List of usage examples for javax.net.ssl HttpsURLConnection setDefaultSSLSocketFactory
public static void setDefaultSSLSocketFactory(SSLSocketFactory sf)
SSLSocketFactory inherited by new instances of this class. From source file:org.qi4j.library.http.AbstractSecureJettyTest.java
@BeforeClass public static void beforeSecureClass() throws IOException, GeneralSecurityException { defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory(); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String string, SSLSession ssls) { return true; }// w ww. j av a 2 s.com }); KeyStore truststore = KeyStore.getInstance("JCEKS"); truststore.load(new FileInputStream(TRUSTSTORE_FILE), KS_PASSWORD.toCharArray()); SSLContext sslCtx = SSLContext.getInstance("TLS"); TrustManagerFactory caTrustManagerFactory = TrustManagerFactory.getInstance(getX509Algorithm()); caTrustManagerFactory.init(truststore); sslCtx.init(null, caTrustManagerFactory.getTrustManagers(), null); HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); }
From source file:org.couchpotato.CouchPotato.java
private CouchPotato(String scheme, String hostname, int port, String path, String api, String username, String password, boolean trustAll, String trustMe) { this.scheme = scheme; this.hostName = hostname; this.port = port; this.path = path; this.api = api; this.username = username; this.password = password; this.trustAll = trustAll; if (this.username == null) this.username = ""; if (this.password == null) this.password = ""; // Configure SSL behavior based on user preferences Authenticator.setDefault(new CouchAuthenticator(username, password, hostname)); HostnameVerifier verifier;/*from w ww .j ava 2 s . c o m*/ try { SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager(trustAll, trustMe) }, new SecureRandom()); if (trustAll) { verifier = new AllowAllHostnameVerifier(); } else { verifier = new StrictHostnameVerifier(); } HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(verifier); } catch (NoSuchAlgorithmException e) { } catch (KeyManagementException e) { } catch (KeyStoreException e) { } }
From source file:com.produban.cloudfoundry.bosh.bosh_javaclient.BoshClientImpl.java
/** * This method sets up {@link HttpsURLConnection} so that no certificate or * hostname check is performed.//from w ww . j a v a 2 s . c o m */ private void disableSSLChecks() { try { TrustManager trustAllCertificates = new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // I do nothing because the way to say "OK" is not to throw // a CertificateException } @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // I do nothing because the way to say "OK" is not to throw // a CertificateException } }; TrustManager[] trustAllCertificatesArray = { trustAllCertificates }; SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCertificatesArray, new java.security.SecureRandom()); HostnameVerifier allHostsValid = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; // I always say 'OK' } }; HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } catch (NoSuchAlgorithmException | KeyManagementException e) { throw new IllegalStateException("Something strange happened here", e); } }
From source file:wptools.lib.Misc.java
/** * Bypass the normal SSL certificate authentication. If the passed * fingerprint is null, bypasses all authentication (dangerous). * Else trust anything whose chain contains a cert with the specified * fingerprint.//from w w w .ja va 2s . c o m * @param fing Fingerprint */ public static void bypassSslAuth(final byte[] fing) { // Determine fingerprint type from its length final String type; if (fing == null) { type = null; } else { switch (fing.length) { case MD5_LEN: type = "MD5"; break; case SHA1_LEN: type = "SHA-1"; break; case SHA256_LEN: type = "SHA-256"; break; default: throw new IllegalArgumentException("Invalid hash."); } } // Create a trust manager TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException { matchFing(certs); } public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { matchFing(certs); } private void matchFing(X509Certificate[] certs) throws CertificateException { if (fing == null) return; MessageDigest md = null; try { md = MessageDigest.getInstance(type); } catch (NoSuchAlgorithmException e) { throw new CertificateException(e); } for (X509Certificate cert : certs) { md.reset(); if (Arrays.equals(md.digest(cert.getEncoded()), fing)) return; } throw new CertificateException("No matching fingerprint found."); } } }; // Install the trust manager SSLContext sc = null; try { sc = SSLContext.getInstance("SSL"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } // Create empty HostnameVerifier HostnameVerifier hv = new HostnameVerifier() { public boolean verify(String arg0, SSLSession arg1) { return true; } }; try { sc.init(null, trustAllCerts, new java.security.SecureRandom()); } catch (KeyManagementException e) { throw new RuntimeException(e); } HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(hv); }
From source file:net.bluemix.newsaggregator.api.AuthenticationServlet.java
static public void configureSSL() { // note that it's not adviced to use this in a production application // you should overwrite the X509TrustManager to use a cacerts file (list of trusted signers) try {/*from w ww . ja va 2 s . com*/ SSLContext sslContext = SSLContext.getInstance("SSL_TLSv2"); sslContext.init(null, new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }, new SecureRandom()); Executor.unregisterScheme("https"); SSLSocketFactory sslSocketFactory = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Executor.registerScheme(new Scheme("https", 443, sslSocketFactory)); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } catch (KeyManagementException | NoSuchAlgorithmException e) { e.printStackTrace(); } }
From source file:com.esri.geoevent.test.performance.bds.BdsEventConsumer.java
private void trustAll() { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override/*from w w w. j a v a2 s .com*/ public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (GeneralSecurityException e) { System.out.println("Oops"); } }
From source file:net.sf.jsignpdf.ssl.SSLInitializer.java
/** * @param options//from w ww .j ava2 s . co m * @throws NoSuchAlgorithmException * @throws IOException * @throws CertificateException * @throws KeyStoreException * @throws KeyManagementException * @throws UnrecoverableKeyException */ public static void init(BasicSignerOptions options) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException { KeyManager[] km = null; if (options != null && options.getTsaServerAuthn() == ServerAuthentication.CERTIFICATE) { char[] pwd = null; if (StringUtils.isNotEmpty(options.getTsaCertFilePwd())) { pwd = options.getTsaCertFilePwd().toCharArray(); } LOGGER.info(Constants.RES.get("ssl.keymanager.init", options.getTsaCertFile())); final String ksType = StringUtils.defaultIfBlank(options.getTsaCertFileType(), "PKCS12"); KeyStore keyStore = KeyStoreUtils.loadKeyStore(ksType, options.getTsaCertFile(), pwd); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, pwd); km = keyManagerFactory.getKeyManagers(); } SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(km, TRUST_MANAGERS, null); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); }
From source file:it.publisys.liferay.hook.shibboleth.ShibbolethPostLogoutAction.java
/** * Effettua una {@link HttpURLConnection} inviando anche i cookies * * @param url url/* w ww . j a va 2s . c o m*/ * @param cookies cookies * @return response code */ private int _connect(String url, String cookies) { int responseCode = -1; try { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public void checkClientTrusted(java.security.cert.X509Certificate[] xcs, String string) throws CertificateException { } public void checkServerTrusted(java.security.cert.X509Certificate[] xcs, String string) throws CertificateException { } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception ex) { ex.printStackTrace(System.err); } HttpURLConnection connection = null; try { URL _url = new URL(url); connection = (HttpURLConnection) _url.openConnection(Proxy.NO_PROXY); connection.setRequestProperty("Cookie", cookies); connection.setReadTimeout(5000); connection.setRequestMethod("GET"); responseCode = connection.getResponseCode(); _log.info("Logout Shibb response code: " + responseCode); if (responseCode == 200 && _log.isDebugEnabled()) { BufferedReader br = null; try { br = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8")); StringBuilder _buffer = new StringBuilder(); String line = null; while ((line = br.readLine()) != null) { _buffer.append(line); } _log.debug(_buffer.toString()); } finally { if (br != null) { br.close(); } } } } catch (MalformedURLException mue) { mue.printStackTrace(System.err); } catch (IOException ioe) { ioe.printStackTrace(System.err); } finally { try { if (connection != null) { connection.disconnect(); } } catch (Exception ex) { ex.printStackTrace(System.out); } } return responseCode; }
From source file:org.openmuc.framework.driver.rest.RestConnection.java
public RestConnection(String deviceAddress, String credentials, int timeout) throws ConnectionException { this.timeout = timeout; wrapper = new JsonWrapper(); authString = new String(Base64.encodeBase64(credentials.getBytes())); if (!deviceAddress.endsWith("/")) { this.deviceAddress = deviceAddress + "/channels/"; } else {/*from w ww. ja va2 s. com*/ this.deviceAddress = deviceAddress + "channels/"; } if (deviceAddress.startsWith("https://")) { isHTTPS = true; } else { isHTTPS = false; } if (isHTTPS) { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; try { SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (KeyManagementException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); // HttpsURLConnection.setFollowRedirects(false); } }
From source file:com.dongfang.utils.OtherUtils.java
public static void trustAllSSLForHttpsURLConnection() { // Create a trust manager that does not validate certificate chains if (trustAllCerts == null) { trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }/*from w w w .ja va 2 s.c o m*/ public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; } // Install the all-trusting trust manager final SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustAllCerts, null); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } catch (Throwable e) { ULog.e(e.getMessage(), e); } HttpsURLConnection .setDefaultHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); }