001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.http;
016    
017    import com.liferay.portal.kernel.servlet.HttpHeaders;
018    import com.liferay.portal.kernel.util.Base64;
019    import com.liferay.portal.kernel.util.ContentTypes;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.MethodHandler;
022    import com.liferay.portal.kernel.util.MethodWrapper;
023    import com.liferay.portal.kernel.util.ObjectValuePair;
024    import com.liferay.portal.kernel.util.PropsUtil;
025    import com.liferay.portal.kernel.util.StringPool;
026    import com.liferay.portal.kernel.util.Validator;
027    import com.liferay.portal.security.auth.HttpPrincipal;
028    import com.liferay.portal.security.auth.PrincipalException;
029    
030    import java.io.EOFException;
031    import java.io.IOException;
032    import java.io.ObjectInputStream;
033    import java.io.ObjectOutputStream;
034    
035    import java.net.HttpURLConnection;
036    import java.net.URL;
037    
038    import javax.net.ssl.HostnameVerifier;
039    import javax.net.ssl.HttpsURLConnection;
040    import javax.net.ssl.SSLSession;
041    
042    import javax.servlet.http.HttpServletRequest;
043    
044    /**
045     * @author Brian Wing Shun Chan
046     */
047    @SuppressWarnings("deprecation")
048    public class TunnelUtil {
049    
050            public static Object invoke(
051                            HttpPrincipal httpPrincipal, MethodHandler methodHandler)
052                    throws Exception {
053    
054                    HttpURLConnection urlc = _getConnection(httpPrincipal);
055    
056                    ObjectOutputStream oos = new ObjectOutputStream(urlc.getOutputStream());
057    
058                    oos.writeObject(
059                            new ObjectValuePair<HttpPrincipal, MethodHandler>(
060                                    httpPrincipal, methodHandler));
061    
062                    oos.flush();
063                    oos.close();
064    
065                    Object returnObj = null;
066    
067                    try {
068                            ObjectInputStream ois = new ObjectInputStream(
069                                    urlc.getInputStream());
070    
071                            returnObj = ois.readObject();
072    
073                            ois.close();
074                    }
075                    catch (EOFException eofe) {
076                    }
077                    catch (IOException ioe) {
078                            String ioeMessage = ioe.getMessage();
079    
080                            if ((ioeMessage != null) &&
081                                            (ioeMessage.indexOf("HTTP response code: 401") != -1)) {
082    
083                                    throw new PrincipalException(ioeMessage);
084                            }
085                            else {
086                                    throw ioe;
087                            }
088                    }
089    
090                    if ((returnObj != null) && returnObj instanceof Exception) {
091                            throw (Exception)returnObj;
092                    }
093    
094                    return returnObj;
095            }
096    
097            /**
098             * @deprecated
099             */
100            public static Object invoke(
101                            HttpPrincipal httpPrincipal, MethodWrapper methodWrapper)
102                    throws Exception {
103    
104                    HttpURLConnection urlc = _getConnection(httpPrincipal);
105    
106                    ObjectOutputStream oos = new ObjectOutputStream(urlc.getOutputStream());
107    
108                    oos.writeObject(
109                            new ObjectValuePair<HttpPrincipal, MethodWrapper>(
110                                    httpPrincipal, methodWrapper));
111    
112                    oos.flush();
113                    oos.close();
114    
115                    Object returnObj = null;
116    
117                    try {
118                            ObjectInputStream ois = new ObjectInputStream(
119                                    urlc.getInputStream());
120    
121                            returnObj = ois.readObject();
122    
123                            ois.close();
124                    }
125                    catch (EOFException eofe) {
126                    }
127                    catch (IOException ioe) {
128                            String ioeMessage = ioe.getMessage();
129    
130                            if ((ioeMessage != null) &&
131                                            (ioeMessage.indexOf("HTTP response code: 401") != -1)) {
132    
133                                    throw new PrincipalException(ioeMessage);
134                            }
135                            else {
136                                    throw ioe;
137                            }
138                    }
139    
140                    if ((returnObj != null) && returnObj instanceof Exception) {
141                            throw (Exception)returnObj;
142                    }
143    
144                    return returnObj;
145            }
146    
147            private static HttpURLConnection _getConnection(HttpPrincipal httpPrincipal)
148                    throws IOException {
149    
150                    if (httpPrincipal == null || httpPrincipal.getUrl() == null) {
151                            return null;
152                    }
153    
154                    URL url = null;
155    
156                    if (Validator.isNull(httpPrincipal.getLogin()) ||
157                            Validator.isNull(httpPrincipal.getPassword())) {
158    
159                            url = new URL(httpPrincipal.getUrl() + "/tunnel-web/liferay/do");
160                    }
161                    else {
162                            url = new URL(
163                                    httpPrincipal.getUrl() + "/tunnel-web/secure/liferay/do");
164                    }
165    
166                    HttpURLConnection httpURLConnection =
167                            (HttpURLConnection)url.openConnection();
168    
169                    httpURLConnection.setDoInput(true);
170                    httpURLConnection.setDoOutput(true);
171    
172                    if (!_VERIFY_SSL_HOSTNAME &&
173                            (httpURLConnection instanceof HttpsURLConnection)) {
174    
175                            HttpsURLConnection httpsURLConnection =
176                                    (HttpsURLConnection)httpURLConnection;
177    
178                            httpsURLConnection.setHostnameVerifier(
179                                    new HostnameVerifier() {
180    
181                                            public boolean verify(String hostname, SSLSession session) {
182                                                    return true;
183                                            }
184    
185                                    }
186                            );
187                    }
188    
189                    httpURLConnection.setRequestProperty(
190                            HttpHeaders.CONTENT_TYPE,
191                            ContentTypes.APPLICATION_X_JAVA_SERIALIZED_OBJECT);
192                    httpURLConnection.setUseCaches(false);
193    
194                    httpURLConnection.setRequestMethod("POST");
195    
196                    if (Validator.isNotNull(httpPrincipal.getLogin()) &&
197                            Validator.isNotNull(httpPrincipal.getPassword())) {
198    
199                            String userNameAndPassword =
200                                    httpPrincipal.getLogin() + StringPool.COLON +
201                                            httpPrincipal.getPassword();
202    
203                            httpURLConnection.setRequestProperty(
204                                    HttpHeaders.AUTHORIZATION,
205                                    HttpServletRequest.BASIC_AUTH + StringPool.SPACE +
206                                            Base64.encode(userNameAndPassword.getBytes()));
207                    }
208    
209                    return httpURLConnection;
210            }
211    
212            private static final boolean _VERIFY_SSL_HOSTNAME =
213                    GetterUtil.getBoolean(
214                            PropsUtil.get(TunnelUtil.class.getName() + ".verify.ssl.hostname"));
215    
216    }