **/

 public class PortDetector {

     private static final int PORT_CHECK_TIMEOUT = 4000; // Port check timeout in ms

     /**
      *  This method accepts a hostname and port #.  It uses this information
      *  to attempt to connect to the port, send a test query, analyze the
      *  result to determine if the port is secure or unsecure (currently only
      *  http / https is supported).
      * it might emit a warning in the server log for GlassFish cases
      * No Harm, just an annoying warning, so we need to use this call only when really needed
      */
     public static boolean isSecurePort(String hostname, int port)
             throws IOException, ConnectException, SocketTimeoutException {
         // Open the socket with a short timeout for connects and reads.
         Socket socket = new Socket();
         try {
             socket.connect(new InetSocketAddress(hostname, port), PORT_CHECK_TIMEOUT);
             socket.setSoTimeout(PORT_CHECK_TIMEOUT);
         } catch(SocketException ex) { // this could be bug 70020 due to SOCKs proxy not having localhost
             String socksNonProxyHosts = System.getProperty("socksNonProxyHosts");
             if(socksNonProxyHosts != null && socksNonProxyHosts.indexOf("localhost") < 0) {
                 String localhost = socksNonProxyHosts.length() > 0 ? "|localhost" : "localhost";
                 System.setProperty("socksNonProxyHosts",  socksNonProxyHosts + localhost);
                 ConnectException ce = new ConnectException();
                 ce.initCause(ex);
                 throw ce; //status unknown at this point
                 //next call, we'll be ok and it will really detect if we are secure or not
             }
         }

         //This is the test query used to ping the server in an attempt to
         //determine if it is secure or not.
         String testQuery = "GET / HTTP/1.0";
         PrintWriter pw = new PrintWriter(socket.getOutputStream());
         pw.println(testQuery);
         pw.println();
         pw.flush();
         // Get the result
         InputStream is = socket.getInputStream();
         byte[] respArr = new byte[1024];
         boolean isSecure = true;
         while (is.read(respArr) != -1) {
             // Determine protocol from result
             // Can't read https response w/ OpenSSL (or equiv), so use as
             // default & try to detect an http response.
             String resp = new String(respArr);
             if (checkHelper(resp) == false) {
                 isSecure = false;
                 break;
             }
         }
         socket.close();
         return isSecure;
     }

     private static boolean checkHelper(String respText) {
         boolean isSecure = true;
         if (respText.startsWith("http/1.") || respText.startsWith("HTTP/1.")) {
             isSecure = false;
         } else if (respText.contains("<html")) {
             isSecure = false;
         } else if (respText.contains("</html")) {
             // New test added to resolve 106245
             // when the user has the IDE use a proxy (like webcache.foo.bar.com),
             // the response comes back as "d><title>....</html>".  It looks like
             // something eats the "<html><hea" off the front of the data that
             // gets returned.
             //
             // This test makes an allowance for that behavior. I figure testing
             // the likely "last bit" is better than testing a bit that is close
             // to the data that seems to get eaten.
             //
             isSecure = false;
         } else if (respText.contains("connection: ")) {
             isSecure = false;
         }
         return isSecure;
     }


     public static void main(String[] args) throws IOException{
         String host = args[0];
         int port = Integer.parseInt(args[1]);
         System.out.println("host: " + " port: " + port);
         System.out.println("isSecure: " + isSecurePort(host,port));
     }


 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.netbeans.modules.j2ee.sun.appsrvapi;

	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.io.PrintWriter;
	import java.net.ConnectException;
	import java.net.InetSocketAddress;
	import java.net.Socket;
	import java.net.SocketException;
	import java.net.SocketTimeoutException;

	/* new algo to test of an app server(8.1 and 9.0) is secured or not
	* @author ludo champenois, and Jean Francois Arcand
	*
	**/

	public class PortDetector {

	private static final int PORT_CHECK_TIMEOUT = 4000; // Port check timeout in ms

	/**
	* This method accepts a hostname and port #. It uses this information
	* to attempt to connect to the port, send a test query, analyze the
	* result to determine if the port is secure or unsecure (currently only
	* http / https is supported).
	* it might emit a warning in the server log for GlassFish cases
	* No Harm, just an annoying warning, so we need to use this call only when really needed
	*/
	public static boolean isSecurePort(String hostname, int port)
	throws IOException, ConnectException, SocketTimeoutException {
	// Open the socket with a short timeout for connects and reads.
	Socket socket = new Socket();
	try {
	socket.connect(new InetSocketAddress(hostname, port), PORT_CHECK_TIMEOUT);
	socket.setSoTimeout(PORT_CHECK_TIMEOUT);
	} catch(SocketException ex) { // this could be bug 70020 due to SOCKs proxy not having localhost
	String socksNonProxyHosts = System.getProperty("socksNonProxyHosts");
	if(socksNonProxyHosts != null && socksNonProxyHosts.indexOf("localhost") < 0) {
	String localhost = socksNonProxyHosts.length() > 0 ? "\|localhost" : "localhost";
	System.setProperty("socksNonProxyHosts", socksNonProxyHosts + localhost);
	ConnectException ce = new ConnectException();
	ce.initCause(ex);
	throw ce; //status unknown at this point
	//next call, we'll be ok and it will really detect if we are secure or not
	}
	}

	//This is the test query used to ping the server in an attempt to
	//determine if it is secure or not.
	String testQuery = "GET / HTTP/1.0";
	PrintWriter pw = new PrintWriter(socket.getOutputStream());
	pw.println(testQuery);
	pw.println();
	pw.flush();
	// Get the result
	InputStream is = socket.getInputStream();
	byte[] respArr = new byte[1024];
	boolean isSecure = true;
	while (is.read(respArr) != -1) {
	// Determine protocol from result
	// Can't read https response w/ OpenSSL (or equiv), so use as
	// default & try to detect an http response.
	String resp = new String(respArr);
	if (checkHelper(resp) == false) {
	isSecure = false;
	break;
	}
	}
	socket.close();
	return isSecure;
	}

	private static boolean checkHelper(String respText) {
	boolean isSecure = true;
	if (respText.startsWith("http/1.") \|\| respText.startsWith("HTTP/1.")) {
	isSecure = false;
	} else if (respText.contains("<html")) {
	isSecure = false;
	} else if (respText.contains("</html")) {
	// New test added to resolve 106245
	// when the user has the IDE use a proxy (like webcache.foo.bar.com),
	// the response comes back as "d><title>....</html>". It looks like
	// something eats the "<html><hea" off the front of the data that
	// gets returned.
	//
	// This test makes an allowance for that behavior. I figure testing
	// the likely "last bit" is better than testing a bit that is close
	// to the data that seems to get eaten.
	//
	isSecure = false;
	} else if (respText.contains("connection: ")) {
	isSecure = false;
	}
	return isSecure;
	}


	public static void main(String[] args) throws IOException{
	String host = args[0];
	int port = Integer.parseInt(args[1]);
	System.out.println("host: " + " port: " + port);
	System.out.println("isSecure: " + isSecurePort(host,port));
	}


	}