hazendaz / httpunit / 755

Committed 14 Feb 2026 07:14PM UTC coverage: 80.526%. Remained the same

Build # 755

Build Type

push

github

Committed by

hazendaz

Commit Message

[ci] Fix badge

Run Details

3213 of 4105 branches covered (78.27%)

Branch coverage included in aggregate %.

8245 of 10124 relevant lines covered (81.44%)

0.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.76

/src/main/java/com/meterware/httpunit/HttpsProtocolSupport.java

/*
 * SPDX-License-Identifier: MIT
 * See LICENSE file for details.
 *
 * Copyright 2000-2026 Russell Gold
 * Copyright 2021-2000 hazendaz
 */
package com.meterware.httpunit;

import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

/**
 * Encapsulates support for the HTTPS protocol.
 **/
public abstract class HttpsProtocolSupport {

    /** The name of the system parameter used by java.net to locate protocol handlers. **/
    private static final String PROTOCOL_HANDLER_PKGS = "java.protocol.handler.pkgs";

    /** The Constant SunJSSE_PROVIDER_CLASS. */
    // Sun Microsystems:
    public static final String SunJSSE_PROVIDER_CLASS = "com.sun.net.ssl.internal.ssl.Provider";

    /** The Constant SunJSSE_PROVIDER_CLASS2. */
    // 741145: "sun.net.www.protocol.https";
    public static final String SunJSSE_PROVIDER_CLASS2 = "sun.net.www.protocol.https";

    /** The Constant SunSSL_PROTOCOL_HANDLER. */
    public static final String SunSSL_PROTOCOL_HANDLER = "com.sun.net.ssl.internal.www.protocol";

    // IBM WebSphere
    /** The Constant IBMJSSE_PROVIDER_CLASS. */
    // both ibm packages are inside ibmjsseprovider.jar that comes with WebSphere
    public static final String IBMJSSE_PROVIDER_CLASS = "com.ibm.jsse.IBMJSSEProvider";

    /** The Constant IBMSSL_PROTOCOL_HANDLER. */
    public static final String IBMSSL_PROTOCOL_HANDLER = "com.ibm.net.ssl.www.protocol";

    /** The name of the JSSE class which provides support for SSL. **/
    private static String JSSE_PROVIDER_CLASS = SunJSSE_PROVIDER_CLASS;
    /** The name of the JSSE class which supports the https protocol. **/
    private static String SSL_PROTOCOL_HANDLER = SunSSL_PROTOCOL_HANDLER;

    /** The https provider class. */
    private static Class _httpsProviderClass;

    /** The https support verified. */
    private static boolean _httpsSupportVerified;

    /** The https protocol support enabled. */
    private static boolean _httpsProtocolSupportEnabled;

    /**
     * use the given SSL providers - reset the one used so far.
     *
     * @param className
     *            the class name
     * @param handlerName
     *            the handler name
     */
    public static void useProvider(String className, String handlerName) {
        _httpsProviderClass = null;
        JSSE_PROVIDER_CLASS = className;
        SSL_PROTOCOL_HANDLER = handlerName;
    }

    /**
     * use the IBM WebShpere handlers.
     */
    public static void useIBM() {
        useProvider(IBMJSSE_PROVIDER_CLASS, IBMSSL_PROTOCOL_HANDLER);
    }

    /**
     * Returns true if the JSSE extension is installed.
     *
     * @return true, if successful
     */
    static boolean hasHttpsSupport() {
        if (!_httpsSupportVerified) {
            try {
                getHttpsProviderClass();
            } catch (ClassNotFoundException e) {
            }
            _httpsSupportVerified = true;
        }
        return _httpsProviderClass != null;
    }

    /**
     * Attempts to register the JSSE extension if it is not already registered. Will throw an exception if unable to
     * register the extension.
     *
     * @param protocol
     *            the protocol
     */
    static void verifyProtocolSupport(String protocol) {
        if (protocol.equalsIgnoreCase("http")) {
        }
        if (protocol.equalsIgnoreCase("https")) {
            validateHttpsProtocolSupport();
        }
    }

