List of usage examples for org.apache.http.conn.ssl NoopHostnameVerifier NoopHostnameVerifier
NoopHostnameVerifier
From source file:org.appenders.log4j2.elasticsearch.jest.JKSCertInfo.java
@Override public void applyTo(HttpClientConfig.Builder clientConfigBuilder) { try (FileInputStream keystoreFile = new FileInputStream(new File(keystorePath)); FileInputStream truststoreFile = new FileInputStream(new File(truststorePath))) { KeyStore keyStore = KeyStore.getInstance("jks"); keyStore.load(keystoreFile, keystorePassword.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); KeyStore trustStore = KeyStore.getInstance("jks"); trustStore.load(truststoreFile, truststorePassword.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // TODO: add support for hostname verification modes clientConfigBuilder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext)); clientConfigBuilder//from w ww . ja v a 2 s . co m .httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier())); } catch (IOException | GeneralSecurityException e) { throw new ConfigurationException(configExceptionMessage, e); } }
From source file:io.kamax.mxisd.invitation.InvitationManager.java
@PostConstruct private void postConstruct() { gson = new Gson(); log.info("Loading saved invites"); Collection<ThreePidInviteIO> ioList = storage.getInvites(); ioList.forEach(io -> {/* w w w .j a va2 s .c om*/ log.info("Processing invite {}", gson.toJson(io)); ThreePidInvite invite = new ThreePidInvite(new MatrixID(io.getSender()), io.getMedium(), io.getAddress(), io.getRoomId(), io.getProperties()); ThreePidInviteReply reply = new ThreePidInviteReply(getId(invite), invite, io.getToken(), ""); invitations.put(reply.getId(), reply); }); // FIXME export such madness into matrix-java-sdk with a nice wrapper to talk to a homeserver try { SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()) .build(); HostnameVerifier hostnameVerifier = new NoopHostnameVerifier(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); client = HttpClients.custom().setSSLSocketFactory(sslSocketFactory).build(); } catch (Exception e) { // FIXME do better... throw new RuntimeException(e); } log.info("Setting up invitation mapping refresh timer"); refreshTimer = new Timer(); refreshTimer.scheduleAtFixedRate(new TimerTask() { @Override public void run() { try { lookupMappingsForInvites(); } catch (Throwable t) { log.error("Error when running background mapping refresh", t); } } }, 5000L, TimeUnit.MILLISECONDS.convert(cfg.getResolution().getTimer(), TimeUnit.MINUTES)); }
From source file:org.janusgraph.diskstorage.es.rest.util.SSLConfigurationCallback.java
@Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { final SSLContext sslcontext; final TrustStrategy trustStrategy = allowSelfSignedCertificates ? new TrustSelfSignedStrategy() : null; try {/*from ww w. ja v a 2 s . c o m*/ if (StringUtils.isNotEmpty(trustStoreFile)) { sslContextBuilder.loadTrustMaterial(new File(trustStoreFile), trustStorePassword.toCharArray(), trustStrategy); } else { sslContextBuilder.loadTrustMaterial(trustStrategy); } } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException e) { throw new RuntimeException("Invalid trust store file " + trustStoreFile, e); } catch (IOException e) { throw new RuntimeException("Unable to load trust store data from " + trustStoreFile, e); } try { if (StringUtils.isNotEmpty(keyStoreFile)) { sslContextBuilder.loadKeyMaterial(new File(keyStoreFile), keyStorePassword.toCharArray(), keyPassword.toCharArray()); } } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException e) { throw new RuntimeException("Invalid key store file " + keyStoreFile, e); } catch (IOException e) { throw new RuntimeException("Unable to load key store data from " + keyStoreFile, e); } try { sslcontext = sslContextBuilder.build(); } catch (KeyManagementException | NoSuchAlgorithmException e) { throw new RuntimeException("SSL context initialization failed", e); } httpClientBuilder.setSSLContext(sslcontext); if (disableHostNameVerification) { httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier()); } return httpClientBuilder; }
From source file:org.appenders.log4j2.elasticsearch.jest.PEMCertInfo.java
@Override public void applyTo(HttpClientConfig.Builder builder) { if (java.security.Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }/*from ww w . j a va 2 s . co m*/ try (FileInputStream clientCert = new FileInputStream(new File(clientCertPath)); FileInputStream key = new FileInputStream(new File(keyPath)); FileInputStream certificateAuthoritiies = new FileInputStream(new File(caPath))) { KeyStore keyStore = PemReader.loadKeyStore(clientCert, key, Optional.ofNullable(keyPassphrase)); KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, keyPassphrase.toCharArray()); KeyStore trustStore = PemReader.loadTrustStore(certificateAuthoritiies); TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(trustStore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // TODO: add support for hostname verification modes builder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext)); builder.httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier())); } catch (IOException | GeneralSecurityException e) { throw new ConfigurationException(configExceptionMessage, e); } }
From source file:org.obiba.mica.core.service.AgateRestService.java
/** * Do not check anything from the remote host (Agate server is trusted). * * @return//from ww w . j a v a 2s .c om * @throws NoSuchAlgorithmException * @throws KeyManagementException */ private SSLConnectionSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException { // Accepts any SSL certificate TrustManager tm = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[] { tm }, null); return new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()); }
From source file:com.cloudera.nav.sdk.client.SSLUtils.java
/** * If SSL validation is disabled then return a HostnameVerifier that accepts * everything. Otherwise, return the override HostnameVerifier in the config * if specified, or return a new DefaultHostnameVerifier * * @param config// ww w . jav a2s. co m */ public static HostnameVerifier getHostnameVerifier(ClientConfig config) { if (config.isDisableSSLValidation()) { return new NoopHostnameVerifier(); } if (config.getOverrideHostnameVerifier() == null) { return new DefaultHostnameVerifier(); } else { return config.getOverrideHostnameVerifier(); } }
From source file:org.springframework.cloud.dataflow.server.service.impl.validation.DockerRegistryValidator.java
private RestTemplate configureRestTemplate() { CloseableHttpClient httpClient = HttpClients.custom().setSSLHostnameVerifier(new NoopHostnameVerifier()) .build();//from w w w.j a v a 2s.c om HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); requestFactory.setHttpClient(httpClient); requestFactory.setConnectTimeout(dockerValidatiorProperties.getConnectTimeoutInMillis()); requestFactory.setReadTimeout(dockerValidatiorProperties.getReadTimeoutInMillis()); RestTemplate restTemplate = new RestTemplate(requestFactory); return restTemplate; }
From source file:org.springframework.cloud.dataflow.rest.util.HttpClientConfigurer.java
/** * Sets the client's {@link javax.net.ssl.SSLContext} to use * {@link HttpUtils#buildCertificateIgnoringSslContext()}. * * @return a reference to {@code this} to enable chained method invocation *//*from ww w . j ava 2 s . c o m*/ public HttpClientConfigurer skipTlsCertificateVerification() { httpClientBuilder.setSSLContext(HttpUtils.buildCertificateIgnoringSslContext()); httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier()); return this; }
From source file:com.nike.cerberus.vault.VaultAdminClientFactory.java
public VaultAdminClient getClient(final String vaultRootToken, final String hostname) { final ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) .tlsVersions(TlsVersion.TLS_1_2) .cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) .build();/*w ww . j a v a 2 s .co m*/ final OkHttpClient httpClient = new OkHttpClient.Builder().hostnameVerifier(new NoopHostnameVerifier()) .connectionSpecs(Lists.newArrayList(spec)).proxy(proxy) .connectTimeout(DEFAULT_TIMEOUT, DEFAULT_TIMEOUT_UNIT) .writeTimeout(DEFAULT_TIMEOUT, DEFAULT_TIMEOUT_UNIT) .readTimeout(DEFAULT_TIMEOUT, DEFAULT_TIMEOUT_UNIT).build(); return new VaultAdminClient(new StaticVaultUrlResolver(toVaultUrl(hostname)), new RootCredentialsProvider(vaultRootToken), httpClient); }
From source file:com.intuit.karate.http.apache.ApacheHttpClient.java
@Override public void configure(HttpConfig config) { clientBuilder = HttpClientBuilder.create(); cookieStore = new BasicCookieStore(); clientBuilder.setDefaultCookieStore(cookieStore); AtomicInteger counter = new AtomicInteger(); clientBuilder.addInterceptorLast(new RequestLoggingInterceptor(counter)); clientBuilder.addInterceptorLast(new ResponseLoggingInterceptor(counter)); if (config.isSslEnabled()) { // System.setProperty("jsse.enableSNIExtension", "false"); String sslAlgorithm = config.getSslAlgorithm(); logger.info("ssl enabled, initializing generic trusted certificate / key-store with algorithm: {}", sslAlgorithm);// w w w. j ava 2s . c o m SSLContext sslContext = HttpUtils.getSslContext(sslAlgorithm); SSLConnectionSocketFactory socketFactory = new LenientSslConnectionSocketFactory(sslContext, new NoopHostnameVerifier()); clientBuilder.setSSLSocketFactory(socketFactory); } RequestConfig.Builder configBuilder = RequestConfig.custom().setConnectTimeout(config.getConnectTimeout()) .setSocketTimeout(config.getReadTimeout()); clientBuilder.setDefaultRequestConfig(configBuilder.build()); if (config.getProxyUri() != null) { try { URI proxyUri = new URIBuilder(config.getProxyUri()).build(); clientBuilder.setProxy(new HttpHost(proxyUri.getHost(), proxyUri.getPort(), proxyUri.getScheme())); if (config.getProxyUsername() != null && config.getProxyPassword() != null) { CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(new AuthScope(proxyUri.getHost(), proxyUri.getPort()), new UsernamePasswordCredentials(config.getProxyUsername(), config.getProxyPassword())); clientBuilder.setDefaultCredentialsProvider(credsProvider); } } catch (Exception e) { throw new RuntimeException(e); } } }