Skip to content

Instantly share code, notes, and snippets.

@jabbrwcky
Created February 6, 2012 13:15
Show Gist options
  • Save jabbrwcky/1751986 to your computer and use it in GitHub Desktop.
Save jabbrwcky/1751986 to your computer and use it in GitHub Desktop.
A sample how to configure Apache HTTPClient (4.+) to accept SSL connections *without* certificate and hostname validation
package net.hausherr.sample;
import org.apache.http.client.CookieStore;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.routing.HttpRoutePlanner;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.cookie.Cookie;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.HttpContext;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.log4j.Logger;
/**
* <p>Sample factory for building a HttpClient that configures a HttpClient
* instance to store cookies and to accept SSLcertificates without HostName validation.</p>
* <p>You obviously should not use this class in production, but it may come handy when
* developing with internal Servers using self-signed certificates.</p>
*/
public class InsecureHttpClientFactory {
protected Logger log = Logger.getLogger(this.getClass());
public DefaultHttpClient build HttpClient() {
hc = new DefaultHttpClient();
configureProxy();
configureCookieStore();
configureSSLHandling();
return hc;
}
private void configureProxy() {
HttpHost proxy = new HttpHost("proxy.example.org", 3182);
hc.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
}
private void configureCookieStore() {
CookieStore cStore = new BasicCookieStore();
hc.setCookieStore(cStore);
}
private void configureSSLHandling() {
Scheme http = new Scheme("http", 80, PlainSocketFactory.getSocketFactory());
SSLSocketFactory sf = buildSSLSocketFactory();
Scheme https = new Scheme("https", 443, sf);
SchemeRegistry sr = hc.getConnectionManager().getSchemeRegistry();
sr.register(http);
sr.register(https);
}
private SSLSocketFactory buildSSLSocketFactory() {
TrustStrategy ts = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true; // heck yea!
}
};
SSLSocketFactory sf = null;
try {
/* build socket factory with hostname verification turned off. */
sf = new SSLSocketFactory(ts, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
} catch (NoSuchAlgorithmException e) {
log.error("Failed to initialize SSL handling.", e);
} catch (KeyManagementException e) {
log.error("Failed to initialize SSL handling.", e);
} catch (KeyStoreException e) {
log.error("Failed to initialize SSL handling.", e);
} catch (UnrecoverableKeyException e) {
log.error("Failed to initialize SSL handling.", e);
}
return sf;
}
}
@jabbrwcky
Copy link
Author

I added a simple proxy configuration sample.

By the way, the documentation and tutorial at the HttpClient website is an extremly valuable resource. I usually find a solution to a particular problem by looking there. This gist is mostly a combination of multiple snippets found there.

@eugenp
Copy link

eugenp commented Nov 23, 2013

Looks good - however most of these classes have been deprecated in 4.3.x - so the example is a bit out of date.
Cheers,
Eugen.

@herau
Copy link

herau commented Mar 17, 2014

+1 @eugenp. @jabbrwcky do you work on a 4.3.x example ?

@allanruin
Copy link

why the file is named InsecureHttpClient.java while you are defining InsecureHttpClientFactory ?

@ajaykoonuru
Copy link

insecure because this not the recommended way to skip certificates for production environment. this is good for development and testing environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment