From 006082926c0887fddf6e090d0c17db73b635f670 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Thu, 13 Jul 2023 17:25:38 +0530 Subject: [PATCH 1/4] Add custom verifier to HTTP Client --- core/org.wso2.carbon.utils/pom.xml | 8 +++++ .../carbon/utils/CustomHostNameVerifier.java | 28 ++++++++++++++++ .../wso2/carbon/utils/HTTPClientUtils.java | 32 +++++++++++++++++++ parent/pom.xml | 13 ++++++++ 4 files changed, 81 insertions(+) create mode 100644 core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java create mode 100644 core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java diff --git a/core/org.wso2.carbon.utils/pom.xml b/core/org.wso2.carbon.utils/pom.xml index 067bd077135..6ccf24ee4dc 100644 --- a/core/org.wso2.carbon.utils/pom.xml +++ b/core/org.wso2.carbon.utils/pom.xml @@ -229,6 +229,14 @@ com.google.code.gson gson + + org.wso2.orbit.org.apache.httpcomponents + httpclient + + + org.wso2.orbit.org.apache.commons + commons-lang3 + diff --git a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java new file mode 100644 index 00000000000..f28e6d6ecab --- /dev/null +++ b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java @@ -0,0 +1,28 @@ +package org.wso2.carbon.utils; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.http.conn.ssl.AbstractVerifier; + +import javax.net.ssl.SSLException; + +/** + * Custom hostname verifier class. + */ +public class CustomHostNameVerifier extends AbstractVerifier { + + private final static String[] LOCALHOSTS = {"::1", "127.0.0.1", "localhost", "localhost.localdomain"}; + + @Override + public void verify(String s, String[] strings, String[] subjectAlts) throws SSLException { + + String[] subjectAltsWithLocalhosts = ArrayUtils.addAll(subjectAlts, LOCALHOSTS); + + if (strings != null && strings.length > 0 && strings[0] != null) { + + String[] subjectAltsWithLocalhostsAndCN = ArrayUtils.add(subjectAltsWithLocalhosts, strings[0]); + this.verify(s, strings, subjectAltsWithLocalhostsAndCN, false); + } else { + this.verify(s, strings, subjectAltsWithLocalhosts, false); + } + } +} diff --git a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java new file mode 100644 index 00000000000..1f90ddb4281 --- /dev/null +++ b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java @@ -0,0 +1,32 @@ +package org.wso2.carbon.utils; + +import org.apache.http.conn.ssl.X509HostnameVerifier; +import org.apache.http.impl.client.HttpClientBuilder; + +/** + * Util methods for HTTP Client. + */ +public class HTTPClientUtils { + + public static final String DEFAULT_AND_LOCALHOST = "DefaultAndLocalhost"; + public static final String HOST_NAME_VERIFIER = "httpclient.hostnameVerifier"; + private HTTPClientUtils() { + //disable external instantiation + } + + /** + * Get the httpclient builder with custom hostname verifier. + * + * @return HttpClientBuilder. + */ + public static HttpClientBuilder getHTTPClientWithCustomHostNameVerifier() { + + HttpClientBuilder httpClientBuilder = HttpClientBuilder.create().useSystemProperties(); + if (DEFAULT_AND_LOCALHOST.equals(System.getProperty(HOST_NAME_VERIFIER))) { + X509HostnameVerifier hostnameVerifier = new CustomHostNameVerifier(); + httpClientBuilder.setHostnameVerifier(hostnameVerifier); + } + + return httpClientBuilder; + } +} diff --git a/parent/pom.xml b/parent/pom.xml index 4bb9373d852..8379dc36d44 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -654,6 +654,9 @@ 1.0.13 1.8.3 1.5.0 + + 4.5.13.wso2v1 + [4.3.1.wso2v2,5.0.0) @@ -1917,6 +1920,16 @@ stax-ex ${version.stax.ex} + + org.wso2.orbit.org.apache.httpcomponents + httpclient + ${httpcomponents-httpclient.wso2.version} + + + org.wso2.orbit.org.apache.commons + commons-lang3 + ${commons-lang3.orbit.version} + From 71d31376c998c71e970c02502738d9cb055e4fc9 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Fri, 14 Jul 2023 15:44:59 +0530 Subject: [PATCH 2/4] Added missing space --- .../src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java index 1f90ddb4281..7c89af66905 100644 --- a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java +++ b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java @@ -10,6 +10,7 @@ public class HTTPClientUtils { public static final String DEFAULT_AND_LOCALHOST = "DefaultAndLocalhost"; public static final String HOST_NAME_VERIFIER = "httpclient.hostnameVerifier"; + private HTTPClientUtils() { //disable external instantiation } From 2d903fbe96d008d15f96d080288429cad3951472 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Mon, 17 Jul 2023 11:21:48 +0530 Subject: [PATCH 3/4] Address comments --- .../carbon/utils/CustomHostNameVerifier.java | 36 ++++++++++++++----- .../wso2/carbon/utils/HTTPClientUtils.java | 19 +++++++++- 2 files changed, 45 insertions(+), 10 deletions(-) diff --git a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java index f28e6d6ecab..5fd607a4874 100644 --- a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java +++ b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java @@ -1,9 +1,26 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.utils; import org.apache.commons.lang3.ArrayUtils; import org.apache.http.conn.ssl.AbstractVerifier; - import javax.net.ssl.SSLException; +import java.util.Optional; /** * Custom hostname verifier class. @@ -13,16 +30,17 @@ public class CustomHostNameVerifier extends AbstractVerifier { private final static String[] LOCALHOSTS = {"::1", "127.0.0.1", "localhost", "localhost.localdomain"}; @Override - public void verify(String s, String[] strings, String[] subjectAlts) throws SSLException { - - String[] subjectAltsWithLocalhosts = ArrayUtils.addAll(subjectAlts, LOCALHOSTS); + public void verify(String hostname, String[] commonNames, String[] subjectAlternativeNames) throws SSLException { - if (strings != null && strings.length > 0 && strings[0] != null) { + String[] subjectAltsWithLocalhosts = ArrayUtils.addAll(subjectAlternativeNames, LOCALHOSTS); - String[] subjectAltsWithLocalhostsAndCN = ArrayUtils.add(subjectAltsWithLocalhosts, strings[0]); - this.verify(s, strings, subjectAltsWithLocalhostsAndCN, false); - } else { - this.verify(s, strings, subjectAltsWithLocalhosts, false); + boolean isValidCommonNames = Optional.ofNullable(commonNames) + .filter(names -> names.length > 0) + .map(names -> names[0]) + .isPresent(); + if (isValidCommonNames && !ArrayUtils.contains(subjectAlternativeNames, commonNames[0])) { + subjectAltsWithLocalhosts = ArrayUtils.add(subjectAltsWithLocalhosts, commonNames[0]); } + this.verify(hostname, commonNames, subjectAltsWithLocalhosts, false); } } diff --git a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java index 7c89af66905..45ebc00abbc 100644 --- a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java +++ b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/HTTPClientUtils.java @@ -1,3 +1,20 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.utils; import org.apache.http.conn.ssl.X509HostnameVerifier; @@ -20,7 +37,7 @@ private HTTPClientUtils() { * * @return HttpClientBuilder. */ - public static HttpClientBuilder getHTTPClientWithCustomHostNameVerifier() { + public static HttpClientBuilder createClientWithCustomVerifier() { HttpClientBuilder httpClientBuilder = HttpClientBuilder.create().useSystemProperties(); if (DEFAULT_AND_LOCALHOST.equals(System.getProperty(HOST_NAME_VERIFIER))) { From 88bdc9bca69aa00f74ef4c753d6344cc8da4f776 Mon Sep 17 00:00:00 2001 From: LakshikaAthapaththu Date: Tue, 18 Jul 2023 10:13:51 +0530 Subject: [PATCH 4/4] Address comments --- core/org.wso2.carbon.utils/pom.xml | 4 ---- .../wso2/carbon/utils/CustomHostNameVerifier.java | 12 ++++++------ parent/pom.xml | 5 ----- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/core/org.wso2.carbon.utils/pom.xml b/core/org.wso2.carbon.utils/pom.xml index 6ccf24ee4dc..474d04aea27 100644 --- a/core/org.wso2.carbon.utils/pom.xml +++ b/core/org.wso2.carbon.utils/pom.xml @@ -233,10 +233,6 @@ org.wso2.orbit.org.apache.httpcomponents httpclient - - org.wso2.orbit.org.apache.commons - commons-lang3 - diff --git a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java index 5fd607a4874..5e8f0fc655c 100644 --- a/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java +++ b/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/CustomHostNameVerifier.java @@ -17,7 +17,7 @@ */ package org.wso2.carbon.utils; -import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang.ArrayUtils; import org.apache.http.conn.ssl.AbstractVerifier; import javax.net.ssl.SSLException; import java.util.Optional; @@ -32,15 +32,15 @@ public class CustomHostNameVerifier extends AbstractVerifier { @Override public void verify(String hostname, String[] commonNames, String[] subjectAlternativeNames) throws SSLException { - String[] subjectAltsWithLocalhosts = ArrayUtils.addAll(subjectAlternativeNames, LOCALHOSTS); + String[] subjectAltsWithLocalhosts = (String[]) ArrayUtils.addAll(subjectAlternativeNames, LOCALHOSTS); - boolean isValidCommonNames = Optional.ofNullable(commonNames) + boolean hasValidCommonNames = Optional.ofNullable(commonNames) .filter(names -> names.length > 0) .map(names -> names[0]) .isPresent(); - if (isValidCommonNames && !ArrayUtils.contains(subjectAlternativeNames, commonNames[0])) { - subjectAltsWithLocalhosts = ArrayUtils.add(subjectAltsWithLocalhosts, commonNames[0]); + if (hasValidCommonNames && !ArrayUtils.contains(subjectAlternativeNames, commonNames[0])) { + subjectAltsWithLocalhosts = (String[]) ArrayUtils.add(subjectAltsWithLocalhosts, commonNames[0]); } - this.verify(hostname, commonNames, subjectAltsWithLocalhosts, false); + super.verify(hostname, commonNames, subjectAltsWithLocalhosts, false); } } diff --git a/parent/pom.xml b/parent/pom.xml index 8379dc36d44..40a7759664b 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -1925,11 +1925,6 @@ httpclient ${httpcomponents-httpclient.wso2.version} - - org.wso2.orbit.org.apache.commons - commons-lang3 - ${commons-lang3.orbit.version} -