hazendaz / httpunit / 656

Committed 06 Dec 2025 09:11PM UTC coverage: 80.452% (+0.02%) from 80.435%

Build # 656

Build Type

push

github

Committed by

hazendaz

Commit Message

[maven-release-plugin] prepare for next development iteration

Run Details

3213 of 4105 branches covered (78.27%)

Branch coverage included in aggregate %.

8245 of 10137 relevant lines covered (81.34%)

0.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.76

/src/main/java/com/meterware/httpunit/HttpsProtocolSupport.java

/*
 * MIT License
 *
 * Copyright 2011-2025 Russell Gold
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
 * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
 * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all copies or substantial portions
 * of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
 * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */
package com.meterware.httpunit;

import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

/**
 * Encapsulates support for the HTTPS protocol.
 **/
public abstract class HttpsProtocolSupport {

    /** The name of the system parameter used by java.net to locate protocol handlers. **/
    private static final String PROTOCOL_HANDLER_PKGS = "java.protocol.handler.pkgs";

    /** The Constant SunJSSE_PROVIDER_CLASS. */
    // Sun Microsystems:
    public static final String SunJSSE_PROVIDER_CLASS = "com.sun.net.ssl.internal.ssl.Provider";

    /** The Constant SunJSSE_PROVIDER_CLASS2. */
    // 741145: "sun.net.www.protocol.https";
    public static final String SunJSSE_PROVIDER_CLASS2 = "sun.net.www.protocol.https";

    /** The Constant SunSSL_PROTOCOL_HANDLER. */
    public static final String SunSSL_PROTOCOL_HANDLER = "com.sun.net.ssl.internal.www.protocol";

    // IBM WebSphere
    /** The Constant IBMJSSE_PROVIDER_CLASS. */
    // both ibm packages are inside ibmjsseprovider.jar that comes with WebSphere
    public static final String IBMJSSE_PROVIDER_CLASS = "com.ibm.jsse.IBMJSSEProvider";

    /** The Constant IBMSSL_PROTOCOL_HANDLER. */
    public static final String IBMSSL_PROTOCOL_HANDLER = "com.ibm.net.ssl.www.protocol";

    /** The name of the JSSE class which provides support for SSL. **/
    private static String JSSE_PROVIDER_CLASS = SunJSSE_PROVIDER_CLASS;
    /** The name of the JSSE class which supports the https protocol. **/
    private static String SSL_PROTOCOL_HANDLER = SunSSL_PROTOCOL_HANDLER;

    /** The https provider class. */
    private static Class _httpsProviderClass;

    /** The https support verified. */
    private static boolean _httpsSupportVerified;

    /** The https protocol support enabled. */
    private static boolean _httpsProtocolSupportEnabled;

    /**
     * use the given SSL providers - reset the one used so far.
     *
     * @param className
     *            the class name
     * @param handlerName
     *            the handler name
     */
    public static void useProvider(String className, String handlerName) {
        _httpsProviderClass = null;
        JSSE_PROVIDER_CLASS = className;
        SSL_PROTOCOL_HANDLER = handlerName;
    }

    /**
     * use the IBM WebShpere handlers.
     */
    public static void useIBM() {
        useProvider(IBMJSSE_PROVIDER_CLASS, IBMSSL_PROTOCOL_HANDLER);
    }

    /**
     * Returns true if the JSSE extension is installed.
     *
     * @return true, if successful
     */
    static boolean hasHttpsSupport() {
        if (!_httpsSupportVerified) {
            try {
                getHttpsProviderClass();
            } catch (ClassNotFoundException e) {
            }
            _httpsSupportVerified = true;
        }
        return _httpsProviderClass != null;
    }

    /**
     * Attempts to register the JSSE extension if it is not already registered. Will throw an exception if unable to
     * register the extension.
     *
     * @param protocol
     *            the protocol
     */
    static void verifyProtocolSupport(String protocol) {
        if (protocol.equalsIgnoreCase("http")) {
        }
        if (protocol.equalsIgnoreCase("https")) {
            validateHttpsProtocolSupport();
        }
    }

    /**
     * Validate https protocol support.
     */
    private static void validateHttpsProtocolSupport() {
        if (!_httpsProtocolSupportEnabled) {
            verifyHttpsSupport();
            _httpsProtocolSupportEnabled = true;
        }
    }

    /**
     * Verify https support.
     */
    private static void verifyHttpsSupport() {
        try {
            Class providerClass = getHttpsProviderClass();
            if (!hasProvider(providerClass)) {
                Security.addProvider((Provider) providerClass.getDeclaredConstructor().newInstance());
            }
            registerSSLProtocolHandler();
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(
                    "https support requires the Java Secure Sockets Extension. See http://java.sun.com/products/jsse");
        } catch (Throwable e) {
            throw new RuntimeException("Unable to enable https support. Make sure that you have installed JSSE "
                    + "as described in http://java.sun.com/products/jsse/install.html: " + e);
        }
    }

    /**
     * get the Https Provider Class if it's been set already return it - otherwise check with the Security package and
     * take the first available provider if all fails take the default provider class.
     *
     * @return the HttpsProviderClass
     *
     * @throws ClassNotFoundException
     *             the class not found exception
     */
    public static Class getHttpsProviderClass() throws ClassNotFoundException {
        if (_httpsProviderClass == null) {
            // [ 1520925 ] SSL patch
            Provider[] sslProviders = Security.getProviders("SSLContext.SSLv3");
            if (sslProviders.length > 0) {
                _httpsProviderClass = sslProviders[0].getClass();
            }
            if (_httpsProviderClass == null) {
                _httpsProviderClass = Class.forName(JSSE_PROVIDER_CLASS);
            }
        }
        return _httpsProviderClass;
    }

    /**
     * Checks for provider.
     *
     * @param providerClass
     *            the provider class
     *
     * @return true, if successful
     */
    private static boolean hasProvider(Class providerClass) {
        Provider[] list = Security.getProviders();
        for (Provider element : list) {
            if (element.getClass().equals(providerClass)) {
                return true;
            }
        }
        return false;
    }

    /**
     * convenience function: create a socket factory which uses an anything-goes trust manager. proposed by Florian
     * Weimar
     *
     * @return the socket factory
     *
     * @throws Exception
     *             the exception
     */
    public static SSLSocketFactory getSocketFactory() throws Exception {
        final SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, new X509TrustManager[] { new X509TrustManager() {
            // @Override
            @Override
            public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            }

            // @Override
            @Override
            public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            }

            // @Override
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

        } }, null);
        return context.getSocketFactory();
    }

    /**
     * register the Secure Socket Layer Protocol Handler.
     */
    private static void registerSSLProtocolHandler() {
        String list = System.getProperty(PROTOCOL_HANDLER_PKGS);
        if (list == null || list.isEmpty()) {
            System.setProperty(PROTOCOL_HANDLER_PKGS, SSL_PROTOCOL_HANDLER);
        } else if (list.indexOf(SSL_PROTOCOL_HANDLER) < 0) {
            // [ 1516007 ] Default SSL provider not being used
            System.setProperty(PROTOCOL_HANDLER_PKGS, list + " | " + SSL_PROTOCOL_HANDLER);
        }
    }
}

