Created
February 6, 2012 13:15
-
-
Save jabbrwcky/1751986 to your computer and use it in GitHub Desktop.
A sample how to configure Apache HTTPClient (4.+) to accept SSL connections *without* certificate and hostname validation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package net.hausherr.sample; | |
import org.apache.http.client.CookieStore; | |
import org.apache.http.conn.routing.HttpRoute; | |
import org.apache.http.conn.routing.HttpRoutePlanner; | |
import org.apache.http.conn.scheme.PlainSocketFactory; | |
import org.apache.http.conn.scheme.Scheme; | |
import org.apache.http.conn.scheme.SchemeRegistry; | |
import org.apache.http.conn.ssl.SSLSocketFactory; | |
import org.apache.http.conn.ssl.TrustStrategy; | |
import org.apache.http.cookie.Cookie; | |
import org.apache.http.entity.StringEntity; | |
import org.apache.http.impl.client.BasicCookieStore; | |
import org.apache.http.impl.client.DefaultHttpClient; | |
import org.apache.http.protocol.HttpContext; | |
import java.security.cert.CertificateException; | |
import java.security.cert.X509Certificate; | |
import org.apache.log4j.Logger; | |
/** | |
* <p>Sample factory for building a HttpClient that configures a HttpClient | |
* instance to store cookies and to accept SSLcertificates without HostName validation.</p> | |
* <p>You obviously should not use this class in production, but it may come handy when | |
* developing with internal Servers using self-signed certificates.</p> | |
*/ | |
public class InsecureHttpClientFactory { | |
protected Logger log = Logger.getLogger(this.getClass()); | |
public DefaultHttpClient build HttpClient() { | |
hc = new DefaultHttpClient(); | |
configureProxy(); | |
configureCookieStore(); | |
configureSSLHandling(); | |
return hc; | |
} | |
private void configureProxy() { | |
HttpHost proxy = new HttpHost("proxy.example.org", 3182); | |
hc.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); | |
} | |
private void configureCookieStore() { | |
CookieStore cStore = new BasicCookieStore(); | |
hc.setCookieStore(cStore); | |
} | |
private void configureSSLHandling() { | |
Scheme http = new Scheme("http", 80, PlainSocketFactory.getSocketFactory()); | |
SSLSocketFactory sf = buildSSLSocketFactory(); | |
Scheme https = new Scheme("https", 443, sf); | |
SchemeRegistry sr = hc.getConnectionManager().getSchemeRegistry(); | |
sr.register(http); | |
sr.register(https); | |
} | |
private SSLSocketFactory buildSSLSocketFactory() { | |
TrustStrategy ts = new TrustStrategy() { | |
@Override | |
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { | |
return true; // heck yea! | |
} | |
}; | |
SSLSocketFactory sf = null; | |
try { | |
/* build socket factory with hostname verification turned off. */ | |
sf = new SSLSocketFactory(ts, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); | |
} catch (NoSuchAlgorithmException e) { | |
log.error("Failed to initialize SSL handling.", e); | |
} catch (KeyManagementException e) { | |
log.error("Failed to initialize SSL handling.", e); | |
} catch (KeyStoreException e) { | |
log.error("Failed to initialize SSL handling.", e); | |
} catch (UnrecoverableKeyException e) { | |
log.error("Failed to initialize SSL handling.", e); | |
} | |
return sf; | |
} | |
} |
Looks good - however most of these classes have been deprecated in 4.3.x - so the example is a bit out of date.
Cheers,
Eugen.
+1 @eugenp. @jabbrwcky do you work on a 4.3.x example ?
why the file is named InsecureHttpClient.java
while you are defining InsecureHttpClientFactory
?
insecure because this not the recommended way to skip certificates for production environment. this is good for development and testing environments.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I added a simple proxy configuration sample.
By the way, the documentation and tutorial at the HttpClient website is an extremly valuable resource. I usually find a solution to a particular problem by looking there. This gist is mostly a combination of multiple snippets found there.