diff --git a/src/main/java/org/gcube/portal/GetCaller.java b/src/main/java/org/gcube/portal/GetCaller.java index c98c6e6..50cbda1 100644 --- a/src/main/java/org/gcube/portal/GetCaller.java +++ b/src/main/java/org/gcube/portal/GetCaller.java @@ -6,9 +6,10 @@ import java.net.HttpURLConnection; import java.net.URL; import java.util.List; +import javax.net.ssl.HttpsURLConnection; + public class GetCaller extends Thread { - private final int MINUTES_4_MILLISECONDS = 240000; - + private final int MINUTES_4_MILLISECONDS = 480000; private final static String USER_AGENT = "Mozilla/5.0"; private List urlsToContact; @@ -27,7 +28,7 @@ public class GetCaller extends Thread { System.out.println("********** LDAP EXPORT THREAD Waiting ... starting in " + MINUTES_4_MILLISECONDS/60000 + " minutes"); Thread.sleep(MINUTES_4_MILLISECONDS); for (String url : urlsToContact) { - String response = sendGet(url); + String response = sendHTTPsGet(url); System.out.println("**********\n\n"+ "Called URL=" + url + " correctly, response:" + response); } String response_ldap = sendGet(ServletTrigger.SERVLET_URL_LDAP); @@ -38,6 +39,31 @@ public class GetCaller extends Thread { } + private String sendHTTPsGet(String url) throws Exception { + + URL obj = new URL(null, url, new sun.net.www.protocol.https.Handler()); + + SSLUtilities.trustAllHostnames(); + SSLUtilities.trustAllHttpsCertificates(); + + HttpsURLConnection con = (HttpsURLConnection) obj.openConnection(); + con.setRequestProperty("User-Agent", USER_AGENT); + int responseCode = con.getResponseCode(); + System.out.println("\nSending 'GET' request to URL : " + url); + System.out.println("Response Code : " + responseCode); + + BufferedReader in = new BufferedReader( + new InputStreamReader(con.getInputStream())); + String inputLine; + StringBuffer response = new StringBuffer(); + + while ((inputLine = in.readLine()) != null) { + response.append(inputLine); + } + in.close(); + return response.toString(); + } + private String sendGet(String url) throws Exception { URL obj = new URL(url); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); @@ -58,3 +84,5 @@ public class GetCaller extends Thread { return response.toString(); } } + + diff --git a/src/main/java/org/gcube/portal/SSLUtilities.java b/src/main/java/org/gcube/portal/SSLUtilities.java new file mode 100644 index 0000000..664a006 --- /dev/null +++ b/src/main/java/org/gcube/portal/SSLUtilities.java @@ -0,0 +1,318 @@ +package org.gcube.portal; + +import java.security.GeneralSecurityException; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +/** + * This class provide various static methods that relax X509 certificate and + * hostname verification while using the SSL over the HTTP protocol. + * + * @author Francis Labrie + */ +public final class SSLUtilities { + + /** + * Hostname verifier for the Sun's deprecated API. + * + * @deprecated see {@link #_hostnameVerifier}. + */ + private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier; + /** + * Thrust managers for the Sun's deprecated API. + * + * @deprecated see {@link #_trustManagers}. + */ + private static com.sun.net.ssl.TrustManager[] __trustManagers; + /** + * Hostname verifier. + */ + private static HostnameVerifier _hostnameVerifier; + /** + * Thrust managers. + */ + private static TrustManager[] _trustManagers; + + + /** + * Set the default Hostname Verifier to an instance of a fake class that + * trust all hostnames. This method uses the old deprecated API from the + * com.sun.ssl package. + * + * @deprecated see {@link #_trustAllHostnames()}. + */ + private static void __trustAllHostnames() { + // Create a trust manager that does not validate certificate chains + if(__hostnameVerifier == null) { + __hostnameVerifier = new _FakeHostnameVerifier(); + } // if + // Install the all-trusting host name verifier + com.sun.net.ssl.HttpsURLConnection. + setDefaultHostnameVerifier(__hostnameVerifier); + } // __trustAllHttpsCertificates + + /** + * Set the default X509 Trust Manager to an instance of a fake class that + * trust all certificates, even the self-signed ones. This method uses the + * old deprecated API from the com.sun.ssl package. + * + * @deprecated see {@link #_trustAllHttpsCertificates()}. + */ + private static void __trustAllHttpsCertificates() { + com.sun.net.ssl.SSLContext context; + + // Create a trust manager that does not validate certificate chains + if(__trustManagers == null) { + __trustManagers = new com.sun.net.ssl.TrustManager[] + {new _FakeX509TrustManager()}; + } // if + // Install the all-trusting trust