Skip to content

Instantly share code, notes, and snippets.

@jabbrwcky
Created February 6, 2012 13:15
Show Gist options
  • Save jabbrwcky/1751986 to your computer and use it in GitHub Desktop.
Save jabbrwcky/1751986 to your computer and use it in GitHub Desktop.
A sample how to configure Apache HTTPClient (4.+) to accept SSL connections *without* certificate and hostname validation
package net.hausherr.sample;
import org.apache.http.client.CookieStore;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.routing.HttpRoutePlanner;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.cookie.Cookie;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.HttpContext;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.log4j.Logger;
/**
* <p>Sample factory for building a HttpClient that configures a HttpClient
* instance to store cookies and to accept SSLcertificates without HostName validation.</p>
* <p>You obviously should not use this class in production, but it may come handy when
* developing with internal Servers using self-signed certificates.</p>
*/
public class InsecureHttpClientFactory {
protected Logger log = Logger.getLogger(this.getClass());
public DefaultHttpClient build HttpClient() {
hc = new DefaultHttpClient();
configureProxy();
configureCookieStore();
configureSSLHandling();
return hc;
}
private void configureProxy() {
HttpHost proxy = new HttpHost("proxy.example.org", 3182);
hc.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
}
private void configureCookieStore() {
CookieStore cStore = new BasicCookieStore();
hc.setCookieStore(cStore);
}
private void configureSSLHandling() {
Scheme http = new Scheme("http", 80, PlainSocketFactory.getSocketFactory());
SSLSocketFactory sf = buildSSLSocketFactory();
Scheme https = new Scheme("https", 443, sf);
SchemeRegistry sr = hc.getConnectionManager().getSchemeRegistry();
sr.register(http);
sr.register(https);
}
private SSLSocketFactory buildSSLSocketFactory() {
TrustStrategy ts = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true; // heck yea!
}
};
SSLSocketFactory sf = null;
try {
/* build socket factory with hostname verification turned off. */
sf = new SSLSocketFactory(ts, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
} catch (NoSuchAlgorithmException e) {
log.error("Failed to initialize SSL handling.", e);
} catch (KeyManagementException e) {
log.error("Failed to initialize SSL handling.", e);
} catch (KeyStoreException e) {
log.error("Failed to initialize SSL handling.", e);
} catch (UnrecoverableKeyException e) {
log.error("Failed to initialize SSL handling.", e);
}
return sf;
}
}
@allanruin
Copy link

why the file is named InsecureHttpClient.java while you are defining InsecureHttpClientFactory ?

@ajaykoonuru
Copy link

insecure because this not the recommended way to skip certificates for production environment. this is good for development and testing environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment