Projet

Général

Profil

« Précédent | Suivant » 

Révision 19b58bab

Ajouté par Remy Menard il y a plus de 11 ans

Version 1.9

  • All:
    - use TLS for secured links
    - SigMa is now fully functionnal
    - completed documention
    - a lot of bugs fixed!
  • SigMa:
    - signature creation from the canonical form of the event
    - signature creation using ECDSA algorithm
    - signature is correctly verified
  • ETa:
    - manage the extension identifying the owner of the event
    - if no identity is provided, the identity of the certificate is used
  • EpcisPHi:
    - access to the web interface of policy management is made by
    certificate
  • OMeGa:
    - if no identity is provided, the identity of the certificate is used
  • IoTa-Installer:
    - create and use certificates for TLS
    - configure Apache Tomcat for TLS
  • Greyc letters figures:
    - show SigMa library (SigMa-Commons)

Voir les différences:

ETa/ETa-Callback/ETa-Callback-Sender/src/main/java/fr/unicaen/iota/eta/callback/sender/CallbackOperationsModule.java
/*
* This program is a part of the IoTa Project.
* This program is a part of the IoTa project.
*
* Copyright © 2011-2012 Université de Caen Basse-Normandie, GREYC
* Copyright © 2011-2013 Université de Caen Basse-Normandie, GREYC
* Copyright © 2011 Orange Labs
*
* This program is free software: you can redistribute it and/or modify
......
private Schema schema;
private java.sql.Connection dbConnection;
private CallbackOperationsBackendSQL backend;
private boolean trustAllCertificates;
private static final Log LOG = LogFactory.getLog(CallbackOperationsModule.class);
public CallbackOperationsModule() {
this.schema = initEpcisSchema(Constants.EPCIS_SCHEMA_PATH);
this.trustAllCertificates = Boolean.parseBoolean(Constants.TRUST_ALL_CERTIFICATES);
backend = new CallbackOperationsBackendSQL();
dbConnection = loadDatabaseConnection();
LOG.info("CallbackModule sender is successfully loaded");
......
HttpURLConnection connection;
int response = -1;
try {
if ("HTTPS".equalsIgnoreCase(serviceUrl.getProtocol()) && trustAllCertificates) {
connection = getAllTrustingConnection(serviceUrl);
} else {
connection = getConnection(serviceUrl);
}
connection.setRequestMethod("POST");
connection.setRequestProperty("content-type", "text/xml");
connection.setRequestProperty("content-length", "" + data.length());
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setReadTimeout(200);
connection = getConnection(dest);
// send data
Writer out = new OutputStreamWriter(connection.getOutputStream());
......
// disconnect and return
// TODO response code
try {
response = connection.getResponseCode();
} catch (IOException e) {
}
response = connection.getResponseCode();
connection.disconnect();
return response;
} catch (SocketTimeoutException e) {
......
}
/**
* Opens a connection to the given URL. <p> The URL.openConnection() method
* returns an instance of javax.net.ssl.HttpsURLConnection, which extends
* java.net.HttpURLConnection, if the HTTPS protocol is used in the URL.
* Thus, we support both the HTTP and HTTPS binding of the query callback
* interface. <p> Note: By default, accessing an HTTPS URL using the URL
* class results in an exception if the destination's certificate chain
* cannot be validated. In this case you can manually import the
* destination's certificate into the Java runtime's trust store, or, if you
* want to disable the validation of certificates for testing purposes, use
* {@link getAllTrustingConnection(URL)}.
*
* @param url The URL on which a connection will be opened.
* @return A HttpURLConnection connection object.
* @throws IOException If an I/O error occurred.
*/
private HttpURLConnection getConnection(URL url) throws IOException {
return (HttpURLConnection) url.openConnection();
}
/**
* Retrieves an "all-trusting" HTTP URL connection object, by disabling the
* validation of certificates and overriding the default trust manager with
* one that trusts all certificates.
*
* @param url The URL on which a connection will be opened.
* @return A HttpURLConnection connection object.
* @throws IOException If an I/O error occurred.
* Opens a connection to the EPCIS capture interface.
* @param url The address on which a connection will be opened.
* @return The HTTP connection object.
*/
private HttpURLConnection getAllTrustingConnection(URL url) throws IOException {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
LOG.error("Unable to install the all-trusting trust manager", e);
}
return getConnection(url);
private HttpURLConnection getConnection(String url) throws IOException {
System.setProperty("javax.net.ssl.keyStore", Constants.PKS_FILENAME);
System.setProperty("javax.net.ssl.keyStorePassword", Constants.PKS_PASSWORD);
System.setProperty("javax.net.ssl.trustStore", Constants.TRUST_PKS_FILENAME);
System.setProperty("javax.net.ssl.trustStorePassword", Constants.TRUST_PKS_PASSWORD);
URL serviceUrl = new URL(url);
HttpURLConnection connection = (HttpURLConnection) serviceUrl.openConnection();
connection.setRequestProperty("content-type", "text/xml");
connection.setRequestMethod("POST");
connection.setReadTimeout(200);
connection.setDoInput(true);
connection.setDoOutput(true);
return connection;
}
/**

Formats disponibles : Unified diff