View Javadoc

1   /*
2    * Copyright 2002-2009 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.ws.transport.http;
18  
19  import java.io.IOException;
20  import java.net.HttpURLConnection;
21  import java.net.URI;
22  import java.security.GeneralSecurityException;
23  import java.security.KeyManagementException;
24  import java.security.NoSuchAlgorithmException;
25  import java.security.NoSuchProviderException;
26  import java.security.SecureRandom;
27  import java.util.Arrays;
28  import javax.net.ssl.HostnameVerifier;
29  import javax.net.ssl.HttpsURLConnection;
30  import javax.net.ssl.KeyManager;
31  import javax.net.ssl.SSLContext;
32  import javax.net.ssl.TrustManager;
33  
34  import org.springframework.beans.factory.InitializingBean;
35  import org.springframework.util.Assert;
36  import org.springframework.util.ObjectUtils;
37  import org.springframework.util.StringUtils;
38  
39  /**
40   * Extension of {@link HttpUrlConnectionMessageSender} that adds support for (self-signed) HTTPS certificates.
41   *
42   * @author Alex Marshall
43   * @author Arjen Poutsma
44   * @since 1.5.8
45   */
46  public class HttpsUrlConnectionMessageSender extends HttpUrlConnectionMessageSender implements InitializingBean {
47  
48      /** The default SSL protocol. */
49      public static final String DEFAULT_SSL_PROTOCOL = "ssl";
50  
51      private String sslProtocol = DEFAULT_SSL_PROTOCOL;
52  
53      private String sslProvider;
54  
55      private KeyManager[] keyManagers;
56  
57      private TrustManager[] trustManagers;
58  
59      private HostnameVerifier hostnameVerifier;
60  
61      private SecureRandom rnd;
62  
63      /**
64       * Sets the SSL protocol to use. Default is {@code ssl}.
65       *
66       * @see SSLContext#getInstance(String, String)
67       */
68      public void setSslProtocol(String sslProtocol) {
69          Assert.hasLength(sslProtocol, "'sslProtocol' must not be empty");
70          this.sslProtocol = sslProtocol;
71      }
72  
73      /**
74       * Sets the SSL provider to use. Default is empty, to use the default provider.
75       *
76       * @see SSLContext#getInstance(String, String)
77       */
78      public void setSslProvider(String sslProvider) {
79          this.sslProvider = sslProvider;
80      }
81  
82      /**
83       * Specifies the key managers to use for this message sender.
84       * <p/>
85       * Setting either this property or {@link #setTrustManagers(TrustManager[]) trustManagers}  is required.
86       *
87       * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
88       */
89      public void setKeyManagers(KeyManager[] keyManagers) {
90          this.keyManagers = keyManagers;
91      }
92  
93      /**
94       * Specifies the trust managers to use for this message sender.
95       * <p/>
96       * Setting either this property or {@link #setKeyManagers(KeyManager[]) keyManagers}  is required.
97       *
98       * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
99       */
100     public void setTrustManagers(TrustManager[] trustManagers) {
101         this.trustManagers = trustManagers;
102     }
103 
104     /**
105      * Specifies the host name verifier to use for this message sender.
106      *
107      * @see HttpsURLConnection#setHostnameVerifier(HostnameVerifier)
108      */
109     public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
110         this.hostnameVerifier = hostnameVerifier;
111     }
112 
113     /**
114      * Specifies the secure random to use for this message sender.
115      *
116      * @see SSLContext#init(KeyManager[], TrustManager[], SecureRandom)
117      */
118     public void setSecureRandom(SecureRandom rnd) {
119         this.rnd = rnd;
120     }
121 
122     public void afterPropertiesSet() throws Exception {
123         Assert.isTrue(!(ObjectUtils.isEmpty(keyManagers) && ObjectUtils.isEmpty(trustManagers)),
124                 "Setting either 'keyManagers' or 'trustManagers' is required");
125     }
126 
127     protected void prepareConnection(HttpURLConnection connection) throws IOException {
128         super.prepareConnection(connection);
129         if (connection instanceof HttpsURLConnection) {
130             HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
131             try {
132                 SSLContext sslContext = createSslContext(sslProtocol, sslProvider);
133                 sslContext.init(keyManagers, trustManagers, rnd);
134                 if (logger.isDebugEnabled()) {
135                     logger.debug("Initialized SSL Context with key managers [" +
136                             StringUtils.arrayToCommaDelimitedString(keyManagers) + "] trust managers [" +
137                             StringUtils.arrayToCommaDelimitedString(trustManagers) + "] secure random [" + rnd + "]");
138                 }
139 
140                 httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory());
141 
142                 if (hostnameVerifier != null) {
143                     httpsConnection.setHostnameVerifier(hostnameVerifier);
144                 }
145             }
146             catch (NoSuchProviderException ex) {
147                 throw new HttpsTransportException("Could not create SSLContext: " + ex.getMessage(), ex);
148             }
149             catch (NoSuchAlgorithmException ex) {
150                 throw new HttpsTransportException("Could not create SSLContext: " + ex.getMessage(), ex);
151             }
152             catch (KeyManagementException ex) {
153                 throw new HttpsTransportException("Could not initialize SSLContext: " + ex.getMessage(), ex);
154             }
155         }
156     }
157 
158     private SSLContext createSslContext(String protocol, String provider)
159             throws NoSuchProviderException, NoSuchAlgorithmException {
160         if (!StringUtils.hasLength(provider)) {
161             return SSLContext.getInstance(protocol);
162         }
163         else {
164             return SSLContext.getInstance(protocol, provider);
165         }
166     }
167 
168 }