List of usage examples for org.apache.http.conn.ssl SSLConnectionSocketFactory ALLOW_ALL_HOSTNAME_VERIFIER
X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER
To view the source code for org.apache.http.conn.ssl SSLConnectionSocketFactory ALLOW_ALL_HOSTNAME_VERIFIER.
Click Source Link
From source file:org.apache.streams.components.http.provider.SimpleHttpProvider.java
@Override public void prepare(Object configurationObject) { mapper = StreamsJacksonMapper.getInstance(); uriBuilder = new URIBuilder().setScheme(this.configuration.getProtocol()) .setHost(this.configuration.getHostname()).setPort(this.configuration.getPort().intValue()) .setPath(this.configuration.getResourcePath()); SSLContextBuilder builder = new SSLContextBuilder(); SSLConnectionSocketFactory sslsf = null; try {// w ww. j av a2 s. c om builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); sslsf = new SSLConnectionSocketFactory(builder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (NoSuchAlgorithmException e) { LOGGER.warn(e.getMessage()); } catch (KeyManagementException e) { LOGGER.warn(e.getMessage()); } catch (KeyStoreException e) { LOGGER.warn(e.getMessage()); } httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build(); executor = Executors.newSingleThreadExecutor(); }
From source file:org.openscore.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
public SSLConnectionSocketFactory build() { if (!"true".equalsIgnoreCase(trustAllRootsStr) && !"false".equalsIgnoreCase(trustAllRootsStr)) { throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'"); }//from w ww . j a v a2 s.c om boolean trustAllRoots = Boolean.parseBoolean(trustAllRootsStr); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (!trustAllRoots) { boolean useClientCert = !StringUtils.isEmpty(keystore); //validate SSL certificates sent by the server boolean useTrustCert = !StringUtils.isEmpty(trustKeystore); String javaKeystore = System.getProperty("java.home") + "/lib/security/cacerts"; boolean storeExists = new File(javaKeystore).exists(); if (!useClientCert && storeExists) { keystore = "file:" + javaKeystore; keystorePassword = (StringUtils.isEmpty(keystorePassword)) ? "changeit" : keystorePassword; useClientCert = true; } else if (useClientCert && !keystore.startsWith("http")) { keystore = "file:" + keystore; } if (!useTrustCert && storeExists) { trustKeystore = "file:" + javaKeystore; trustPassword = (StringUtils.isEmpty(trustPassword)) ? "changeit" : trustPassword; useTrustCert = true; } else if (useTrustCert && !trustKeystore.startsWith("http")) { trustKeystore = "file:" + trustKeystore; } createTrustKeystore(sslContextBuilder, useTrustCert); //todo client key authentication should not depend on 'trustAllRoots' createKeystore(sslContextBuilder, useClientCert); } else { try { //need to override isTrusted() method to accept CA certs because the Apache HTTP Client ver.4.3 will only accepts self-signed certificates sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + trustAllRoots, e); } } sslContextBuilder.useSSL(); sslContextBuilder.useTLS(); SSLConnectionSocketFactory sslsf; try { String x509HostnameVerifierStr = x509HostnameVerifier.toLowerCase(); X509HostnameVerifier x509HostnameVerifier = null; switch (x509HostnameVerifierStr) { case "strict": x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; case "browser_compatible": x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case "allow_all": x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; default: x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; } sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), x509HostnameVerifier); } catch (Exception e) { throw new RuntimeException(e.getMessage() + ". " + SSL_CONNECTION_ERROR, e); } return sslsf; }
From source file:common.rest.client.transport.HttpClientSSLKeyStore.java
/** * Constructs the {@link org.apache.http.conn.socket.ConnectionSocketFactory} according to the options specified during the * construction time. The returned instance can be used to register an <b><tt>https</tt></b> * sheme in the {@link org.apache.http.conn.socket.ConnectionSocketFactory} while costructing an Apache HTTP client. * * @return <tt>SSLSocketFactory</tt> instance *//*from w w w . j av a 2 s .co m*/ public LayeredConnectionSocketFactory getSocketFactory() { // @formatter:off final X509HostnameVerifier hostnameVerifier = m_disableHostnameVerifier ? SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; // @formatter:on try { SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (m_keyStore != null) { // this key store must contain the key/cert of the client sslContextBuilder.loadKeyMaterial(m_keyStore, m_keyStorePassword.toCharArray()); } if (m_trustStore != null) { // this key store must contain the certs needed and trusted to verify the servers cert sslContextBuilder.loadTrustMaterial(m_trustStore); } return new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier); } catch (Exception e) { throw new IllegalStateException("Failed to create SSL Socket Factory", e); } }
