List of usage examples for org.apache.http.conn.ssl SSLSocketFactory SSLSocketFactory
public SSLSocketFactory(final javax.net.ssl.SSLSocketFactory socketfactory, final X509HostnameVerifier hostnameVerifier)
From source file:org.wso2.carbon.appfactory.jenkins.build.RestBasedJenkinsCIConnector.java
/** * Create the HttpContext and disable host verification * * @return//from w w w . j ava 2s . c o m * @throws AppFactoryException */ public HttpContext getHttpContext() throws AppFactoryException { HttpContext httpContext = new BasicHttpContext(); if (this.allowAllHostNameVerifier) { SSLContext sslContext; try { sslContext = SSLContext.getInstance(SSLSocketFactory.TLS); sslContext.init(null, null, null); } catch (KeyManagementException e) { String msg = "Error while initializing ssl context for http client"; log.error(msg, e); throw new AppFactoryException(msg, e); } catch (NoSuchAlgorithmException e) { String msg = "Error while initializing ssl context for http client"; log.error(msg, e); throw new AppFactoryException(msg, e); } SSLSocketFactory sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); Scheme sch = new Scheme("https", 443, sf); httpClient.getConnectionManager().getSchemeRegistry().register(sch); } return httpContext; }
From source file:com.itude.mobile.mobbl.core.services.datamanager.handlers.MBRESTServiceDataHandler.java
private void allowAnyCertificate(HttpClient httpClient) throws KeyManagementException, NoSuchAlgorithmException { SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { @Override/*from w w w . j av a 2 s .c om*/ public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[] { tm }, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ClientConnectionManager ccm = httpClient.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("https", 443, ssf)); }
From source file:org.xmlsh.internal.commands.http.java
private void disableTrust(DefaultHttpClient client, String disableTrustProto) throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { SSLSocketFactory socketFactory = new SSLSocketFactory(new TrustStrategy() { @Override//from w ww . j av a 2 s . c o m public boolean isTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { // TODO Auto-generated method stub return false; } }, org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); int port = client.getConnectionManager().getSchemeRegistry().getScheme(disableTrustProto).getDefaultPort(); client.getConnectionManager().getSchemeRegistry() .register(new Scheme(disableTrustProto, port, socketFactory)); }
From source file:org.eclipse.skalli.core.destination.DestinationComponent.java
private void initializeConnectionManager() { connectionManager = new ThreadSafeClientConnManager(); connectionManager.setMaxTotal(MAX_TOTAL_CONNECTIONS); connectionManager.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE); SSLContext sslContext = getSSLContext(); try {//from ww w .j av a 2s.c o m sslContext.init(null, new TrustManager[] { new AlwaysTrustX509Manager() }, null); } catch (KeyManagementException e) { // should not happen since we do not use any keystore throw new IllegalStateException("Failed to initialize SSL context", e); } SSLSocketFactory socketFactory = new SSLSocketFactory(sslContext, new AllowAllHostnamesVerifier()); SchemeRegistry schemeRegistry = connectionManager.getSchemeRegistry(); schemeRegistry.register(new Scheme(HTTPS, 443, socketFactory)); }
From source file:com.magnet.tools.tests.RestStepDefs.java
/** * @return get a test http client that trusts all certs *///www .ja v a 2 s .c om private static CloseableHttpClient getTestHttpClient(URI uri) { String scheme = uri.getScheme(); int port = uri.getPort(); if (scheme.toLowerCase().equals("https")) { try { SSLSocketFactory sf = new SSLSocketFactory(new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }, new AllowAllHostnameVerifier()); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("https", port, sf)); ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry); return new DefaultHttpClient(ccm); } catch (Exception e) { e.printStackTrace(); return new DefaultHttpClient(); } } else { return new DefaultHttpClient(); } }
From source file:com.naryx.tagfusion.cfm.http.cfHttpConnection.java
private DefaultHttpClient getHttpClient(File pKeyFile, String pKeyPassword) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException, KeyManagementException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream keyInput = null;//from www . ja v a 2s .c o m try { keyInput = new FileInputStream(pKeyFile); keyStore.load(keyInput, pKeyPassword.toCharArray()); } finally { if (keyInput != null) try { keyInput.close(); } catch (IOException ignored) { } } keyManagerFactory.init(keyStore, pKeyPassword.toCharArray()); SSLSocketFactory sf = new SSLSocketFactory(keyStore, pKeyPassword); sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); HttpParams params = new BasicHttpParams(); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(params, HTTP.UTF_8); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); registry.register(new Scheme("https", sf, 443)); ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry); return new DefaultHttpClient(ccm, params); }
