001 package examples.security.sslclient;
002
003 import java.io.*;
004 import java.net.URL;
005 import java.security.Provider;
006 import javax.servlet.ServletOutputStream;
007
008 /**
009 * SSLClient is a short example of how to use the SSL library of WebLogic
010 * to make outgoing SSL connections. It shows both how to do this from
011 * a stand-alone application as well as from within WebLogic (in a Servlet).
012 * <p/>
013 * Be carefull to notice that the WebLogic Server, when making an
014 * outgoing SSL connection, will use that instance of the server's
015 * certificate. When communicating to either the same or another
016 * WebLogic Server with two-way SSL, the originating server's
017 * certificate will be verified against the client root CA list in
018 * the receiving WebLogic Server.
019 *
020 * @author Copyright (c) 1999,2009, Oracle and/or its affiliates. All Rights Reserved.
021 */
022 public class SSLClient {
023
024 public void SSLClient() {
025 }
026
027 public static void main(String[] argv) throws Exception {
028 if (!(argv.length == 4 || argv.length == 5) || !argv[0].equals("wls")) {
029 log("example: java SSLClient wls localhost 7001 7002 /examplesWebApp/SnoopServlet.jsp");
030 return;
031 }
032
033 SSLClient client = new SSLClient();
034 try {
035 log("----");
036 if (argv.length == 5) {
037 if (argv[0].equals("wls"))
038 client.wlsURLConnect(argv[1], argv[2], argv[3], argv[4], System.out);
039
040 } else { // for null query, default page returned...
041 if (argv[0].equals("wls"))
042 client.wlsURLConnect(argv[1], argv[2], argv[3], null, System.out);
043 }
044
045 log("----");
046 } catch (Exception e) {
047 System.err.println("An exception occurred: " + e.getMessage());
048 client.printSecurityProviders(System.out);
049 log("----");
050 }
051
052 }
053
054 private void printOut(String outstr, OutputStream stream) throws Exception {
055 if (stream instanceof PrintStream) {
056 ((PrintStream) stream).print(outstr);
057 return;
058 } else if (stream instanceof ServletOutputStream) {
059 try {
060 ((ServletOutputStream) stream).print(outstr);
061 return;
062 } catch (IOException ioe) {
063 log(" IOException: " + ioe.getMessage());
064 throw ioe;
065 }
066 }
067 System.out.print(outstr);
068 }
069
070 private void printSecurityProviders(OutputStream stream) throws Exception {
071 StringBuffer outstr = new StringBuffer();
072 outstr.append(" JDK Protocol Handlers and Security Providers:\n");
073 outstr.append(" java.protocol.handler.pkgs - ");
074 outstr.append(System.getProperties().getProperty("java.protocol.handler.pkgs"));
075 outstr.append("\n");
076 Provider[] provs = java.security.Security.getProviders();
077 for (int i = 0; i < provs.length; i++)
078 outstr.append(" provider[" + i + "] - " + provs[i].getName() +
079 " - " + provs[i].getInfo() + "\n");
080 outstr.append("\n");
081 printOut(outstr.toString(), stream);
082 }
083
084 private void tryConnection(java.net.HttpURLConnection connection,
085 OutputStream stream)
086 throws Exception {
087 connection.connect();
088
089 String responseStr = "\t\t" +
090 connection.getResponseCode() + " -- " +
091 connection.getResponseMessage() + "\n\t\t" +
092 connection.getContent().getClass().getName() + "\n";
093
094 connection.disconnect();
095
096 printOut(responseStr, stream);
097 }
098
099
100 /*
101 * This method contains an example of how to use the URL and
102 * URLConnection objects to create a new SSL connection, using
103 * WebLogic SSL client classes.
104 */
105 public void wlsURLConnect(String host, String port,
106 String sport, String query,
107 OutputStream out)
108 throws Exception {
109 try {
110
111 if (query == null)
112 query = "/examplesWebApp/index.jsp";
113
114 // The following protocol registeration is taken care of in the
115 // normal startup sequence of WebLogic. It can be turned off
116 // using the console SSL panel.
117 //
118 // We duplicate it here as a proof of concept in a stand alone
119 // java application. Using the URL object for a new connection
120 // inside of WebLogic would work as expected.
121 java.util.Properties p = System.getProperties();
122 String s = p.getProperty("java.protocol.handler.pkgs");
123 if (s == null) {
124 s = "weblogic.net";
125 } else if (s.indexOf("weblogic.net") == -1) {
126 s += "|weblogic.net";
127 }
128 p.put("java.protocol.handler.pkgs", s);
129 System.setProperties(p);
130 printSecurityProviders(out);
131 // end of protocol registration
132
133
134 printOut(" Trying a new HTTP connection using WLS client classes - \n\thttp://" +
135 host + ":" + port + query + "\n", out);
136 URL wlsUrl = null;
137 try {
138 wlsUrl = new URL("http", host, Integer.valueOf(port).intValue(), query);
139 weblogic.net.http.HttpURLConnection connection =
140 new weblogic.net.http.HttpURLConnection(wlsUrl);
141 tryConnection(connection, out);
142 } catch (Exception e) {
143 printOut(e.getMessage(), out);
144 printSecurityProviders(System.out);
145 log("----");
146 }
147
148 printOut(" Trying a new HTTPS connection using WLS client classes - \n\thttps://" +
149 host + ":" + sport + query + "\n", out);
150 wlsUrl = new URL("https", host, Integer.valueOf(sport).intValue(), query);
151 weblogic.net.http.HttpsURLConnection sconnection =
152 new weblogic.net.http.HttpsURLConnection(wlsUrl);
153
154 // Only when one has a two-way SSL connection, i.e. ClientCertificateEnforced is selected
155 // in the server under the SSL tab, the following private key and the client cert chain is used.
156
157
158 File ClientKeyFile = new File("clientkey.pem");
159 File ClientCertsFile = new File("client2certs.pem");
160 if (!ClientKeyFile.exists() || !ClientCertsFile.exists()) {
161 log("Error : clientkey.pem/client2certs.pem is not present in this directory.");
162 log("To create it run - ant createmycerts.");
163 System.exit(0);
164 }
165
166 InputStream[] ins = new InputStream[2];
167 ins[0] = new FileInputStream("client2certs.pem");
168 ins[1] = new FileInputStream("clientkey.pem");
169 String pwd = "clientkey";
170 sconnection.loadLocalIdentity(ins[0], ins[1], pwd.toCharArray());
171
172
173 tryConnection(sconnection, out);
174
175 } catch (Exception ioe) {
176 printOut(ioe.getMessage(), out);
177 }
178 }
179
180 private static void log(String str) {
181 System.out.println(str);
182 }
183 }
|