Commit 26a53d96 by adia

bugfix: got SSLPeerUnverifiedException

parent 6842d65e
group 'com.ipgallery.common' group 'com.ipgallery.common'
version '1.3.4' version '1.3.5'
apply plugin: 'java' apply plugin: 'java'
apply plugin: 'maven-publish' apply plugin: 'maven-publish'
...@@ -15,7 +15,7 @@ repositories { ...@@ -15,7 +15,7 @@ repositories {
//or to be able to use one //or to be able to use one
//mavenLocal() //mavenLocal()
maven { url "http://mandubian-mvn.googlecode.com/svn/trunk/mandubian-mvn/repository" } maven { url "http://mandubian-mvn.googlecode.com/svn/trunk/mandubian-mvn/repository" }
maven { url "http://mandubian-mvn.googlecode.com/svn/trunk/mandubian-mvn/repository" } maven { url "http://mandubian-mvn.googlecTrusode.com/svn/trunk/mandubian-mvn/repository" }
maven { url "https://municipalitybank.com:8081/repository/internal" } maven { url "https://municipalitybank.com:8081/repository/internal" }
} }
......
...@@ -15,12 +15,13 @@ import org.apache.http.config.RegistryBuilder; ...@@ -15,12 +15,13 @@ import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig; import org.apache.http.config.SocketConfig;
import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory; import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy; import org.apache.http.conn.ssl.*;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.cookie.Cookie; import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.*; import org.apache.http.impl.client.*;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import javax.net.ssl.SSLContext; import javax.net.ssl.*;
import java.io.*; import java.io.*;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -32,7 +33,6 @@ import java.util.Map; ...@@ -32,7 +33,6 @@ import java.util.Map;
//import javax.ws.rs.core.MediaType; //import javax.ws.rs.core.MediaType;
//import org.apache.http.client.methods.HttpGet; //import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.protocol.BasicHttpContext; import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext; import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder; import org.apache.http.ssl.SSLContextBuilder;
...@@ -82,37 +82,44 @@ public class SimpleHttpClient { ...@@ -82,37 +82,44 @@ public class SimpleHttpClient {
requestTimeout = Integer.valueOf(System.getProperty("SimpleHttpClient." + this.instanceName + ".maxRequestTimeout", DEF_SOCKET_TIMEOUT)); requestTimeout = Integer.valueOf(System.getProperty("SimpleHttpClient." + this.instanceName + ".maxRequestTimeout", DEF_SOCKET_TIMEOUT));
this.requestTimeout = requestTimeout; this.requestTimeout = requestTimeout;
// create an SSL context which trusts any certificate ! // create SSL context with no SSL host/peer/certificate verfifications
// org.apache.http.ssl.SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); SSLContext sslContext = SSLContext.getInstance("TLS");
// sslContextBuilder.loadTrustMaterial(new org.apache.http.conn.ssl.TrustSelfSignedStrategy()); X509TrustManager tm = new X509TrustManager() {
// SSLContext sslContext = sslContextBuilder.build();
// org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
// new SSLConnectionSocketFactory(sslContext, new org.apache.http.conn.ssl.DefaultHostnameVerifier());
org.apache.http.ssl.SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
sslContextBuilder.loadTrustMaterial(new org.apache.http.conn.ssl.TrustSelfSignedStrategy());
//SSLContext sslContext = sslContextBuilder.build();
SSLContext sslContext = SSLContexts
.custom()
//FIXME to contain real trust store
.loadTrustMaterial(new TrustStrategy() {
@Override @Override
public boolean isTrusted(X509Certificate[] chain, public void checkClientTrusted(
String authType) throws CertificateException { java.security.cert.X509Certificate[] chain,
return true; String authType)
throws java.security.cert.CertificateException {
// TODO Auto-generated method stub
} }
})
.build();
org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
new SSLConnectionSocketFactory(sslContext, new org.apache.http.conn.ssl.DefaultHostnameVerifier());
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {
// TODO Auto-generated method stub
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
org.apache.http.conn.ssl.SSLConnectionSocketFactory sslSocketFactory =
new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
// create scheme for http & https // create scheme for http & https
RegistryBuilder<ConnectionSocketFactory> schemeRegistry = RegistryBuilder.create(); RegistryBuilder<ConnectionSocketFactory> schemeRegistry = RegistryBuilder.create();
schemeRegistry.register("http", PlainConnectionSocketFactory.getSocketFactory()); schemeRegistry.register("http", PlainConnectionSocketFactory.getSocketFactory());
SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext); SSLConnectionSocketFactory sf = new SSLConnectionSocketFactory(sslContext);
schemeRegistry.register("https", sf); schemeRegistry.register("https", /*sf*/sslSocketFactory);
// create connection pool manager // create connection pool manager
PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(schemeRegistry.build()); PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(schemeRegistry.build());
...@@ -122,6 +129,7 @@ public class SimpleHttpClient { ...@@ -122,6 +129,7 @@ public class SimpleHttpClient {
// create the http client // create the http client
HttpClientBuilder httpClientBuilder = HttpClients.custom() HttpClientBuilder httpClientBuilder = HttpClients.custom()
.setSSLHostnameVerifier(new NoopHostnameVerifier())
.setSSLSocketFactory(sslSocketFactory) .setSSLSocketFactory(sslSocketFactory)
.setConnectionManager(pool); .setConnectionManager(pool);
httpClient = httpClientBuilder.build(); httpClient = httpClientBuilder.build();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment