View Javadoc

1   /**
2    * Licensed to jclouds, Inc. (jclouds) under one or more
3    * contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  jclouds licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.jclouds.http.config;
20  
21  import java.security.SecureRandom;
22  import java.security.cert.X509Certificate;
23  import java.util.Map;
24  
25  import javax.annotation.Resource;
26  import javax.inject.Inject;
27  import javax.inject.Singleton;
28  import javax.net.ssl.HostnameVerifier;
29  import javax.net.ssl.SSLContext;
30  import javax.net.ssl.SSLSession;
31  import javax.net.ssl.TrustManager;
32  import javax.net.ssl.X509TrustManager;
33  
34  import org.jclouds.logging.Logger;
35  
36  import com.google.common.base.Supplier;
37  import com.google.common.base.Throwables;
38  import com.google.common.collect.Maps;
39  import com.google.inject.AbstractModule;
40  import com.google.inject.TypeLiteral;
41  import com.google.inject.name.Names;
42  
43  /**
44   * 
45   * 
46   * @author Adrian Cole
47   */
48  public class SSLModule extends AbstractModule {
49  
50     @Override
51     protected void configure() {
52        bind(HostnameVerifier.class).annotatedWith(Names.named("untrusted")).to(LogToMapHostnameVerifier.class);
53        bind(new TypeLiteral<Supplier<SSLContext>>() {
54        }).annotatedWith(Names.named("untrusted")).to(new TypeLiteral<UntrustedSSLContextSupplier>() {
55        });
56     }
57  
58     /**
59      * 
60      * Used to get more information about HTTPS hostname wrong errors.
61      * 
62      * @author Adrian Cole
63      */
64     @Singleton
65     static class LogToMapHostnameVerifier implements HostnameVerifier {
66        @Resource
67        private Logger logger = Logger.NULL;
68        private final Map<String, String> sslMap = Maps.newHashMap();;
69  
70        public boolean verify(String hostname, SSLSession session) {
71           logger.warn("hostname was %s while session was %s", hostname, session.getPeerHost());
72           sslMap.put(hostname, session.getPeerHost());
73           return true;
74        }
75     }
76  
77     @Singleton
78     public static class UntrustedSSLContextSupplier implements Supplier<SSLContext> {
79        private final TrustAllCerts trustAllCerts;
80  
81        @Inject
82        UntrustedSSLContextSupplier(TrustAllCerts trustAllCerts) {
83           this.trustAllCerts = trustAllCerts;
84        }
85  
86        @Override
87        public SSLContext get() {
88           try {
89              SSLContext sc;
90              sc = SSLContext.getInstance("SSL");
91              sc.init(null, new TrustManager[] { trustAllCerts }, new SecureRandom());
92              return sc;
93           } catch (Exception e) {
94              Throwables.propagate(e);
95              return null;
96           }
97  
98        }
99     }
100 
101    /**
102     * 
103     * Used to trust all certs
104     * 
105     * @author Adrian Cole
106     */
107    @Singleton
108    static class TrustAllCerts implements X509TrustManager {
109       public X509Certificate[] getAcceptedIssuers() {
110          return null;
111       }
112 
113       public void checkClientTrusted(X509Certificate[] certs, String authType) {
114          return;
115       }
116 
117       public void checkServerTrusted(X509Certificate[] certs, String authType) {
118          return;
119       }
120    }
121 }