private static SSLConnectionSocketFactory createSSLConnectionSocketFactory(Path path, char[] password, boolean strict, KeystoreType keystoreType) { try { SSLContextBuilder builder = SSLContexts.custom(); if (path != null) { KeyStore trustStore = KeyStore.getInstance(keystoreType.name()); try (InputStream is = Files.newInputStream(path)) { trustStore.load(is, password); } builder.loadTrustMaterial(trustStore); } else { builder.loadTrustMaterial(null, new TrustEverythingStrategy()); } X509HostnameVerifier verifier; if (strict) { verifier = SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER; } else { verifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; } return new SSLConnectionSocketFactory(builder.build(), new String[] {"TLSv1", "TLSv1.2"}, null, verifier); } catch (IOException | GeneralSecurityException ex) { throw new RuntimeException("Can't create SSL connection factory", ex); } }
private static void createThreadSafeClient(boolean forceSecure) { httpClient = new DefaultHttpClient(); ClientConnectionManager mgr = httpClient.getConnectionManager(); HttpParams params = httpClient.getParams(); SchemeRegistry schemeRegistry = mgr.getSchemeRegistry(); if (forceSecure) { schemeRegistry.register(new Scheme("https", getSecureConnectionSetting(), 443)); } else { HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; SSLSocketFactory socketFactory = SSLSocketFactory .getSocketFactory(); socketFactory .setHostnameVerifier((X509HostnameVerifier) hostnameVerifier); schemeRegistry.register(new Scheme("https", socketFactory, 443)); } httpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(params, schemeRegistry), params); }
public AbstractRestTemplateClient ignoreAuthenticateServer() { //backward compatible with android httpclient 4.3.x if(restTemplate.getRequestFactory() instanceof HttpComponentsClientHttpRequestFactory) { try { SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); X509HostnameVerifier verifier = ignoreSslWarning ? new AllowAllHostnameVerifier() : new BrowserCompatHostnameVerifier(); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, verifier); HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); ((HttpComponentsClientHttpRequestFactory)restTemplate.getRequestFactory()).setHttpClient(httpClient); } catch (Exception e) { e.printStackTrace(); } } else { Debug.error("the request factory " + restTemplate.getRequestFactory().getClass().getName() + " does not support ignoreAuthenticateServer"); } return this; }
/** * Constructor for AdvancedSSLProtocolSocketFactory. */ public AdvancedSslSocketFactory( SSLContext sslContext, AdvancedX509TrustManager trustManager, X509HostnameVerifier hostnameVerifier ) { if (sslContext == null) throw new IllegalArgumentException("AdvancedSslSocketFactory can not be created with a null SSLContext"); if (trustManager == null && mHostnameVerifier != null) throw new IllegalArgumentException( "AdvancedSslSocketFactory can not be created with a null Trust Manager and a " + "not null Hostname Verifier" ); mSslContext = sslContext; mTrustManager = trustManager; mHostnameVerifier = hostnameVerifier; }
/** * Gets a DefaultHttpClient that's tolerant of wildcard matches. * * @param httpParams HTTP Parameters for a DefaultHttpClient * * @return DefaultHttpClient that's tolerant of wildcard matches. */ public static DefaultHttpClient getHttpsWildcardTolerantClient(final HttpParams httpParams) { DefaultHttpClient client = new DefaultHttpClient(httpParams); SSLSocketFactory sslSocketFactory = (SSLSocketFactory) client .getConnectionManager() .getSchemeRegistry() .getScheme("https") .getSocketFactory(); final X509HostnameVerifier delegate = sslSocketFactory.getHostnameVerifier(); if (!(delegate instanceof HttpsWildcardVerifier)) { sslSocketFactory.setHostnameVerifier(new HttpsWildcardVerifier(delegate)); } return client; }
public static void init(Context context) { mContext = context; HttpParams httpParams = new BasicHttpParams(); HttpProtocolParams.setVersion(httpParams, HttpVersion.HTTP_1_1); HttpConnectionParams.setConnectionTimeout(httpParams, 0); HttpConnectionParams.setSoTimeout(httpParams, 0); // https HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; SchemeRegistry schReg = new SchemeRegistry(); SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory(); socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier); schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); schReg.register(new Scheme("https", socketFactory, 443)); ClientConnectionManager conMgr = new ThreadSafeClientConnManager(httpParams, schReg); httpClient = new DefaultHttpClient(conMgr, httpParams); HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); LOGS = new Logs(context); }
public static DefaultHttpClient createHttpClient(HostnameVerifierType p_verifierType) { if (p_verifierType != null && p_verifierType != HostnameVerifierType.DEFAULT) { switch (p_verifierType) { case ALLOW_ALL: HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; DefaultHttpClient client = new DefaultHttpClient(); SchemeRegistry registry = new SchemeRegistry(); SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory(); socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier); registry.register(new Scheme("https", socketFactory, 443)); SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry); // Set verifier HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); return new DefaultHttpClient(mgr, client.getParams()); case DEFAULT: return new DefaultHttpClient(); } } return new DefaultHttpClient(); }
