List of usage examples for org.apache.http.ssl SSLContexts createSystemDefault
public static SSLContext createSystemDefault() throws SSLInitializationException
From source file:io.mandrel.requests.http.ApacheHttpRequester.java
public void init() { available = new Semaphore(maxParallel(), true); SSLContext sslContext = SSLContexts.createSystemDefault(); HostnameVerifier hostnameVerifier = new DefaultHostnameVerifier(); Registry<ConnectionSocketFactory> sessionStrategyRegistry = RegistryBuilder .<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", new SSLConnectionSocketFactory(sslContext, hostnameVerifier)).build(); DnsResolver dnsResolver = new SystemDefaultDnsResolver() { @Override/*from ww w . ja v a2s. c o m*/ public InetAddress[] resolve(final String host) throws UnknownHostException { if (host.equalsIgnoreCase("localhost")) { return new InetAddress[] { InetAddress.getByAddress(new byte[] { 127, 0, 0, 1 }) }; } else { return new InetAddress[] { nameResolver().resolve(host) }; } } }; // Create a connection manager with custom configuration. PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager( sessionStrategyRegistry, dnsResolver); // Create message constraints MessageConstraints messageConstraints = MessageConstraints.custom().setMaxHeaderCount(maxHeaderCount) .setMaxLineLength(maxLineLength).build(); // Create connection configuration ConnectionConfig connectionConfig = ConnectionConfig.custom() .setMalformedInputAction(CodingErrorAction.IGNORE) .setUnmappableInputAction(CodingErrorAction.IGNORE).setCharset(Consts.UTF_8) .setMessageConstraints(messageConstraints).build(); connManager.setDefaultConnectionConfig(connectionConfig); // Configure total max or per route limits for persistent connections // that can be kept in the pool or leased by the connection manager. connManager.setMaxTotal(maxPersistentConnections()); connManager.setDefaultMaxPerRoute(maxPersistentConnections()); // TODO // Use custom credentials provider if necessary. // CredentialsProvider credentialsProvider = new // BasicCredentialsProvider(); // Create global request configuration defaultRequestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.DEFAULT) .setExpectContinueEnabled(true).setStaleConnectionCheckEnabled(true) .setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM, AuthSchemes.DIGEST)) .setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC)).setMaxRedirects(maxRedirects()) .setSocketTimeout(socketTimeout()).setConnectTimeout(connectTimeout()) .setConnectionRequestTimeout(requestTimeOut()).setRedirectsEnabled(followRedirects()).build(); // Create an HttpClient with the given custom dependencies and // configuration. client = HttpClients.custom().setConnectionManager(connManager) // .setDefaultCredentialsProvider(credentialsProvider) .setDefaultRequestConfig(defaultRequestConfig).build(); }
From source file:com.machinepublishers.jbrowserdriver.StreamConnectionClient.java
private static SSLContext sslContext() { final String property = SettingsManager.settings().ssl(); if (property != null && !property.isEmpty() && !"null".equals(property)) { if ("trustanything".equals(property)) { try { return SSLContexts.custom().loadTrustMaterial(KeyStore.getInstance(KeyStore.getDefaultType()), new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; }/*w ww . j a v a 2 s . co m*/ }).build(); } catch (Throwable t) { LogsServer.instance().exception(t); } } else { try { String location = property; location = location.equals("compatible") ? "https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt" : location; File cachedPemFile = new File("./pemfile_cached"); boolean remote = location.startsWith("https://") || location.startsWith("http://"); if (remote && cachedPemFile.exists() && (System.currentTimeMillis() - cachedPemFile.lastModified() < 48 * 60 * 60 * 1000)) { location = cachedPemFile.getAbsolutePath(); remote = false; } String pemBlocks = null; if (remote) { HttpURLConnection remotePemFile = (HttpURLConnection) StreamHandler .defaultConnection(new URL(location)); remotePemFile.setRequestMethod("GET"); remotePemFile.connect(); pemBlocks = Util.toString(remotePemFile.getInputStream(), Util.charset(remotePemFile)); cachedPemFile.delete(); Files.write(Paths.get(cachedPemFile.getAbsolutePath()), pemBlocks.getBytes("utf-8")); } else { pemBlocks = new String(Files.readAllBytes(Paths.get(new File(location).getAbsolutePath())), "utf-8"); } KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Matcher matcher = pemBlock.matcher(pemBlocks); boolean found = false; while (matcher.find()) { String pemBlock = matcher.group(1).replaceAll("[\\n\\r]+", ""); ByteArrayInputStream byteStream = new ByteArrayInputStream( Base64.getDecoder().decode(pemBlock)); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) cf .generateCertificate(byteStream); String alias = cert.getSubjectX500Principal().getName("RFC2253"); if (alias != null && !keyStore.containsAlias(alias)) { found = true; keyStore.setCertificateEntry(alias, cert); } } if (found) { KeyManagerFactory keyManager = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManager.init(keyStore, null); TrustManagerFactory trustManager = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManager.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManager.getKeyManagers(), trustManager.getTrustManagers(), null); return context; } } catch (Throwable t) { LogsServer.instance().exception(t); } } } return SSLContexts.createSystemDefault(); }
From source file:com.github.parisoft.resty.client.Client.java
private HttpClient newHttpClient() throws IOException { final SocketConfig socketConfig = SocketConfig.custom().setSoTimeout(timeout).build(); final RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(timeout) .setConnectTimeout(timeout).setSocketTimeout(timeout).setCookieSpec(CookieSpecs.DEFAULT).build(); final SSLContext sslContext; final HostnameVerifier hostnameVerifier; if (bypassSSL) { hostnameVerifier = NoopHostnameVerifier.INSTANCE; try {// www . j a v a2 s .com sslContext = SSLContexts.custom().loadTrustMaterial(new BypassTrustStrategy()) .useProtocol(SSLConnectionSocketFactory.TLS).build(); } catch (Exception e) { throw new IOException("Cannot create bypassed SSL context", e); } } else { sslContext = SSLContexts.createSystemDefault(); hostnameVerifier = null; } final HttpRequestRetryHandler retryHandler = new RequestRetryHandler(retries); final HttpClientConnectionManager connectionManager = getConnectionManager(); return HttpClientBuilder.create().setConnectionManager(connectionManager).setConnectionManagerShared(true) .setRetryHandler(retryHandler).setDefaultSocketConfig(socketConfig) .setDefaultRequestConfig(requestConfig).setSSLContext(sslContext) .setSSLHostnameVerifier(hostnameVerifier).build(); }