SunJsseBaseConnectionInitializer.java

// Copyright � 2002-2005 Canoo Engineering AG, Switzerland.
package com.canoo.webtest.security;

import com.canoo.webtest.engine.Configuration;
import org.apache.log4j.Logger;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

/**
 * Initializer for using https with basic authentication, i\.e\.\ no keystore processing is used. Uses the sun
 * truststore for server certificate checking. Hostname verification accepts all hostnames. (you may want to override
 * this)<p> See also <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html">JSSE
 * Reference</a>
 *
 * @author Carsten Seibert, Dierk Koenig
 */
public class SunJsseBaseConnectionInitializer extends AbstractConnectionInitializer {
    private static final Logger LOG = Logger.getLogger(SunJsseBaseConnectionInitializer.class);

    /**
     * Doing the initialization for https heavily relies on side effects in shared data, i.e. System properties and static
     * fields in java.security.* and java.net.* .
     */
    public void initializeConnection(final Configuration config) throws ConnectionInitializationException {
        LOG.debug("Using Custom ConnectionInitializer: " + getClass().getName());
        if (isProtocolHttps(config)) {
            if (LOG.isDebugEnabled()) {
                System.setProperty("javax.net.debug", "all");
            }
            logProtocolConfiguration(config);

            installJsseProviderIfRequired(SUN_JSSE_PROVIDER_CLASS);
            setSystemProperty(PROTOCOL_HANDLER_KEY, SUN_SSL_PROTOCOL_HANDLER_PACKAGE);
            if (!config.getUseInsecureSSL()) {
                attemptSetSystemProperty(config, TRUST_STORE_KEY, PROPERTY_TRUSTSTORE_FILE);
                attemptSetSystemProperty(config, TRUST_STORE_PASSWORD_KEY, PROPERTY_TRUSTSTORE_PASSPHRASE);
            }

            // Ordering is important! The trust store is read upon connectionHandler
            // initialization which occurs implicitly when the HostnameVerifier is
            // installed.
            installTrustAndKeyManager(config);
            installHostnameVerifier(config);
        }
    }

    private static void attemptSetSystemProperty(final Configuration config, final String propertyKey, final String propertyName)
            throws ConnectionInitializationException {
        String property = getExternalProperty(config, propertyName);
        if (property == null) {
            throw new ConnectionInitializationException("Property not set: " + propertyName);
        }
        setSystemProperty(propertyKey, property);
    }

    /**
     * Install a customized HostnameVerifier in order to handle mismatches between common name used in the certificate
     * and the actual hostname specified in the URL. Only required if protocol is HTTPS.
     *
     * @param config The current test context.
     */
    protected void installHostnameVerifier(final Configuration config) {
        LOG.info("Installing HostnameVerifier");
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession sslSession) {
                LOG.info("Granting access for " + hostname);
                return true;
            }
        });
    }

    protected void installTrustAndKeyManager(final Configuration config) throws ConnectionInitializationException {// not needed for the standard case
        LOG.debug("No Trust and no Key manager installed.");
    }

    protected void logProtocolConfiguration(final Configuration config) {
        logProperty(config, PROPERTY_TRUSTSTORE_FILE);
        logProperty(config, PROPERTY_TRUSTSTORE_PASSPHRASE);
    }

}