Java Examples for org.apache.http.ssl.SSLContextBuilder
The following java examples will help you to understand the usage of org.apache.http.ssl.SSLContextBuilder. These source code samples are taken from different open source projects.
Example 1
| Project: spring-xd-master File: SecuredShellAccessWithSslTests.java View source code |
@Test
public void testSpringXDTemplate() throws Exception {
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("admin", "whosThere"));
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(HttpClientBuilder.create().setDefaultCredentialsProvider(credentialsProvider).setSSLSocketFactory(new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build())).build());
SpringXDTemplate template = new SpringXDTemplate(requestFactory, new URI("https://localhost:" + adminPort));
PagedResources<ModuleDefinitionResource> moduleDefinitions = template.moduleOperations().list(RESTModuleType.sink);
assertThat(moduleDefinitions.getLinks().size(), greaterThan(0));
}Example 2
| Project: core-ng-project-master File: HTTPClientBuilder.java View source code |
public HTTPClient build() {
StopWatch watch = new StopWatch();
try {
HttpClientBuilder builder = HttpClients.custom();
builder.setUserAgent(userAgent);
builder.setKeepAliveStrategy(( response, context) -> keepAliveTimeout.toMillis());
builder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSSLContext(new SSLContextBuilder().loadTrustMaterial(TrustSelfSignedStrategy.INSTANCE).build());
// builder use PoolingHttpClientConnectionManager by default, and connTimeToLive will be set by keepAlive value
builder.setDefaultSocketConfig(SocketConfig.custom().setSoKeepAlive(true).build());
builder.setDefaultRequestConfig(RequestConfig.custom().setSocketTimeout((int) timeout.toMillis()).setConnectionRequestTimeout((int) timeout.toMillis()).setConnectTimeout((int) timeout.toMillis()).build());
builder.setMaxConnPerRoute(maxConnections).setMaxConnTotal(maxConnections);
builder.disableAuthCaching();
builder.disableConnectionState();
// retry should be handled in framework level with better trace log
builder.disableAutomaticRetries();
if (!enableRedirect)
builder.disableRedirectHandling();
if (!enableCookie)
builder.disableCookieManagement();
CloseableHttpClient httpClient = builder.build();
return new HTTPClient(httpClient, userAgent, slowOperationThreshold);
} catch (NoSuchAlgorithmExceptionKeyManagementException | KeyStoreException | e) {
throw new Error(e);
} finally {
logger.info("create http client, elapsedTime={}", watch.elapsedTime());
}
}Example 3
| Project: building-microservices-master File: BasicHttpsSecurityApplicationTests.java View source code |
private SSLConnectionSocketFactory socketFactory() throws Exception {
char[] password = "password".toCharArray();
KeyStore truststore = KeyStore.getInstance("PKCS12");
truststore.load(new ClassPathResource("rod.p12").getInputStream(), password);
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadKeyMaterial(truststore, password);
builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
return new SSLConnectionSocketFactory(builder.build(), new NoopHostnameVerifier());
}Example 4
| Project: gocd-master File: GoAgentServerHttpClientBuilder.java View source code |
public CloseableHttpClient build() throws Exception {
HttpClientBuilder builder = HttpClients.custom();
builder.setDefaultSocketConfig(SocketConfig.custom().setTcpNoDelay(true).setSoKeepAlive(true).build()).setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE);
HostnameVerifier hostnameVerifier = sslVerificationMode.verifier();
TrustStrategy trustStrategy = sslVerificationMode.trustStrategy();
KeyStore trustStore = agentTruststore();
SSLContextBuilder sslContextBuilder = SSLContextBuilder.create().useProtocol(systemEnvironment.get(SystemEnvironment.GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT));
if (trustStore != null || trustStrategy != null) {
sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy);
}
sslContextBuilder.loadKeyMaterial(agentKeystore(), keystorePassword().toCharArray());
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier);
builder.setSSLSocketFactory(sslConnectionSocketFactory);
return builder.build();
}Example 5
| Project: pact-master File: InsecureHttpsRequest.java View source code |
private void setupInsecureSSL() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClientBuilder b = HttpClientBuilder.create();
// setup a Trust Strategy that allows all certificates.
//
TrustStrategy trustStrategy = ( chain, authType) -> true;
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build();
b.setSSLContext(sslContext);
// don't check Hostnames, either.
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
HostnameVerifier hostnameVerifier = new NoopHostnameVerifier();
// here's the special part:
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
// -- and create a Registry, to register it.
//
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
// now, we create connection-manager using our Registry.
// -- allows multi-threaded use
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
b.setConnectionManager(connMgr);
// finally, build the HttpClient;
// -- done!
this.httpclient = b.build();
}Example 6
| Project: RestIt-master File: UsingHttpsTest.java View source code |
/**
* Helper which returns HTTP client configured for https session
*/
private HttpClient sslReadyHttpClient() throws GeneralSecurityException {
final SSLContext context = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(context);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
return HttpClientBuilder.create().setDefaultRequestConfig(custom().setConnectionRequestTimeout(10000).build()).setConnectionManager(new PoolingHttpClientConnectionManager(registry)).setSSLSocketFactory(socketFactory).build();
}Example 7
| Project: armeria-master File: ThriftOverHttp1Test.java View source code |
@Override
protected TTransport newTransport(String uri, HttpHeaders headers) throws TTransportException {
final SSLContext sslContext;
try {
sslContext = SSLContextBuilder.create().loadTrustMaterial((TrustStrategy) ( chain, authType) -> true).build();
} catch (GeneralSecurityException e) {
throw new TTransportException("failed to initialize an SSL context", e);
}
final THttpClient client = new THttpClient(uri, HttpClientBuilder.create().setSSLContext(sslContext).build());
client.setCustomHeaders(headers.names().stream().collect(toImmutableMap(AsciiString::toString, name -> String.join(", ", headers.getAll(name)))));
return client;
}Example 8
| Project: web-framework-master File: DropwizardSSLConnectionSocketFactory.java View source code |
private SSLContext buildSslContext() throws SSLInitializationException {
final SSLContext sslContext;
try {
final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.useProtocol(configuration.getProtocol());
loadKeyMaterial(sslContextBuilder);
loadTrustMaterial(sslContextBuilder);
sslContext = sslContextBuilder.build();
} catch (Exception e) {
throw new SSLInitializationException(e.getMessage(), e);
}
return sslContext;
}Example 9
| Project: wildfly-core-master File: SSLTruststoreUtil.java View source code |
public static HttpClient getHttpClientWithSSL(File keyStoreFile, String keyStorePassword, File trustStoreFile, String trustStorePassword) {
try {
SSLContextBuilder sslContextBuilder = SSLContexts.custom().useProtocol("TLS").loadTrustMaterial(trustStoreFile, trustStorePassword.toCharArray());
if (keyStoreFile != null) {
sslContextBuilder.loadKeyMaterial(keyStoreFile, keyStorePassword.toCharArray(), keyStorePassword.toCharArray());
}
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", socketFactory).build();
return HttpClientBuilder.create().setSSLSocketFactory(socketFactory).setSSLHostnameVerifier(//.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
NoopHostnameVerifier.INSTANCE).setConnectionManager(new PoolingHttpClientConnectionManager(registry)).setSchemePortResolver(new DefaultSchemePortResolver()).build();
} catch (Exception e) {
LOGGER.error("Creating HttpClient with customized SSL failed. We are returning the default one instead.", e);
return HttpClients.createDefault();
}
}Example 10
| Project: SpiderJackson-master File: HttpClientCreater.java View source code |
/**
* 创建SSL安全连接,不验证安全性(爬虫下安全性要求不高)
* @return
*/
public static SSLConnectionSocketFactory getSSLSocketFactory() {
SSLConnectionSocketFactory sslsf = null;
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}).build();
sslsf = new SSLConnectionSocketFactory(sslContext, new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
return sslsf;
}Example 11
| Project: apiman-master File: SSLSessionStrategyFactory.java View source code |
/**
* Build an {@link SSLSessionStrategy}.
*
* @param trustStore the trust store
* @param trustStorePassword the truststore password (if any)
* @param keyStore the keystore
* @param keyStorePassword the keystore password (if any)
* @param keyAliases the key aliases that are candidates for use (if any)
* @param keyPassword the key password (if any)
* @param allowedProtocols the allowed transport protocols.