    /**
     * Validate https protocol support.
     */
    private static void validateHttpsProtocolSupport() {
        if (!_httpsProtocolSupportEnabled) {
            verifyHttpsSupport();
            _httpsProtocolSupportEnabled = true;
        }
    }

    /**
     * Verify https support.
     */
    private static void verifyHttpsSupport() {
        try {
            Class providerClass = getHttpsProviderClass();
            if (!hasProvider(providerClass)) {
                Security.addProvider((Provider) providerClass.getDeclaredConstructor().newInstance());
            }
            registerSSLProtocolHandler();
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(
                    "https support requires the Java Secure Sockets Extension. See http://java.sun.com/products/jsse");
        } catch (Throwable e) {
            throw new RuntimeException("Unable to enable https support. Make sure that you have installed JSSE "
                    + "as described in http://java.sun.com/products/jsse/install.html: " + e);
        }
    }

    /**
     * get the Https Provider Class if it's been set already return it - otherwise check with the Security package and
     * take the first available provider if all fails take the default provider class.
     *
     * @return the HttpsProviderClass
     *
     * @throws ClassNotFoundException
     *             the class not found exception
     */
    public static Class getHttpsProviderClass() throws ClassNotFoundException {
        if (_httpsProviderClass == null) {
            // [ 1520925 ] SSL patch
            Provider[] sslProviders = Security.getProviders("SSLContext.SSLv3");
            if (sslProviders.length > 0) {
                _httpsProviderClass = sslProviders[0].getClass();
            }
            if (_httpsProviderClass == null) {
                _httpsProviderClass = Class.forName(JSSE_PROVIDER_CLASS);
            }
        }
        return _httpsProviderClass;
    }

    /**
     * Checks for provider.
     *
     * @param providerClass
     *            the provider class
     *
     * @return true, if successful
     */
    private static boolean hasProvider(Class providerClass) {
        Provider[] list = Security.getProviders();
        for (Provider element : list) {
            if (element.getClass().equals(providerClass)) {
                return true;
            }
        }
        return false;
    }

    /**
     * convenience function: create a socket factory which uses an anything-goes trust manager. proposed by Florian
     * Weimar
     *
     * @return the socket factory
     *
     * @throws Exception
     *             the exception
     */
    public static SSLSocketFactory getSocketFactory() throws Exception {
        final SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, new X509TrustManager[] { new X509TrustManager() {
            // @Override
            @Override
            public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            }

            // @Override
            @Override
            public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            }

            // @Override
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

        } }, null);
        return context.getSocketFactory();
    }

    /**
     * register the Secure Socket Layer Protocol Handler.
     */
    private static void registerSSLProtocolHandler() {
        String list = System.getProperty(PROTOCOL_HANDLER_PKGS);
        if (list == null || list.isEmpty()) {
            System.setProperty(PROTOCOL_HANDLER_PKGS, SSL_PROTOCOL_HANDLER);
        } else if (list.indexOf(SSL_PROTOCOL_HANDLER) < 0) {
            // [ 1516007 ] Default SSL provider not being used
            System.setProperty(PROTOCOL_HANDLER_PKGS, list + " | " + SSL_PROTOCOL_HANDLER);
        }
    }
}

