List of usage examples for org.apache.http.conn.ssl SSLConnectionSocketFactory STRICT_HOSTNAME_VERIFIER
X509HostnameVerifier STRICT_HOSTNAME_VERIFIER
To view the source code for org.apache.http.conn.ssl SSLConnectionSocketFactory STRICT_HOSTNAME_VERIFIER.
Click Source Link
From source file:securitytools.common.http.HttpClientFactory.java
public static CloseableHttpClient build(ClientConfiguration clientConfiguration) throws NoSuchAlgorithmException { HttpClientBuilder builder = HttpClients.custom(); // Certificate Validation if (clientConfiguration.isCertificateValidationEnabled()) { builder.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContext.getDefault(), SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER)); } else {//from ww w . j a v a 2s .c o m // Disable builder.setSSLSocketFactory(new TrustingSSLConnectionSocketFactory()); } // Timeouts RequestConfig.Builder requestConfigBuilder = RequestConfig.custom(); requestConfigBuilder.setConnectTimeout(clientConfiguration.getConnectionTimeout()); requestConfigBuilder.setConnectionRequestTimeout(clientConfiguration.getConnectionTimeout()); requestConfigBuilder.setSocketTimeout(clientConfiguration.getSocketTimeout()); builder.setDefaultRequestConfig(requestConfigBuilder.build()); // User Agent builder.setUserAgent(clientConfiguration.getUserAgent()); // Proxy if (clientConfiguration.getProxyHost() != null) { builder.setProxy(clientConfiguration.getProxyHost()); } return builder.build(); }
From source file:com.vmware.bdd.cli.http.HostnameVerifiers.java
public X509HostnameVerifier getHostnameVerifier(String verifier) { switch (verifier) { case "browser_compatible": return SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; case "strict": return SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; case "allow_all": default:/*w w w . j av a2 s . co m*/ return SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; } }
From source file:securitytools.common.http.HttpClientFactory.java
public static CloseableHttpAsyncClient buildAsync(ClientConfiguration clientConfiguration) throws NoSuchAlgorithmException { HttpAsyncClientBuilder builder = HttpAsyncClients.custom(); // Certificate Validation // TODO//from w ww.ja v a 2s .c o m if (clientConfiguration.isCertificateValidationEnabled()) { builder.setSSLStrategy(new SSLIOSessionStrategy(SSLContext.getDefault(), SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER)); } else { // Disable SSLIOSessionStrategy sslStrategy = new SSLIOSessionStrategy(SSLContext.getDefault(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); builder.setSSLStrategy(sslStrategy); } // Timeouts RequestConfig.Builder requestConfigBuilder = RequestConfig.custom(); requestConfigBuilder.setConnectTimeout(clientConfiguration.getConnectionTimeout()); requestConfigBuilder.setConnectionRequestTimeout(clientConfiguration.getConnectionTimeout()); requestConfigBuilder.setSocketTimeout(clientConfiguration.getSocketTimeout()); builder.setDefaultRequestConfig(requestConfigBuilder.build()); // User Agent builder.setUserAgent(clientConfiguration.getUserAgent()); // Proxy if (clientConfiguration.getProxyHost() != null) { builder.setProxy(clientConfiguration.getProxyHost()); } return builder.build(); }
From source file:iop_sdk.forum.discourge.com.wareninja.opensource.discourse.utils.MyWebClient.java
protected void initBase() { //Initiate SSLSocketFactory. "java.lang.IllegalArgumentException: Item may not be null" error fixed. SSLContext sslContext = SSLContexts.createSystemDefault(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER); httpClient = HttpClientBuilder.create().setSSLSocketFactory(sslsf).build(); // httpRequestConfig = RequestConfig.custom() // .setSocketTimeout(TIMEOUT) // .setConnectTimeout(TIMEOUT) // .build(); localContext = new BasicHttpContext(); }
From source file:com.wareninja.opensource.discourse.utils.MyWebClient.java
protected void initBase() { SSLContext sslContext = SSLContexts.createSystemDefault(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER); httpRequestConfig = RequestConfig.custom().setSocketTimeout(TIMEOUT).setConnectTimeout(TIMEOUT) .setCookieSpec(CookieSpecs.BEST_MATCH).build(); cookieStore = new BasicCookieStore(); httpClient = HttpClientBuilder.create().setSSLSocketFactory(sslsf).setDefaultCookieStore(cookieStore) .setDefaultRequestConfig(httpRequestConfig).build(); localContext = HttpClientContext.create(); }
From source file:microsoft.exchange.webservices.data.EwsSSLProtocolSocketFactory.java
/** * Constructor for EasySSLProtocolSocketFactory. * * @throws SSLException/*from www. j a va 2s .com*/ */ public EwsSSLProtocolSocketFactory(SSLContext context) { super(context, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER); this.sslcontext = context; }
From source file:com.ksc.http.apache.client.impl.ApacheConnectionManagerFactory.java
@SuppressWarnings("deprecation") private HostnameVerifier getHostNameVerifier(HttpClientSettings options) { return options.useBrowserCompatibleHostNameVerifier() ? SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER : SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; }
From source file:org.openscore.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