private SSLConnectionSocketFactory createSslSocketFactory(Configuration configuration) { X509HostnameVerifier verifier; if (configuration.isApiSslCnCheck()) { verifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER; } else { verifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; } // Remove SSLv2Hello and SSLv3 from the allowed ciphers list // Java 7u75 disabled them anyway, so usually the MyTimetable server will not support these protocols SSLContext sslContext = SSLContexts.createSystemDefault(); Set<String> enabledProtocols = new HashSet<String>(); for (String s : sslContext.getDefaultSSLParameters().getProtocols()) { if (s.equals("SSLv3") || s.equals("SSLv2Hello")) { continue; } enabledProtocols.add(s); } return new SSLConnectionSocketFactory(sslContext, enabledProtocols.toArray(new String[enabledProtocols.size()]), null, verifier); }
/** * @since 4.1 */ public SSLSocketFactory(final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) { super(); this.socketFactory = sslContext.getSocketFactory(); this.hostnameVerifier = hostnameVerifier; this.nameResolver = null; }
/** * Adapts a {@link HostnameVerifier} to be compatible with the HttpClient * {@link X509HostnameVerifier}. */ public static X509HostnameVerifier adapt(HostnameVerifier verifier) { if (verifier == null) { throw new NullPointerException("verifier:null"); } if (verifier instanceof X509HostnameVerifier) { return (X509HostnameVerifier) verifier; } return new X509HostnameVerifierAdapter(verifier); }
private static HttpClient createHttpsClient() { HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; SchemeRegistry registry = new SchemeRegistry(); SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory(); socketFactory .setHostnameVerifier((X509HostnameVerifier) hostnameVerifier); registry.register(new Scheme("https", socketFactory, 443)); HttpClient client = new DefaultHttpClient(); SingleClientConnManager mgr = new SingleClientConnManager( client.getParams(), registry); DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams()); return httpClient; }
@NotNull protected HttpClient getHttpClient() { HttpClientBuilder builder = HttpClients.custom() .setDefaultRequestConfig(createRequestConfig()) .setSslcontext(CertificateManager.getInstance().getSslContext()) // TODO: use custom one for additional certificate check //.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) .setHostnameVerifier((X509HostnameVerifier)CertificateManager.HOSTNAME_VERIFIER) .setDefaultCredentialsProvider(createCredentialsProvider()) .addInterceptorFirst(PREEMPTIVE_BASIC_AUTH) .addInterceptorLast(createRequestInterceptor()); return builder.build(); }
@NotNull private static CloseableHttpClient createClient(@NotNull GithubAuthData auth) { HttpClientBuilder builder = HttpClients.custom(); return builder .setDefaultRequestConfig(createRequestConfig(auth)) .setDefaultConnectionConfig(createConnectionConfig(auth)) .setDefaultCredentialsProvider(createCredentialsProvider(auth)) .setDefaultHeaders(createHeaders(auth)) .addInterceptorFirst(PREEMPTIVE_BASIC_AUTH) .setSslcontext(CertificateManager.getInstance().getSslContext()) .setHostnameVerifier((X509HostnameVerifier)CertificateManager.HOSTNAME_VERIFIER) .build(); }
protected Registry<ConnectionSocketFactory> createConnectionRegistry(X509HostnameVerifier x509HostnameVerifier, SSLContextParameters sslContextParams) throws GeneralSecurityException, IOException { // create the default connection registry to use RegistryBuilder<ConnectionSocketFactory> builder = RegistryBuilder.<ConnectionSocketFactory>create(); builder.register("http", PlainConnectionSocketFactory.getSocketFactory()); builder.register("http4", PlainConnectionSocketFactory.getSocketFactory()); if (sslContextParams != null) { builder.register("https", new SSLConnectionSocketFactory(sslContextParams.createSSLContext(getCamelContext()), x509HostnameVerifier)); builder.register("https4", new SSLConnectionSocketFactory(sslContextParams.createSSLContext(getCamelContext()), x509HostnameVerifier)); } else { builder.register("https4", new SSLConnectionSocketFactory(SSLContexts.createDefault(), x509HostnameVerifier)); builder.register("https", new SSLConnectionSocketFactory(SSLContexts.createDefault(), x509HostnameVerifier)); } return builder.build(); }
public HttpClientBuilder untrustedConnectionClientBuilder() throws Exception { // setup a Trust Strategy that allows all certificates. // SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { public boolean isTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { return true; } }).build(); builder.setSslcontext(sslContext); // don't check Hostnames, either. // -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; // here's the special part: // -- need to create an SSL Socket Factory, to use our weakened "trust strategy"; // -- and create a Registry, to register it. // SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, (X509HostnameVerifier) hostnameVerifier); Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslSocketFactory) .build(); // now, we create connection-manager using our Registry. // -- allows multi-threaded use PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry); builder.setConnectionManager(connMgr); // finally, build the HttpClient; // -- done! return this; }