From source file:org.jboss.as.test.integration.web.security.WebSecurityCERTTestCase.java
public static HttpClient wrapClient(HttpClient base, String alias) { try {//from www . j a va2 s . c o m SSLContext ctx = SSLContext.getInstance("TLS"); JBossJSSESecurityDomain jsseSecurityDomain = new JBossJSSESecurityDomain("client-cert"); jsseSecurityDomain.setKeyStorePassword("changeit"); ClassLoader tccl = Thread.currentThread().getContextClassLoader(); URL keystore = tccl.getResource("security/client.keystore"); jsseSecurityDomain.setKeyStoreURL(keystore.getPath()); jsseSecurityDomain.setClientAlias(alias); jsseSecurityDomain.reloadKeyAndTrustStore(); KeyManager[] keyManagers = jsseSecurityDomain.getKeyManagers(); TrustManager[] trustManagers = jsseSecurityDomain.getTrustManagers(); ctx.init(keyManagers, trustManagers, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ClientConnectionManager ccm = base.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("https", 8380, ssf)); return new DefaultHttpClient(ccm, base.getParams()); } catch (Exception ex) { ex.printStackTrace(); return null; } }
From source file:com.jayway.restassured.config.SSLConfig.java
/** * Use relaxed HTTP validation. This means that you'll trust all hosts regardless if the SSL certificate is invalid. By using this * method you don't need to specify a keystore (see {@link #keystore(String, String)} or trust store (see {@link #trustStore(java.security.KeyStore)}. * * @param protocol The standard name of the requested protocol. See the SSLContext section in the <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext">Java Cryptography Architecture Standard Algorithm Name Documentation</a> for information about standard protocol names. * @return A new SSLConfig instance//from w w w. j a v a 2 s. co m */ public SSLConfig relaxedHTTPSValidation(String protocol) { notNull(protocol, "Protocol"); SSLContext sslContext; try { sslContext = SSLContext.getInstance(protocol); } catch (NoSuchAlgorithmException e) { return SafeExceptionRethrower.safeRethrow(e); } // Set up a TrustManager that trusts everything try { sslContext.init(null, new TrustManager[] { new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }, new SecureRandom()); } catch (KeyManagementException e) { return SafeExceptionRethrower.safeRethrow(e); } SSLSocketFactory sf = new SSLSocketFactory(sslContext, ALLOW_ALL_HOSTNAME_VERIFIER); return sslSocketFactory(sf); }
From source file:code.google.restclient.core.Hitter.java
private Scheme getSSLScheme(boolean disableVerifyCert, boolean disableVerifyHost) throws NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, KeyStoreException { SSLSocketFactory sslFactory = null; if (isUseSelfSignedCertVerifier()) { TrustSelfSignedStrategy selfSignedStrategy = new TrustSelfSignedStrategy(); // AllowAllHostnameVerifier doesn't verify host names contained in SSL certificate. It should not be set in // production environment. It may allow man in middle attack. Other host name verifiers for specific needs // are StrictHostnameVerifier and BrowserCompatHostnameVerifier. if (disableVerifyHost) sslFactory = new SSLSocketFactory(selfSignedStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); else//from w ww . j av a2 s.co m sslFactory = new SSLSocketFactory(selfSignedStrategy); // BROWSER_COMPATIBLE_HOSTNAME_VERIFIER is used by default } else { SSLContext sslContext = SSLContext.getInstance("TLS"); if (disableVerifyCert) sslContext.init(null, new TrustManager[] { getNoCheckTrustManager() }, null); else sslContext.init(null, null, null); if (disableVerifyHost) sslFactory = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); else sslFactory = new SSLSocketFactory(sslContext); } return new Scheme("https", RCConstants.SSL_SOCKET_PORT, sslFactory); }
From source file:com.amazonaws.client.service.AmazonHttpClient.java
/** * Disables the default strict hostname verification in this client and * instead uses a browser compatible hostname verification strategy (i.e. * cert hostname wildcards are evaulated more liberally). *///from w ww. ja v a2s. c o m public void disableStrictHostnameVerification() { /* * If SSL cert checking for endpoints is disabled, we don't need * to do any changes to the SSL context. */ if (System.getProperty(DISABLE_CERT_CHECKING_SYSTEM_PROPERTY) != null) { return; } try { SchemeRegistry schemeRegistry = httpClient.getConnectionManager().getSchemeRegistry(); SSLSocketFactory sf = new SSLSocketFactory(SSLContext.getDefault(), SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); Scheme https = new Scheme("https", 443, sf); schemeRegistry.register(https); } catch (NoSuchAlgorithmException e) { throw new AmazonClientException( "Unable to access default SSL context to disable strict hostname verification"); } }