public SSLConnectionSocketFactory build() { if (!"true".equalsIgnoreCase(trustAllRootsStr) && !"false".equalsIgnoreCase(trustAllRootsStr)) { throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'"); }/*from w w w.j a v a 2s . c o m*/ boolean trustAllRoots = Boolean.parseBoolean(trustAllRootsStr); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (!trustAllRoots) { boolean useClientCert = !StringUtils.isEmpty(keystore); //validate SSL certificates sent by the server boolean useTrustCert = !StringUtils.isEmpty(trustKeystore); String javaKeystore = System.getProperty("java.home") + "/lib/security/cacerts"; boolean storeExists = new File(javaKeystore).exists(); if (!useClientCert && storeExists) { keystore = "file:" + javaKeystore; keystorePassword = (StringUtils.isEmpty(keystorePassword)) ? "changeit" : keystorePassword; useClientCert = true; } else if (useClientCert && !keystore.startsWith("http")) { keystore = "file:" + keystore; } if (!useTrustCert && storeExists) { trustKeystore = "file:" + javaKeystore; trustPassword = (StringUtils.isEmpty(trustPassword)) ? "changeit" : trustPassword; useTrustCert = true; } else if (useTrustCert && !trustKeystore.startsWith("http")) { trustKeystore = "file:" + trustKeystore; } createTrustKeystore(sslContextBuilder, useTrustCert); //todo client key authentication should not depend on 'trustAllRoots' createKeystore(sslContextBuilder, useClientCert); } else { try { //need to override isTrusted() method to accept CA certs because the Apache HTTP Client ver.4.3 will only accepts self-signed certificates sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + trustAllRoots, e); } } sslContextBuilder.useSSL(); sslContextBuilder.useTLS(); SSLConnectionSocketFactory sslsf; try { String x509HostnameVerifierStr = x509HostnameVerifier.toLowerCase(); X509HostnameVerifier x509HostnameVerifier = null; switch (x509HostnameVerifierStr) { case "strict": x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; case "browser_compatible": x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case "allow_all": x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; default: x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; } sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), x509HostnameVerifier); } catch (Exception e) { throw new RuntimeException(e.getMessage() + ". " + SSL_CONNECTION_ERROR, e); } return sslsf; }
From source file:io.cloudslang.content.httpclient.build.conn.SSLConnectionSocketFactoryBuilder.java
public SSLConnectionSocketFactory build() { if (!"true".equalsIgnoreCase(trustAllRootsStr) && !"false".equalsIgnoreCase(trustAllRootsStr)) { throw new IllegalArgumentException("'trustAllRoots' can only be 'true' or 'false'"); }/*from w w w . j a va 2 s . co m*/ boolean trustAllRoots = Boolean.parseBoolean(trustAllRootsStr); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); if (!trustAllRoots) { boolean useClientCert = !StringUtils.isEmpty(keystore); //validate SSL certificates sent by the server boolean useTrustCert = !StringUtils.isEmpty(trustKeystore); String javaKeystore = System.getProperty("java.home") + "/lib/security/cacerts"; boolean storeExists = new File(javaKeystore).exists(); if (!useClientCert && storeExists) { keystore = "file:" + javaKeystore; keystorePassword = (StringUtils.isEmpty(keystorePassword)) ? "changeit" : keystorePassword; useClientCert = true; } else if (useClientCert && !keystore.startsWith("http")) { keystore = "file:" + keystore; } if (!useTrustCert && storeExists) { trustKeystore = "file:" + javaKeystore; trustPassword = (StringUtils.isEmpty(trustPassword)) ? "changeit" : trustPassword; useTrustCert = true; } else if (useTrustCert && !trustKeystore.startsWith("http")) { trustKeystore = "file:" + trustKeystore; } createTrustKeystore(sslContextBuilder, useTrustCert); //todo client key authentication should not depend on 'trustAllRoots' createKeystore(sslContextBuilder, useClientCert); } else { try { //need to override isTrusted() method to accept CA certs because the Apache HTTP Client ver.4.3 will only accepts self-signed certificates sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage() + ". " + TRUST_ALL_ROOTS_ERROR + trustAllRoots, e); } } sslContextBuilder.useSSL(); sslContextBuilder.useTLS(); SSLConnectionSocketFactory sslsf; try { String x509HostnameVerifierStr = x509HostnameVerifierInputValue.toLowerCase(); X509HostnameVerifier x509HostnameVerifier; switch (x509HostnameVerifierStr) { case "strict": x509HostnameVerifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; break; case "browser_compatible": x509HostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; break; case "allow_all": x509HostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; break; default: throw new IllegalArgumentException("Invalid value '" + x509HostnameVerifierInputValue + "' for input 'x509HostnameVerifier'. Valid values: 'strict','browser_compatible','allow_all'."); } // Allow SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols only. Client-server communication starts with TLSv1.2 and fallbacks to SSLv3 if needed. sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), SUPPORTED_PROTOCOLS, null, x509HostnameVerifier); } catch (Exception e) { if (e instanceof IllegalArgumentException) { throw new IllegalArgumentException(e.getMessage()); } throw new RuntimeException(e.getMessage() + ". " + SSL_CONNECTION_ERROR, e); } return sslsf; }
From source file:net.shibboleth.idp.cas.proxy.impl.HttpClientProxyAuthenticator.java
private CloseableHttpClient createHttpClient(final TrustEngine<? super X509Credential> x509TrustEngine) { final SSLConnectionSocketFactory socketFactory; try {/*from w ww . ja v a2 s . c om*/ final SSLContext sslContext = SSLContexts.custom().useTLS() .loadTrustMaterial(null, new TrustEngineTrustStrategy(x509TrustEngine)).build(); socketFactory = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER); } catch (Exception e) { throw new RuntimeException("SSL initialization error", e); } final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register(HTTPS_SCHEME, socketFactory).build(); final BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(registry); return HttpClients.custom().setConnectionManager(connectionManager).build(); }