public SunSSLTransportFactory(Properties properties) throws GeneralSecurityException { X509TrustManager trustManager; HostnameVerifier hostnameVerifier; SSLContext sslContext; Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); url = (URL) properties.get(XmlRpcTransportFactory.TRANSPORT_URL); auth = properties.getProperty(XmlRpcTransportFactory.TRANSPORT_AUTH); trustManager = (X509TrustManager) properties.get(TRANSPORT_TRUSTMANAGER); if (trustManager == null) { trustManager = openTrustManager; } hostnameVerifier = (HostnameVerifier) properties.get(TRANSPORT_HOSTNAMEVERIFIER); if (hostnameVerifier == null) { hostnameVerifier = openHostnameVerifier; } sslContext = SSLContext.getInstance(SecurityTool.getSecurityProtocol()); X509TrustManager[] tmArray = new X509TrustManager[] {trustManager}; sslContext.init(null, tmArray, new SecureRandom()); // Set the default SocketFactory and HostnameVerifier // for javax.net.ssl.HttpsURLConnection if (sslContext != null) { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); }
/** * CAUTION: Decompiled by hand. * * @throws Exception */ private void connect() throws Exception { try { String s; if (bSecure) { s = "t3s"; System.setProperty("weblogic.security.SSL.ignoreHostnameVerification", "true"); HttpsURLConnection.setDefaultHostnameVerifier(new NullHostnameVerifier()); } else { s = "t3"; } Hashtable hashtable = new Hashtable(); hashtable.put("java.naming.factory.initial", "weblogic.jndi.WLInitialContextFactory"); hashtable.put("java.naming.provider.url", s + "://" + host); if (username.length() > 0 && password.length() > 0) { hashtable.put("java.naming.security.principal", username); hashtable.put("java.naming.security.credentials", password); } ClassLoader classloader = Thread.currentThread().getContextClassLoader(); Class class1 = classloader.loadClass("javax.naming.InitialContext"); Constructor constructor = class1.getConstructor(new Class[] {java.util.Hashtable.class}); Method method = class1.getMethod("lookup", new Class[] {String.class}); Object obj = constructor.newInstance(new Object[] {hashtable}); Object obj1 = method.invoke(obj, new Object[] {"weblogic.management.home.localhome"}); mbs = obj1.getClass().getMethod("getMBeanServer", null).invoke(obj1, null); LogManager.log("RunMonitor", "WebLogic6x: Connected"); } catch (Throwable throwable) { Throwable throwable1 = throwable.getCause(); if (throwable1 != null) { LogManager.log("Error", "WebLogic exception cause: " + throwable1.toString()); String s1 = throwable1.getClass().getName(); if ("javax.naming.NoInitialContextException".equals(s1)) { LogManager.log("Error", throwable.toString()); throw new Exception("No WebLogic server found on " + host); } if ("javax.naming.AuthenticationException".equals(s1)) { LogManager.log("Error", throwable.toString()); throw new Exception("Access denied for user " + username); } if ("javax.naming.CommunicationException".equals(s1)) { LogManager.log("Error", throwable.toString()); throw new Exception("No WebLogic server found on " + host); } } else { LogManager.log("Error", "Exception '" + throwable.toString() + "' with cause == null"); } throwable.printStackTrace(); LogManager.log("Error", throwable.toString()); String s2 = throwable.getClass().getName(); if (s2.equals("weblogic.management.NoAccessRuntimeException")) { throw new Exception("Access denied for user " + username); } if (s2.equals("weblogic.common.internal.VersioningError")) { throw new Exception( "Server may be running external jar files. This is a known WebLogic issue and has a few workarounds:\n1. Place the jar file after the weblogic.jar entry in the classpath\n2. Instead of a jar file, keep the external classes in a directory structure and include the root directory instead of the jar file in classpatch\n3. If all else fails, provide the path to the weblogic jar file in the provided edit field of the \"Choose Counters\" screen"); } else { throw new Exception("Unhandled exception thrown: " + s2 + " See log for details"); } } }
/** * Set the default Hostname Verifier to an instance of a fake class that trust all hostnames. This * method uses the old deprecated API from the <code>com.sun.ssl</code> package. * * @deprecated see {@link #_trustAllHostnames()}. */ private static void __trustAllHostnames() { // Create a trust manager that does not validate certificate chains if (__hostnameVerifier == null) { __hostnameVerifier = new _FakeHostnameVerifier(); } // if // Install the all-trusting host name verifier com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(__hostnameVerifier); } // __trustAllHttpsCertificates
public static void main(String[] args) throws Exception { System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); /** * This test does not establish any connection to the specified URL, hence a dummy URL is used. */ URL foobar = new URL("https://example.com/"); HttpsURLConnection urlc = (HttpsURLConnection) foobar.openConnection(); try { urlc.getCipherSuite(); } catch (IllegalStateException e) { System.out.print("Caught proper exception: "); System.out.println(e.getMessage()); } try { urlc.getServerCertificateChain(); } catch (IllegalStateException e) { System.out.print("Caught proper exception: "); System.out.println(e.getMessage()); } try { urlc.setDefaultHostnameVerifier(null); } catch (IllegalArgumentException e) { System.out.print("Caught proper exception: "); System.out.println(e.getMessage()); } try { urlc.setHostnameVerifier(null); } catch (IllegalArgumentException e) { System.out.print("Caught proper exception: "); System.out.println(e.getMessage()); } try { urlc.setDefaultSSLSocketFactory(null); } catch (IllegalArgumentException e) { System.out.print("Caught proper exception: "); System.out.println(e.getMessage()); } try { urlc.setSSLSocketFactory(null); } catch (IllegalArgumentException e) { System.out.print("Caught proper exception"); System.out.println(e.getMessage()); } System.out.println("TESTS PASSED"); }
/** * Set the default X509 Trust Manager to an instance of a fake class that trust all certificates, * even the self-signed ones. This method uses the old deprecated API from the <code>com.sun.ssl * </code> package. * * @deprecated see {@link #_trustAllHttpsCertificates()}. */ private static void __trustAllHttpsCertificates() { com.sun.net.ssl.SSLContext context; // Create a trust manager that does not validate certificate chains if (__trustManagers == null) { __trustManagers = new com.sun.net.ssl.TrustManager[] {new _FakeX509TrustManager()}; } // if // Install the all-trusting trust manager try { context = com.sun.net.ssl.SSLContext.getInstance("SSL"); context.init(null, __trustManagers, new SecureRandom()); } catch (GeneralSecurityException gse) { throw new IllegalStateException(gse.getMessage()); } // catch com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); } // __trustAllHttpsCertificates
/* * Define the client side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doClientSide() throws Exception { /* * Wait for server to get started. */ while (!serverReady) { Thread.sleep(50); } System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); HttpsURLConnection.setDefaultHostnameVerifier(new NameVerifier()); URL url = new URL("https://" + "localhost:" + serverPort + "/etc/hosts"); URLConnection urlc = url.openConnection(); if (!(urlc instanceof com.sun.net.ssl.HttpsURLConnection)) { throw new Exception("URLConnection ! instanceof " + "com.sun.net.ssl.HttpsURLConnection"); } BufferedReader in = null; try { in = new BufferedReader(new InputStreamReader(urlc.getInputStream())); String inputLine; System.out.print("Client reading... "); while ((inputLine = in.readLine()) != null) System.out.println(inputLine); System.out.println("Cipher Suite: " + ((HttpsURLConnection) urlc).getCipherSuite()); X509Certificate[] certs = ((HttpsURLConnection) urlc).getServerCertificateChain(); for (int i = 0; i < certs.length; i++) { System.out.println(certs[0]); } in.close(); } catch (SSLException e) { if (in != null) in.close(); throw e; } System.out.println("Client reports: SUCCESS"); }
private String postMessage(URL url, String message) throws IOException { if (url == null) { throw new IOException("Bad URL : null"); } /* Contact the server. */ HttpURLConnection connection = null; String protocol = url.getProtocol().toLowerCase(); if (protocol.equals("https")) { HttpsURLConnection sslConnection = (HttpsURLConnection) url.openConnection(); sslConnection.setHostnameVerifier(new AutoVerifier()); connection = sslConnection; } else { connection = (HttpURLConnection) url.openConnection(); } connection.setDoOutput(true); connection.setDoInput(true); /* * if(requestContentType != null) * connection.setRequestProperty("Content-Type",requestContentType); * * if(setContentLength) * connection.setRequestProperty("Content-Length",Integer * .toString(message.length())); */ connection.setRequestMethod("POST"); /* * if(!Str.isEmpty(cookie)) { * connection.setRequestProperty("Cookie",cookie); * connection.setRequestProperty("Set-Cookie",cookie); * System.out.println("Setting cookie to " + cookie); } */ StringBuffer buffer = new StringBuffer(""); String agent = "Mozilla/4.0"; String rawData = "userid=joe&password=guessme"; String type = "application/x-www-form-urlencoded"; BufferedReader reader = null; // String encodedData = StringFunctions.urlEncoded( message ); // // user-supplied try { /* * connection = (HttpConnection) Connector.open( url ); * connection.setRequestMethod( HttpConnection.POST ); * connection.setRequestProperty( "User-Agent", agent ); * connection.setRequestProperty( "Content-Type", type ); * connection.setRequestProperty( "Content-Length", message.length() * ); // OutputStream os = conn.openOutputStream(); // os.write( * message.getBytes() ); */ PrintWriter writer = new PrintWriter(connection.getOutputStream()); writer.print(message); writer.close(); InputStream in = connection.getInputStream(); String replyContentType = connection.getContentType(); int replyContentLength = connection.getContentLength(); String cookie = connection.getHeaderField("set-cookie"); // DEBUG for (int count = 0; ; count++) { String key = connection.getHeaderFieldKey(count + 1); if (key == null) break; String val = connection.getHeaderField(count + 1); System.out.println("header field " + key + "=" + val); } reader = new BufferedReader(new InputStreamReader(in)); System.out.println("read input....."); String line; while ((line = reader.readLine()) != null) { System.out.println("in...." + line); buffer.append(line + "\n"); } } finally { try { if (reader != null) reader.close(); } catch (IOException e) { } } System.out.println("input....." + buffer.toString().trim()); return buffer.toString().trim(); }