List of usage examples for javax.net.ssl SSLContext init
public final void init(KeyManager[] km, TrustManager[] tm, SecureRandom random) throws KeyManagementException
From source file:com.dh.superxz_bottom.framework.net.network.NetworkConnectionImpl.java
private static SSLSocketFactory getAllHostsValidSocketFactory() throws NoSuchAlgorithmException, KeyManagementException { if (sAllHostsValidSocketFactory == null) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }/*from w w w . j a v a2 s . c o m*/ public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); sAllHostsValidSocketFactory = sc.getSocketFactory(); } return sAllHostsValidSocketFactory; }
From source file:keywhiz.cli.ClientUtils.java
/** * Creates a {@link OkHttpClient} to start a TLS connection. * * @param cookies list of cookies to include in the client. * @return new http client.// w w w . j av a 2 s . c o m */ public static OkHttpClient sslOkHttpClient(List<HttpCookie> cookies) { checkNotNull(cookies); SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLSv1.2"); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), new SecureRandom()); } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { throw Throwables.propagate(e); } SSLSocketFactory socketFactory = sslContext.getSocketFactory(); OkHttpClient client = new OkHttpClient().setSslSocketFactory(socketFactory) .setConnectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS)).setFollowSslRedirects(false); client.setRetryOnConnectionFailure(false); client.networkInterceptors().add(new XsrfTokenInterceptor("XSRF-TOKEN", "X-XSRF-TOKEN")); CookieManager cookieManager = new CookieManager(); cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL); cookies.forEach(c -> cookieManager.getCookieStore().add(null, c)); client.setCookieHandler(cookieManager); return client; }
From source file:com.hybris.mobile.data.WebServiceDataProvider.java
private static void trustAllHosts() { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; }//from ww w . j av a 2 s. co m public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } } }; // Install the all-trusting trust manager try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { LoggingUtils.e(LOG_TAG, "Error with SSL connection. " + e.getLocalizedMessage(), null); } }
From source file:at.bitfire.davdroid.webdav.TlsSniSocketFactory.java
private static SSLContext initializedContext(SSLContext sslContext) { verifyAndroidContextSet();// ww w . j av a 2s . com if (sslContext == null) { try { sslContext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { Log.wtf(TAG, "TLS not supported: " + e.getMessage()); throw new RuntimeException("No support for TLS!"); } } try { sslContext.init(null, MemorizingTrustManager.getInstanceList(androidContext), null); } catch (KeyManagementException e) { Log.wtf(TAG, "Ignoring unexpected KeyManagementException: " + e.getMessage()); } return sslContext; }
From source file:com.qingstor.sdk.request.QSOkHttpRequestClient.java
private static OkHttpClient getUnsafeOkHttpClient() { try {/*from w w w .j a v a 2s .co m*/ // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder() .connectTimeout(QSConstant.HTTPCLIENT_CONNECTION_TIME_OUT, TimeUnit.SECONDS) .readTimeout(QSConstant.HTTPCLIENT_READ_TIME_OUT, TimeUnit.SECONDS) .writeTimeout(QSConstant.HTTPCLIENT_WRITE_TIME_OUT, TimeUnit.SECONDS); builder.sslSocketFactory(sslSocketFactory); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); OkHttpClient okHttpClient = builder.build(); return okHttpClient; } catch (Exception e) { logger.log(Level.SEVERE, e.getMessage()); throw new RuntimeException(e); } }
From source file:com.webarch.common.net.http.HttpService.java
/** * ?Https//from ww w. j a va 2s .c o m * * @param requestUrl ? * @param requestMethod ? * @param trustManagers ?? * @param outputJson ? * @return */ public static String doHttpsRequest(String requestUrl, String requestMethod, TrustManager[] trustManagers, String outputJson) { String result = null; try { StringBuffer buffer = new StringBuffer(); // SSLContext?? SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE"); sslContext.init(null, trustManagers, new java.security.SecureRandom()); // SSLContextSSLSocketFactory SSLSocketFactory ssf = sslContext.getSocketFactory(); URL url = new URL(requestUrl); HttpsURLConnection httpUrlConn = (HttpsURLConnection) url.openConnection(); httpUrlConn.setSSLSocketFactory(ssf); httpUrlConn.setDoOutput(true); httpUrlConn.setDoInput(true); httpUrlConn.setUseCaches(false); httpUrlConn.setUseCaches(false); httpUrlConn.setRequestProperty("Accept-Charset", DEFAULT_CHARSET); httpUrlConn.setRequestProperty("Content-Type", "application/json;charset=" + DEFAULT_CHARSET); // ?GET/POST httpUrlConn.setRequestMethod(requestMethod); if ("GET".equalsIgnoreCase(requestMethod)) httpUrlConn.connect(); // ???? if (null != outputJson) { OutputStream outputStream = httpUrlConn.getOutputStream(); //?? outputStream.write(outputJson.getBytes(DEFAULT_CHARSET)); outputStream.close(); } // ??? InputStream inputStream = httpUrlConn.getInputStream(); InputStreamReader inputStreamReader = new InputStreamReader(inputStream, DEFAULT_CHARSET); BufferedReader bufferedReader = new BufferedReader(inputStreamReader); String str = null; while ((str = bufferedReader.readLine()) != null) { buffer.append(str); } result = buffer.toString(); bufferedReader.close(); inputStreamReader.close(); // ? inputStream.close(); httpUrlConn.disconnect(); } catch (ConnectException ce) { logger.error("Weixin server connection timed out.", ce); } catch (Exception e) { logger.error("https request error:", e); } finally { return result; } }
From source file:crossbear.convergence.ConvergenceConnector.java
/** * Contact a ConvergenceNotary and ask it for all information about certificate observations it has made on a specific host. * /*from w w w . ja v a2 s.com*/ * Please note: Contacting a ConvergenceNotary is possible with and without sending the fingerprint of the observed certificate. In both cases the Notary will send a list of * ConvergenceCertificateObservations. The problem is that if no fingerprint is sent or the fingerprint matches the last certificate that the Notary observed for the host, the Notary will just * read the list of ConvergenceCertificateObservations from its database. It will not contact the server to see if it the certificate is still the one it uses. The problem with that is that with * this algorithm Convergence usually makes only one certificate observation per server. When asked for that server a Notary will therefore reply "I saw that certificate last July". Since * Crossbear requires statements like "I saw this certificate since last July" it will send a fake-fingerprint to the Convergence Notaries. This compels the Notary to query the server for * its current certificate. After that the Notary will update its database and will then send the updated list of ConvergenceCertificateObservations to Crossbear. * * @param notary * The notary to contact * @param hostPort * The Hostname and port of the server on which the information about the certificate observations is desired. * @return The Response-String that the Notary sent as an answer. It will contain a JSON-encoded list of ConvergenceCertificateObservations * @throws IOException * @throws KeyManagementException * @throws NoSuchAlgorithmException */ private static String contactNotary(ConvergenceNotary notary, String hostPort) throws IOException, KeyManagementException, NoSuchAlgorithmException { // Construct a fake fingerprint to send to the Notary (currently the Hex-String representation of "ConvergenceIsGreat:)") String data = "fingerprint=43:6F:6E:76:65:72:67:65:6E:63:65:49:73:47:72:65:61:74:3A:29"; // Build the url to connect to based on the Notary and the certificate's host URL url = new URL("https://" + notary.getHostPort() + "/target/" + hostPort.replace(":", "+")); // Open a HttpsURLConnection for that url HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); /* * Set a TrustManager on that connection that forces the use of the Notary's certificate. If the Notary sends any certificate that differs from the one that it is supposed to have (according * to the ConvergenceNotaries-table) an Exception will be thrown. This protects against Man-in-the-middle attacks placed between the Crossbear server and the Notary. */ SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, new TrustManager[] { new TrustSingleCertificateTM(Message.hexStringToByteArray(notary.getCertSHA256Hash())) }, new java.security.SecureRandom()); conn.setSSLSocketFactory(sc.getSocketFactory()); // Set the timeout during which the Notary has to reply conn.setConnectTimeout(3000); // POST the fake fingerprint to the Notary conn.setDoOutput(true); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(data); wr.flush(); // Get the Notary's response. Since Convergence replies with a 409-error if it has never observed a certificate conn.getInputStream() will be null. The way to get the Notarys reply in that case is to use conn.getErrorStream(). InputStream is; if (conn.getResponseCode() >= 400) { is = conn.getErrorStream(); } else { // This line should never be executed since we send a fake fingerprint that should never belong to an actually observed certificate. But who knows ... is = conn.getInputStream(); } // Read the Notary's reply and store it String response = Message.inputStreamToString(is); // Close all opened streams wr.close(); // Return the Notary's reply return response; }
From source file:com.gmobi.poponews.util.HttpHelper.java
static void disableSslCheck() { if (initialized) return;// w w w. j a va 2s .com TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc; try { sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); initialized = true; } catch (Exception e) { Logger.error(e); } }
From source file:com.nubits.nubot.utils.Utils.java
/** * Install a trust manager that does not validate certificate chains for https calls * * @throws Exception//from ww w. j a v a 2 s . co m */ private static void installTrustAllManager() throws Exception { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; // Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); }
From source file:de.micromata.genome.gwiki.fssvn.SslUtils.java
public static SSLSocketFactory createEasySSLSocketFactory() { try {/*from ww w . j a va 2s .c o m*/ SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[] { tm }, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx); ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); return ssf; } catch (RuntimeException ex) { throw ex; } catch (Exception ex) { throw new RuntimeException(ex); } }