001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.http;
016    
017    import com.liferay.portal.kernel.servlet.HttpHeaders;
018    import com.liferay.portal.kernel.util.Base64;
019    import com.liferay.portal.kernel.util.ContentTypes;
020    import com.liferay.portal.kernel.util.GetterUtil;
021    import com.liferay.portal.kernel.util.MethodHandler;
022    import com.liferay.portal.kernel.util.MethodWrapper;
023    import com.liferay.portal.kernel.util.ObjectValuePair;
024    import com.liferay.portal.kernel.util.PropsUtil;
025    import com.liferay.portal.kernel.util.StringPool;
026    import com.liferay.portal.kernel.util.Validator;
027    import com.liferay.portal.security.auth.HttpPrincipal;
028    import com.liferay.portal.security.auth.PrincipalException;
029    
030    import java.io.EOFException;
031    import java.io.IOException;
032    import java.io.ObjectInputStream;
033    import java.io.ObjectOutputStream;
034    
035    import java.net.HttpURLConnection;
036    import java.net.URL;
037    
038    import javax.net.ssl.HostnameVerifier;
039    import javax.net.ssl.HttpsURLConnection;
040    import javax.net.ssl.SSLSession;
041    
042    import javax.servlet.http.HttpServletRequest;
043    
044    /**
045     * @author Brian Wing Shun Chan
046     */
047    @SuppressWarnings("deprecation")
048    public class TunnelUtil {
049    
050            public static Object invoke(
051                            HttpPrincipal httpPrincipal, MethodHandler methodHandler)
052                    throws Exception {
053    
054                    HttpURLConnection urlc = _getConnection(httpPrincipal);
055    
056                    ObjectOutputStream oos = new ObjectOutputStream(urlc.getOutputStream());
057    
058                    oos.writeObject(
059                            new ObjectValuePair<HttpPrincipal, MethodHandler>(
060                                    httpPrincipal, methodHandler));
061    
062                    oos.flush();
063                    oos.close();
064    
065                    Object returnObj = null;
066    
067                    try {
068                            ObjectInputStream ois = new ObjectInputStream(
069                                    urlc.getInputStream());
070    
071                            returnObj = ois.readObject();
072    
073                            ois.close();
074                    }
075                    catch (EOFException eofe) {
076                    }
077                    catch (IOException ioe) {
078                            String ioeMessage = ioe.getMessage();
079    
080                            if ((ioeMessage != null) &&
081                                    ioeMessage.contains("HTTP response code: 401")) {
082    
083                                    throw new PrincipalException(ioeMessage);
084                            }
085                            else {
086                                    throw ioe;
087                            }
088                    }
089    
090                    if ((returnObj != null) && returnObj instanceof Exception) {
091                            throw (Exception)returnObj;
092                    }
093    
094                    return returnObj;
095            }
096    
097            /**
098             * @deprecated
099             */
100            public static Object invoke(
101                            HttpPrincipal httpPrincipal, MethodWrapper methodWrapper)
102                    throws Exception {
103    
104                    HttpURLConnection urlc = _getConnection(httpPrincipal);
105    
106                    ObjectOutputStream oos = new ObjectOutputStream(urlc.getOutputStream());
107    
108                    oos.writeObject(
109                            new ObjectValuePair<HttpPrincipal, MethodWrapper>(
110                                    httpPrincipal, methodWrapper));
111    
112                    oos.flush();
113                    oos.close();
114    
115                    Object returnObj = null;
116    
117                    try {
118                            ObjectInputStream ois = new ObjectInputStream(
119                                    urlc.getInputStream());
120    
121                            returnObj = ois.readObject();
122    
123                            ois.close();
124                    }
125                    catch (EOFException eofe) {
126                    }
127                    catch (IOException ioe) {
128                            String ioeMessage = ioe.getMessage();
129    
130                            if ((ioeMessage != null) &&
131                                    ioeMessage.contains("HTTP response code: 401")) {
132    
133                                    throw new PrincipalException(ioeMessage);
134                            }
135                            else {
136                                    throw ioe;
137                            }
138                    }
139    
140                    if ((returnObj != null) && returnObj instanceof Exception) {
141                            throw (Exception)returnObj;
142                    }
143    
144                    return returnObj;
145            }
146    
147            private static HttpURLConnection _getConnection(HttpPrincipal httpPrincipal)
148                    throws IOException {
149    
150                    if ((httpPrincipal == null) || (httpPrincipal.getUrl() == null)) {
151                            return null;
152                    }
153    
154                    URL url = new URL(httpPrincipal.getUrl() + "/api/liferay/do");
155    
156                    HttpURLConnection httpURLConnection =
157                            (HttpURLConnection)url.openConnection();
158    
159                    httpURLConnection.setDoInput(true);
160                    httpURLConnection.setDoOutput(true);
161    
162                    if (!_VERIFY_SSL_HOSTNAME &&
163                            (httpURLConnection instanceof HttpsURLConnection)) {
164    
165                            HttpsURLConnection httpsURLConnection =
166                                    (HttpsURLConnection)httpURLConnection;
167    
168                            httpsURLConnection.setHostnameVerifier(
169                                    new HostnameVerifier() {
170    
171                                            public boolean verify(String hostname, SSLSession session) {
172                                                    return true;
173                                            }
174    
175                                    }
176                            );
177                    }
178    
179                    httpURLConnection.setRequestProperty(
180                            HttpHeaders.CONTENT_TYPE,
181                            ContentTypes.APPLICATION_X_JAVA_SERIALIZED_OBJECT);
182                    httpURLConnection.setUseCaches(false);
183    
184                    httpURLConnection.setRequestMethod("POST");
185    
186                    if (Validator.isNotNull(httpPrincipal.getLogin()) &&
187                            Validator.isNotNull(httpPrincipal.getPassword())) {
188    
189                            String userNameAndPassword =
190                                    httpPrincipal.getLogin() + StringPool.COLON +
191                                            httpPrincipal.getPassword();
192    
193                            httpURLConnection.setRequestProperty(
194                                    HttpHeaders.AUTHORIZATION,
195                                    HttpServletRequest.BASIC_AUTH + StringPool.SPACE +
196                                            Base64.encode(userNameAndPassword.getBytes()));
197                    }
198    
199                    return httpURLConnection;
200            }
201    
202            private static final boolean _VERIFY_SSL_HOSTNAME = GetterUtil.getBoolean(
203                    PropsUtil.get(TunnelUtil.class.getName() + ".verify.ssl.hostname"));
204    
205    }