Java Code Examples for org.apache.http.conn.ssl.NoopHostnameVerifier#INSTANCE
The following examples show how to use
org.apache.http.conn.ssl.NoopHostnameVerifier#INSTANCE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: HttpClientSteps.java From yaks with Apache License 2.0 | 6 votes |
|
/**
* Get secure http client implementation with trust all strategy and noop host name verifier.
* @return
*/
private org.apache.http.client.HttpClient sslClient() {
try {
SSLContext sslcontext = SSLContexts
.custom()
.loadTrustMaterial(TrustAllStrategy.INSTANCE)
.build();
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
sslcontext, NoopHostnameVerifier.INSTANCE);
return HttpClients
.custom()
.setSSLSocketFactory(sslSocketFactory)
.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
.build();
} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
throw new CitrusRuntimeException("Failed to create http client for ssl connection", e);
}
}
Example 2
| Source File: HttpClientBuilder.java From jkube with Eclipse Public License 2.0 | 6 votes |
|
private static Registry<ConnectionSocketFactory> getSslFactoryRegistry(String certPath) throws IOException {
try
{
KeyStore keyStore = KeyStoreUtil.createDockerKeyStore(certPath);
SSLContext sslContext =
SSLContexts.custom()
.setProtocol(SSLConnectionSocketFactory.TLS)
.loadKeyMaterial(keyStore, "docker".toCharArray())
.loadTrustMaterial(keyStore, null)
.build();
String tlsVerify = System.getenv("DOCKER_TLS_VERIFY");
SSLConnectionSocketFactory sslsf =
tlsVerify != null && !tlsVerify.equals("0") && !tlsVerify.equals("false") ?
new SSLConnectionSocketFactory(sslContext) :
new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
return RegistryBuilder.<ConnectionSocketFactory> create().register("https", sslsf).build();
}
catch (GeneralSecurityException e) {
// this isn't ideal but the net effect is the same
throw new IOException(e);
}
}
Example 3
| Source File: HttpUtils.java From cms with Apache License 2.0 | 6 votes |
|
/**
* 创建SSL安全连接
*
* @return
*/
private static SSLConnectionSocketFactory createSSLSocketFactory() {
try {
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true;
}
}).build();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext,
NoopHostnameVerifier.INSTANCE);
// new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1"}, null, NoopHostnameVerifier.INSTANCE);
return socketFactory;
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
throw new IllegalStateException("Unexpected exception while building the certificate-ignoring SSLContext.",
e);
}
}
Example 4
| Source File: TemplateManagerImpl.java From peer-os with Apache License 2.0 | 6 votes |
|
CloseableHttpClient getHttpsClient()
{
try
{
RequestConfig config = RequestConfig.custom().setSocketTimeout( 5000 ).setConnectTimeout( 5000 ).build();
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial( null, ( TrustStrategy ) ( x509Certificates, s ) -> true );
SSLConnectionSocketFactory sslSocketFactory =
new SSLConnectionSocketFactory( sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE );
return HttpClients.custom().setDefaultRequestConfig( config ).setSSLSocketFactory( sslSocketFactory )
.build();
}
catch ( Exception e )
{
LOG.error( e.getMessage() );
}
return HttpClients.createDefault();
}
Example 5
| Source File: DownloadServlet.java From apicurio-studio with Apache License 2.0 | 6 votes |
|
@PostConstruct
protected void postConstruct() {
try {
if (uiConfig.isDisableHubApiTrustManager()) {
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
} else {
httpClient = HttpClients.createSystem();
}
} catch (Exception e) {
logger.error("Error creating HTTP client.", e);
throw new RuntimeException(e);
}
}
Example 6
| Source File: ServerHttpsRequestIntegrationTests.java From java-technology-stack with MIT License | 6 votes |
|
@Before
public void setup() throws Exception {
this.server.setHandler(new CheckRequestHandler());
this.server.afterPropertiesSet();
this.server.start();
// Set dynamically chosen port
this.port = this.server.getPort();
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(new TrustSelfSignedStrategy());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
builder.build(), NoopHostnameVerifier.INSTANCE);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(
socketFactory).build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory(httpclient);
this.restTemplate = new RestTemplate(requestFactory);
}
Example 7
| Source File: HttpEventPublisher.java From DataflowTemplates with Apache License 2.0 | 6 votes |
|
/**
* Utility method to create a {@link CloseableHttpClient} to make http POSTs against Splunk's
* HEC.
*
* @param maxConnections max number of parallel connections.
* @param disableCertificateValidation should disable certificate validation.
*/
private CloseableHttpClient getHttpClient(
int maxConnections, boolean disableCertificateValidation)
throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
HttpClientBuilder builder = ApacheHttpTransport.newDefaultHttpClientBuilder();
if (genericUrl().getScheme().equalsIgnoreCase(HTTPS_PROTOCOL_PREFIX)) {
LOG.info("SSL connection requested");
HostnameVerifier hostnameVerifier =
disableCertificateValidation
? NoopHostnameVerifier.INSTANCE
: new DefaultHostnameVerifier();
SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
if (disableCertificateValidation) {
LOG.info("Certificate validation is disabled");
sslContextBuilder.loadTrustMaterial((TrustStrategy) (chain, authType) -> true);
}
SSLConnectionSocketFactory connectionSocketFactory =
new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier);
builder.setSSLSocketFactory(connectionSocketFactory);
}
builder.setMaxConnTotal(maxConnections);
builder.setDefaultRequestConfig(
RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build());
return builder.build();
}
Example 8
| Source File: KeycloakLinkedAccountsProvider.java From apicurio-studio with Apache License 2.0 | 5 votes |
|
@PostConstruct
protected void postConstruct() {
try {
if (config.isDisableKeycloakTrustManager()) {
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
} else {
httpClient = HttpClients.createSystem();
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example 9
| Source File: SettingsBasedSSLConfigurator.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private HostnameVerifier getHostnameVerifier() {
if (isHostnameVerificationEnabled()) {
return new DefaultHostnameVerifier();
} else {
return NoopHostnameVerifier.INSTANCE;
}
}
Example 10
| Source File: BurpClientIT.java From burp-rest-api with BSD 2-Clause "Simplified" License | 5 votes |
|
private void sendRequestThruProxy() throws IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext;
sslContext = SSLContexts.custom().loadTrustMaterial((chain, authType) -> true).build();
SSLConnectionSocketFactory sslConnectionSocketFactory =
new SSLConnectionSocketFactory(sslContext, new String[]
{"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}, null,
NoopHostnameVerifier.INSTANCE);
try (CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.build()) {
HttpHost target = new HttpHost(BurpClientIT.TARGET_HOST);
HttpHost proxy = new HttpHost(PROXY_HOST, PROXY_PORT, PROXY_SCHEME);
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet("/");
request.setConfig(config);
log.info("Executing request {} to {} via {} proxy", request.getRequestLine(),
target.toString(), proxy.toString());
httpClient.execute(target, request);
}
}
Example 11
| Source File: HttpPoolClient.java From seezoon-framework-all with Apache License 2.0 | 5 votes |
|
public HttpClientConnectionManager createHttpClientConnectionManager() {
SSLContext sslContext = null;
try {
sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return false;
}
}).build();
} catch (Exception e) {
throw new RuntimeException(e);
}
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext,
NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory)
.build();
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(
socketFactoryRegistry);
// 最大连接数
poolingHttpClientConnectionManager.setMaxTotal(httpClientConfig.getMaxTotal());
// 单个站点最大连接数
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(httpClientConfig.getMaxPerRoute());
// 长连接
poolingHttpClientConnectionManager.setDefaultSocketConfig(
SocketConfig.custom().setSoTimeout(httpClientConfig.getSocketTimeout()).setSoKeepAlive(true).build());
// 连接不活跃多久检查毫秒 并不是100 % 可信
poolingHttpClientConnectionManager.setValidateAfterInactivity(httpClientConfig.getValidateAfterInactivity());
// 空闲扫描线程
HttpClientIdleConnectionMonitor.registerConnectionManager(poolingHttpClientConnectionManager, httpClientConfig);
return poolingHttpClientConnectionManager;
}
Example 12
| Source File: IndexerSingleton.java From scava with Eclipse Public License 2.0 | 5 votes |
|
private boolean createClientDocker()
{
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("admin", "admin"));
TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
SSLContext sslContext;
try {
sslContext = SSLContexts.custom().loadTrustMaterial(trustStrategy).build();
