SslUtil.java example

Explorer
manager.v3-master
- projects
// Copyright 2009 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.enterprise.connector.util;

import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * Utility methods for SSL.
 *
 * @since 2.8
 */
public class SslUtil {
  /** An all-trusting TrustManager for SSL URL validation. */
  private static final TrustManager[] trustAllCerts =
      new TrustManager[] {
          new X509TrustManager() {
              public X509Certificate[] getAcceptedIssuers() {
                  return null;
              }
              public void checkServerTrusted(
                  X509Certificate[] certs, String authType) {
                    return;
              }
              public void checkClientTrusted(
                  X509Certificate[] certs, String authType) {
                    return;
              }
          }
      };

  /** An all-trusting HostnameVerifier for SSL URL validation. */
  private static final HostnameVerifier trustAllHosts =
      new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
          return true;
        }
      };

  private static SSLSocketFactory getTrustingFactory()
      throws GeneralSecurityException {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, null);
    return sc.getSocketFactory();
  }

  /**
   * Replaces the default {@code TrustManager} for this
   * connection with one that trusts all certificates, and the default
   * {@code HostnameVerifier} with one that accepts all
   * hostnames.
   *
   * @param conn the HTTPS URL connection
   * @throws GeneralSecurityException if an error occurs setting the properties
   */
  public static void setTrustingHttpsOptions(HttpsURLConnection conn)
      throws GeneralSecurityException {
    conn.setSSLSocketFactory(getTrustingFactory());
    conn.setHostnameVerifier(trustAllHosts);
  }

  /**
   * Replaces the default SSLSocketFactory with one that doesn't verify
   * certificates
   * @return original socket factory
   */
  public static SSLSocketFactory setTrustingDefaultHttpsSocketFactory() {
    SSLSocketFactory original = null;
    SSLSocketFactory factory = null;
    try {
      original = HttpsURLConnection.getDefaultSSLSocketFactory();
      factory = getTrustingFactory();
    } catch (GeneralSecurityException e) {
    }
    if (factory != null) {
      HttpsURLConnection.setDefaultSSLSocketFactory(factory);
      return original;
    } else {
      return null;
    }
  }
  /**
   * Replaces the default HTTPS hostname verifier with one that trusts all
   * hosts
   * @return original hostname verifier
   */
  public static HostnameVerifier setTrustingDefaultHostnameVerifier() {
    HostnameVerifier original = HttpsURLConnection.getDefaultHostnameVerifier();
    HttpsURLConnection.setDefaultHostnameVerifier(trustAllHosts);
    return original;
  }

  /** Prevents instantiation. */
  private SslUtil() {
    throw new AssertionError();
  }
}