Example 21 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project lucene-solr by apache.
the class SSLTestConfig method buildClientSSLContext.
/**
* Builds a new SSLContext for HTTP <b>clients</b> to use when communicating with servers which have
* been configured based on the settings of this object.
*
* NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking
* due to lack of entropy, also explicitly allows the use of self-signed
* certificates (since that's what is almost always used during testing).
*/
public SSLContext buildClientSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
assert isSSLMode();
SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
// NOTE: KeyStore & TrustStore are swapped because they are from configured from server perspective...
// we are a client - our keystore contains the keys the server trusts, and vice versa
builder.loadTrustMaterial(buildKeyStore(keyStore, getKeyStorePassword()), new TrustSelfSignedStrategy()).build();
if (isClientAuthMode()) {
builder.loadKeyMaterial(buildKeyStore(trustStore, getTrustStorePassword()), getTrustStorePassword().toCharArray());
}
return builder.build();
}
Also used :
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 22 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project lucene-solr by apache.
the class SSLTestConfig method buildServerSSLContext.
/**
* Builds a new SSLContext for jetty servers which have been configured based on the settings of
* this object.
*
* NOTE: Uses a completely insecure {@link SecureRandom} instance to prevent tests from blocking
* due to lack of entropy, also explicitly allows the use of self-signed
* certificates (since that's what is almost always used during testing).
* almost always used during testing).
*/
public SSLContext buildServerSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
assert isSSLMode();
SSLContextBuilder builder = SSLContexts.custom();
builder.setSecureRandom(NotSecurePsuedoRandom.INSTANCE);
builder.loadKeyMaterial(buildKeyStore(keyStore, getKeyStorePassword()), getKeyStorePassword().toCharArray());
if (isClientAuthMode()) {
builder.loadTrustMaterial(buildKeyStore(trustStore, getTrustStorePassword()), new TrustSelfSignedStrategy()).build();
}
return builder.build();
}
Also used :
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 23 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project vcell by virtualcell.
the class VCellApiClient method initClient.
private void initClient() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
SSLContextBuilder builder = new SSLContextBuilder();
if (bIgnoreCertProblems) {
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
}
SSLConnectionSocketFactory sslsf = null;
if (bIgnoreHostMismatch) {
X509HostnameVerifier hostNameVerifier = new AllowAllHostnameVerifier();
sslsf = new SSLConnectionSocketFactory(builder.build(), hostNameVerifier);
} else {
sslsf = new SSLConnectionSocketFactory(builder.build());
}
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).setRedirectStrategy(new DefaultRedirectStrategy()).build();
httpClientContext = HttpClientContext.create();
}
Also used :
X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier)
AllowAllHostnameVerifier(org.apache.http.conn.ssl.AllowAllHostnameVerifier)
DefaultRedirectStrategy(org.apache.http.impl.client.DefaultRedirectStrategy)
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 24 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project janusgraph by JanusGraph.
the class SSLConfigurationCallback method customizeHttpClient.
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
final SSLContext sslcontext;
final TrustStrategy trustStrategy = allowSelfSignedCertificates ? new TrustSelfSignedStrategy() : null;
try {
if (StringUtils.isNotEmpty(trustStoreFile)) {
sslContextBuilder.loadTrustMaterial(new File(trustStoreFile), trustStorePassword.toCharArray(), trustStrategy);
} else {
sslContextBuilder.loadTrustMaterial(trustStrategy);
}
} catch (KeyStoreException | CertificateException | NoSuchAlgorithmException e) {
throw new RuntimeException("Invalid trust store file " + trustStoreFile, e);
} catch (IOException e) {
throw new RuntimeException("Unable to load trust store data from " + trustStoreFile, e);
}
try {
if (StringUtils.isNotEmpty(keyStoreFile)) {
sslContextBuilder.loadKeyMaterial(new File(keyStoreFile), keyStorePassword.toCharArray(), keyPassword.toCharArray());
}
} catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
throw new RuntimeException("Invalid key store file " + keyStoreFile, e);
} catch (IOException e) {
throw new RuntimeException("Unable to load key store data from " + keyStoreFile, e);
}
try {
sslcontext = sslContextBuilder.build();
} catch (KeyManagementException | NoSuchAlgorithmException e) {
throw new RuntimeException("SSL context initialization failed", e);
}
httpClientBuilder.setSSLContext(sslcontext);
if (disableHostNameVerification) {
httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
}
return httpClientBuilder;
}
Also used :
TrustStrategy(org.apache.http.conn.ssl.TrustStrategy)
NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier)
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
File(java.io.File)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Example 25 with TrustSelfSignedStrategy
use of org.apache.http.conn.ssl.TrustSelfSignedStrategy in project jetty-bootstrap by teknux-org.
the class AbstractJettyBootstrapTest method get.
protected SimpleResponse get(String url) throws IllegalStateException, IOException, JettyBootstrapException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
SimpleResponse simpleResponse = new SimpleResponse();
CloseableHttpClient httpClient;
HttpGet httpGet;
RequestConfig requestConfig = RequestConfig.custom().setSocketTimeout(SOCKET_TIMEOUT).build();
if (ssl) {
SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
sSLContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(sSLContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
httpClient = HttpClients.custom().setSSLSocketFactory(sSLConnectionSocketFactory).build();
httpGet = new HttpGet("https://" + HOST + ":" + getPort() + url);
} else {
httpClient = HttpClients.createDefault();
httpGet = new HttpGet("http://" + HOST + ":" + getPort() + url);
}
httpGet.setConfig(requestConfig);
CloseableHttpResponse response = null;
try {
response = httpClient.execute(httpGet);
simpleResponse.setStatusCode(response.getStatusLine().getStatusCode());
simpleResponse.setContent(IOUtils.toString(response.getEntity().getContent()));
} finally {
if (response != null) {
response.close();
}
httpClient.close();
}
return simpleResponse;
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
RequestConfig(org.apache.http.client.config.RequestConfig)
HttpGet(org.apache.http.client.methods.HttpGet)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
Aggregations
TrustSelfSignedStrategy (org.apache.http.conn.ssl.TrustSelfSignedStrategy)25
SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)19
SSLContextBuilder (org.apache.http.ssl.SSLContextBuilder)15
HttpClient (org.apache.http.client.HttpClient)13
HttpComponentsClientHttpRequestFactory (org.springframework.http.client.HttpComponentsClientHttpRequestFactory)13
Test (org.junit.Test)12
File (java.io.File)6
KeyStore (java.security.KeyStore)6
SSLContextBuilder (org.apache.http.conn.ssl.SSLContextBuilder)6
FileInputStream (java.io.FileInputStream)5
ServletRegistrationBean (org.springframework.boot.web.servlet.ServletRegistrationBean)5
IOException (java.io.IOException)4
SSLContext (javax.net.ssl.SSLContext)4
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)4
RequestConfig (org.apache.http.client.config.RequestConfig)2
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2
HttpGet (org.apache.http.client.methods.HttpGet)2
NoopHostnameVerifier (org.apache.http.conn.ssl.NoopHostnameVerifier)2
ClientHttpResponse (org.springframework.http.client.ClientHttpResponse)2
BufferedReader (java.io.BufferedReader)1
