List of usage examples for javax.net.ssl X509TrustManager X509TrustManager
X509TrustManager
From source file:org.wso2.carbon.identity.sso.agent.bean.SSOAgentConfig.java
private TrustManager[] doSSLVerification() throws Exception { TrustManager[] trustManagers = null; if (this.getEnableSSLVerification()) { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(this.getKeyStore()); trustManagers = tmf.getTrustManagers(); } else {/* w ww . ja v a2 s . co m*/ // Create a trust manager that does not validate certificate chains trustManagers = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; } return trustManagers; }
From source file:uk.ac.bbsrc.tgac.miso.core.manager.ERASubmissionManager.java
/** * Builds a "trusting" trust manager. This is totally horrible and basically ignores everything that SSL stands for. * This allows connection to self-signed certificate hosts, bypassing the normal validation exceptions that occur. * <p/>//from w w w.jav a 2 s . co m * Use at your own risk - again, this is horrible! */ public DefaultHttpClient getEvilTrustingTrustManager(DefaultHttpClient httpClient) { try { // First create a trust manager that won't care about any SSL self-cert problems - eurgh! X509TrustManager trustManager = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { log.warn("BYPASSING CLIENT TRUSTED CHECK!"); } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { log.warn("BYPASSING SERVER TRUSTED CHECK!"); } public X509Certificate[] getAcceptedIssuers() { log.warn("BYPASSING CERTIFICATE ISSUER CHECKS!"); return null; } }; // Now put the trust manager into an SSLContext SSLContext sslcontext = SSLContext.getInstance("TLS"); sslcontext.init(null, new TrustManager[] { trustManager }, null); SSLSocketFactory sf = new SSLSocketFactory(sslcontext); sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); // If you want a thread safe client, use the ThreadSafeConManager, but // otherwise just grab the one from the current client, and get hold of its // schema registry. THIS IS THE KEY THING. ClientConnectionManager ccm = httpClient.getConnectionManager(); SchemeRegistry schemeRegistry = ccm.getSchemeRegistry(); // Register our new socket factory with the typical SSL port and the // correct protocol name. schemeRegistry.register(new Scheme("https", sf, 443)); // Finally, apply the ClientConnectionManager to the Http Client // or, as in this example, create a new one. return new DefaultHttpClient(ccm, httpClient.getParams()); } catch (Throwable t) { log.warn("Something nasty happened with the EvilTrustingTrustManager. Warranty is null and void!"); t.printStackTrace(); return null; } }
From source file:com.groupon.odo.bmp.BrowserMobProxyHandler.java
/** * Returns a OkHttpClient that ignores SSL cert errors * @return// w ww. ja v a 2 s .co m */ private static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient okHttpClient = new OkHttpClient(); okHttpClient.setSslSocketFactory(sslSocketFactory); okHttpClient.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } }
From source file:com.ibm.team.build.internal.hjplugin.util.HttpUtils.java
private static synchronized SSLConnectionSocketFactory getSSLConnectionSocketFactory() throws GeneralSecurityException { if (SSL_CONNECTION_SOCKET_FACTORY == null) { /** Create a trust manager that does not validate certificate chains */ TrustManager trustManager = new X509TrustManager() { public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { /** Ignore Method Call */ }/* w w w. jav a2 s . co m*/ public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { /** Ignore Method Call */ } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } }; SSLContext sslContext = SSLContextUtil.createSSLContext(trustManager); SSL_CONNECTION_SOCKET_FACTORY = new SSLConnectionSocketFactory(sslContext, new X509HostnameVerifier() { @Override public void verify(String host, SSLSocket ssl) throws IOException { } @Override public void verify(String host, X509Certificate cert) throws SSLException { } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { } @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); } return SSL_CONNECTION_SOCKET_FACTORY; }
From source file:org.wso2.carbon.apimgt.core.impl.AMDefaultKeyManagerImpl.java
private static void createSSLConnection() throws NoSuchAlgorithmException, java.security.KeyManagementException { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; }// ww w. j av a 2 s.c o m public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); }
From source file:orca.shirako.container.RemoteRegistryCache.java
/** * set up client-side SSL parameters// w w w . j a v a 2 s . c o m */ public static void configureSSL() { if (configuredSSL) { return; } configuredSSL = true; registryUrl = Globals.getContainer().getConfiguration().getProperty(OrcaContainer.PropertyRegistryUrl); if (registryUrl == null) { Globals.Log.info("No external registry is specified."); return; } URL registryURL = null; try { registryURL = new URL(registryUrl); } catch (MalformedURLException e) { Globals.Log.info("Unable to parse registry URL: " + registryUrl); return; } // load registry cert fingerprint Globals.Log.debug("Loading registry certificate fingerprint"); String registryCertFingerprint = Globals.getContainer().getConfiguration() .getProperty(OrcaContainer.PropertyRegistryCertFingerprint); if (registryCertFingerprint == null) { Globals.Log.info( "Registry certificate fingerprint property (" + OrcaContainer.PropertyRegistryCertFingerprint + ") is not specified, skipping registry SSL configuration"); return; } // convert to byte array String[] fingerPrintBytes = registryCertFingerprint.split(":"); for (int i = 0; i < 16; i++) registryCertDigest[i] = (byte) (Integer.parseInt(fingerPrintBytes[i], 16) & 0xFF); // Create a trust manager that does not validate certificate chains TrustManager[] trustRegistryCert = new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { // return 0 size array, not null, per spec return new X509Certificate[0]; } public void checkClientTrusted(X509Certificate[] certs, String authType) { // Trust always } public void checkServerTrusted(X509Certificate[] certs, String authType) { // Trust always MessageDigest md = null; try { md = MessageDigest.getInstance("MD5"); if (certs.length == 0) throw new CertificateException(); byte[] certDigest = md.digest(certs[0].getEncoded()); if (!Arrays.equals(certDigest, registryCertDigest)) { Globals.Log.error( "Certificate presented by registry does not match local copy, communications with registry is not possible"); sslError = true; if (threadStarted) RemoteRegistryCache.getInstance().stop(); ActorLiveness.allStop(); throw new CertificateException(); } } catch (NoSuchAlgorithmException e) { } catch (Exception e) { Globals.Log .error("Unable to compare server certificate digest to the existing registry digest: " + e.toString()); sslError = true; if (threadStarted) RemoteRegistryCache.getInstance().stop(); ActorLiveness.allStop(); } } } }; Globals.Log.info("Creating a multikey manager for registry communications"); // create multikeymanager mkm = new MultiKeyManager(); // register a new protocol ContextualSSLProtocolSocketFactory regSslFact = new ContextualSSLProtocolSocketFactory(); // add this multikey context factory for the registry host/port regSslFact.addHostContextFactory(new MultiKeySSLContextFactory(mkm, trustRegistryCert), registryURL.getHost(), registryURL.getPort()); // register the protocol (Note: All xmlrpc clients must use XmlRpcCommonsTransportFactory // for this to work). See ContextualSSLProtocolSocketFactory. Protocol reghhttps = new Protocol("https", (ProtocolSocketFactory) regSslFact, 443); Protocol.registerProtocol("https", reghhttps); }
From source file:com.example.android.networkconnect.MainActivity.java
private static void trustAllHosts() { X509TrustManager easyTrustManager = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Oh, I am easy! }//from www . java 2 s .c o m public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // Oh, I am easy! } public X509Certificate[] getAcceptedIssuers() { return null; } }; // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { easyTrustManager }; // Install the all-trusting trust manager try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { e.printStackTrace(); } }
From source file:com.trsst.Common.java
/** * Most trsst nodes run with self-signed certificates, so by default we * accept them. While posts are still signed and/or encrypted, a MITM can * still refuse our out-going posts and suppress incoming new ones, but this * the reason to relay with many trsst servers. Use the -strict option to * require CA-signed certificates. Note that nowadays CA-signed certs are no * guarantee either./* w ww. j av a2 s . c o m*/ */ public static void enableAnonymousSSL() { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; SSLContext sc; try { sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (NoSuchAlgorithmException e) { log.error("Can't get SSL context", e); } catch (KeyManagementException e) { log.error("Can't set SSL socket factory", e); } // Create all-trusting host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }; // Install the all-trusting host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); // For apache http client Protocol anonhttps = new Protocol("https", (ProtocolSocketFactory) new AnonymSSLSocketFactory(), 443); // Protocol.registerProtocol("https", anonhttps); }
From source file:com.lp.alm.lyo.client.oslc.OslcClient.java
private void setupSSLSupport() { ClientConnectionManager connManager = httpClient.getConnectionManager(); SchemeRegistry schemeRegistry = connManager.getSchemeRegistry(); schemeRegistry.unregister("https"); /** Create a trust manager that does not validate certificate chains */ TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override//from w ww . j a va2 s . co m public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { /** Ignore Method Call */ } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { /** Ignore Method Call */ } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } } }; try { SSLContext sc = findInstalledSecurityContext(); if (trustManagers == null) { trustManagers = trustAllCerts; } if (hostnameVerifier == null) { hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; } sc.init(null, trustManagers, new java.security.SecureRandom()); SSLSocketFactory sf = new SSLSocketFactory(sc, hostnameVerifier); Scheme https = new Scheme("https", 443, sf); //$NON-NLS-1$ schemeRegistry.register(https); } catch (NoSuchAlgorithmException e) { /* Fail Silently */ } catch (KeyManagementException e) { /* Fail Silently */ } }