1	/*
2	* SPDX-License-Identifier: MIT
3	* See LICENSE file for details.
4	*
5	* Copyright 2000-2026 Russell Gold
6	* Copyright 2021-2000 hazendaz
7	*/
8	package com.meterware.httpunit;
9
10	import java.security.Provider;
11	import java.security.Security;
12	import java.security.cert.CertificateException;
13	import java.security.cert.X509Certificate;
14
15	import javax.net.ssl.SSLContext;
16	import javax.net.ssl.SSLSocketFactory;
17	import javax.net.ssl.X509TrustManager;
18
19	/**
20	* Encapsulates support for the HTTPS protocol.
21	**/
22	public abstract class HttpsProtocolSupport {	×
23
24	/ The name of the system parameter used by java.net to locate protocol handlers. /
25	private static final String PROTOCOL_HANDLER_PKGS = "java.protocol.handler.pkgs";
26
27	/** The Constant SunJSSE_PROVIDER_CLASS. */
28	// Sun Microsystems:
29	public static final String SunJSSE_PROVIDER_CLASS = "com.sun.net.ssl.internal.ssl.Provider";
30
31	/** The Constant SunJSSE_PROVIDER_CLASS2. */
32	// 741145: "sun.net.www.protocol.https";
33	public static final String SunJSSE_PROVIDER_CLASS2 = "sun.net.www.protocol.https";
34
35	/** The Constant SunSSL_PROTOCOL_HANDLER. */
36	public static final String SunSSL_PROTOCOL_HANDLER = "com.sun.net.ssl.internal.www.protocol";
37
38	// IBM WebSphere
39	/** The Constant IBMJSSE_PROVIDER_CLASS. */
40	// both ibm packages are inside ibmjsseprovider.jar that comes with WebSphere
41	public static final String IBMJSSE_PROVIDER_CLASS = "com.ibm.jsse.IBMJSSEProvider";
42
43	/** The Constant IBMSSL_PROTOCOL_HANDLER. */
44	public static final String IBMSSL_PROTOCOL_HANDLER = "com.ibm.net.ssl.www.protocol";
45
46	/ The name of the JSSE class which provides support for SSL. /
47	private static String JSSE_PROVIDER_CLASS = SunJSSE_PROVIDER_CLASS;	1✔
48	/ The name of the JSSE class which supports the https protocol. /
49	private static String SSL_PROTOCOL_HANDLER = SunSSL_PROTOCOL_HANDLER;	1✔
50
51	/** The https provider class. */
52	private static Class _httpsProviderClass;
53
54	/** The https support verified. */
55	private static boolean _httpsSupportVerified;
56
57	/** The https protocol support enabled. */
58	private static boolean _httpsProtocolSupportEnabled;
59
60	/**
61	* use the given SSL providers - reset the one used so far.
62	*
63	* @param className
64	* the class name
65	* @param handlerName
66	* the handler name
67	*/
68	public static void useProvider(String className, String handlerName) {
69	_httpsProviderClass = null;	1✔
70	JSSE_PROVIDER_CLASS = className;	1✔
71	SSL_PROTOCOL_HANDLER = handlerName;	1✔
72	}	1✔
73
74	/**
75	* use the IBM WebShpere handlers.
76	*/
77	public static void useIBM() {
78	useProvider(IBMJSSE_PROVIDER_CLASS, IBMSSL_PROTOCOL_HANDLER);	1✔
79	}	1✔
80
81	/**
82	* Returns true if the JSSE extension is installed.
83	*
84	* @return true, if successful
85	*/
86	static boolean hasHttpsSupport() {
87	if (!_httpsSupportVerified) {	1✔
88	try {
89	getHttpsProviderClass();	1✔
90	} catch (ClassNotFoundException e) {	×
91	}	1✔
92	_httpsSupportVerified = true;	1✔
93	}
94	return _httpsProviderClass != null;	1!
95	}
96
97	/**
98	* Attempts to register the JSSE extension if it is not already registered. Will throw an exception if unable to
99	* register the extension.
100	*
101	* @param protocol
102	* the protocol
103	*/
104	static void verifyProtocolSupport(String protocol) {
105	if (protocol.equalsIgnoreCase("http")) {	1✔
106	}
107	if (protocol.equalsIgnoreCase("https")) {	1✔
108	validateHttpsProtocolSupport();	1✔
109	}
110	}	1✔
111
112	/**
113	* Validate https protocol support.
114	*/
115	private static void validateHttpsProtocolSupport() {
