From 7a6400cdc81d577cb010f1598bc4c501241b124a Mon Sep 17 00:00:00 2001 From: Michael Lando Date: Sun, 31 Dec 2017 09:57:46 +0200 Subject: update simulator Change-Id: I9d3bca6a4d0a4f258094c409a1a4f6df3521030f Issue-ID: SDC-832 Signed-off-by: Michael Lando --- .../SSL/DummySSLProtocolSocketFactory.java | 115 +++++++++++++++++++++ .../simulator/SSL/DummyX509TrustManager.java | 62 +++++++++++ .../openecomp/sdc/webseal/simulator/SdcProxy.java | 71 ++++++++----- 3 files changed, 223 insertions(+), 25 deletions(-) create mode 100644 utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummySSLProtocolSocketFactory.java create mode 100644 utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummyX509TrustManager.java (limited to 'utils/webseal-simulator/src/main/java/org') diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummySSLProtocolSocketFactory.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummySSLProtocolSocketFactory.java new file mode 100644 index 0000000000..30d98146c2 --- /dev/null +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummySSLProtocolSocketFactory.java @@ -0,0 +1,115 @@ + +package org.openecomp.sdc.webseal.simulator.SSL; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.commons.httpclient.HttpClientError; +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; + +public class DummySSLProtocolSocketFactory implements SecureProtocolSocketFactory { + + + private SSLContext sslcontext = null; + + /** + * Constructor for DummySSLProtocolSocketFactory. + */ + public DummySSLProtocolSocketFactory() { + super(); + } + + private static SSLContext createEasySSLContext() { + try { + SSLContext context = SSLContext.getInstance("SSL"); + context.init(null, new TrustManager[] { new DummyX509TrustManager(null) }, null); + return context; + } catch (Exception e) { + throw new HttpClientError(e.toString()); + } + } + + private SSLContext getSSLContext() { + if (this.sslcontext == null) { + this.sslcontext = createEasySSLContext(); + } + return this.sslcontext; + } + + /** + * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(String,int,InetAddress,int) + */ + public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, + UnknownHostException { + + return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort); + } + + /** + * Attempts to get a new socket connection to the given host within the given + * time limit. + *

+ * To circumvent the limitations of older JREs that do not support connect + * timeout a controller thread is executed. The controller thread attempts to + * create a new socket within the given limit of time. If socket constructor + * does not return until the timeout expires, the controller terminates and + * throws an {@link ConnectTimeoutException} + *

+ * + * @param host the host name/IP + * @param port the port on the host + * @param localAddress the local host name/IP to bind the socket to + * @param localPort the port on the local machine + * @param params {@link HttpConnectionParams Http connection parameters} + * + * @return Socket a new socket + * + * @throws IOException if an I/O error occurs while creating the socket + * @throws UnknownHostException if the IP address of the host cannot be + * determined + */ + public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort, + final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { + if (params == null) { + throw new IllegalArgumentException("Parameters may not be null"); + } + int timeout = params.getConnectionTimeout(); + if (timeout == 0) { + return createSocket(host, port, localAddress, localPort); + } else { + // To be eventually deprecated when migrated to Java 1.4 or above + return ControllerThreadSocketFactory.createSocket(this, host, port, localAddress, localPort, timeout); + } + } + + /** + * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(String,int) + */ + public Socket createSocket(String host, int port) throws IOException, UnknownHostException { + return getSSLContext().getSocketFactory().createSocket(host, port); + } + + /** + * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(Socket,String,int,boolean) + */ + public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, + UnknownHostException { + return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose); + } + + public boolean equals(Object obj) { + return ((obj != null) && obj.getClass().equals(DummySSLProtocolSocketFactory.class)); + } + + public int hashCode() { + return DummySSLProtocolSocketFactory.class.hashCode(); + } + +} \ No newline at end of file diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummyX509TrustManager.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummyX509TrustManager.java new file mode 100644 index 0000000000..df7a1d2b65 --- /dev/null +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SSL/DummyX509TrustManager.java @@ -0,0 +1,62 @@ + +package org.openecomp.sdc.webseal.simulator.SSL; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +public class DummyX509TrustManager implements X509TrustManager +{ + private X509TrustManager standardTrustManager = null; + + /** + * Constructor for DummyX509TrustManager. + */ + public DummyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { + super(); + String algo = TrustManagerFactory.getDefaultAlgorithm(); + TrustManagerFactory factory = TrustManagerFactory.getInstance(algo); + factory.init(keystore); + TrustManager[] trustmanagers = factory.getTrustManagers(); + if (trustmanagers.length == 0) { + throw new NoSuchAlgorithmException(algo + " trust manager not supported"); + } + this.standardTrustManager = (X509TrustManager)trustmanagers[0]; + } + + /** + * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[], String) + */ + public boolean isClientTrusted(X509Certificate[] certificates) { + return true; + } + + /** + * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[], String) + */ + public boolean isServerTrusted(X509Certificate[] certificates) { + return true; + } + + /** + * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() + */ + public X509Certificate[] getAcceptedIssuers() { + return this.standardTrustManager.getAcceptedIssuers(); + } + + public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { + // do nothing + + } + + public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { + // do nothing + + } +} \ No newline at end of file diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java index 48e3a71aa5..74d93a97df 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java @@ -1,20 +1,16 @@ package org.openecomp.sdc.webseal.simulator; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.UnsupportedEncodingException; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.URLEncoder; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.List; -import java.util.Map; -import java.util.zip.GZIPInputStream; +import org.apache.commons.httpclient.Header; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.HttpException; +import org.apache.commons.httpclient.HttpMethodBase; +import org.apache.commons.httpclient.methods.*; +import org.apache.commons.httpclient.protocol.Protocol; +import org.openecomp.sdc.webseal.simulator.SSL.DummySSLProtocolSocketFactory; +import org.openecomp.sdc.webseal.simulator.conf.Conf; + +import javax.net.ssl.*; import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -22,17 +18,20 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.httpclient.Header; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.HttpException; -import org.apache.commons.httpclient.HttpMethodBase; -import org.apache.commons.httpclient.methods.DeleteMethod; -import org.apache.commons.httpclient.methods.GetMethod; -import org.apache.commons.httpclient.methods.InputStreamRequestEntity; -import org.apache.commons.httpclient.methods.PostMethod; -import org.apache.commons.httpclient.methods.PutMethod; -import org.openecomp.sdc.webseal.simulator.conf.Conf; +import java.io.*; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLEncoder; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; +import java.util.Map; +import java.util.zip.GZIPInputStream; public class SdcProxy extends HttpServlet { @@ -57,8 +56,16 @@ public class SdcProxy extends HttpServlet { } catch (MalformedURLException me) { throw new ServletException("Proxy URL is invalid", me); } + // Set up an HTTPS socket factory that accepts self-signed certs. + Protocol https = new Protocol("https", + new DummySSLProtocolSocketFactory(), 9443); + Protocol.registerProtocol("https", https); + this.proxy = new HttpClient(); this.proxy.getHostConfiguration().setHost(this.url.getHost()); + + + } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { @@ -316,4 +323,18 @@ public class SdcProxy extends HttpServlet { body = stringBuilder.toString(); return body; } + + private class DefaultTrustManager implements X509TrustManager { + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} + + @Override + public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} + + @Override + public X509Certificate[] getAcceptedIssuers() { + return null; + } + } } -- cgit 1.2.3-korg