Created
February 6, 2012 13:15
-
-
Save jabbrwcky/1751986 to your computer and use it in GitHub Desktop.
A sample how to configure Apache HTTPClient (4.+) to accept SSL connections *without* certificate and hostname validation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package net.hausherr.sample; | |
| import org.apache.http.client.CookieStore; | |
| import org.apache.http.conn.routing.HttpRoute; | |
| import org.apache.http.conn.routing.HttpRoutePlanner; | |
| import org.apache.http.conn.scheme.PlainSocketFactory; | |
| import org.apache.http.conn.scheme.Scheme; | |
| import org.apache.http.conn.scheme.SchemeRegistry; | |
| import org.apache.http.conn.ssl.SSLSocketFactory; | |
| import org.apache.http.conn.ssl.TrustStrategy; | |
| import org.apache.http.cookie.Cookie; | |
| import org.apache.http.entity.StringEntity; | |
| import org.apache.http.impl.client.BasicCookieStore; | |
| import org.apache.http.impl.client.DefaultHttpClient; | |
| import org.apache.http.protocol.HttpContext; | |
| import java.security.cert.CertificateException; | |
| import java.security.cert.X509Certificate; | |
| import org.apache.log4j.Logger; | |
| /** | |
| * <p>Sample factory for building a HttpClient that configures a HttpClient | |
| * instance to store cookies and to accept SSLcertificates without HostName validation.</p> | |
| * <p>You obviously should not use this class in production, but it may come handy when | |
| * developing with internal Servers using self-signed certificates.</p> | |
| */ | |
| public class InsecureHttpClientFactory { | |
| protected Logger log = Logger.getLogger(this.getClass()); | |
| public DefaultHttpClient build HttpClient() { | |
| hc = new DefaultHttpClient(); | |
| configureProxy(); | |
| configureCookieStore(); | |
| configureSSLHandling(); | |
| return hc; | |
| } | |
| private void configureProxy() { | |
| HttpHost proxy = new HttpHost("proxy.example.org", 3182); | |
| hc.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); | |
| } | |
| private void configureCookieStore() { | |
| CookieStore cStore = new BasicCookieStore(); | |
| hc.setCookieStore(cStore); | |
| } | |
| private void configureSSLHandling() { | |
| Scheme http = new Scheme("http", 80, PlainSocketFactory.getSocketFactory()); | |
| SSLSocketFactory sf = buildSSLSocketFactory(); | |
| Scheme https = new Scheme("https", 443, sf); | |
| SchemeRegistry sr = hc.getConnectionManager().getSchemeRegistry(); | |
| sr.register(http); | |
| sr.register(https); | |
| } | |
| private SSLSocketFactory buildSSLSocketFactory() { | |
| TrustStrategy ts = new TrustStrategy() { | |
| @Override | |
| public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { | |
| return true; // heck yea! | |
| } | |
| }; | |
| SSLSocketFactory sf = null; | |
| try { | |
| /* build socket factory with hostname verification turned off. */ | |
| sf = new SSLSocketFactory(ts, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); | |
| } catch (NoSuchAlgorithmException e) { | |
| log.error("Failed to initialize SSL handling.", e); | |
| } catch (KeyManagementException e) { | |
| log.error("Failed to initialize SSL handling.", e); | |
| } catch (KeyStoreException e) { | |
| log.error("Failed to initialize SSL handling.", e); | |
| } catch (UnrecoverableKeyException e) { | |
| log.error("Failed to initialize SSL handling.", e); | |
| } | |
| return sf; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
insecure because this not the recommended way to skip certificates for production environment. this is good for development and testing environments.