* <strong><em>Avoid specifying insecure protocols</em></strong>
* @param allowedCiphers allowed crypto ciphersuites, <tt>null</tt> to use system defaults
* @param trustSelfSigned true if self signed certificates can be trusted.
* <strong><em>Use with caution</em></strong>
* @param allowAnyHostname true if any hostname can be connected to (i.e. does not need to match
* certificate hostname). <strong><em>Do not use in production</em></strong>
* @return the connection socket factory
* @throws NoSuchAlgorithmException if the selected algorithm is not available on the system
* @throws KeyStoreException if there was a problem with the keystore
* @throws CertificateException if there was a problem with the certificate
* @throws IOException if the truststore could not be found or was invalid
* @throws KeyManagementException if there is a problem with keys
* @throws UnrecoverableKeyException if the key cannot be recovered
*/
public static SSLSessionStrategy build(String trustStore, String trustStorePassword, String keyStore, String keyStorePassword, String[] keyAliases, String keyPassword, String[] allowedProtocols, String[] allowedCiphers, boolean allowAnyHostname, boolean trustSelfSigned) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {
//$NON-NLS-1$
Args.notNull(allowedProtocols, "Allowed protocols");
//$NON-NLS-1$
Args.notNull(allowedCiphers, "Allowed ciphers");
TrustStrategy trustStrategy = trustSelfSigned ? SELF_SIGNED : null;
HostnameVerifier hostnameVerifier = allowAnyHostname ? ALLOW_ANY : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
PrivateKeyStrategy privateKeyStrategy = keyAliases == null ? null : new SelectByAlias(keyAliases);
boolean clientAuth = keyStore == null ? false : true;
SSLContextBuilder builder = SSLContexts.custom();
if (trustStore != null) {
loadTrustMaterial(builder, new File(trustStore), trustStorePassword.toCharArray(), trustStrategy);
}
if (keyStore != null) {
char[] ksp = keyStorePassword == null ? null : keyStorePassword.toCharArray();
char[] kp = keyPassword == null ? null : keyPassword.toCharArray();
loadKeyMaterial(builder, new File(keyStore), ksp, kp, privateKeyStrategy);
}
SSLContext sslContext = builder.build();
return new SSLSessionStrategy(hostnameVerifier, new CipherSelectingSSLSocketFactory(sslContext.getSocketFactory(), allowedCiphers, allowedProtocols, clientAuth));
}Example 12
| Project: ovirt-engine-sdk-java-master File: ConnectionBuilder45.java View source code |
private Registry createConnectionSocketFactoryRegistry() {
String protocol = getProtocol();
Registry registry = null;
// Create SSL/TLS or plain connection:
if (HTTP_PROTOCOL.equals(protocol)) {
ConnectionSocketFactory plainsf = PlainConnectionSocketFactory.getSocketFactory();
registry = RegistryBuilder.<ConnectionSocketFactory>create().register(HTTP_PROTOCOL, plainsf).build();
} else if (HTTPS_PROTOCOL.equals(protocol)) {
try {
LayeredConnectionSocketFactory sslsf = null;
if (this.insecure) {
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, new TrustManager[] { noCaTrustManager }, null);
sslsf = new SSLConnectionSocketFactory(sslcontext, NoopHostnameVerifier.INSTANCE);
} else {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
if (trustStoreFile != null) {
sslContextBuilder.loadTrustMaterial(new File(trustStoreFile), this.trustStorePassword != null ? this.trustStorePassword.toCharArray() : null);
}
SSLContext sslContext = sslContextBuilder.build();
sslsf = new SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier());
}
registry = RegistryBuilder.<ConnectionSocketFactory>create().register(HTTPS_PROTOCOL, sslsf).build();
} catch (NoSuchAlgorithmException e) {
throw new Error(NO_TLS_ERROR, e);
} catch (KeyManagementException e) {
throw new Error(BAD_KEY_ERROR, e);
} catch (KeyStoreException e) {
throw new Error(KEY_STORE_ERROR, e);
} catch (FileNotFoundException e) {
throw new Error(KEY_STORE_FILE_NOT_FOUND_ERROR, e);
} catch (CertificateException e) {
throw new Error(CERTIFICATE_ERROR, e);
} catch (IOException e) {
throw new Error(IO_ERROR, e);
}
} else {
throw new Error(BAD_PROTOCOL_ERROR + protocol);
}
return registry;
}Example 13
| Project: jenkins-kubernetes-plugin-master File: OpenShiftBearerTokenCredentialImpl.java View source code |
private synchronized Token refreshToken(String serviceAddress, String caCertData, boolean skipTlsVerify) throws IOException {
URI uri = null;
try {
uri = new URI(serviceAddress);
} catch (URISyntaxException e) {
throw new IOException("Invalid server URL " + serviceAddress, e);
}
final HttpClientBuilder builder = HttpClients.custom().setRedirectStrategy(NO_REDIRECT);
if (skipTlsVerify || caCertData != null) {
final SSLContextBuilder sslBuilder = new SSLContextBuilder();
HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
try {
if (skipTlsVerify) {
sslBuilder.loadTrustMaterial(null, ALWAYS);
hostnameVerifier = NoopHostnameVerifier.INSTANCE;
} else if (caCertData != null) {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
CertificateFactory f = CertificateFactory.getInstance("X509");
X509Certificate cert = (X509Certificate) f.generateCertificate(new Base64InputStream(new ByteArrayInputStream(caCertData.getBytes(StandardCharsets.UTF_8))));
ks.setCertificateEntry(uri.getHost(), cert);
sslBuilder.loadTrustMaterial(ks, null);
}
builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslBuilder.build(), hostnameVerifier));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
HttpGet authorize = new HttpGet(serviceAddress + "/oauth/authorize?client_id=openshift-challenging-client&response_type=token");
authorize.setHeader("Authorization", "Basic " + Base64.encodeBase64String((getUsername() + ':' + Secret.toString(getPassword())).getBytes(StandardCharsets.UTF_8)));
final CloseableHttpResponse response = builder.build().execute(authorize);
if (response.getStatusLine().getStatusCode() != 302) {
throw new IOException("Failed to get an OAuth access token " + response.getStatusLine().getStatusCode());
}
String location = response.getFirstHeader("Location").getValue();
String parameters = location.substring(location.indexOf('#') + 1);
List<NameValuePair> pairs = URLEncodedUtils.parse(parameters, StandardCharsets.UTF_8);
Token t = new Token();
for (NameValuePair pair : pairs) {
if (pair.getName().equals("access_token")) {
t.value = pair.getValue();
} else if (pair.getName().equals("expires_in")) {
t.expire = System.currentTimeMillis() + Long.parseLong(pair.getValue()) * 1000 - 100;
}
}
return t;
}Example 14
| Project: liferay-portal-master File: Session.java View source code |
public static void setTrustManagers(TrustManager[] trustManagers) throws Exception {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
SSLContext sslContext = sslContextBuilder.build();
sslContext.init(null, trustManagers, new SecureRandom());
_defaultSSLSocketFactory = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
}Example 15
| Project: SmallMind-master File: JsonTargetFactory.java View source code |
public static JsonTarget manufacture(HttpProtocol protocol, String host, int port, String context, int concurrencyLevel, int timeout) throws NoSuchAlgorithmException, MalformedURLException, URISyntaxException, KeyStoreException, KeyManagementException {
HttpClientBuilder clientBuilder = HttpClientBuilder.create();
PoolingHttpClientConnectionManager connectionManager;
Registry<ConnectionSocketFactory> socketFactoryRegistry;
SSLConnectionSocketFactory sslSocketFactory;
SSLContext sslContext;
CloseableHttpClient httpClient;
sslContext = SSLContextBuilder.create().loadTrustMaterial(null, (X509Certificate[] arg0, String arg1) -> true).build();
clientBuilder.setSSLContext(sslContext);
// use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new TrustAllHostNameVerifier());
socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
connectionManager.setDefaultConnectionConfig(ConnectionConfig.custom().setCharset(StandardCharsets.UTF_8).build());
connectionManager.setDefaultSocketConfig(SocketConfig.copy(SocketConfig.DEFAULT).setSoTimeout(timeout).setTcpNoDelay(true).build());
connectionManager.setDefaultMaxPerRoute(concurrencyLevel);
connectionManager.setMaxTotal(concurrencyLevel);
httpClient = clientBuilder.setConnectionManager(connectionManager).setRedirectStrategy(new ExtraLaxRedirectStrategy()).build();
return new JsonTarget(httpClient, URI.create(protocol.getScheme() + "://" + host + ((port > 0) ? ":" + port : "") + ((context != null) ? context : "")));
}Example 16
| Project: ipp-master File: HttpServerPublisher.java View source code |
private SSLContext sslContext() {
try {
KeyStore cks = KeyStore.getInstance(KeyStore.getDefaultType());
cks.load(new FileInputStream(options.getKeystore().get().toFile()), options.getKeystorePass().toCharArray());
SSLContextBuilder builder = SSLContexts.custom();
if (options.getTruststore().isPresent()) {
KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType());
tks.load(new FileInputStream(options.getTruststore().get().toFile()), options.getTruststorePass().toCharArray());
builder.loadTrustMaterial(tks, new TrustSelfSignedStrategy());
}
return builder.loadKeyMaterial(cks, options.getKeystorePass().toCharArray()).build();
} catch (Exception e) {
LOG.error("Exception", e);
}
return null;
}Example 17
| Project: dal-master File: WebUtil.java View source code |
private static HttpClient initWeakSSLClient() {
HttpClientBuilder b = HttpClientBuilder.create();
// setup a Trust Strategy that allows all certificates.
//
SSLContext sslContext = null;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) {
return true;
}
}).build();
} catch (NoSuchAlgorithmExceptionKeyManagementException | KeyStoreException | e) {
}
b.setSslcontext(sslContext);
// don't check Hostnames, either.
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
X509HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
// here's the special part:
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
// -- and create a Registry, to register it.
//
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
// now, we create connection-manager using our Registry.
// -- allows multi-threaded use
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
b.setConnectionManager(connMgr);
/**
* Set timeout option
*/
RequestConfig.Builder configBuilder = RequestConfig.custom();
configBuilder.setConnectTimeout(TIMEOUT);
configBuilder.setSocketTimeout(TIMEOUT);
b.setDefaultRequestConfig(configBuilder.build());
// finally, build the HttpClient;
// -- done!
HttpClient sslClient = b.build();
return sslClient;
}Example 18
| Project: jw-community-master File: HttpUtil.java View source code |
/**
* Make a HTTP POST request to a URL, passing in a JSESSIONID cookie,
* with support for SSL (including prompting a warning for self-signed certs).
* If the JSESSIONID is invalid, then a password dialog appears.
* @param cookieStore
* @param url
* @param port
* @param sessionId
* @param cookieDomain
* @param cookiePath
* @param username
* @param password
* @param trustAllSsl
* @param failOnError
* @param filename
* @param file
* @return
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws KeyStoreException
* @throws UnrecoverableKeyException
* @throws AuthenticationException
*/
public static String httpPost(CookieStore cookieStore, String url, int port, String sessionId, String cookieDomain, String cookiePath, String username, String password, boolean trustAllSsl, boolean failOnError, String filename, File file) throws IOException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, AuthenticationException {
String contents = null;
HttpClientBuilder httpClientBuilder = HttpClients.custom();
// Set no redirect
httpClientBuilder.setRedirectStrategy(new RedirectStrategy() {
@Override
public boolean isRedirected(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) {
return false;
}
@Override
public HttpUriRequest getRedirect(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) {
return null;
}
});
// set csrf token in URL
if (url.contains("?" + Designer.TOKEN_NAME)) {
url = url.substring(0, url.indexOf("?" + Designer.TOKEN_NAME));
}
url += "?" + Designer.TOKEN_NAME + "=" + URLEncoder.encode(Designer.TOKEN_VALUE, "UTF-8");
// Prepare a request object
HttpPost httpRequest = new HttpPost(url);
if (file != null) {
HttpEntity reqEntity = MultipartEntityBuilder.create().addPart("packageXpdl", new FileBody(file)).build();
httpRequest.setEntity(reqEntity);
} else {
if (username != null && password != null) {
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("j_username", username));
formparams.add(new BasicNameValuePair("j_password", password));
formparams.add(new BasicNameValuePair("username", username));
formparams.add(new BasicNameValuePair("password", password));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httpRequest.setEntity(entity);
}
}
// set referer header
String referer = "http://" + Designer.DOMAIN;
httpRequest.addHeader("Referer", referer);
// Set session cookie
if (cookieStore == null) {
cookieStore = new BasicCookieStore();
}
if (sessionId != null) {
BasicClientCookie cookie = new BasicClientCookie("JSESSIONID", sessionId);
cookie.setDomain(cookieDomain);
cookie.setPath(cookiePath);
cookieStore.addCookie(cookie);
}
httpClientBuilder.setDefaultCookieStore(cookieStore);
// Prepare SSL trust
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
if (SSL_TRUSTED || trustAllSsl) {
httpClientBuilder.setSSLSocketFactory(sslsf);
}
// Execute the request
CloseableHttpClient httpClient = httpClientBuilder.build();
try {
HttpResponse response = null;
try {
response = httpClient.execute(httpRequest);
} catch (SSLException se) {
int result = JOptionPane.showConfirmDialog(null, ResourceManager.getLanguageDependentString("InvalidSSLPrompt"), ResourceManager.getLanguageDependentString("InvalidSSLTitle"), JOptionPane.YES_NO_OPTION);
if (result == JOptionPane.YES_OPTION) {
httpClientBuilder.setSSLSocketFactory(sslsf);
httpClient = httpClientBuilder.build();
response = httpClient.execute(httpRequest);
SSL_TRUSTED = true;
}
}
// Examine the response status
if (response == null) {
throw new HttpResponseException(403, ResourceManager.getLanguageDependentString("InvalidSSLMessage"));
}
StatusLine status = response.getStatusLine();
if (status == null || status.getStatusCode() == 302 || status.getStatusCode() == 401 || status.getStatusCode() == 500) {
if (failOnError) {
throw new AuthenticationException(ResourceManager.getLanguageDependentString("AuthenticationFailed"));
}
// Request is unauthenticated, attempt to authenticate
String credentials = password;
if (credentials == null) {
// prompt for username and password
JTextField uField = new JTextField(15);
uField.setText(username);
JPasswordField pField = new JPasswordField(15);
pField.addHierarchyListener(new HierarchyListener() {
public void hierarchyChanged(HierarchyEvent e) {
final Component c = e.getComponent();
if (c.isShowing() && (e.getChangeFlags() & HierarchyEvent.SHOWING_CHANGED) != 0) {
Window toplevel = SwingUtilities.getWindowAncestor(c);
toplevel.addWindowFocusListener(new WindowAdapter() {
@Override
public void windowGainedFocus(WindowEvent e) {
c.requestFocus();
}
});
}
}
});
JPanel pPanel = new JPanel(new GridLayout(2, 2));
pPanel.add(new JLabel(ResourceManager.getLanguageDependentString("UsernameKey")));
pPanel.add(uField);
pPanel.add(new JLabel(ResourceManager.getLanguageDependentString("PasswordKey")));
pPanel.add(pField);
int okCxl = JOptionPane.showConfirmDialog(null, pPanel, ResourceManager.getLanguageDependentString("SessionTimedOut"), JOptionPane.OK_CANCEL_OPTION, JOptionPane.PLAIN_MESSAGE);
if (okCxl == JOptionPane.OK_OPTION) {
username = uField.getText();
credentials = new String(pField.getPassword());
Designer.USERNAME = username;
} else if (okCxl == JOptionPane.CANCEL_OPTION) {
return null;
}
}
try {
// login and store session cookie
String loginUrl = Designer.URLPATH + "/web/json/directory/user/sso";
String ssoResponse = HttpUtil.httpPost(cookieStore, loginUrl, port, null, cookieDomain, cookiePath, username, credentials, true, true, null, null);
String isAdminStr = "isAdmin";
if (!ssoResponse.contains(isAdminStr)) {
throw new AuthenticationException();
}
List<Cookie> cookies = cookieStore.getCookies();
for (Cookie ck : cookies) {
if ("JSESSIONID".equalsIgnoreCase(ck.getName())) {
sessionId = ck.getValue();
Designer.SESSION = sessionId;
}
}
// set new csrf token
String tokenAttr = "\"token\":\"";
if (ssoResponse.contains(tokenAttr)) {
String csrfToken = ssoResponse.substring(ssoResponse.indexOf(tokenAttr) + tokenAttr.length(), ssoResponse.length() - 2);
StringTokenizer st = new StringTokenizer(csrfToken, "=");
if (st.countTokens() == 2) {
Designer.TOKEN_NAME = st.nextToken();
Designer.TOKEN_VALUE = st.nextToken();
}
}
// repeat request with session cookie
contents = HttpUtil.httpPost(cookieStore, url, port, sessionId, cookieDomain, cookiePath, null, null, true, true, filename, file);
// return contents
return contents;
} catch (AuthenticationException ate) {
JOptionPane.showMessageDialog(null, ResourceManager.getLanguageDependentString("InvalidLogin"));
return HttpUtil.httpPost(null, url, port, sessionId, cookieDomain, cookiePath, username, null, false, false, filename, file);
} catch (HttpResponseException hre) {
throw new AuthenticationException(ResourceManager.getLanguageDependentString("InvalidLogin"));
}
}
// Get hold of the response entity
HttpEntity entity = response.getEntity();
// to worry about connection release
if (entity != null) {
InputStream instream = null;
try {
instream = entity.getContent();
contents = "";
BufferedReader reader = new BufferedReader(new InputStreamReader(instream, "UTF-8"));
String line = reader.readLine();
while (line != null) {
contents += line;
line = reader.readLine();
}
} catch (IOException ex) {
throw ex;
} catch (RuntimeException ex) {
httpRequest.abort();
throw ex;
} finally {
// Closing the input stream will trigger connection release
if (instream != null) {
instream.close();
}
}
}
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpClient.close();
}
return contents;
}Example 19
| Project: kylo-master File: MetadataProviderSelectorService.java View source code |
/**
* Taken from NiFi GetHttp Processor
*/
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
if (StringUtils.isNotBlank(service.getTrustStoreFile())) {
final KeyStore truststore = KeyStore.getInstance(service.getTrustStoreType());
try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
truststore.load(in, service.getTrustStorePassword().toCharArray());
}
sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
}
if (StringUtils.isNotBlank(service.getKeyStoreFile())) {
final KeyStore keystore = KeyStore.getInstance(service.getKeyStoreType());
try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
keystore.load(in, service.getKeyStorePassword().toCharArray());
}
sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
}
sslContextBuilder.useProtocol(service.getSslAlgorithm());
return sslContextBuilder.build();
}Example 20
| Project: gradle-ecgine-plugin-master File: EcgineExtension.java View source code |
public HttpClient getHttpClient() {
if (httpClient == null) {
try {
SSLContextBuilder builder = SSLContexts.custom();
builder.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException {
return true;
}
});
SSLContext sslContext = builder.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new X509HostnameVerifier() {
@Override
public void verify(String host, SSLSocket ssl) throws IOException {
}
@Override
public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {
}
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
@Override
public void verify(String host, X509Certificate cert) throws SSLException {
}
});
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslsf).build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
httpClient = HttpClients.custom().setConnectionManager(cm).build();
} catch (Exception e) {
throw new GradleException(e.getMessage(), e);
}
}
return httpClient;
}Example 21
| Project: nifi-master File: GetHTTP.java View source code |
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
if (StringUtils.isNotBlank(service.getTrustStoreFile())) {
final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType());
try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
truststore.load(in, service.getTrustStorePassword().toCharArray());
}
sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
}
if (StringUtils.isNotBlank(service.getKeyStoreFile())) {
final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType());
try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
keystore.load(in, service.getKeyStorePassword().toCharArray());
}
sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
}
sslContextBuilder.useProtocol(service.getSslAlgorithm());
return sslContextBuilder.build();
}Example 22
| Project: rhizome-master File: CassandraPod.java View source code |
public static Builder clusterBuilder(CassandraConfiguration cassandraConfiguration) {
Builder builder = new Cluster.Builder();
builder.withCompression(cassandraConfiguration.getCompression()).withSocketOptions(getSocketOptions()).withQueryOptions(new QueryOptions().setConsistencyLevel(cassandraConfiguration.getConsistencyLevel())).withPoolingOptions(getPoolingOptions()).withProtocolVersion(ProtocolVersion.V4).addContactPoints(cassandraConfiguration.getCassandraSeedNodes());
if (cassandraConfiguration.isSslEnabled()) {
SSLContext context = null;
try {
context = SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build();
} catch (NoSuchAlgorithmExceptionKeyStoreException | KeyManagementException | e) {
logger.error("Unable to configure SSL for Cassanda Java Driver");
}
builder.withSSL(JdkSSLOptions.builder().withSSLContext(context).build());
}
return builder;
}Example 23
| Project: selenide-master File: DownloadFileWithHttpRequest.java View source code |
/**
configure HttpClient to ignore self-signed certs
as described here: http://literatejava.com/networks/ignore-ssl-certificate-errors-apache-httpclient-4-4/
*/
private CloseableHttpClient createTrustingHttpClient() throws IOException {
try {
HttpClientBuilder builder = HttpClientBuilder.create();
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustAllStrategy()).build();
builder.setSslcontext(sslContext);
HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
builder.setConnectionManager(connMgr);
return builder.build();
} catch (Exception e) {
throw new IOException(e);
}
}Example 24
| Project: DataCleaner-master File: SecurityUtils.java View source code |
/**
* Creates a {@link SSLConnectionSocketFactory} which is careless about SSL
* certificate checks. Use with caution!
*
* @return
*/
@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
public static SSLConnectionSocketFactory createUnsafeSSLConnectionSocketFactory() {
try {
final SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
return new SSLConnectionSocketFactory(builder.build(), new NaiveHostnameVerifier());
} catch (final Exception e) {
throw new IllegalStateException(e);
}
}Example 25
| Project: neo4j-ogm-master File: HttpDriver.java View source code |
private synchronized CloseableHttpClient httpClient() {
if (httpClient == null) {
try {
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
SSLContext sslContext = SSLContext.getDefault();
if (configuration.getTrustStrategy() != null) {
if (configuration.getTrustStrategy().equals("ACCEPT_UNSIGNED")) {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, ( arg0, arg1) -> true).build();
LOGGER.warn("Certificate validation has been disabled");
}
}
// setup the default or custom ssl context
httpClientBuilder.setSSLContext(sslContext);
HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
// allows multi-threaded use
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
Integer connectionPoolSize = configuration.getConnectionPoolSize();
connectionManager.setMaxTotal(connectionPoolSize);
connectionManager.setDefaultMaxPerRoute(connectionPoolSize);
httpClientBuilder.setConnectionManager(connectionManager);
httpClient = httpClientBuilder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
return httpClient;
}Example 26
| Project: pull-request-notifier-for-bitbucket-master File: UrlInvoker.java View source code |
private SSLContext newSslContext() throws Exception {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
if (this.shouldAcceptAnyCertificate) {
doAcceptAnyCertificate(sslContextBuilder);
if (this.clientKeyStore.getKeyStore().isPresent()) {
sslContextBuilder.loadKeyMaterial(this.clientKeyStore.getKeyStore().get(), this.clientKeyStore.getPassword());
}
}
return sslContextBuilder.build();
}Example 27
| Project: threatconnect-java-master File: ConnectionUtil.java View source code |
/**
* Adds the ability to trust self signed certificates for this HttpClientBuilder
*
* @param httpClientBuilder
* the HttpClientBuilder to apply these settings to
*/
public static void trustSelfSignedCerts(final HttpClientBuilder httpClientBuilder) {
logger.debug("Trusting self-signed certs.");
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// allow all
return true;
}
});
httpClientBuilder.setSSLSocketFactory(sslsf);
} catch (NoSuchAlgorithmExceptionKeyStoreException | KeyManagementException | ex) {
logger.error("Error adding SSLSocketFactory to HttpClientBuilder", ex);
}
}Example 28
| Project: nutch-master File: ElasticRestIndexWriter.java View source code |
@Override
public void open(JobConf job, String name) throws IOException {
host = job.get(ElasticRestConstants.HOST);
port = job.getInt(ElasticRestConstants.PORT, 9200);
user = job.get(ElasticRestConstants.USER);
password = job.get(ElasticRestConstants.PASSWORD);
https = job.getBoolean(ElasticRestConstants.HTTPS, false);
trustAllHostnames = job.getBoolean(ElasticRestConstants.HOSTNAME_TRUST, false);
// trust ALL certificates
SSLContext sslContext = null;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}).build();
} catch (NoSuchAlgorithmExceptionKeyManagementException | KeyStoreException | e) {
