Skip to content

Instantly share code, notes, and snippets.

@lokori

lokori/VeryInsecureHTTPSJava.java

Created December 13, 2017 19:36
Show Gist options
  • Save lokori/cc94d1b0d680f063b63f00f9874b3eb0 to your computer and use it in GitHub Desktop.
Save lokori/cc94d1b0d680f063b63f00f9874b3eb0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
VeryInsecureHTTPSJava.java
import javax.net.ssl.*;
import java.security.GeneralSecurityException;
/**
* Vain kehityskäyttöön. Mahdollistaa https://localhost yhteydet ohittamalla Javan SSL turvamekanismit.
* <p>
* <ul>
* <li>http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate</li>
* <li>http://stackoverflow.com/questions/859111/how-do-i-accept-a-self-signed-certificate-with-a-java-httpsurlconnection</li>
* <li>http://stackoverflow.com/questions/2290570/pkix-path-building-failed-while-making-ssl-connection</li>
* </ul>
* @author anttivi
*/
public class DevelopmentSSLAuthUtil {
public static final class SSLAuthConfig {
private final HostnameVerifier hostNameVerifier;
private final SSLSocketFactory socketFactory;
public SSLAuthConfig(HostnameVerifier hostNameVerifier, SSLSocketFactory socketFactory) {
this.hostNameVerifier = hostNameVerifier;
this.socketFactory = socketFactory;
}
public HostnameVerifier getHostNameVerifier() {
return hostNameVerifier;
}
public SSLSocketFactory getSocketFactory() {
return socketFactory;
}
}
private static SSLAuthConfig getCurrentSSLConfig() {
return new SSLAuthConfig(HttpsURLConnection.getDefaultHostnameVerifier(),
HttpsURLConnection.getDefaultSSLSocketFactory());
}
private static SSLAuthConfig createUntrustedSSLConfiguration(HostnameVerifier verifier) throws GeneralSecurityException {
return new SSLAuthConfig(verifier, createUntrustedSocketFactory());
}
private static SSLAuthConfig swapSSLConfig(SSLAuthConfig newConfiguration) {
SSLAuthConfig oldConfig = getCurrentSSLConfig();
HttpsURLConnection.setDefaultHostnameVerifier(newConfiguration.getHostNameVerifier());
HttpsURLConnection.setDefaultSSLSocketFactory(newConfiguration.getSocketFactory());
return oldConfig;
}
public static SSLAuthConfig enableUntrustedSSLForLocalhostOnly() throws GeneralSecurityException {
return swapSSLConfig(createUntrustedSSLConfiguration(LOCALHOST_VERIFIER));
}
public static SSLAuthConfig enableUntrustedSSL() throws GeneralSecurityException {
return swapSSLConfig(createUntrustedSSLConfiguration(GLOBAL_VERIFIER));
}
//for localhost testing only
private static final HostnameVerifier LOCALHOST_VERIFIER = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession sslSession) {
if (hostname.equals("localhost")) {
return true;
}
return false;
}
};
private static final HostnameVerifier GLOBAL_VERIFIER = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession sslSession) {
return true;
}
};
// Create a trust manager that does not validate certificate chains
private static final TrustManager UNTRUST_MANAGER = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
};
private static SSLSocketFactory createUntrustedSocketFactory() throws GeneralSecurityException {
TrustManager[] trustAllCerts = new TrustManager[] { UNTRUST_MANAGER };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
return sc.getSocketFactory();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment