SSLErrorPreventer.java

/**
 * Copyright (c) 2015 unfoldingWord
 * http://creativecommons.org/licenses/MIT/
 * See LICENSE file for details.
 * Contributors:
 * PJ Fechner <pj@actsmedia.com>
 */

package utils;


import org.apache.http.conn.ssl.SSLSocketFactory;

import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;



/**
 * This is a helper class that extends <b>SSLSocketFactory</b> and needed to
 * prevent the <i>SSLPeerUnverifiedException</i> which is caused by a
 * non-trusted SSL certificate.
 */
public class SSLErrorPreventer extends SSLSocketFactory {
	SSLContext sslContext = SSLContext.getInstance("TLS");

	public SSLErrorPreventer(KeyStore truststore)
			throws NoSuchAlgorithmException, KeyManagementException,
			KeyStoreException, UnrecoverableKeyException {
		super(truststore);

		TrustManager tm = new X509TrustManager() {

			public X509Certificate[] getAcceptedIssuers() {
				return null;
			}

			@Override
			public void checkClientTrusted(X509Certificate[] chain,
					String authType) throws CertificateException {

			}

			@Override
			public void checkServerTrusted(X509Certificate[] chain,
					String authType) throws CertificateException {

			}
		};

		sslContext.init(null, new TrustManager[] { tm }, null);
	}

	public SSLErrorPreventer(SSLContext context) throws KeyManagementException,
			NoSuchAlgorithmException, KeyStoreException,
			UnrecoverableKeyException {
		super(null);
		sslContext = context;
	}

	@Override
	public Socket createSocket(Socket socket, String host, int port,
			boolean autoClose) throws IOException {
		return sslContext.getSocketFactory().createSocket(socket, host, port,
				autoClose);
	}

	@Override
	public Socket createSocket() throws IOException {
		return sslContext.getSocketFactory().createSocket();
	}
	
	/**
	 * Configures a HttpClient to accept all SSL certificates
	 * 
	 * @param client
	 *            the instance of HttpClient to configure
	 * @return a DefaultHttpClient that accepts all SSL certificates. Parameters
	 *         which were previously applied do persist.
	 */
//	public static HttpClient setAcceptAllSSL(HttpClient client) {
//		try {
//			X509TrustManager tm = new X509TrustManager() {
//				public void checkClientTrusted(X509Certificate[] xcs,
//						String string) throws CertificateException {
//				}
//
//				public void checkServerTrusted(X509Certificate[] xcs,
//						String string) throws CertificateException {
//				}
//
//				public X509Certificate[] getAcceptedIssuers() {
//					return null;
//				}
//			};
//			SSLContext ctx = SSLContext.getInstance("TLS");
//			ctx.init(null, new TrustManager[] { tm }, null);
//			SSLSocketFactory ssf = new SSLErrorPreventer(ctx);
//			ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
//			ClientConnectionManager ccm = client.getConnectionManager();
//			SchemeRegistry sr = ccm.getSchemeRegistry();
//			sr.register(new Scheme("https", ssf, 443));
//			return new DefaultHttpClient(ccm, client.getParams());
//		} catch (Exception ex) {
//			return null;
//		}
//	}
}