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
RestClientBuilder restClientBuilder = createRestClientBuilder(hostname, scheme);
restClientBuilder.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
httpClientBuilder.setSSLContext(sslContext).setSSLHostnameVerifier(hostnameVerifier).build();
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
return httpClientBuilder;
}
});
return createHighLevelClient(restClientBuilder);
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
logger.error("Error while creating secure connection to ElasticSearch: ", e);
}
return false;
}
Example 13
| Source File: ElasticSearchClient.java From scava with Eclipse Public License 2.0 | 5 votes |
|
private boolean createClientDocker()
{
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("admin", "admin"));
TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
SSLContext sslContext;
try {
sslContext = SSLContexts.custom().loadTrustMaterial(trustStrategy).build();
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
RestClientBuilder restClientBuilder = createRestClientBuilder(hostname, scheme);
restClientBuilder.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
httpClientBuilder.setSSLContext(sslContext).setSSLHostnameVerifier(hostnameVerifier).build();
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
return httpClientBuilder;
}
});
return createHighLevelClient(restClientBuilder);
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
logger.error("Error while creating secure connection to ElasticSearch: ", e);
}
return false;
}
Example 14
| Source File: HttpClient.java From utils with Apache License 2.0 | 4 votes |
|
protected HttpClient() {
proxies = new ArrayList<HttpHost>();
HttpClientBuilder builder = HttpClientBuilder.create();
SSLContext sslContext;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
}).build();
} catch (Exception e) {
e.printStackTrace(System.err);
System.exit(0);
return;
}
builder.setSSLContext(sslContext);
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslSocketFactory)
.build();
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
connMgr.setMaxTotal(500);
connMgr.setDefaultMaxPerRoute(connMgr.getMaxTotal());
builder.setConnectionManager(connMgr);
config = RequestConfig.custom()
.setCookieSpec(CookieSpecs.DEFAULT)
.build();
builder.setDefaultRequestConfig(config);
cookieStore = new BasicCookieStore();
builder.setDefaultCookieStore(cookieStore);
client = builder.build();
connectTimeout = DEFAULT_CONNECTION_TIMEOUT;
soTimeout = DEFAULT_SO_TIMEOUT;
}
Example 15
| Source File: SkipVerifyDockerCertificatesStore.java From hazelcast-docker-swarm-discovery-spi with Apache License 2.0 | 4 votes |
|
@Override
public HostnameVerifier hostnameVerifier() {
return NoopHostnameVerifier.INSTANCE;
}
Example 16
| Source File: HttpClientUtils.java From ais-sdk with Apache License 2.0 | 4 votes |
|
public static CloseableHttpClient acceptsUntrustedCertsHttpClient(boolean withProxy, ProxyHostInfo hostInfo, int connectionTimeout, int connectionRequestTimeout, int socketTimeout)
throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClientBuilder b = HttpClientBuilder.create();
/**
* set http proxy
*/
b.setDefaultRequestConfig(
RequestConfig.custom().setConnectTimeout(connectionTimeout).setConnectionRequestTimeout(connectionRequestTimeout).setSocketTimeout(socketTimeout).build()
);
if(withProxy){
HttpHost proxy=new HttpHost(hostInfo.getHostName(),hostInfo.getPort());
b.setProxy(proxy);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(proxy.getHostName(), proxy.getPort()),
new UsernamePasswordCredentials(hostInfo.getUserName(), hostInfo.getPassword()));
b.setDefaultCredentialsProvider(credsProvider);
}
SSLContext sslContext = new SSLContextBuilder().useProtocol("TLSv1.2").loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}).build();
b.setSSLContext(sslContext);
b.setConnectionTimeToLive(180, TimeUnit.SECONDS);
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory)
.build();
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
connMgr.setMaxTotal(200);
connMgr.setDefaultMaxPerRoute(100);
b.setConnectionManager(connMgr);
CloseableHttpClient client = b.build();
return client;
}
Example 17
| Source File: HttpClientRestClient.java From pardot-java-client with MIT License | 4 votes |
|
/**
* Initialization method. This takes in the configuration and sets up the underlying
* http client appropriately.
* @param configuration The user defined configuration.
*/
@Override
public void init(final Configuration configuration) {
// Save reference to configuration
this.configuration = configuration;
// Load RequestMutator instance from configuration.
requestInterceptor = configuration.getRequestInterceptor();
// Create default SSLContext
final SSLContext sslcontext = SSLContexts.createDefault();
// Initialize ssl context with configured key and trust managers.
try {
sslcontext.init(new KeyManager[0], getTrustManagers(), new SecureRandom());
} catch (final KeyManagementException exception) {
throw new RuntimeException(exception.getMessage(), exception);
}
// Create hostname verifier instance.
final HostnameVerifier hostnameVerifier;
// Emit an warning letting everyone know we're using an insecure configuration.
if (configuration.getIgnoreInvalidSslCertificates()) {
logger.warn("Using insecure configuration, skipping server-side certificate validation checks.");
// If we're configured to ignore invalid certificates, use the Noop verifier.
hostnameVerifier = NoopHostnameVerifier.INSTANCE;
} else {
// Use default implementation
hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
}
// Allow TLSv1_1 and TLSv1_2 protocols
final LayeredConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
new String[] { "TLSv1.1", "TLSv1.2" },
null,
hostnameVerifier
);
// Setup client builder
final HttpClientBuilder clientBuilder = HttpClientBuilder.create();
clientBuilder
// Pardot disconnects requests after 120 seconds.
.setConnectionTimeToLive(130, TimeUnit.SECONDS)
.setSSLSocketFactory(sslsf);
// Define our RequestConfigBuilder
final RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
// If we have a configured proxy host
if (configuration.getProxyHost() != null) {
// Define proxy host
final HttpHost proxyHost = new HttpHost(
configuration.getProxyHost(),
configuration.getProxyPort(),
configuration.getProxyScheme()
);
// If we have proxy auth enabled
if (configuration.getProxyUsername() != null) {
// Create credential provider
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
new AuthScope(configuration.getProxyHost(), configuration.getProxyPort()),
new UsernamePasswordCredentials(configuration.getProxyUsername(), configuration.getProxyPassword())
);
// Attach Credentials provider to client builder.
clientBuilder.setDefaultCredentialsProvider(credsProvider);
}
// Attach Proxy to request config builder
requestConfigBuilder.setProxy(proxyHost);
}
// Attach default request config
clientBuilder.setDefaultRequestConfig(requestConfigBuilder.build());
// build http client
httpClient = clientBuilder.build();
}
Example 18
| Source File: ClientConfig.java From spring-ws with MIT License | 4 votes |
|
public SSLConnectionSocketFactory sslConnectionSocketFactory() throws Exception {
// NoopHostnameVerifier essentially turns hostname verification off as otherwise following error
// is thrown: java.security.cert.CertificateException: No name matching localhost found
return new SSLConnectionSocketFactory(sslContext(), NoopHostnameVerifier.INSTANCE);
}
Example 19
| Source File: ClientConfig.java From spring-ws with MIT License | 4 votes |
|
public SSLConnectionSocketFactory sslConnectionSocketFactory() throws Exception {
// NoopHostnameVerifier essentially turns hostname verification off as otherwise following error
// is thrown: java.security.cert.CertificateException: No name matching localhost found
return new SSLConnectionSocketFactory(sslContext(), NoopHostnameVerifier.INSTANCE);
}
Example 20
| Source File: HttpClient.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
private final HttpAsyncClientBuilder asyncClientBuilder(HttpAsyncClientBuilder httpClientBuilder)
throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException {
// basic auth
// pki auth
if (ssl) {
final SSLContextBuilder sslContextBuilder = SSLContexts.custom();
if (log.isTraceEnabled()) {
log.trace("Configure HTTP client with SSL");
}
if (trustStore != null) {
sslContextBuilder.loadTrustMaterial(trustStore, null);
}
if (keystore != null) {
sslContextBuilder.loadKeyMaterial(keystore, keyPassword, new PrivateKeyStrategy() {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
if(aliases == null || aliases.isEmpty()) {
return keystoreAlias;
}
if(keystoreAlias == null || keystoreAlias.isEmpty()) {
return aliases.keySet().iterator().next();
}
return keystoreAlias; }
});
}
final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE;
final SSLContext sslContext = sslContextBuilder.build();
httpClientBuilder.setSSLStrategy(new SSLIOSessionStrategy(
sslContext,
supportedProtocols,
supportedCipherSuites,
hnv
));
}
if (basicCredentials != null) {
httpClientBuilder.setDefaultHeaders(Lists.newArrayList(new BasicHeader(HttpHeaders.AUTHORIZATION, "Basic " + basicCredentials)));
}
// TODO: set a timeout until we have a proper way to deal with back pressure
int timeout = 5;
RequestConfig config = RequestConfig.custom()
.setConnectTimeout(timeout * 1000)
.setConnectionRequestTimeout(timeout * 1000)
.setSocketTimeout(timeout * 1000).build();
httpClientBuilder.setDefaultRequestConfig(config);
return httpClientBuilder;
}
