Http Client Trust All

exception.txt

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1979)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1086)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
	at Main.main(Main.java:23)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)

Process finished with exit code 1

FakeHostnameVerifier.java

import javax.net.ssl.HostnameVerifier;

/**
 * This class implements a fake hostname verificator, trusting any host
 * name.
 *
 * @author    Francis Labrie
 */
public class FakeHostnameVerifier implements HostnameVerifier {

  /**
   * Always return true, indicating that the host name is
   * an acceptable match with the server's authentication scheme.
   *
   * @param hostname        the host name.
   * @param session         the SSL session used on the connection to
   * host.
   * @return                the true boolean value
   * indicating the host name is trusted.
   */
  public boolean verify(String hostname,
                        javax.net.ssl.SSLSession session) {
    return(true);
  } // verify
} // FakeHostnameVerifier

FakeX509TrustManager.java

import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

/**
 * This class allow any X509 certificates to be used to authenticate the
 * remote side of a secure socket, including self-signed certificates.
 *
 * @author    Francis Labrie
 */
public class FakeX509TrustManager implements X509TrustManager {

  /**
   * Empty array of certificate authority certificates.
   */
  private static final X509Certificate[] _AcceptedIssuers =
    new X509Certificate[] {};


  /**
   * Always trust for client SSL chain peer certificate
   * chain with any authType authentication types.
   *
   * @param chain           the peer certificate chain.
   * @param authType        the authentication type based on the client
   * certificate.
   */
  public void checkClientTrusted(X509Certificate[] chain,
                                 String authType) {
  } // checkClientTrusted

  /**
   * Always trust for server SSL chain peer certificate
   * chain with any authType exchange algorithm types.
   *
   * @param chain           the peer certificate chain.
   * @param authType        the key exchange algorithm used.
   */
  public void checkServerTrusted(X509Certificate[] chain,
                                 String authType) {
  } // checkServerTrusted

  /**
   * Return an empty array of certificate authority certificates which
   * are trusted for authenticating peers.
   *
   * @return                a empty array of issuer certificates.
   */
  public X509Certificate[] getAcceptedIssuers() {
    return(_AcceptedIssuers);
  } // getAcceptedIssuers
} // FakeX509TrustManager

Main.java

import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;

public class Main {
  public static void main(String[] args) throws Exception {
    final String url = "https://www.trf5.jus.br/Jurisprudencia/";

    final HttpClientBuilder builder = HttpClients.custom()
      .setSSLHostnameVerifier(SSLUtilities.trustAllHostnames())
      .setSSLContext(SSLUtilities.trustAllHttpsCertificates());

    final CloseableHttpClient httpClient = builder.build();
    final CloseableHttpResponse response = httpClient.execute(new HttpGet(url));
    final HttpEntity entity = response.getEntity();
    System.out.println(EntityUtils.toString(entity));
  }
}

SSLUtilities.java

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;


// OBS: copied from https://en.wikibooks.org/wiki/WebObjects/Web_Services/How_to_Trust_Any_SSL_Certificate

/**
 * This class provide various static methods that relax X509 certificate and
 * hostname verification while using the SSL over the HTTP protocol.
 *
 * @author Francis Labrie
 */
public final class SSLUtilities {

  /**
   * Hostname verifier for the Sun's deprecated API.
   *
   * @deprecated see {@link #_hostnameVerifier}.
   */
  private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier;
  /**
   * Thrust managers for the Sun's deprecated API.
   *
   * @deprecated see {@link #_trustManagers}.
   */
  private static com.sun.net.ssl.TrustManager[] __trustManagers;
  /**
   * Hostname verifier.
   */
  private static HostnameVerifier _hostnameVerifier;
  /**
   * Thrust managers.
   */
  private static TrustManager[] _trustManagers;

  /**
   * Set the default Hostname Verifier to an instance of a fake class that
   * trust all hostnames.
   */
  public static HostnameVerifier trustAllHostnames() {
    // Create a trust manager that does not validate certificate chains
    if (_hostnameVerifier == null) {
      _hostnameVerifier = new FakeHostnameVerifier();
    }
    // Install the all-trusting host name verifier:
    HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);
    return _hostnameVerifier;
  }

  /**
   * Set the default X509 Trust Manager to an instance of a fake class that
   * trust all certificates, even the self-signed ones.
   */
  public static SSLContext trustAllHttpsCertificates() {
    SSLContext context;

    // Create a trust manager that does not validate certificate chains
    if (_trustManagers == null) {
      _trustManagers = new TrustManager[]{new FakeX509TrustManager()};
    } // if
    // Install the all-trusting trust manager:
    try {
      context = SSLContext.getInstance("SSL");
      context.init(null, _trustManagers, new SecureRandom());
    } catch (GeneralSecurityException gse) {
      throw new IllegalStateException(gse.getMessage());
    }

    HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
    return context;
  }

}