Search in sources :

Example 11 with TrustStrategy

use of org.apache.http.conn.ssl.TrustStrategy in project dal by ctripcorp.

the class WebUtil method initWeakSSLClient.

private static HttpClient initWeakSSLClient() {
    HttpClientBuilder b = HttpClientBuilder.create();
    // setup a Trust Strategy that allows all certificates.
    //
    SSLContext sslContext = null;
    try {
        sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {

            public boolean isTrusted(X509Certificate[] arg0, String arg1) {
                return true;
            }
        }).build();
    } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
    // do nothing, has been handled outside
    }
    b.setSslcontext(sslContext);
    // don't check Hostnames, either.
    //      -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
    X509HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    // here's the special part:
    //      -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
    //      -- and create a Registry, to register it.
    //
    SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
    // now, we create connection-manager using our Registry.
    //      -- allows multi-threaded use
    PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
    b.setConnectionManager(connMgr);
    /**
         * Set timeout option
         */
    RequestConfig.Builder configBuilder = RequestConfig.custom();
    configBuilder.setConnectTimeout(TIMEOUT);
    configBuilder.setSocketTimeout(TIMEOUT);
    b.setDefaultRequestConfig(configBuilder.build());
    // finally, build the HttpClient;
    //      -- done!
    HttpClient sslClient = b.build();
    return sslClient;
}
Also used : RequestConfig(org.apache.http.client.config.RequestConfig) TrustStrategy(org.apache.http.conn.ssl.TrustStrategy) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) X509Certificate(java.security.cert.X509Certificate) KeyManagementException(java.security.KeyManagementException) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier) HttpClient(org.apache.http.client.HttpClient) SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)

Example 12 with TrustStrategy

use of org.apache.http.conn.ssl.TrustStrategy in project iTest by e-government-ua.

the class DeleteTask method createHttpClient_AcceptsUntrustedCerts.

public HttpClient createHttpClient_AcceptsUntrustedCerts() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
    HttpClientBuilder b = HttpClientBuilder.create();
    SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {

        public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            return true;
        }
    }).build();
    b.setSslcontext(sslContext);
    HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
    SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, (X509HostnameVerifier) hostnameVerifier);
    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
    PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
    b.setConnectionManager(connMgr);
    HttpClient client = b.build();
    return client;
}
Also used : TrustStrategy(org.apache.http.conn.ssl.TrustStrategy) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) HttpClient(org.apache.http.client.HttpClient) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) SSLContext(javax.net.ssl.SSLContext) SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier) HostnameVerifier(javax.net.ssl.HostnameVerifier) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)

Aggregations

TrustStrategy (org.apache.http.conn.ssl.TrustStrategy)12 X509Certificate (java.security.cert.X509Certificate)8 CertificateException (java.security.cert.CertificateException)7 IOException (java.io.IOException)6 SSLContext (javax.net.ssl.SSLContext)6 SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)6 X509HostnameVerifier (org.apache.http.conn.ssl.X509HostnameVerifier)5 ClientConnectionManager (org.apache.http.conn.ClientConnectionManager)4 Scheme (org.apache.http.conn.scheme.Scheme)4 SchemeRegistry (org.apache.http.conn.scheme.SchemeRegistry)4 ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)4 PlainConnectionSocketFactory (org.apache.http.conn.socket.PlainConnectionSocketFactory)4 AllowAllHostnameVerifier (org.apache.http.conn.ssl.AllowAllHostnameVerifier)4 SSLContextBuilder (org.apache.http.conn.ssl.SSLContextBuilder)4 SSLSocketFactory (org.apache.http.conn.ssl.SSLSocketFactory)4 DefaultHttpClient (org.apache.http.impl.client.DefaultHttpClient)4 HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)4 PoolingHttpClientConnectionManager (org.apache.http.impl.conn.PoolingHttpClientConnectionManager)4 URI (java.net.URI)3 KeyManagementException (java.security.KeyManagementException)3