manager + try { + context = com.sun.net.ssl.SSLContext.getInstance("SSL"); + context.init(null, __trustManagers, new SecureRandom()); + } catch(GeneralSecurityException gse) { + throw new IllegalStateException(gse.getMessage()); + } // catch + com.sun.net.ssl.HttpsURLConnection. + setDefaultSSLSocketFactory(context.getSocketFactory()); + } // __trustAllHttpsCertificates + + /** + * Return true if the protocol handler property java. + * protocol.handler.pkgs is set to the Sun's com.sun.net.ssl. + * internal.www.protocol deprecated one, false + * otherwise. + * + * @return true if the protocol handler + * property is set to the Sun's deprecated one, false + * otherwise. + */ + private static boolean isDeprecatedSSLProtocol() { + return("com.sun.net.ssl.internal.www.protocol".equals(System. + getProperty("java.protocol.handler.pkgs"))); + } // isDeprecatedSSLProtocol + + /** + * Set the default Hostname Verifier to an instance of a fake class that + * trust all hostnames. + */ + private static void _trustAllHostnames() { + // Create a trust manager that does not validate certificate chains + if(_hostnameVerifier == null) { + _hostnameVerifier = new FakeHostnameVerifier(); + } // if + // Install the all-trusting host name verifier: + HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier); + } // _trustAllHttpsCertificates + + /** + * Set the default X509 Trust Manager to an instance of a fake class that + * trust all certificates, even the self-signed ones. + */ + private static void _trustAllHttpsCertificates() { + SSLContext context; + + // Create a trust manager that does not validate certificate chains + if(_trustManagers == null) { + _trustManagers = new TrustManager[] {new FakeX509TrustManager()}; + } // if + // Install the all-trusting trust manager: + try { + context = SSLContext.getInstance("SSL"); + context.init(null, _trustManagers, new SecureRandom()); + } catch(GeneralSecurityException gse) { + throw new IllegalStateException(gse.getMessage()); + } // catch + HttpsURLConnection.setDefaultSSLSocketFactory(context. + getSocketFactory()); + } // _trustAllHttpsCertificates + + /** + * Set the default Hostname Verifier to an instance of a fake class that + * trust all hostnames. + */ + public static void trustAllHostnames() { + // Is the deprecated protocol setted? + if(isDeprecatedSSLProtocol()) { + __trustAllHostnames(); + } else { + _trustAllHostnames(); + } // else + } // trustAllHostnames + + /** + * Set the default X509 Trust Manager to an instance of a fake class that + * trust all certificates, even the self-signed ones. + */ + public static void trustAllHttpsCertificates() { + // Is the deprecated protocol setted? + if(isDeprecatedSSLProtocol()) { + __trustAllHttpsCertificates(); + } else { + _trustAllHttpsCertificates(); + } // else + } // trustAllHttpsCertificates + + /** + * This class implements a fake hostname verificator, trusting any host + * name. This class uses the old deprecated API from the com.sun. + * ssl package. + * + * @author Francis Labrie + * + * @deprecated see {@link SSLUtilities.FakeHostnameVerifier}. + */ + public static class _FakeHostnameVerifier + implements com.sun.net.ssl.HostnameVerifier { + + /** + * Always return true, indicating that the host name is an + * acceptable match with the server's authentication scheme. + * + * @param hostname the host name. + * @param session the SSL session used on the connection to + * host. + * @return the true boolean value + * indicating the host name is trusted. + */ + public boolean verify(String hostname, String session) { + return(true); + } // verify + } // _FakeHostnameVerifier + + + /** + * This class allow any X509 certificates to be used to authenticate the + * remote side of a secure socket, including self-signed certificates. This + * class uses the old deprecated API from the com.sun.ssl + * package. + * + * @author Francis Labrie + * + * @deprecated see {@link SSLUtilities.FakeX509TrustManager}. + */ + public static class _FakeX509TrustManager + implements com.sun.net.ssl.X509TrustManager { + + /** + * Empty array of certificate authority certificates. + */ + private static final X509Certificate[] _AcceptedIssuers = + new X509Certificate[] {}; + + + /** + * Always return true, trusting for client SSL + * chain peer certificate chain. + * + * @param chain the peer certificate chain. + * @return the true boolean value + * indicating the chain is trusted. + */ + public boolean isClientTrusted(X509Certificate[] chain) { + return(true); + } // checkClientTrusted + + /** + * Always