HttpsUrlConnectorpublic class HttpsUrlConnector extends com.sun.enterprise.admin.jmx.remote.UrlConnector | A Concrete implementation of UrlConnector that uses {@link java.net.URLConnection.openConnection} and
{@link javax.net.ssl.HttpsURLConnection} to communicate with the server. Sets up
the {@link SSLSocketFactory} and/or {@link SSLContext} and so that Trust Manager(s), Key Manager(s)
and Hostname Verifier can be customized. Refer to
JSSE Guide for more details.
The SSLContext is configurued for "SSLv3" protocol and the server is expected
to support that as the
appendix to JSSE guide suggests that this is a standard protocol.
Following are additional configurations:
- Default Trust Manager used is {@link SunOneBasicX509TrustManager} which checks the server's validity.
- Key Manager allows selection of client's credentials to be sent tot he server.
- Default Hostname Vetifier is {@link SunOneBasicHostNameVerifier} which has basic defense against spoofing attack.
* |
| Fields Summary |
|---|
| private HostnameVerifier | hv | | private X509TrustManager[] | tms | | private X509KeyManager[] | kms | | private SSLSocketFactory | ssf |
| Constructors Summary |
|---|
public HttpsUrlConnector(JMXServiceURL serviceUrl, Map environment)
super(serviceUrl, environment);
hv = (HostnameVerifier)environment.get(
DefaultConfiguration.HOSTNAME_VERIFIER_PROPERTY_NAME);
if (hv == null)
hv = new SunOneBasicHostNameVerifier(serviceUrl.getHost());
//fetching any custom SSLSocketFactory passed through environment
ssf = (SSLSocketFactory)environment.get(
DefaultConfiguration.SSL_SOCKET_FACTORY);
//No custom SSLScoketFactory passed. So now fetch the X509 based managers
//to get the SSLSocketFactory configured using SSLContext
if (ssf == null) {
//fetching any trustmanagers passed through environment - default is
//SunOneBasicX509TrustManager
Object tmgr = environment.get(DefaultConfiguration.TRUST_MANAGER_PROPERTY_NAME);
if (tmgr instanceof X509TrustManager[])
tms = (X509TrustManager[])tmgr;
else if (tmgr instanceof X509TrustManager)
tms = new X509TrustManager[] { (X509TrustManager)tmgr };
else if (tmgr == null) {
/*Class cls = Class.forName(DefaultConfiguration.DEFAULT_TRUST_MANAGER);
Constructor ctr = cls.getConstructor(new Class[] { String.class });
X509TrustManager tm = (X509TrustManager)
ctr.newInstance(new Object[] {serviceUrl} );
tms = new X509TrustManager[] { tm };*/
tms = new X509TrustManager[] { new SunOneBasicX509TrustManager(serviceUrl, environment) };
}
//fetching any keymanagers passed through environment - no defaults
Object kmgr = environment.get(DefaultConfiguration.KEY_MANAGER_PROPERTY_NAME);
if (kmgr instanceof X509KeyManager[])
kms = (X509KeyManager[])kmgr;
else if (kmgr instanceof X509KeyManager)
kms = new X509KeyManager[] { (X509KeyManager)kmgr };
}
initialize();
|
| Methods Summary |
|---|
| private void | initialize()
if (ssf == null) {
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(kms, tms, new SecureRandom());
} catch(GeneralSecurityException e) {
throw new RuntimeException(e);
}
if( sslContext != null )
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
} else HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
HttpsURLConnection.setDefaultHostnameVerifier( hv );
| | protected void | validateEnvironment()
super.validateEnvironment();
| | protected void | validateJmxServiceUrl()
//additional validation
|
|