1	/*
2	* MIT License
3	*
4	* Copyright 2011-2025 Russell Gold
5	*
6	* Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
7	* documentation files (the "Software"), to deal in the Software without restriction, including without limitation
8	* the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
9	* to permit persons to whom the Software is furnished to do so, subject to the following conditions:
10	*
11	* The above copyright notice and this permission notice shall be included in all copies or substantial portions
12	* of the Software.
13	*
14	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
15	* THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
17	* CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
18	* DEALINGS IN THE SOFTWARE.
19	*/
20	package com.meterware.httpunit;
21
22	import java.security.Provider;
23	import java.security.Security;
24	import java.security.cert.CertificateException;
25	import java.security.cert.X509Certificate;
26
27	import javax.net.ssl.SSLContext;
28	import javax.net.ssl.SSLSocketFactory;
29	import javax.net.ssl.X509TrustManager;
30
31	/**
32	* Encapsulates support for the HTTPS protocol.
33	**/
34	public abstract class HttpsProtocolSupport {	×
35
36	/ The name of the system parameter used by java.net to locate protocol handlers. /
37	private static final String PROTOCOL_HANDLER_PKGS = "java.protocol.handler.pkgs";
38
39	/** The Constant SunJSSE_PROVIDER_CLASS. */
40	// Sun Microsystems:
41	public static final String SunJSSE_PROVIDER_CLASS = "com.sun.net.ssl.internal.ssl.Provider";
42
43	/** The Constant SunJSSE_PROVIDER_CLASS2. */
44	// 741145: "sun.net.www.protocol.https";
45	public static final String SunJSSE_PROVIDER_CLASS2 = "sun.net.www.protocol.https";
46
47	/** The Constant SunSSL_PROTOCOL_HANDLER. */
48	public static final String SunSSL_PROTOCOL_HANDLER = "com.sun.net.ssl.internal.www.protocol";
49
50	// IBM WebSphere
51	/** The Constant IBMJSSE_PROVIDER_CLASS. */
52	// both ibm packages are inside ibmjsseprovider.jar that comes with WebSphere
53	public static final String IBMJSSE_PROVIDER_CLASS = "com.ibm.jsse.IBMJSSEProvider";
54
55	/** The Constant IBMSSL_PROTOCOL_HANDLER. */
56	public static final String IBMSSL_PROTOCOL_HANDLER = "com.ibm.net.ssl.www.protocol";
57
58	/ The name of the JSSE class which provides support for SSL. /
59	private static String JSSE_PROVIDER_CLASS = SunJSSE_PROVIDER_CLASS;	1✔
60	/ The name of the JSSE class which supports the https protocol. /
61	private static String SSL_PROTOCOL_HANDLER = SunSSL_PROTOCOL_HANDLER;	1✔
62
63	/** The https provider class. */
64	private static Class _httpsProviderClass;
65
66	/** The https support verified. */
67	private static boolean _httpsSupportVerified;
68
69	/** The https protocol support enabled. */
70	private static boolean _httpsProtocolSupportEnabled;
71
72	/**
73	* use the given SSL providers - reset the one used so far.
74	*
75	* @param className
76	* the class name
77	* @param handlerName
78	* the handler name
79	*/
80	public static void useProvider(String className, String handlerName) {
81	_httpsProviderClass = null;	1✔
82	JSSE_PROVIDER_CLASS = className;	1✔
83	SSL_PROTOCOL_HANDLER = handlerName;	1✔
84	}	1✔
85
86	/**
87	* use the IBM WebShpere handlers.
88	*/
89	public static void useIBM() {
90	useProvider(IBMJSSE_PROVIDER_CLASS, IBMSSL_PROTOCOL_HANDLER);	1✔
91	}	1✔
92
93	/**
94	* Returns true if the JSSE extension is installed.
95	*
96	* @return true, if successful
97	*/
98	static boolean hasHttpsSupport() {
99	if (!_httpsSupportVerified) {	1✔
100	try {
101	getHttpsProviderClass();	1✔
102	} catch (ClassNotFoundException e) {	×
103	}	1✔
104	_httpsSupportVerified = true;	1✔
105	}
106	return _httpsProviderClass != null;	1!
107	}
108
109	/**
110	* Attempts to register the JSSE extension if it is not already registered. Will throw an exception if unable to
111	* register the extension.
112	*
113	* @param protocol
114	* the protocol