LOG.error("Failed to instantiate sslcontext object: \n{}", ExceptionUtils.getStackTrace(e));
throw new SecurityException();
}
// skip hostname checks
HostnameVerifier hostnameVerifier = null;
if (trustAllHostnames) {
hostnameVerifier = NoopHostnameVerifier.INSTANCE;
} else {
hostnameVerifier = new DefaultHostnameVerifier();
}
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
SchemeIOSessionStrategy httpsIOSessionStrategy = new SSLIOSessionStrategy(sslContext, hostnameVerifier);
JestClientFactory jestClientFactory = new JestClientFactory();
URL urlOfElasticsearchNode = new URL(https ? "https" : "http", host, port, "");
if (host != null && port > 1) {
HttpClientConfig.Builder builder = new HttpClientConfig.Builder(urlOfElasticsearchNode.toString()).multiThreaded(true).connTimeout(300000).readTimeout(300000);
if (https) {
if (user != null && password != null) {
builder.defaultCredentials(user, password);
}
builder.defaultSchemeForDiscoveredNodes("https").sslSocketFactory(// this only affects sync calls
sslSocketFactory).httpsIOSessionStrategy(// this only affects async calls
httpsIOSessionStrategy);
}
jestClientFactory.setHttpClientConfig(builder.build());
} else {
throw new IllegalStateException("No host or port specified. Please set the host and port in nutch-site.xml");
}
client = jestClientFactory.getObject();
defaultIndex = job.get(ElasticRestConstants.INDEX, "nutch");
defaultType = job.get(ElasticRestConstants.TYPE, "doc");
maxBulkDocs = job.getInt(ElasticRestConstants.MAX_BULK_DOCS, DEFAULT_MAX_BULK_DOCS);
maxBulkLength = job.getInt(ElasticRestConstants.MAX_BULK_LENGTH, DEFAULT_MAX_BULK_LENGTH);
bulkBuilder = new Bulk.Builder().defaultIndex(defaultIndex).defaultType(defaultType);
}Example 29
| Project: incubator-streams-master File: SimpleHttpProvider.java View source code |
@Override
public void prepare(Object configurationObject) {
mapper = StreamsJacksonMapper.getInstance();
uriBuilder = new URIBuilder().setScheme(this.configuration.getProtocol()).setHost(this.configuration.getHostname()).setPort(this.configuration.getPort().intValue()).setPath(this.configuration.getResourcePath());
SSLContextBuilder builder = new SSLContextBuilder();
SSLConnectionSocketFactory sslsf = null;
try {
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
sslsf = new SSLConnectionSocketFactory(builder.build(), SSLConnectionSocketFactory.getDefaultHostnameVerifier());
} catch (NoSuchAlgorithmExceptionKeyManagementException | KeyStoreException | ex) {
LOGGER.warn(ex.getMessage());
}
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
executor = Executors.newSingleThreadExecutor();
}Example 30
| Project: rest-utils-master File: SslTest.java View source code |
// returns the http response status code.
private int makeGetRequest(String url, String clientKeystoreLocation, String clientKeystorePassword, String clientKeyPassword) throws Exception {
log.debug("Making GET " + url);
HttpGet httpget = new HttpGet(url);
CloseableHttpClient httpclient;
if (url.startsWith("http://")) {
httpclient = HttpClients.createDefault();
} else {
// trust all self-signed certs.
SSLContextBuilder sslContextBuilder = SSLContexts.custom().loadTrustMaterial(new TrustSelfSignedStrategy());
// add the client keystore if it's configured.
if (clientKeystoreLocation != null) {
sslContextBuilder.loadKeyMaterial(new File(clientKeystoreLocation), clientKeystorePassword.toCharArray(), clientKeyPassword.toCharArray());
}
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory sslSf = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
httpclient = HttpClients.custom().setSSLSocketFactory(sslSf).build();
}
int statusCode = -1;
CloseableHttpResponse response = null;
try {
response = httpclient.execute(httpget);
statusCode = response.getStatusLine().getStatusCode();
} finally {
if (response != null) {
response.close();
}
httpclient.close();
}
return statusCode;
}Example 31
| Project: validator-badge-master File: ValidatorService.java View source code |
private CloseableHttpClient getCarelessHttpClient() {
CloseableHttpClient httpClient = null;
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
});
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (NoSuchAlgorithmExceptionKeyStoreException | KeyManagementException | e) {
LOGGER.error("can't disable SSL verification", e);
}
return httpClient;
}Example 32
| Project: rest-client-master File: HTTPClientRequestExecuter.java View source code |
@Override
public void execute(Request request, View... views) {
// Verify if this is the first call to this object:
if (isRequestStarted) {
throw new MultipleRequestInSameRequestExecuterException("A RequestExecuter object can be used only once!");
}
isRequestStarted = true;
// Proceed with execution:
for (View view : views) {
view.doStart(request);
}
// Needed for specifying HTTP pre-emptive authentication:
HttpContext httpContext = null;
// Create all the builder objects:
final HttpClientBuilder hcBuilder = HttpClientBuilder.create();
final RequestConfig.Builder rcBuilder = RequestConfig.custom();
final RequestBuilder reqBuilder = RequestBuilder.create(request.getMethod().name());
// Retry handler (no-retries):
hcBuilder.setRetryHandler(new DefaultHttpRequestRetryHandler(0, false));
// Url:
final URL url = IDNUtil.getIDNizedURL(request.getUrl());
final String urlHost = url.getHost();
final int urlPort = url.getPort() == -1 ? url.getDefaultPort() : url.getPort();
final String urlProtocol = url.getProtocol();
final String urlStr = url.toString();
reqBuilder.setUri(urlStr);
// Set HTTP version:
HTTPVersion httpVersion = request.getHttpVersion();
ProtocolVersion protocolVersion = httpVersion == HTTPVersion.HTTP_1_1 ? new ProtocolVersion("HTTP", 1, 1) : new ProtocolVersion("HTTP", 1, 0);
reqBuilder.setVersion(protocolVersion);
// Set request timeout (default 1 minute--60000 milliseconds)
IGlobalOptions options = ServiceLocator.getInstance(IGlobalOptions.class);
rcBuilder.setConnectionRequestTimeout(Integer.parseInt(options.getProperty("request-timeout-in-millis")));
// Set proxy
ProxyConfig proxy = ProxyConfig.getInstance();
proxy.acquire();
if (proxy.isEnabled()) {
final HttpHost proxyHost = new HttpHost(proxy.getHost(), proxy.getPort(), "http");
if (proxy.isAuthEnabled()) {
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(proxy.getHost(), proxy.getPort()), new UsernamePasswordCredentials(proxy.getUsername(), new String(proxy.getPassword())));
hcBuilder.setDefaultCredentialsProvider(credsProvider);
}
hcBuilder.setProxy(proxyHost);
}
proxy.release();
// HTTP Authentication
if (request.getAuth() != null) {
// Add auth preference:
Auth auth = request.getAuth();
List<String> authPrefs = new ArrayList<>();
if (auth instanceof BasicAuth) {
authPrefs.add(AuthSchemes.BASIC);
} else if (auth instanceof DigestAuth) {
authPrefs.add(AuthSchemes.DIGEST);
} else if (auth instanceof NtlmAuth) {
authPrefs.add(AuthSchemes.NTLM);
}
rcBuilder.setTargetPreferredAuthSchemes(authPrefs);
// BASIC & DIGEST:
if (auth instanceof BasicAuth || auth instanceof DigestAuth) {
BasicDigestAuth a = (BasicDigestAuth) auth;
String uid = a.getUsername();
String pwd = new String(a.getPassword());
String host = StringUtil.isEmpty(a.getHost()) ? urlHost : a.getHost();
String realm = StringUtil.isEmpty(a.getRealm()) ? AuthScope.ANY_REALM : a.getRealm();
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(host, urlPort, realm), new UsernamePasswordCredentials(uid, pwd));
hcBuilder.setDefaultCredentialsProvider(credsProvider);
// preemptive mode:
if (a.isPreemptive()) {
AuthCache authCache = new BasicAuthCache();
AuthSchemeBase authScheme = a instanceof BasicAuth ? new BasicScheme() : new DigestScheme();
authCache.put(new HttpHost(urlHost, urlPort, urlProtocol), authScheme);
HttpClientContext localContext = HttpClientContext.create();
localContext.setAuthCache(authCache);
httpContext = localContext;
}
}
// NTLM:
if (auth instanceof NtlmAuth) {
NtlmAuth a = (NtlmAuth) auth;
String uid = a.getUsername();
String pwd = new String(a.getPassword());
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY, new NTCredentials(uid, pwd, a.getWorkstation(), a.getDomain()));
hcBuilder.setDefaultCredentialsProvider(credsProvider);
}
// Authorization header
// Logic written in same place where Header is processed--a little down!