From source file:org.musicmount.io.server.dav.DAVResourceProvider.java
protected Sardine createSardine(final ServerFileSystem fileSystem) { /*/*w w w . j a v a2s.c om*/ * extract user/password */ String user = null; String password = null; if (fileSystem.getUserInfo() != null) { String[] userAndPassword = fileSystem.getUserInfo().split(":"); user = userAndPassword[0]; password = userAndPassword.length > 1 ? userAndPassword[1] : null; } /* * create customized sardine */ return new SardineImpl(user, password, null) { @Override protected Registry<ConnectionSocketFactory> createDefaultSchemeRegistry() { ConnectionSocketFactory socketFactory; if ("https".equalsIgnoreCase(fileSystem.getScheme())) { socketFactory = createDefaultSecureSocketFactory(); } else { socketFactory = createDefaultSocketFactory(); } return RegistryBuilder.<ConnectionSocketFactory>create() .register(fileSystem.getScheme(), socketFactory).build(); } @Override protected ConnectionSocketFactory createDefaultSecureSocketFactory() { try { // trust anybody... SSLContext context = SSLContext.getInstance("TLS"); X509TrustManager trustManager = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }; context.init(null, new TrustManager[] { trustManager }, null); return new SSLConnectionSocketFactory(context, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (NoSuchAlgorithmException | KeyManagementException e) { // should not happen... } return super.createDefaultSecureSocketFactory(); } @Override protected <T> T execute(HttpRequestBase request, ResponseHandler<T> responseHandler) throws IOException { /* * Sardine re-executes a PUT request after a org.apache.http.NoHttpResponseException without resetting it... */ if (request.isAborted()) { request.reset(); } return super.execute(request, responseHandler); } @Override public ContentLengthInputStream get(String url, Map<String, String> headers) throws IOException { /* * abort rather than consume entity for better performance */ final HttpGet get = new HttpGet(url); for (String header : headers.keySet()) { get.addHeader(header, headers.get(header)); } // Must use #execute without handler, otherwise the entity is consumed already after the handler exits. final HttpResponse response = this.execute(get); VoidResponseHandler handler = new VoidResponseHandler(); try { handler.handleResponse(response); // Will consume or abort the entity when the stream is closed. PositionInputStream positionInputStream = new PositionInputStream( response.getEntity().getContent()) { public void close() throws IOException { if (getPosition() == response.getEntity().getContentLength()) { EntityUtils.consume(response.getEntity()); } else { // partial read or unknown content length get.abort(); } } }; return new ContentLengthInputStream(positionInputStream, response.getEntity().getContentLength()); } catch (IOException ex) { get.abort(); throw ex; } } }; }
From source file:io.cloudslang.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
public SSLConnectionSocketFactory build() { if (!"true".equalsIgnoreCase(trustAllRootsStr) && !"false".equalsIgnoreCase(trustAllRootsStr)) { throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'"); }//ww w .j a va 2 s.c o m boolean trustAllRoots = Boolean.parseBoolean(trustAllRootsStr); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (!trustAllRoots) { boolean useClientCert = !StringUtils.isEmpty(keystore); //validate SSL certificates sent by the server boolean useTrustCert = !StringUtils.isEmpty(trustKeystore); String javaKeystore = System.getProperty("java.home") + "/lib/security/cacerts"; boolean storeExists = new File(javaKeystore).exists(); if (!useClientCert && storeExists) { keystore = "file:" + javaKeystore; keystorePassword = (StringUtils.isEmpty(keystorePassword)) ? "changeit" : keystorePassword; useClientCert = true; } else if (useClientCert && !keystore.startsWith("http")) { keystore = "file:" + keystore; } if (!useTrustCert && storeExists) { trustKeystore = "file:" + javaKeystore; trustPassword = (StringUtils.isEmpty(trustPassword)) ? "changeit" : trustPassword; useTrustCert = true; } else if (useTrustCert && !trustKeystore.startsWith("http")) { trustKeystore = "file:" + trustKeystore; } createTrustKeystore(sslContextBuilder, useTrustCert); //todo client key authentication should not depend on 'trustAllRoots' createKeystore(sslContextBuilder, useClientCert); } else { try { //need to override isTrusted() method to accept CA certs because the Apache HTTP Client ver.4.3 will only accepts self-signed certificates sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + