bugfix: got SSLPeerUnverifiedException

26a53d96 · adia · 6842d65e · 26a53d96 · 26a53d96
Commit 26a53d96 authored May 05, 2020 by adia
Showing with 37 additions and 29 deletions
build.gradle
src/main/java/http/simpleHttpClient/SimpleHttpClient.java
--- a/build.gradle
+++ b/build.gradle
 group 'com.ipgallery.common'
-version '1.3.4'
+version '1.3.5'

 apply plugin: 'java'
 apply plugin: 'maven-publish'
@@ -15,7 +15,7 @@ repositories {
    //or to be able to use one
    //mavenLocal()
    maven { url "http://mandubian-mvn.googlecode.com/svn/trunk/mandubian-mvn/repository" }
-    maven { url "http://mandubian-mvn.googlecode.com/svn/trunk/mandubian-mvn/repository" }
+    maven { url "http://mandubian-mvn.googlecTrusode.com/svn/trunk/mandubian-mvn/repository" }
    maven { url "https://municipalitybank.com:8081/repository/internal" }
 }


--- a/src/main/java/http/simpleHttpClient/SimpleHttpClient.java
+++ b/src/main/java/http/simpleHttpClient/SimpleHttpClient.java
@@ -15,12 +15,13 @@ import org.apache.http.config.RegistryBuilder;
 import org.apache.http.config.SocketConfig;
 import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.conn.ssl.*;
+import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.cookie.Cookie;
 import org.apache.http.impl.client.*;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

-import javax.net.ssl.SSLContext;
+import javax.net.ssl.*;
 import java.io.*;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -32,7 +33,6 @@ import java.util.Map;
 //import javax.ws.rs.core.MediaType;
 //import org.apache.http.client.methods.HttpGet;

-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.protocol.BasicHttpContext;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.ssl.SSLContextBuilder;
@@ -82,37 +82,44 @@ public class SimpleHttpClient {
 				requestTimeout = Integer.valueOf(System.getProperty("SimpleHttpClient." + this.instanceName + ".maxRequestTimeout", DEF_SOCKET_TIMEOUT));
 			this.requestTimeout = requestTimeout;

-			// create an SSL context which trusts any certificate !
-//			org.apache.http.ssl.SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
-//			sslContextBuilder.loadTrustMaterial(new org.apache.http.conn.ssl.TrustSelfSignedStrategy());
-//			SSLContext sslContext = sslContextBuilder.build();
-//			org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
-//					new SSLConnectionSocketFactory(sslContext, new org.apache.http.conn.ssl.DefaultHostnameVerifier());
-
-			org.apache.http.ssl.SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
-			sslContextBuilder.loadTrustMaterial(new org.apache.http.conn.ssl.TrustSelfSignedStrategy());
-			//SSLContext sslContext = sslContextBuilder.build();
-			SSLContext sslContext = SSLContexts
-					.custom()
-					//FIXME to contain real trust store
-					.loadTrustMaterial(new TrustStrategy() {
-						@Override
-						public boolean isTrusted(X509Certificate[] chain,
-												 String authType) throws CertificateException {
-							return true;
-						}
-					})
-					.build();
-			org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
-					new SSLConnectionSocketFactory(sslContext, new org.apache.http.conn.ssl.DefaultHostnameVerifier());
+			// create SSL context with no SSL host/peer/certificate verfifications
+			SSLContext sslContext = SSLContext.getInstance("TLS");
+			X509TrustManager tm = new X509TrustManager() {
+
+				@Override
+				public void checkClientTrusted(
+						java.security.cert.X509Certificate[] chain,
+						String authType)
+						throws java.security.cert.CertificateException {
+					// TODO Auto-generated method stub
+
+				}

+				@Override
+				public void checkServerTrusted(
+						java.security.cert.X509Certificate[] chain,
+						String authType)
+						throws java.security.cert.CertificateException {
+					// TODO Auto-generated method stub

+				}
+
+				@Override
+				public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+					// TODO Auto-generated method stub
+					return null;
+				}
+			};
+			sslContext.init(null, new TrustManager[] { tm }, null);
+
+			org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
+					new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

 			// create scheme for http & https
 			RegistryBuilder<ConnectionSocketFactory> schemeRegistry = RegistryBuilder.create();
 			schemeRegistry.register("http", PlainConnectionSocketFactory.getSocketFactory());
 			SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext);
-			schemeRegistry.register("https", sf);
+			schemeRegistry.register("https", /*sf*/sslSocketFactory);

 			// create connection pool manager
 			PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(schemeRegistry.build());
@@ -122,6 +129,7 @@ public class SimpleHttpClient {

 			// create the http client
 			HttpClientBuilder httpClientBuilder = HttpClients.custom()
+					.setSSLHostnameVerifier(new NoopHostnameVerifier())
 					.setSSLSocketFactory(sslSocketFactory)
 					.setConnectionManager(pool);
 			httpClient = httpClientBuilder.build();