}
try {
{
// Authorization Header Authentication:
Auth auth = request.getAuth();
if (auth != null && auth instanceof AuthorizationHeaderAuth) {
AuthorizationHeaderAuth a = (AuthorizationHeaderAuth) auth;
final String authHeader = a.getAuthorizationHeaderValue();
if (StringUtil.isNotEmpty(authHeader)) {
Header header = new BasicHeader("Authorization", authHeader);
reqBuilder.addHeader(header);
}
}
}
// Get request headers
MultiValueMap<String, String> header_data = request.getHeaders();
for (String key : header_data.keySet()) {
for (String value : header_data.get(key)) {
Header header = new BasicHeader(key, value);
reqBuilder.addHeader(header);
}
}
// Cookies
{
// Set cookie policy:
rcBuilder.setCookieSpec(CookieSpecs.DEFAULT);
// Add to CookieStore:
CookieStore store = new RESTClientCookieStore();
List<HttpCookie> cookies = request.getCookies();
for (HttpCookie cookie : cookies) {
BasicClientCookie c = new BasicClientCookie(cookie.getName(), cookie.getValue());
c.setVersion(cookie.getVersion());
c.setDomain(urlHost);
c.setPath("/");
store.addCookie(c);
}
// Attach store to client:
hcBuilder.setDefaultCookieStore(store);
}
// POST/PUT/PATCH/DELETE method specific logic
if (HttpUtil.isEntityEnclosingMethod(reqBuilder.getMethod())) {
// Create and set RequestEntity
ReqEntity bean = request.getBody();
if (bean != null) {
try {
if (bean instanceof ReqEntitySimple) {
AbstractHttpEntity e = HTTPClientUtil.getEntity((ReqEntitySimple) bean);
reqBuilder.setEntity(e);
} else if (bean instanceof ReqEntityMultipart) {
ReqEntityMultipart multipart = (ReqEntityMultipart) bean;
MultipartEntityBuilder meb = MultipartEntityBuilder.create();
// multipart/mixed / multipart/form-data:
meb.setMimeSubtype(multipart.getSubtype().toString());
// Format:
MultipartMode mpMode = multipart.getMode();
switch(mpMode) {
case BROWSER_COMPATIBLE:
meb.setMode(HttpMultipartMode.BROWSER_COMPATIBLE);
break;
case RFC_6532:
meb.setMode(HttpMultipartMode.RFC6532);
break;
case STRICT:
meb.setMode(HttpMultipartMode.STRICT);
break;
}
// Parts:
for (ReqEntityPart part : multipart.getBody()) {
ContentBody cb = null;
if (part instanceof ReqEntityStringPart) {
ReqEntityStringPart p = (ReqEntityStringPart) part;
String body = p.getPart();
ContentType ct = p.getContentType();
if (ct != null) {
cb = new StringBody(body, HTTPClientUtil.getContentType(ct));
} else {
cb = new StringBody(body, org.apache.http.entity.ContentType.DEFAULT_TEXT);
}
} else if (part instanceof ReqEntityFilePart) {
ReqEntityFilePart p = (ReqEntityFilePart) part;
File body = p.getPart();
ContentType ct = p.getContentType();
if (ct != null) {
cb = new FileBody(body, HTTPClientUtil.getContentType(ct), p.getFilename());
} else {
cb = new FileBody(body, org.apache.http.entity.ContentType.DEFAULT_BINARY, p.getFilename());
}
}
FormBodyPartBuilder bodyPart = FormBodyPartBuilder.create().setName(part.getName()).setBody(cb);
MultiValueMap<String, String> fields = part.getFields();
for (String key : fields.keySet()) {
for (String value : fields.get(key)) {
bodyPart.addField(key, value);
}
}
meb.addPart(bodyPart.build());
}
reqBuilder.setEntity(meb.build());
}
} catch (UnsupportedEncodingException ex) {
for (View view : views) {
view.doError(Util.getStackTrace(ex));
view.doEnd();
}
return;
}
}
}
// SSL
// Set the hostname verifier:
final SSLReq sslReq = request.getSslReq();
if (sslReq != null) {
SSLHostnameVerifier verifier = sslReq.getHostNameVerifier();
final HostnameVerifier hcVerifier;
switch(verifier) {
case ALLOW_ALL:
hcVerifier = new NoopHostnameVerifier();
break;
case STRICT:
default:
hcVerifier = new DefaultHostnameVerifier();
break;
}
// Register the SSL Scheme:
final KeyStore trustStore = sslReq.getTrustStore() == null ? null : sslReq.getTrustStore().getKeyStore();
final KeyStore keyStore = sslReq.getKeyStore() == null ? null : sslReq.getKeyStore().getKeyStore();
final TrustStrategy trustStrategy = sslReq.isTrustAllCerts() ? new TrustAllTrustStrategy() : null;
SSLContext ctx = new SSLContextBuilder().loadKeyMaterial(keyStore, sslReq.getKeyStore() != null ? sslReq.getKeyStore().getPassword() : null).loadTrustMaterial(trustStore, trustStrategy).setSecureRandom(null).useProtocol("TLS").build();
SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(ctx, hcVerifier);
hcBuilder.setSSLSocketFactory(sf);
}
// How to handle redirects:
rcBuilder.setRedirectsEnabled(request.isFollowRedirect());
// Now Execute:
long startTime = System.currentTimeMillis();
RequestConfig rc = rcBuilder.build();
reqBuilder.setConfig(rc);
HttpUriRequest req = reqBuilder.build();
httpClient = hcBuilder.build();
HttpResponse http_res = httpClient.execute(req, httpContext);
long endTime = System.currentTimeMillis();
// Create response:
ResponseBean response = new ResponseBean();
response.setExecutionTime(endTime - startTime);
response.setStatusCode(http_res.getStatusLine().getStatusCode());
response.setStatusLine(http_res.getStatusLine().toString());
final Header[] responseHeaders = http_res.getAllHeaders();
for (Header header : responseHeaders) {
response.addHeader(header.getName(), header.getValue());
}
// Response body:
final HttpEntity entity = http_res.getEntity();
if (entity != null) {
if (request.isIgnoreResponseBody()) {
EntityUtils.consumeQuietly(entity);
} else {
InputStream is = entity.getContent();
try {
byte[] responseBody = StreamUtil.inputStream2Bytes(is);
if (responseBody != null) {
response.setResponseBody(responseBody);
}
} catch (IOException ex) {
for (View view : views) {
view.doError("Byte array conversion from response body stream failed.");
}
LOG.log(Level.WARNING, ex.getMessage(), ex);
}
}
}
// Now execute tests:
try {
junit.framework.TestSuite suite = TestUtil.getTestSuite(request, response);
if (suite != null) {
// suite will be null if there is no associated script
TestResult testResult = TestUtil.execute(suite);
response.setTestResult(testResult);
}
} catch (TestException ex) {
for (View view : views) {
view.doError(Util.getStackTrace(ex));
}
}
for (View view : views) {
view.doResponse(response);
}
} catch (IOExceptionKeyStoreException | InvalidKeySpecException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IllegalStateException | ex) {
if (!interruptedShutdown) {
for (View view : views) {
view.doError(Util.getStackTrace(ex));
}
} else {
for (View view : views) {
view.doCancelled();
}
}
} finally {
if (!interruptedShutdown) {
// close it only when otherwise:
try {
if (httpClient != null)
httpClient.close();
} catch (IOException ex) {
LOG.log(Level.WARNING, "Exception when closing httpClient", ex);
}
} else {
// reset value to default:
interruptedShutdown = false;
}
for (View view : views) {
view.doEnd();
}
isRequestCompleted = true;
}
}Example 33
| Project: product-mdm-master File: HTTPInvoker.java View source code |
private static HttpClient createHttpClient() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClientBuilder b = HttpClientBuilder.create();
// setup a Trust Strategy that allows all certificates.
//
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}).build();
b.setSSLContext(sslContext);
//b.setSSLHostnameVerifier(new NoopHostnameVerifier());
// don't check Hostnames, either.
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
// here's the special part:
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
// -- and create a Registry, to register it.
//
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
// now, we create connection-manager using our Registry.
// -- allows multi-threaded use
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
b.setConnectionManager(connMgr);
// finally, build the HttpClient;
// -- done!
CloseableHttpClient client = b.build();
return client;
}Example 34
| Project: loklak_server-master File: ClientConnection.java View source code |
private static PoolingHttpClientConnectionManager getConnctionManager(boolean useAuthentication) {
// allow opportunistic encryption if needed
boolean trustAllCerts = !"none".equals(DAO.getConfig("httpsclient.trustselfsignedcerts", "peers")) && (!useAuthentication || "all".equals(DAO.getConfig("httpsclient.trustselfsignedcerts", "peers")));
Registry<ConnectionSocketFactory> socketFactoryRegistry = null;
if (trustAllCerts) {
try {
SSLConnectionSocketFactory trustSelfSignedSocketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), new TrustAllHostNameVerifier());
socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", new PlainConnectionSocketFactory()).register("https", trustSelfSignedSocketFactory).build();
} catch (KeyManagementExceptionNoSuchAlgorithmException | KeyStoreException | e) {
Log.getLog().warn(e);
}
}
PoolingHttpClientConnectionManager cm = (trustAllCerts && socketFactoryRegistry != null) ? new PoolingHttpClientConnectionManager(socketFactoryRegistry) : new PoolingHttpClientConnectionManager();
// twitter specific options
cm.setMaxTotal(200);
cm.setDefaultMaxPerRoute(20);
HttpHost twitter = new HttpHost("twitter.com", 443);
cm.setMaxPerRoute(new HttpRoute(twitter), 50);
return cm;
}Example 35
| Project: stash-plugin-master File: StashApiClient.java View source code |
private HttpClient getHttpClient() {
HttpClientBuilder builder = HttpClientBuilder.create().useSystemProperties();
if (this.ignoreSsl) {
try {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
builder.setSSLSocketFactory(sslsf);
} catch (NoSuchAlgorithmException e) {
logger.log(Level.SEVERE, "Failing to setup the SSLConnectionFactory: " + e.toString());
throw new RuntimeException(e);
} catch (KeyStoreException e) {
logger.log(Level.SEVERE, "Failing to setup the SSLConnectionFactory: " + e.toString());
throw new RuntimeException(e);
} catch (KeyManagementException e) {
logger.log(Level.SEVERE, "Failing to setup the SSLConnectionFactory: " + e.toString());
throw new RuntimeException(e);
}
}
return builder.build();
}Example 36
| Project: launchkey-java-master File: DemoApp.java View source code |
private static HttpClient getHttpClientWithoutSslVerify() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
final SSLContextBuilder builder = SSLContexts.custom();
builder.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
});
final SSLContext sslContext = builder.build();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(builder.build());
final Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry, null, null, null, 30, TimeUnit.SECONDS);
connectionManager.setMaxTotal(30);
connectionManager.setDefaultMaxPerRoute(30);
return HttpClients.custom().setConnectionManager(connectionManager).build();
}Example 37
| Project: overthere-master File: WinRmClient.java View source code |
private void configureTrust(final HttpClientBuilder httpclientBuilder) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
if (!"https".equalsIgnoreCase(targetURL.getProtocol())) {
return;
}
final TrustStrategy trustStrategy = httpsCertTrustStrategy.getStrategy();
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(trustStrategy).build();
final HostnameVerifier hostnameVerifier = httpsHostnameVerifyStrategy.getVerifier();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
httpclientBuilder.setSSLSocketFactory(socketFactory);
}Example 38
| Project: light-4j-master File: Client.java View source code |
private SSLContext sslContext() throws ClientException, IOException, NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = null;
Map<String, Object> tlsMap = (Map) config.get(TLS);
if (tlsMap != null) {
SSLContextBuilder builder = SSLContexts.custom();
// load trust store, this is the server public key certificate
// first check if javax.net.ssl.trustStore system properties is set. It is only necessary if the server
// certificate doesn't have the entire chain.
Boolean loadTrustStore = (Boolean) tlsMap.get(LOAD_TRUST_STORE);
if (loadTrustStore != null && loadTrustStore) {
String trustStoreName = System.getProperty(TRUST_STORE_PROPERTY);
String trustStorePass = System.getProperty(TRUST_STORE_PASSWORD_PROPERTY);
if (trustStoreName != null && trustStorePass != null) {
logger.info("Loading trust store from system property at " + Encode.forJava(trustStoreName));
} else {
trustStoreName = (String) tlsMap.get(TRUST_STORE);
trustStorePass = (String) tlsMap.get(TRUST_PASS);
logger.info("Loading trust store from config at " + Encode.forJava(trustStoreName));
}
KeyStore trustStore;
if (trustStoreName != null && trustStorePass != null) {
InputStream trustStream = Config.getInstance().getInputStreamFromFile(trustStoreName);
if (trustStream != null) {
try {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(trustStream, trustStorePass.toCharArray());
builder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
} catch (CertificateException ce) {
logger.error("CertificateException: Unable to load trust store.", ce);
throw new ClientException("CertificateException: Unable to load trust store.", ce);
} catch (KeyStoreException kse) {
logger.error("KeyStoreException: Unable to load trust store.", kse);
throw new ClientException("KeyStoreException: Unable to load trust store.", kse);
} finally {
trustStream.close();
}
}
}
}
// load key store for client certificate if two way ssl is used.
Boolean loadKeyStore = (Boolean) tlsMap.get(LOAD_KEY_STORE);
if (loadKeyStore != null && loadKeyStore) {
String keyStoreName = (String) tlsMap.get(KEY_STORE);
String keyStorePass = (String) tlsMap.get(KEY_PASS);
KeyStore keyStore;
if (keyStoreName != null && keyStorePass != null) {
InputStream keyStream = Config.getInstance().getInputStreamFromFile(keyStoreName);
if (keyStream != null) {
try {
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(keyStream, keyStorePass.toCharArray());
builder.loadKeyMaterial(keyStore, keyStorePass.toCharArray());
} catch (CertificateException ce) {
logger.error("CertificateException: Unable to load key store.", ce);
throw new ClientException("CertificateException: Unable to load key store.", ce);
} catch (KeyStoreException kse) {
logger.error("KeyStoreException: Unable to load key store.", kse);
throw new ClientException("KeyStoreException: Unable to load key store.", kse);
} catch (UnrecoverableKeyException uke) {
logger.error("UnrecoverableKeyException: Unable to load key store.", uke);
throw new ClientException("UnrecoverableKeyException: Unable to load key store.", uke);
} finally {
keyStream.close();
}
}
}
}
sslContext = builder.build();
}
return sslContext;
}Example 39
| Project: geode-master File: RestAPIsWithSSLDUnitTest.java View source code |
private CloseableHttpClient getSSLBasedHTTPClient(Properties properties) throws Exception {
KeyStore clientKeys = KeyStore.getInstance("JKS");
File keystoreJKSForPath = findKeyStoreJKS(properties);
clientKeys.load(new FileInputStream(keystoreJKSForPath), "password".toCharArray());
KeyStore clientTrust = KeyStore.getInstance("JKS");
File trustStoreJKSForPath = findTrustStoreJKSForPath(properties);
clientTrust.load(new FileInputStream(trustStoreJKSForPath), "password".toCharArray());
// this is needed
SSLContextBuilder custom = SSLContexts.custom();
SSLContextBuilder sslContextBuilder = custom.loadTrustMaterial(clientTrust, new TrustSelfSignedStrategy());
SSLContext sslcontext = sslContextBuilder.loadKeyMaterial(clientKeys, "password".toCharArray(), ( aliases, socket) -> {
if (aliases.size() == 1) {
return aliases.keySet().stream().findFirst().get();
}
if (!StringUtils.isEmpty(properties.getProperty(INVALID_CLIENT_ALIAS))) {
return properties.getProperty(INVALID_CLIENT_ALIAS);
} else {
return properties.getProperty(SSL_WEB_ALIAS);
}
}).build();
// Host checking is disabled here , as tests might run on multiple hosts and
// host entries can not be assumed
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();
}Example 40
| Project: spring-boot-master File: TestRestTemplate.java View source code |
private HttpClient createSslHttpClient() {
try {
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build());
return HttpClients.custom().setSSLSocketFactory(socketFactory).build();
} catch (Exception ex) {
throw new IllegalStateException("Unable to create SSL HttpClient", ex);
}
}Example 41
| Project: tisana4j-master File: RestClient.java View source code |
private synchronized HttpClient getHttpClient() throws KeyManagementException, NoSuchAlgorithmException {
if (httpClient == null) {
HttpClientBuilder httpClientBuilder = HttpClients.custom().setMaxConnPerRoute(httpClientMaxConnPerRoute).setMaxConnTotal(httpClientMaxConnTotal);
final RequestConfig.Builder requestConfigBuilder = RequestConfig.custom().setConnectionRequestTimeout(CONNECTION_TIMEOUT).setSocketTimeout(SOCKET_TIMEOUT);
if (proxyHostname != null) {
HttpHost proxy = new HttpHost(proxyHostname, proxyPort, proxyScheme);
requestConfigBuilder.setProxy(proxy);
} else if (System.getProperty("http.proxyHost") != null) {
if (System.getProperty("http.proxyPort") != null) {
proxyPort = Integer.valueOf(System.getProperty("http.proxyPort"));
}
HttpHost proxy = new HttpHost(System.getProperty("http.proxyHost"), proxyPort, proxyScheme);
requestConfigBuilder.setProxy(proxy);
}
RequestConfig requestConfig = requestConfigBuilder.build();
SocketConfig socketConfig = SocketConfig.custom().setSoKeepAlive(true).setSoTimeout(SOCKET_TIMEOUT).build();
httpClientBuilder.setDefaultRequestConfig(requestConfig).setDefaultSocketConfig(socketConfig);
if (skipContentCompression)
httpClientBuilder.disableContentCompression();
if (skipValidation || ctx != null) {
try {
if (ctx != null) {
httpClientBuilder.setSslcontext(ctx);
} else {
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}).build();
httpClientBuilder.setSslcontext(sslContext);
}
httpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
} catch (KeyStoreException e) {
log.warn("Cannot setup skipValidation", e);
}
}
httpClient = httpClientBuilder.build();
}
return httpClient;
}Example 42
| Project: openhab1-addons-master File: Tr064Comm.java View source code |
/***
* Creates a apache HTTP Client object, ignoring SSL Exceptions like self signed certificates
* and sets Auth. Scheme to Digest Auth
*
* @param fboxUrl the URL from config file of fbox to connect to
* @return the ready-to-use httpclient for tr064 requests
*/
private CloseableHttpClient createTr064HttpClient(String fboxUrl) {
CloseableHttpClient hc = null;
// Convert URL String from config in easy explotable URI object
URIBuilder uriFbox = null;
try {
uriFbox = new URIBuilder(fboxUrl);
} catch (URISyntaxException e) {
logger.error("Invalid FritzBox URL! {}", e.getMessage());
return null;
}
// Create context of the http client
_httpClientContext = HttpClientContext.create();
CookieStore cookieStore = new BasicCookieStore();
_httpClientContext.setCookieStore(cookieStore);
// SETUP AUTH
// Auth is specific for this target
HttpHost target = new HttpHost(uriFbox.getHost(), uriFbox.getPort(), uriFbox.getScheme());
// Add digest authentication with username/pw from global config
CredentialsProvider credp = new BasicCredentialsProvider();
credp.setCredentials(new AuthScope(target.getHostName(), target.getPort()), new UsernamePasswordCredentials(_user, _pw));
// Create AuthCache instance. Manages authentication based on server response
AuthCache authCache = new BasicAuthCache();
// Generate DIGEST scheme object, initialize it and add it to the local auth cache. Digeste is standard for fbox
// auth SOAP
DigestScheme digestAuth = new DigestScheme();
// known from fbox specification
digestAuth.overrideParamter("realm", "HTTPS Access");
// never known at first request
digestAuth.overrideParamter("nonce", "");
authCache.put(target, digestAuth);
// Add AuthCache to the execution context
_httpClientContext.setAuthCache(authCache);
// SETUP SSL TRUST
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
SSLConnectionSocketFactory sslsf = null;
try {
// accept self signed certs
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
// dont
sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), null, null, new NoopHostnameVerifier());
// verify
// hostname
// against
// cert
// CN
} catch (Exception ex) {
logger.error(ex.getMessage());
}
// Set timeout values
RequestConfig rc = RequestConfig.copy(RequestConfig.DEFAULT).setSocketTimeout(4000).setConnectTimeout(4000).setConnectionRequestTimeout(4000).build();
// BUILDER
// setup builder with parameters defined before
hc = // set the SSL options which trust every self signed
HttpClientBuilder.create().setSSLSocketFactory(sslsf).setDefaultCredentialsProvider(// cert
credp).setDefaultRequestConfig(// set auth options using digest
rc).build();
return hc;
}Example 43
| Project: thredds-master File: HTTPSession.java View source code |
/* Make this externally accessible primarily for testing */
public static synchronized void setGlobalSSLAuth(String keypath, String keypassword, String trustpath, String trustpassword) {
// load the stores if defined
try {
if (trustpath != null && trustpassword != null) {
truststore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream instream = new FileInputStream(new File(trustpath))) {
truststore.load(instream, trustpassword.toCharArray());
}
} else
truststore = null;
if (keypath != null && keypassword != null) {
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream instream = new FileInputStream(new File(keypath))) {
keystore.load(instream, keypassword.toCharArray());
}
} else
keystore = null;
} catch (IOExceptionNoSuchAlgorithmException | CertificateException | KeyStoreException | ex) {
log.error("Illegal -D keystore parameters: " + ex.getMessage());
truststore = null;
keystore = null;
}
try {
// set up the context
SSLContext scxt = null;
if (IGNORECERTS) {
scxt = SSLContext.getInstance("TLS");
TrustManager[] trust_mgr = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String t) {
}
public void checkServerTrusted(X509Certificate[] certs, String t) {
}
} };
// key manager
scxt.init(// key manager
null, // trust manager
trust_mgr, // random number generator
new SecureRandom());
} else {
SSLContextBuilder sslbuilder = SSLContexts.custom();
TrustStrategy strat = new LooseTrustStrategy();
if (truststore != null)
sslbuilder.loadTrustMaterial(truststore, strat);
else
sslbuilder.loadTrustMaterial(strat);
sslbuilder.loadTrustMaterial(truststore, new LooseTrustStrategy());
if (keystore != null)
sslbuilder.loadKeyMaterial(keystore, keypassword.toCharArray());
scxt = sslbuilder.build();
}
globalsslfactory = new SSLConnectionSocketFactory(scxt, new NoopHostnameVerifier());
RegistryBuilder rb = RegistryBuilder.<ConnectionSocketFactory>create();
rb.register("https", globalsslfactory);
sslregistry = rb.build();
} catch (KeyStoreExceptionNoSuchAlgorithmException | KeyManagementException | UnrecoverableEntryException | e) {
log.error("Failed to set key/trust store(s): " + e.getMessage());
sslregistry = null;
globalsslfactory = null;
}
}Example 44
| Project: LiquidDonkey-master File: HttpClientFactory.java View source code |
SSLContext relaxedSSLContext() {
try {
return new SSLContextBuilder().loadTrustMaterial(null, ( chain, authType) -> true).build();
} catch (NoSuchAlgorithmExceptionKeyStoreException | KeyManagementException | ex) {
throw new IllegalStateException("Unable to create relaxed SSL context.");
}
}Example 45
| Project: lightblue-client-master File: SslSocketFactories.java View source code |
/**
* @return A default SSL socket factory that does not connect using an
* authenticated Lightblue certificate, but instead trust's self signed SSL
* certificates.
*/
public static SSLConnectionSocketFactory defaultNoAuthSocketFactory() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
SSLContextBuilder sslCtxBuilder = new SSLContextBuilder();
sslCtxBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
return new SSLConnectionSocketFactory(sslCtxBuilder.build());
}Example 46
| Project: pwm-master File: PwmHttpClient.java View source code |
protected static SSLContext promiscuousSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
return new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(final X509Certificate[] arg0, final String arg1) throws CertificateException {
return true;
}
}).build();
}Example 47
| Project: onos-master File: HttpSBControllerImpl.java View source code |
//FIXME security issue: this trusts every SSL certificate, even if is self-signed. Also deprecated methods.
private CloseableHttpClient getApacheSslBypassClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
return HttpClients.custom().setHostnameVerifier(new AllowAllHostnameVerifier()).setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, ( arg0, arg1) -> true).build()).build();
}