/** * Constructs a new HttpCache object, that will be initialized with the * default set of HttpRequestOptions. * * @see HttpRequestOptions */ public HttpCache(SSLContext sslContext, X509HostnameVerifier hostnameVerifier) { super(); _client = HttpClientFactory.getInstance( getDefaultRequestOptions().getMaxRedirects(), getDefaultRequestOptions().getAllowCircularRedirects(), getDefaultRequestOptions().getSocketTimeout(), getDefaultRequestOptions().getConnTimeout(), null, sslContext, hostnameVerifier); }
@Test public void testAllowAnyHostnameFalse() throws Exception { httpClientBuilder.allowAnyHostname(false); httpClientBuilder.build(); Mockito.verify(internalHttpClientBuilder).build(); Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any()); }
@Test public void testInsecureFalse() throws Exception { httpClientBuilder.insecure(false); httpClientBuilder.build(); Mockito.verify(httpClientBuilder).allowAnyHostname(false); Mockito.verify(httpClientBuilder).allowAnyCertificate(false); Mockito.verify(internalHttpClientBuilder).build(); Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any()); Mockito.verify(internalHttpClientBuilder, never()).setSslcontext(Mockito.<SSLContext> any()); }
@Test public void testUseSystemPropertiesTrue2() throws Exception { httpClientBuilder.useSystemProperties(true); httpClientBuilder.build(); Mockito.verify(internalHttpClientBuilder).build(); Mockito.verify(internalHttpClientBuilder).useSystemProperties(); Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any()); Mockito.verify(internalHttpClientBuilder, never()).setSslcontext(Mockito.<SSLContext> any()); }
@Test public void testUseSystemPropertiesFalse2() throws Exception { WebProperties.WEB_HTTPS_ALLOW_ANY_CERTIFICATE.updateProperty("tRuE"); WebProperties.WEB_HTTPS_ALLOW_ANY_HOSTNAME.updateProperty("FalsE"); WebProperties.storeInSystemProperties(); httpClientBuilder.useSystemProperties(false); httpClientBuilder.build(); Mockito.verify(internalHttpClientBuilder).build(); Mockito.verify(internalHttpClientBuilder, never()).useSystemProperties(); Mockito.verify(internalHttpClientBuilder, never()).setSslcontext(Mockito.<SSLContext> any()); Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any()); }
public static void setHostNameVerifier(DefaultHttpClient httpClient, X509HostnameVerifier hostNameVerifier) { Scheme httpsScheme = httpClient.getConnectionManager().getSchemeRegistry().get("https"); if (httpsScheme != null) { SSLSocketFactory sslSocketFactory = (SSLSocketFactory) httpsScheme.getSchemeSocketFactory(); sslSocketFactory.setHostnameVerifier(hostNameVerifier); } }
/** * @since 4.1 */ public SSLSocketFactory( String algorithm, final KeyStore keystore, final String keystorePassword, final KeyStore truststore, final SecureRandom random, final X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { this(createSSLContext( algorithm, keystore, keystorePassword, truststore, random, null), hostnameVerifier); }
/** * @since 4.1 */ public SSLSocketFactory( String algorithm, final KeyStore keystore, final String keystorePassword, final KeyStore truststore, final SecureRandom random, final TrustStrategy trustStrategy, final X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { this(createSSLContext( algorithm, keystore, keystorePassword, truststore, random, trustStrategy), hostnameVerifier); }
/** * @since 4.1 */ public SSLSocketFactory( final TrustStrategy trustStrategy, final X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { this(TLS, null, null, null, null, trustStrategy, hostnameVerifier); }
/** * @since 4.1 */ public SSLSocketFactory( final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) { super(); this.socketfactory = sslContext.getSocketFactory(); this.hostnameVerifier = hostnameVerifier; this.nameResolver = null; }
@Deprecated public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier) { if ( hostnameVerifier == null ) { throw new IllegalArgumentException("Hostname verifier may not be null"); } this.hostnameVerifier = hostnameVerifier; }
public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier) { if (hostnameVerifier == null) { throw new IllegalArgumentException( "Hostname verifier may not be null"); } this.hostnameVerifier = hostnameVerifier; }
private Registry<ConnectionSocketFactory> getSchemeRegistry() throws NoSuchAlgorithmException { HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(SSLContext.getDefault(), (X509HostnameVerifier) hostnameVerifier); return RegistryBuilder.<ConnectionSocketFactory> create().register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", socketFactory).build(); }
/** * 创建SSL安全连接 * * @return */ private static SSLConnectionSocketFactory createSSLConnSocketFactory() { SSLConnectionSocketFactory sslsf = null; try { SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }).build(); sslsf = new SSLConnectionSocketFactory(sslContext, new X509HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { } @Override public void verify(String host, X509Certificate cert) throws SSLException { } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { } }); } catch (GeneralSecurityException e) { e.printStackTrace(); } return sslsf; }
