View Javadoc

1   /*
2    * Copyright 2005-2012 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.transport.http;
18  
19  import java.io.IOException;
20  import java.net.HttpURLConnection;
21  import java.security.KeyManagementException;
22  import java.security.NoSuchAlgorithmException;
23  import java.security.NoSuchProviderException;
24  import java.security.SecureRandom;
25  import javax.net.ssl.HostnameVerifier;
26  import javax.net.ssl.HttpsURLConnection;
27  import javax.net.ssl.KeyManager;
28  import javax.net.ssl.SSLContext;
29  import javax.net.ssl.SSLSocketFactory;
30  import javax.net.ssl.TrustManager;
31  
32  import org.springframework.beans.factory.InitializingBean;
33  import org.springframework.util.Assert;
34  import org.springframework.util.ObjectUtils;
35  import org.springframework.util.StringUtils;
36  
37  /**
38   * Extension of {@link HttpUrlConnectionMessageSender} that adds support for (self-signed) HTTPS certificates.
39   *
40   * @author Alex Marshall
41   * @author Arjen Poutsma
42   * @since 1.5.8
43   */
44  public class HttpsUrlConnectionMessageSender extends HttpUrlConnectionMessageSender implements InitializingBean {
45  
46      /** The default SSL protocol. */
47      public static final String DEFAULT_SSL_PROTOCOL = "ssl";
48  
49      private String sslProtocol = DEFAULT_SSL_PROTOCOL;
50  
51      private String sslProvider;
52  
53      private KeyManager[] keyManagers;
54  
55      private TrustManager[] trustManagers;
56  
57      private HostnameVerifier hostnameVerifier;
58  
59      private SecureRandom rnd;
60  
61      private SSLSocketFactory sslSocketFactory;
62  
63      /**
64       * Sets the SSL protocol to use. Default is {@code ssl}.
65       *
66       * @see SSLContext#getInstance(String, String)
67       */
68      public void setSslProtocol(String sslProtocol) {
69          Assert.hasLength(sslProtocol, "'sslProtocol' must not be empty");
70          this.sslProtocol = sslProtocol;
71      }
72  
73      /**
74       * Sets the SSL provider to use. Default is empty, to use the default provider.
75       *
76       * @see SSLContext#getInstance(String, String)
77       */
78      public void setSslProvider(String sslProvider) {
79          this.sslProvider = sslProvider;
80      }
81  
82      /**
83       * Specifies the key managers to use for this message sender.
84       * <p/>
85       * Setting either this property or {@link #setTrustManagers(TrustManager[]) trustManagers}  is required.
86       *
87       * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
88       */
89      public void setKeyManagers(KeyManager[] keyManagers) {
90          this.keyManagers = keyManagers;
91      }
92  
93      /**
94       * Specifies the trust managers to use for this message sender.
95       * <p/>
96       * Setting either this property or {@link #setKeyManagers(KeyManager[]) keyManagers}  is required.
97       *
98       * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
99       */
100     public void setTrustManagers(TrustManager[] trustManagers) {
101         this.trustManagers = trustManagers;
102     }
103 
104     /**
105      * Specifies the host name verifier to use for this message sender.
106      *
107      * @see HttpsURLConnection#setHostnameVerifier(HostnameVerifier)
108      */
109     public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
110         this.hostnameVerifier = hostnameVerifier;
111     }
112 
113     /**
114      * Specifies the secure random to use for this message sender.
115      *
116      * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
117      */
118     public void setSecureRandom(SecureRandom rnd) {
119         this.rnd = rnd;
120     }
121 
122     /**
123      * Specifies the SSLSocketFactory to use for this message sender.
124      *
125      * @see HttpsURLConnection#setSSLSocketFactory(SSLSocketFactory sf)
126      */
127     public void setSslSocketFactory(SSLSocketFactory sslSocketFactory) {
128         this.sslSocketFactory = sslSocketFactory;
129     }
130 
131     public void afterPropertiesSet() throws Exception {
132         Assert.isTrue(
133                 !(ObjectUtils.isEmpty(keyManagers) && ObjectUtils.isEmpty(trustManagers) && (sslSocketFactory == null)),
134                 "Setting either 'keyManagers', 'trustManagers' or 'sslSocketFactory' is required");
135     }
136 
137     @Override
138     protected void prepareConnection(HttpURLConnection connection) throws IOException {
139         super.prepareConnection(connection);
140         if (connection instanceof HttpsURLConnection) {
141             HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
142             httpsConnection.setSSLSocketFactory(createSslSocketFactory());
143 
144             if (hostnameVerifier != null) {
145                 httpsConnection.setHostnameVerifier(hostnameVerifier);
146             }
147         }
148     }
149 
150     private SSLSocketFactory createSslSocketFactory() throws HttpsTransportException {
151         if (this.sslSocketFactory != null) {
152             return this.sslSocketFactory;
153         }
154         try {
155             SSLContext sslContext =
156                     StringUtils.hasLength(sslProvider) ? SSLContext.getInstance(sslProtocol, sslProvider) :
157                             SSLContext.getInstance(sslProtocol);
158             sslContext.init(keyManagers, trustManagers, rnd);
159             if (logger.isDebugEnabled()) {
160                 logger.debug("Initialized SSL Context with key managers [" +
161                         StringUtils.arrayToCommaDelimitedString(keyManagers) + "] trust managers [" +
162                         StringUtils.arrayToCommaDelimitedString(trustManagers) + "] secure random [" + rnd +
163                         "]");
164             }
165             return sslContext.getSocketFactory();
166         }
167         catch (NoSuchAlgorithmException ex) {
168             throw new HttpsTransportException("Could not create SSLContext: " + ex.getMessage(), ex);
169         }
170         catch (NoSuchProviderException ex) {
171             throw new HttpsTransportException("Could not create SSLContext: " + ex.getMessage(), ex);
172         }
173         catch (KeyManagementException ex) {
174             throw new HttpsTransportException("Could not initialize SSLContext: " + ex.getMessage(), ex);
175         }
176 
177     }
178 
179 }