return true, trusting for server SSL + * chain peer certificate chain. + * + * @param chain the peer certificate chain. + * @return the true boolean value + * indicating the chain is trusted. + */ + public boolean isServerTrusted(X509Certificate[] chain) { + return(true); + } // checkServerTrusted + + /** + * Return an empty array of certificate authority certificates which + * are trusted for authenticating peers. + * + * @return a empty array of issuer certificates. + */ + public X509Certificate[] getAcceptedIssuers() { + return(_AcceptedIssuers); + } // getAcceptedIssuers + } // _FakeX509TrustManager + + + /** + * This class implements a fake hostname verificator, trusting any host + * name. + * + * @author Francis Labrie + */ + public static class FakeHostnameVerifier implements HostnameVerifier { + + /** + * Always return true, indicating that the host name is + * an acceptable match with the server's authentication scheme. + * + * @param hostname the host name. + * @param session the SSL session used on the connection to + * host. + * @return the true boolean value + * indicating the host name is trusted. + */ + public boolean verify(String hostname, + javax.net.ssl.SSLSession session) { + return(true); + } // verify + } // FakeHostnameVerifier + + + /** + * This class allow any X509 certificates to be used to authenticate the + * remote side of a secure socket, including self-signed certificates. + * + * @author Francis Labrie + */ + public static class FakeX509TrustManager implements X509TrustManager { + + /** + * Empty array of certificate authority certificates. + */ + private static final X509Certificate[] _AcceptedIssuers = + new X509Certificate[] {}; + + + /** + * Always trust for client SSL chain peer certificate + * chain with any authType authentication types. + * + * @param chain the peer certificate chain. + * @param authType the authentication type based on the client + * certificate. + */ + public void checkClientTrusted(X509Certificate[] chain, + String authType) { + } // checkClientTrusted + + /** + * Always trust for server SSL chain peer certificate + * chain with any authType exchange algorithm types. + * + * @param chain the peer certificate chain. + * @param authType the key exchange algorithm used. + */ + public void checkServerTrusted(X509Certificate[] chain, + String authType) { + } // checkServerTrusted + + /** + * Return an empty array of certificate authority certificates which + * are trusted for authenticating peers. + * + * @return a empty array of issuer certificates. + */ + public X509Certificate[] getAcceptedIssuers() { + return(_AcceptedIssuers); + } // getAcceptedIssuers + } // FakeX509TrustManager +} // SSLUtilities \ No newline at end of file diff --git a/src/main/java/org/gcube/portal/ServletTrigger.java b/src/main/java/org/gcube/portal/ServletTrigger.java index e2e38a9..bd1f478 100644 --- a/src/main/java/org/gcube/portal/ServletTrigger.java +++ b/src/main/java/org/gcube/portal/ServletTrigger.java @@ -15,10 +15,9 @@ public class ServletTrigger extends SimpleAction { private static final Logger _log = LoggerFactory.getLogger(ServletTrigger.class); protected static final String SERVLET_CONTEXT_MAIL = "/social-mail-servlet/start-email-reader"; - protected static final String SERVLET_URL_LDAP = "http://localhost:9090/ldap-export-servlet/start-ldap-export"; - - private final String PROTOCOL = "http://"; - private final String PORT = "9090"; + protected static final String SERVLET_URL_LDAP = "https://localhost/ldap-export-servlet/start-ldap-export"; + + private final String PROTOCOL = "https://"; /* (non-Java-doc) * @see com.liferay.portal.kernel.events.SimpleAction#SimpleAction() @@ -45,15 +44,16 @@ public class ServletTrigger extends SimpleAction { * @return */ private List getVirtualHostURLs() { + _log.info("MAIL_PARSER STARTING ... getVirtualHostURLs() "); List toReturn = new ArrayList(); List vHosts = null; try { vHosts = VirtualHostLocalServiceUtil.getVirtualHosts(0, VirtualHostLocalServiceUtil.getVirtualHostsCount()); for (VirtualHost virtualHost : vHosts) { if (virtualHost.getHostname().compareTo("localhost") != 0 && virtualHost.getLayoutSetId() != 0) { - String hostToContact = PROTOCOL+virtualHost.getHostname()+":"+PORT; - toReturn.add(hostToContact+SERVLET_CONTEXT_MAIL); - _log.debug("Added host to contact: " + hostToContact); + String hostToContact = PROTOCOL+virtualHost.getHostname(); + toReturn.add(hostToContact+SERVLET_CONTEXT_MAIL); + _log.info("Added host to contact: " + hostToContact); } } } catch (Exception e) {