116	if (!_httpsProtocolSupportEnabled) {	1✔
117	verifyHttpsSupport();	1✔
118	_httpsProtocolSupportEnabled = true;	1✔
119	}
120	}	1✔
121
122	/**
123	* Verify https support.
124	*/
125	private static void verifyHttpsSupport() {
126	try {
127	Class providerClass = getHttpsProviderClass();	1✔
128	if (!hasProvider(providerClass)) {	1!
129	Security.addProvider((Provider) providerClass.getDeclaredConstructor().newInstance());	×
130	}
131	registerSSLProtocolHandler();	1✔
132	} catch (ClassNotFoundException e) {	×
133	throw new RuntimeException(	×
134	"https support requires the Java Secure Sockets Extension. See http://java.sun.com/products/jsse");
135	} catch (Throwable e) {	×
136	throw new RuntimeException("Unable to enable https support. Make sure that you have installed JSSE "	×
137	+ "as described in http://java.sun.com/products/jsse/install.html: " + e);
138	}	1✔
139	}	1✔
140
141	/**
142	* get the Https Provider Class if it's been set already return it - otherwise check with the Security package and
143	* take the first available provider if all fails take the default provider class.
144	*
145	* @return the HttpsProviderClass
146	*
147	* @throws ClassNotFoundException
148	* the class not found exception
149	*/
150	public static Class getHttpsProviderClass() throws ClassNotFoundException {
151	if (_httpsProviderClass == null) {	1✔
152	// [ 1520925 ] SSL patch
153	Provider[] sslProviders = Security.getProviders("SSLContext.SSLv3");	1✔
154	if (sslProviders.length > 0) {	1!
155	_httpsProviderClass = sslProviders[0].getClass();	1✔
156	}
157	if (_httpsProviderClass == null) {	1!
158	_httpsProviderClass = Class.forName(JSSE_PROVIDER_CLASS);	×
159	}
160	}
161	return _httpsProviderClass;	1✔
162	}
163
164	/**
165	* Checks for provider.
166	*
167	* @param providerClass
168	* the provider class
169	*
170	* @return true, if successful
171	*/
172	private static boolean hasProvider(Class providerClass) {
173	Provider[] list = Security.getProviders();	1✔
174	for (Provider element : list) {	1!
175	if (element.getClass().equals(providerClass)) {	1✔
176	return true;	1✔
177	}
178	}
179	return false;	×
180	}
181
182	/**
183	* convenience function: create a socket factory which uses an anything-goes trust manager. proposed by Florian
184	* Weimar
185	*
186	* @return the socket factory
187	*
188	* @throws Exception
189	* the exception
190	*/
191	public static SSLSocketFactory getSocketFactory() throws Exception {
192	final SSLContext context = SSLContext.getInstance("TLS");	1✔
193	context.init(null, new X509TrustManager[] { new X509TrustManager() {	1✔
194	// @Override
195	@Override
196	public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
197	}	×
198
199	// @Override
200	@Override
201	public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
202	}	×
203
204	// @Override
205	@Override
206	public X509Certificate[] getAcceptedIssuers() {
207	return null;	×
208	}
209
210	} }, null);
211	return context.getSocketFactory();	1✔
212	}
213
214	/**
215	* register the Secure Socket Layer Protocol Handler.
216	*/
217	private static void registerSSLProtocolHandler() {
218	String list = System.getProperty(PROTOCOL_HANDLER_PKGS);	1✔
219	if (list == null \|\| list.isEmpty()) {	1!
220	System.setProperty(PROTOCOL_HANDLER_PKGS, SSL_PROTOCOL_HANDLER);	1✔
221	} else if (list.indexOf(SSL_PROTOCOL_HANDLER) < 0) {	×
222	// [ 1516007 ] Default SSL provider not being used
223	System.setProperty(PROTOCOL_HANDLER_PKGS, list + " \| " + SSL_PROTOCOL_HANDLER);	×
224	}
225	}	1✔
226	}

hazendaz / httpunit / 755

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous