Author: pmouawad
Date: Fri Mar 1 21:27:31 2019
New Revision: 1854618
URL: http://svn.apache.org/viewvc?rev=1854618&view=rev
Log:
Bug 63185 - Add option to implicitly trust SSL/TLS connections/Disable hostname verification
Factor use of Trust All Socket Factory
Bugzilla Id: 63185
Added:
jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java (with props)
Removed:
jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/TrustAllSocketFactory.java
Modified:
jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java
jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
Added: jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java?rev=1854618&view=auto
==============================================================================
--- jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java (added)
+++ jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java Fri Mar 1
21:27:31 2019
@@ -0,0 +1,171 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.jmeter.util;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
+
+/**
+ * This class can be used as a SocketFactory with SSL-connections.
+ * Its purpose is to ensure that all certificates - no matter from which CA - are accepted
to secure the SSL-connection.
+ */
+public class TrustAllSSLSocketFactory extends SSLSocketFactory {
+
+ private final SSLSocketFactory factory;
+
+ // Empty arrays are immutable
+ private static final X509Certificate[] EMPTY_X509Certificate = new X509Certificate[0];
+
+ /**
+ * Standard constructor
+ */
+ public TrustAllSSLSocketFactory(){
+ SSLContext sslcontext = null;
+ try {
+ sslcontext = SSLContext.getInstance("TLS"); // $NON-NLS-1$
+ sslcontext.init( null, new TrustManager[]{
+ new X509ExtendedTrustManager() {
+ @Override
+ public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
+ return EMPTY_X509Certificate;
+ }
+ @Override
+ public void checkClientTrusted(X509Certificate[] certs, String authType)
{
+ // NOOP
+ }
+ @Override
+ public void checkServerTrusted(X509Certificate[] certs, String authType)
{
+ // NOOP
+ }
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1,
Socket arg2)
+ throws CertificateException {
+ // NOOP
+ }
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1,
SSLEngine arg2)
+ throws CertificateException {
+ // NOOP
+ }
+ @Override
+ public void checkServerTrusted(X509Certificate[] arg0, String arg1,
Socket arg2)
+ throws CertificateException {
+ // NOOP
+ }
+ @Override
+ public void checkServerTrusted(X509Certificate[] arg0, String arg1,
SSLEngine arg2)
+ throws CertificateException {
+ // NOOP
+ }
+ }
+ },
+ new java.security.SecureRandom());
+ } catch (Exception e) {
+ throw new IllegalStateException("Could not create the SSL context",e);
+ }
+ factory = sslcontext.getSocketFactory();
+ }
+
+ /**
+ * Factory method
+ * @return New TrustAllSSLSocketFactory
+ */
+ public static synchronized SocketFactory getDefault() {
+ return new TrustAllSSLSocketFactory();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Socket createSocket( Socket socket, String s, int i, boolean
+ flag)
+ throws IOException {
+ return factory.createSocket( socket, s, i, flag);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Socket createSocket( InetAddress inaddr, int i,
+ InetAddress inaddr1, int j) throws IOException {
+ return factory.createSocket( inaddr, i, inaddr1, j);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Socket createSocket( InetAddress inaddr, int i) throws
+ IOException {
+ return factory.createSocket( inaddr, i);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Socket createSocket( String s, int i, InetAddress inaddr, int j)
+ throws IOException {
+ return factory.createSocket( s, i, inaddr, j);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Socket createSocket( String s, int i) throws IOException {
+ return factory.createSocket( s, i);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Socket createSocket() throws IOException {
+ return factory.createSocket();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return factory.getSupportedCipherSuites();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public String[] getSupportedCipherSuites() {
+ return factory.getSupportedCipherSuites();
+ }
+}
Propchange: jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jmeter/trunk/src/core/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java?rev=1854618&r1=1854617&r2=1854618&view=diff
==============================================================================
--- jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java
(original)
+++ jmeter/trunk/src/protocol/ldap/org/apache/jmeter/protocol/ldap/sampler/LdapExtClient.java
Fri Mar 1 21:27:31 2019
@@ -30,6 +30,7 @@ import javax.naming.directory.Modificati
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
+import org.apache.jmeter.util.TrustAllSSLSocketFactory;
import org.apache.jorphan.util.JOrphanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -91,7 +92,7 @@ public class LdapExtClient {
sb.append("ldaps://"); // $NON-NLS-1$
if (trustAll){
log.debug("Using secure connection with trustAll");
- env.put("java.naming.ldap.factory.socket", TrustAllSocketFactory.class.getName());
+ env.put("java.naming.ldap.factory.socket", TrustAllSSLSocketFactory.class.getName());
}
} else {
sb.append("ldap://"); // $NON-NLS-1$
Modified: jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java?rev=1854618&r1=1854617&r2=1854618&view=diff
==============================================================================
--- jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
(original)
+++ jmeter/trunk/src/protocol/mail/org/apache/jmeter/protocol/smtp/sampler/protocol/TrustAllSSLSocketFactory.java
Fri Mar 1 21:27:31 2019
@@ -32,7 +32,9 @@ import javax.net.ssl.X509TrustManager;
/**
* This class can be used as a SocketFactory with SSL-connections.
* Its purpose is to ensure that all certificates - no matter from which CA - are accepted
to secure the SSL-connection.
+ * @deprecated Will be removed in next version, use {@link org.apache.jmeter.util.TrustAllSSLSocketFactory}
*/
+@Deprecated
public class TrustAllSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory factory;
|