trustAllRoots, e); } } sslContextBuilder.useSSL(); sslContextBuilder.useTLS(); SSLConnectionSocketFactory sslsf; try { String x509HostnameVerifierStr = x509HostnameVerifierInputValue.toLowerCase(); X509HostnameVerifier x509HostnameVerifier; switch (x509HostnameVerifierStr) { case "strict": x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; case "browser_compatible": x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case "allow_all": x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; default: throw new IllegalArgumentException("Invalid value '" + x509HostnameVerifierInputValue + "' for input 'x509HostnameVerifier'. Valid values: 'strict','browser_compatible','allow_all'."); } // Allow SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols only. Client-server communication starts with TLSv1.2 and fallbacks to SSLv3 if needed. sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), SUPPORTED_PROTOCOLS, null, x509HostnameVerifier); } catch (Exception e) { if (e instanceof IllegalArgumentException) { throw new IllegalArgumentException(e.getMessage()); } throw new RuntimeException(e.getMessage() + ". " + SSL_CONNECTION_ERROR, e); } return sslsf; }
From source file:com.hybris.datahub.outbound.utils.RestTemplateUtil.java
private LayeredConnectionSocketFactory setUpSSL() { LayeredConnectionSocketFactory sslSF = null; try {/*from ww w . j av a2 s. c o m*/ final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); final SSLContext sslContext = SSLContexts.custom().useTLS() .loadTrustMaterial(trustStore, new AnyTrustStrategy()).build(); sslSF = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (final Exception e) { LOGGER.error(e.getMessage()); } return sslSF; }
From source file:leap.webunit.client.THttpClientImpl.java
private static Registry<ConnectionSocketFactory> getDefaultRegistry() { RegistryBuilder<ConnectionSocketFactory> reg = RegistryBuilder.<ConnectionSocketFactory>create(); reg.register("http", PlainConnectionSocketFactory.getSocketFactory()); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); reg.register("https", sslSocketFactory); return reg.build(); }
From source file:com.dnanexus.DXHTTPRequest.java
/** * Construct the DXHTTPRequest using the given DXEnvironment. */// w w w. j a v a2 s .c o m public DXHTTPRequest(DXEnvironment env) { this.securityContext = env.getSecurityContextJson(); this.apiserver = env.getApiserverPath(); this.disableRetry = env.isRetryDisabled(); SSLContextBuilder builder = new SSLContextBuilder(); try { builder.loadTrustMaterial(null, new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } SSLConnectionSocketFactory sslSF = null; try { sslSF = new SSLConnectionSocketFactory(builder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } HttpClientBuilder httpClientBuilder = HttpClients.custom().useSystemProperties(); String proxyHost = System.getProperty("http.proxyHost"); String proxyPort = System.getProperty("http.proxyPort"); String proxyHostS = System.getProperty("https.proxyHost"); String proxyPortS = System.getProperty("https.proxyPort"); if ((proxyHost == null || proxyPort == null) && (proxyHostS == null || proxyPortS == null)) { this.httpclient = HttpClientBuilder.create().setUserAgent(USER_AGENT).build(); } else { HttpHost proxy = null; if (proxyHostS != null && proxyPortS != null) { proxy = new HttpHost(proxyHostS, Integer.parseInt(proxyPortS)); } else { proxy = new HttpHost(proxyHost, Integer.parseInt(proxyPort)); } httpClientBuilder.setProxy(proxy); HttpRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxy); httpClientBuilder.setRoutePlanner(routePlanner).setSSLSocketFactory(sslSF); httpclient = httpClientBuilder.setUserAgent(USER_AGENT).build(); } }
From source file:com.floragunn.searchguard.test.helper.rest.RestHelper.java
protected final CloseableHttpClient getHTTPClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (enableHTTPClientSSL) { log.debug("Configure HTTP client with SSL"); final KeyStore myTrustStore = KeyStore.getInstance("JKS"); myTrustStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath(truststore)), "changeit".toCharArray()); final KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath(keystore)), "changeit".toCharArray()); final SSLContextBuilder sslContextbBuilder = SSLContexts.custom().useTLS(); if (trustHTTPServerCertificate) { sslContextbBuilder.loadTrustMaterial(myTrustStore); }/*from ww w.j a v a2 s .co m*/ if (sendHTTPClientCertificate) { sslContextbBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); } final SSLContext sslContext = sslContextbBuilder.build(); String[] protocols = null; if (enableHTTPClientSSLv3Only) { protocols = new String[] { "SSLv3" }; } else { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); hcb.setSSLSocketFactory(sslsf); } hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); return hcb.build(); }