115	*/
116	static void verifyProtocolSupport(String protocol) {
117	if (protocol.equalsIgnoreCase("http")) {	1✔
118	}
119	if (protocol.equalsIgnoreCase("https")) {	1✔
120	validateHttpsProtocolSupport();	1✔
121	}
122	}	1✔
123
124	/**
125	* Validate https protocol support.
126	*/
127	private static void validateHttpsProtocolSupport() {
128	if (!_httpsProtocolSupportEnabled) {	1✔
129	verifyHttpsSupport();	1✔
130	_httpsProtocolSupportEnabled = true;	1✔
131	}
132	}	1✔
133
134	/**
135	* Verify https support.
136	*/
137	private static void verifyHttpsSupport() {
138	try {
139	Class providerClass = getHttpsProviderClass();	1✔
140	if (!hasProvider(providerClass)) {	1!
141	Security.addProvider((Provider) providerClass.getDeclaredConstructor().newInstance());	×
142	}
143	registerSSLProtocolHandler();	1✔
144	} catch (ClassNotFoundException e) {	×
145	throw new RuntimeException(	×
146	"https support requires the Java Secure Sockets Extension. See http://java.sun.com/products/jsse");
147	} catch (Throwable e) {	×
148	throw new RuntimeException("Unable to enable https support. Make sure that you have installed JSSE "	×
149	+ "as described in http://java.sun.com/products/jsse/install.html: " + e);
150	}	1✔
151	}	1✔
152
153	/**
154	* get the Https Provider Class if it's been set already return it - otherwise check with the Security package and
155	* take the first available provider if all fails take the default provider class.
156	*
157	* @return the HttpsProviderClass
158	*
159	* @throws ClassNotFoundException
160	* the class not found exception
161	*/
162	public static Class getHttpsProviderClass() throws ClassNotFoundException {
163	if (_httpsProviderClass == null) {	1✔
164	// [ 1520925 ] SSL patch
165	Provider[] sslProviders = Security.getProviders("SSLContext.SSLv3");	1✔
166	if (sslProviders.length > 0) {	1!
167	_httpsProviderClass = sslProviders[0].getClass();	1✔
168	}
169	if (_httpsProviderClass == null) {	1!
170	_httpsProviderClass = Class.forName(JSSE_PROVIDER_CLASS);	×
171	}
172	}
173	return _httpsProviderClass;	1✔
174	}
175
176	/**
177	* Checks for provider.
178	*
179	* @param providerClass
180	* the provider class
181	*
182	* @return true, if successful
183	*/
184	private static boolean hasProvider(Class providerClass) {
185	Provider[] list = Security.getProviders();	1✔
186	for (Provider element : list) {	1!
187	if (element.getClass().equals(providerClass)) {	1✔
188	return true;	1✔
189	}
190	}
191	return false;	×
192	}
193
194	/**
195	* convenience function: create a socket factory which uses an anything-goes trust manager. proposed by Florian
196	* Weimar
197	*
198	* @return the socket factory
199	*
200	* @throws Exception
201	* the exception
202	*/
203	public static SSLSocketFactory getSocketFactory() throws Exception {
204	final SSLContext context = SSLContext.getInstance("TLS");	1✔
205	context.init(null, new X509TrustManager[] { new X509TrustManager() {	1✔
206	// @Override
207	@Override
208	public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
209	}	×
210
211	// @Override
212	@Override
213	public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
214	}	×
215
216	// @Override
217	@Override
218	public X509Certificate[] getAcceptedIssuers() {
219	return null;	×
220	}
221
222	} }, null);
223	return context.getSocketFactory();	1✔
224	}
225
226	/**
227	* register the Secure Socket Layer Protocol Handler.
228	*/
229	private static void registerSSLProtocolHandler() {
230	String list = System.getProperty(PROTOCOL_HANDLER_PKGS);	1✔
231	if (list == null \|\| list.isEmpty()) {	1!
232	System.setProperty(PROTOCOL_HANDLER_PKGS, SSL_PROTOCOL_HANDLER);	1✔
233	} else if (list.indexOf(SSL_PROTOCOL_HANDLER) < 0) {	×
234	// [ 1516007 ] Default SSL provider not being used
235	System.setProperty(PROTOCOL_HANDLER_PKGS, list + " \| " + SSL_PROTOCOL_HANDLER);	×
236	}
237	}	1✔
238	}

hazendaz / httpunit / 656

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous