From dfacb8e05d0822c7b2024c452554bd8e1d6221d8 Mon Sep 17 00:00:00 2001 From: Stephane Landelle Date: Thu, 10 Jul 2014 11:55:10 +0200 Subject: [PATCH] Introduce acceptAnyCertificate config, defaulting to false, backport df6ed70e86c8fc340ed75563e016c8baa94d7e72, close #352 --- .../http/client/AsyncHttpClientConfig.java | 135 ++++++---------- .../client/AsyncHttpClientConfigBean.java | 11 +- .../client/AsyncHttpClientConfigDefaults.java | 4 + .../ning/http/client/SSLEngineFactory.java | 32 ---- .../http/client/SimpleAsyncHttpClient.java | 10 +- .../grizzly/GrizzlyAsyncHttpProvider.java | 2 +- .../providers/jdk/JDKAsyncHttpProvider.java | 2 +- .../netty/NettyAsyncHttpProvider.java | 16 +- .../java/com/ning/http/util/MiscUtils.java | 4 + .../java/com/ning/http/util/SslUtils.java | 150 ++++-------------- .../client/async/HttpToHttpsRedirectTest.java | 18 ++- .../client/async/ProxyTunnellingTest.java | 35 ++-- .../GrizzlyFeedableBodyGeneratorTest.java | 2 + .../client/websocket/ProxyTunnellingTest.java | 2 +- 14 files changed, 146 insertions(+), 277 deletions(-) delete mode 100644 src/main/java/com/ning/http/client/SSLEngineFactory.java diff --git a/src/main/java/com/ning/http/client/AsyncHttpClientConfig.java b/src/main/java/com/ning/http/client/AsyncHttpClientConfig.java index 9555133567..84aa24e898 100644 --- a/src/main/java/com/ning/http/client/AsyncHttpClientConfig.java +++ b/src/main/java/com/ning/http/client/AsyncHttpClientConfig.java @@ -25,9 +25,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import java.security.GeneralSecurityException; import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -68,7 +66,6 @@ public class AsyncHttpClientConfig { protected ExecutorService applicationThreadPool; protected ProxyServerSelector proxyServerSelector; protected SSLContext sslContext; - protected SSLEngineFactory sslEngineFactory; protected AsyncHttpProviderConfig providerConfig; protected ConnectionsPool connectionsPool; protected Realm realm; @@ -86,6 +83,7 @@ public class AsyncHttpClientConfig { protected boolean useRelativeURIsWithSSLProxies; protected int maxConnectionLifeTimeInMs; protected TimeConverter timeConverter; + protected boolean acceptAnyCertificate; protected AsyncHttpClientConfig() { } @@ -106,7 +104,6 @@ private AsyncHttpClientConfig(int maxTotalConnections, ExecutorService applicationThreadPool, ProxyServerSelector proxyServerSelector, SSLContext sslContext, - SSLEngineFactory sslEngineFactory, AsyncHttpProviderConfig providerConfig, ConnectionsPool connectionsPool, Realm realm, List requestFilters, @@ -121,7 +118,8 @@ private AsyncHttpClientConfig(int maxTotalConnections, int ioThreadMultiplier, boolean strict302Handling, boolean useRelativeURIsWithSSLProxies, - TimeConverter timeConverter) { + TimeConverter timeConverter, // + boolean acceptAnyCertificate) { this.maxTotalConnections = maxTotalConnections; this.maxConnectionPerHost = maxConnectionPerHost; @@ -137,7 +135,6 @@ private AsyncHttpClientConfig(int maxTotalConnections, this.userAgent = userAgent; this.allowPoolingConnection = keepAlive; this.sslContext = sslContext; - this.sslEngineFactory = sslEngineFactory; this.providerConfig = providerConfig; this.connectionsPool = connectionsPool; this.realm = realm; @@ -161,6 +158,7 @@ private AsyncHttpClientConfig(int maxTotalConnections, this.proxyServerSelector = proxyServerSelector; this.disableUrlEncodingForBoundedRequests = disableUrlEncodingForBoundedRequests; this.timeConverter = timeConverter; + this.acceptAnyCertificate = acceptAnyCertificate; } /** @@ -310,28 +308,6 @@ public SSLContext getSSLContext() { return connectionsPool; } - /** - * Return an instance of {@link SSLEngineFactory} used for SSL connection. - * - * @return an instance of {@link SSLEngineFactory} used for SSL connection. - */ - public SSLEngineFactory getSSLEngineFactory() { - if (sslEngineFactory == null) { - return new SSLEngineFactory() { - public SSLEngine newSSLEngine() { - if (sslContext != null) { - SSLEngine sslEngine = sslContext.createSSLEngine(); - sslEngine.setUseClientMode(true); - return sslEngine; - } else { - return null; - } - } - }; - } - return sslEngineFactory; - } - /** * Return the {@link com.ning.http.client.AsyncHttpProviderConfig} * @@ -491,12 +467,19 @@ public int getMaxConnectionLifeTimeInMs() { } /** - * @return 1.8.2 + * since 1.8.2 */ public TimeConverter getTimeConverter() { return timeConverter; } + /** + * since 1.9.0 + */ + public boolean isAcceptAnyCertificate() { + return acceptAnyCertificate; + } + /** * Builder for an {@link AsyncHttpClient} */ @@ -525,11 +508,11 @@ public static class Builder { private boolean removeQueryParamOnRedirect = defaultRemoveQueryParamOnRedirect(); private boolean strict302Handling = defaultStrict302Handling(); private HostnameVerifier hostnameVerifier = defaultHostnameVerifier(); + private boolean acceptAnyCertificate = defaultAcceptAnyCertificate(); private ExecutorService applicationThreadPool; private ProxyServerSelector proxyServerSelector = null; private SSLContext sslContext; - private SSLEngineFactory sslEngineFactory; private AsyncHttpProviderConfig providerConfig; private ConnectionsPool connectionsPool; private Realm realm; @@ -713,17 +696,6 @@ public Builder setProxyServer(ProxyServer proxyServer) { return this; } - /** - * Set the {@link SSLEngineFactory} for secure connection. - * - * @param sslEngineFactory the {@link SSLEngineFactory} for secure connection - * @return a {@link Builder} - */ - public Builder setSSLEngineFactory(SSLEngineFactory sslEngineFactory) { - this.sslEngineFactory = sslEngineFactory; - return this; - } - /** * Set the {@link SSLContext} for secure connection. * @@ -731,13 +703,6 @@ public Builder setSSLEngineFactory(SSLEngineFactory sslEngineFactory) { * @return a {@link Builder} */ public Builder setSSLContext(final SSLContext sslContext) { - this.sslEngineFactory = new SSLEngineFactory() { - public SSLEngine newSSLEngine() throws GeneralSecurityException { - SSLEngine sslEngine = sslContext.createSSLEngine(); - sslEngine.setUseClientMode(true); - return sslEngine; - } - }; this.sslContext = sslContext; return this; } @@ -998,6 +963,11 @@ public Builder setTimeConverter(TimeConverter timeConverter) { return this; } + public Builder setAcceptAnyCertificate(boolean acceptAnyCertificate) { + this.acceptAnyCertificate = acceptAnyCertificate; + return this; + } + /** * Create a config builder with values taken from the given prototype configuration. * @@ -1018,7 +988,6 @@ public Builder(AsyncHttpClientConfig prototype) { realm = prototype.getRealm(); requestTimeoutInMs = prototype.getRequestTimeoutInMs(); sslContext = prototype.getSSLContext(); - sslEngineFactory = prototype.getSSLEngineFactory(); userAgent = prototype.getUserAgent(); followRedirect = prototype.isFollowRedirect(); compressionEnabled = prototype.isCompressionEnabled(); @@ -1041,6 +1010,7 @@ public Builder(AsyncHttpClientConfig prototype) { hostnameVerifier = prototype.getHostnameVerifier(); strict302Handling = prototype.isStrict302Handling(); timeConverter = prototype.timeConverter; + acceptAnyCertificate = prototype.acceptAnyCertificate; } /** @@ -1073,40 +1043,39 @@ public Thread newThread(Runnable r) { proxyServerSelector = ProxyServerSelector.NO_PROXY_SELECTOR; } - return new AsyncHttpClientConfig(maxTotalConnections, - maxConnectionPerHost, - connectionTimeOutInMs, - webSocketIdleTimeoutInMs, - idleConnectionInPoolTimeoutInMs, - idleConnectionTimeoutInMs, - requestTimeoutInMs, - maxConnectionLifeTimeInMs, - followRedirect, - maxDefaultRedirects, - compressionEnabled, - userAgent, - allowPoolingConnection, - applicationThreadPool, - proxyServerSelector, - sslContext, - sslEngineFactory, - providerConfig, - connectionsPool, - realm, - requestFilters, - responseFilters, - ioExceptionFilters, - requestCompressionLevel, - maxRequestRetry, - allowSslConnectionPool, - disableUrlEncodingForBoundedRequests, - removeQueryParamOnRedirect, - hostnameVerifier, - ioThreadMultiplier, - strict302Handling, - useRelativeURIsWithSSLProxies, - timeConverter); + return new AsyncHttpClientConfig(maxTotalConnections, // + maxConnectionPerHost, // + connectionTimeOutInMs, // + webSocketIdleTimeoutInMs, // + idleConnectionInPoolTimeoutInMs, // + idleConnectionTimeoutInMs, // + requestTimeoutInMs, // + maxConnectionLifeTimeInMs, // + followRedirect, // + maxDefaultRedirects, // + compressionEnabled, // + userAgent, // + allowPoolingConnection, // + applicationThreadPool, // + proxyServerSelector, // + sslContext, // + providerConfig, // + connectionsPool, // + realm, // + requestFilters, // + responseFilters, // + ioExceptionFilters, // + requestCompressionLevel, // + maxRequestRetry, // + allowSslConnectionPool, // + disableUrlEncodingForBoundedRequests, // + removeQueryParamOnRedirect, // + hostnameVerifier, // + ioThreadMultiplier, // + strict302Handling, // + useRelativeURIsWithSSLProxies, // + timeConverter, // + acceptAnyCertificate); } } } - diff --git a/src/main/java/com/ning/http/client/AsyncHttpClientConfigBean.java b/src/main/java/com/ning/http/client/AsyncHttpClientConfigBean.java index 1a2618decb..170fbf31a1 100644 --- a/src/main/java/com/ning/http/client/AsyncHttpClientConfigBean.java +++ b/src/main/java/com/ning/http/client/AsyncHttpClientConfigBean.java @@ -67,6 +67,7 @@ void configureDefaults() { removeQueryParamOnRedirect = defaultRemoveQueryParamOnRedirect(); strict302Handling = defaultStrict302Handling(); hostnameVerifier = defaultHostnameVerifier(); + acceptAnyCertificate = defaultAcceptAnyCertificate(); if (defaultUseProxySelector()) { proxyServerSelector = ProxyUtils.getJdkDefaultProxyServerSelector(); @@ -173,11 +174,6 @@ public AsyncHttpClientConfigBean setSslContext(SSLContext sslContext) { return this; } - public AsyncHttpClientConfigBean setSslEngineFactory(SSLEngineFactory sslEngineFactory) { - this.sslEngineFactory = sslEngineFactory; - return this; - } - public AsyncHttpClientConfigBean setProviderConfig(AsyncHttpProviderConfig providerConfig) { this.providerConfig = providerConfig; return this; @@ -242,4 +238,9 @@ public AsyncHttpClientConfigBean setIoThreadMultiplier(int ioThreadMultiplier) { this.ioThreadMultiplier = ioThreadMultiplier; return this; } + + public AsyncHttpClientConfigBean setAcceptAnyCertificate(boolean acceptAnyCertificate) { + this.acceptAnyCertificate = acceptAnyCertificate; + return this; + } } diff --git a/src/main/java/com/ning/http/client/AsyncHttpClientConfigDefaults.java b/src/main/java/com/ning/http/client/AsyncHttpClientConfigDefaults.java index d13b47ac45..0168768699 100644 --- a/src/main/java/com/ning/http/client/AsyncHttpClientConfigDefaults.java +++ b/src/main/java/com/ning/http/client/AsyncHttpClientConfigDefaults.java @@ -121,4 +121,8 @@ public static boolean defaultRemoveQueryParamOnRedirect() { public static HostnameVerifier defaultHostnameVerifier() { return new DefaultHostnameVerifier(); } + + public static boolean defaultAcceptAnyCertificate() { + return getBoolean(ASYNC_CLIENT + "acceptAnyCertificate", false); + } } diff --git a/src/main/java/com/ning/http/client/SSLEngineFactory.java b/src/main/java/com/ning/http/client/SSLEngineFactory.java deleted file mode 100644 index 1e5fc5873f..0000000000 --- a/src/main/java/com/ning/http/client/SSLEngineFactory.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2010 Ning, Inc. - * - * Ning licenses this file to you under the Apache License, version 2.0 - * (the "License"); you may not use this file except in compliance with the - * License. You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - */ -package com.ning.http.client; - -import javax.net.ssl.SSLEngine; -import java.security.GeneralSecurityException; - -/** - * Factory that creates an {@link SSLEngine} to be used for a single SSL connection. - */ -public interface SSLEngineFactory { - /** - * Creates new {@link SSLEngine}. - * - * @return new engine - * @throws GeneralSecurityException if the SSLEngine cannot be created - */ - SSLEngine newSSLEngine() throws GeneralSecurityException; -} diff --git a/src/main/java/com/ning/http/client/SimpleAsyncHttpClient.java b/src/main/java/com/ning/http/client/SimpleAsyncHttpClient.java index 85fa2e2963..9f9e87d5ea 100644 --- a/src/main/java/com/ning/http/client/SimpleAsyncHttpClient.java +++ b/src/main/java/com/ning/http/client/SimpleAsyncHttpClient.java @@ -539,11 +539,6 @@ public Builder setExecutorService(ExecutorService applicationThreadPool) { return this; } - public Builder setSSLEngineFactory(SSLEngineFactory sslEngineFactory) { - configBuilder.setSSLEngineFactory(sslEngineFactory); - return this; - } - public Builder setSSLContext(final SSLContext sslContext) { configBuilder.setSSLContext(sslContext); return this; @@ -669,6 +664,11 @@ public Builder setProviderClass(String providerClass) { return this; } + public Builder setAcceptAnyCertificate(boolean acceptAnyCertificate) { + configBuilder.setAcceptAnyCertificate(acceptAnyCertificate); + return this; + } + public SimpleAsyncHttpClient build() { if (realmBuilder != null) { diff --git a/src/main/java/com/ning/http/client/providers/grizzly/GrizzlyAsyncHttpProvider.java b/src/main/java/com/ning/http/client/providers/grizzly/GrizzlyAsyncHttpProvider.java index c42c150cce..a419c64a60 100644 --- a/src/main/java/com/ning/http/client/providers/grizzly/GrizzlyAsyncHttpProvider.java +++ b/src/main/java/com/ning/http/client/providers/grizzly/GrizzlyAsyncHttpProvider.java @@ -383,7 +383,7 @@ public void onTimeout(Connection connection) { boolean defaultSecState = (context != null); if (context == null) { try { - context = SslUtils.getSSLContext(); + context = SslUtils.getInstance().getSSLContext(clientConfig.isAcceptAnyCertificate()); } catch (Exception e) { throw new IllegalStateException(e); } diff --git a/src/main/java/com/ning/http/client/providers/jdk/JDKAsyncHttpProvider.java b/src/main/java/com/ning/http/client/providers/jdk/JDKAsyncHttpProvider.java index f853160cac..233d70b592 100644 --- a/src/main/java/com/ning/http/client/providers/jdk/JDKAsyncHttpProvider.java +++ b/src/main/java/com/ning/http/client/providers/jdk/JDKAsyncHttpProvider.java @@ -186,7 +186,7 @@ private HttpURLConnection createUrlConnection(Request request) throws IOExceptio SSLContext sslContext = config.getSSLContext(); if (sslContext == null) { try { - sslContext = SslUtils.getSSLContext(); + sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate()); } catch (NoSuchAlgorithmException e) { throw new IOException(e.getMessage()); } catch (GeneralSecurityException e) { diff --git a/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java b/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java index 1dbb82abf8..7c9dcc8ce7 100644 --- a/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java +++ b/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java @@ -373,7 +373,7 @@ public ChannelPipeline getPipeline() throws Exception { ChannelPipeline pipeline = pipeline(); try { - SSLEngine sslEngine = createSSLEngine(); + SSLEngine sslEngine = SslUtils.getInstance().createClientSSLEngine(config); SslHandler sslHandler = handshakeTimeoutInMillis > 0 ? new SslHandler(sslEngine, getDefaultBufferPool(), false, ImmediateExecutor.INSTANCE, nettyTimer, handshakeTimeoutInMillis) : new SslHandler(sslEngine); pipeline.addLast(SSL_HANDLER, sslHandler); @@ -399,7 +399,7 @@ public ChannelPipeline getPipeline() throws Exception { ChannelPipeline pipeline = pipeline(); try { - pipeline.addLast(SSL_HANDLER, new SslHandler(createSSLEngine())); + pipeline.addLast(SSL_HANDLER, new SslHandler(SslUtils.getInstance().createClientSSLEngine(config))); } catch (Throwable ex) { abort(cl.future(), ex); } @@ -437,14 +437,6 @@ private Channel lookupInCache(UriComponents uri, ProxyServer proxy, ConnectionPo return null; } - private SSLEngine createSSLEngine() throws IOException, GeneralSecurityException { - SSLEngine sslEngine = config.getSSLEngineFactory().newSSLEngine(); - if (sslEngine == null) { - sslEngine = SslUtils.getSSLEngine(); - } - return sslEngine; - } - private HttpClientCodec createHttpClientCodec() { return new HttpClientCodec(httpClientCodecMaxInitialLineLength, httpClientCodecMaxHeaderSize, httpClientCodecMaxChunkSize); } @@ -460,7 +452,7 @@ private Channel verifyChannelPipeline(Channel channel, String scheme) throws IOE } else if (channel.getPipeline().get(HTTP_HANDLER) != null && HTTP.equalsIgnoreCase(scheme)) { return channel; } else if (channel.getPipeline().get(SSL_HANDLER) == null && isSecure(scheme)) { - channel.getPipeline().addFirst(SSL_HANDLER, new SslHandler(createSSLEngine())); + channel.getPipeline().addFirst(SSL_HANDLER, new SslHandler(SslUtils.getInstance().createClientSSLEngine(config))); } return channel; } @@ -1383,7 +1375,7 @@ private void upgradeProtocol(ChannelPipeline p, String scheme) throws IOExceptio if (isSecure(scheme)) { if (p.get(SSL_HANDLER) == null) { p.addFirst(HTTP_HANDLER, createHttpClientCodec()); - p.addFirst(SSL_HANDLER, new SslHandler(createSSLEngine())); + p.addFirst(SSL_HANDLER, new SslHandler(SslUtils.getInstance().createClientSSLEngine(config))); } else { p.addAfter(SSL_HANDLER, HTTP_HANDLER, createHttpClientCodec()); } diff --git a/src/main/java/com/ning/http/util/MiscUtils.java b/src/main/java/com/ning/http/util/MiscUtils.java index dab4d5df95..0db03068e3 100644 --- a/src/main/java/com/ning/http/util/MiscUtils.java +++ b/src/main/java/com/ning/http/util/MiscUtils.java @@ -44,4 +44,8 @@ public static boolean getBoolean(String systemPropName, boolean defaultValue) { String systemPropValue = System.getProperty(systemPropName); return systemPropValue != null ? systemPropValue.equalsIgnoreCase("true") : defaultValue; } + + public static T withDefault(T value, T defaults) { + return value != null? value : value; + } } diff --git a/src/main/java/com/ning/http/util/SslUtils.java b/src/main/java/com/ning/http/util/SslUtils.java index 9fc62cf926..1c47b35d79 100644 --- a/src/main/java/com/ning/http/util/SslUtils.java +++ b/src/main/java/com/ning/http/util/SslUtils.java @@ -15,101 +15,43 @@ */ package com.ning.http.util; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; +import com.ning.http.client.AsyncHttpClientConfig; + import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; -import java.io.FileInputStream; + import java.io.IOException; -import java.io.InputStream; import java.security.GeneralSecurityException; -import java.security.KeyStore; import java.security.SecureRandom; -import java.security.Security; -/** - * This class is a copy of http://github.com/sonatype/wagon-ning/raw/master/src/main/java/org/apache/maven/wagon/providers/http/SslUtils.java - */ public class SslUtils { - private static SSLContext context = null; - - public static SSLEngine getSSLEngine() - throws GeneralSecurityException, IOException { - SSLEngine engine = null; - - SSLContext context = getSSLContext(); - if (context != null) { - engine = context.createSSLEngine(); - engine.setUseClientMode(true); - } - - return engine; + private static class SingletonHolder { + public static final SslUtils instance = new SslUtils(); } - public static SSLContext getSSLContext() - throws GeneralSecurityException, IOException { - if (context == null) { - SSLConfig config = new SSLConfig(); - if (config.keyStoreLocation == null - || config.trustStoreLocation == null) { - context = getLooseSSLContext(); - } else { - context = getStrictSSLContext(config); - } - } - return context; + public static SslUtils getInstance() { + return SingletonHolder.instance; } - static SSLContext getStrictSSLContext(SSLConfig config) - throws GeneralSecurityException, IOException { - KeyStore keyStore = KeyStore.getInstance(config.keyStoreType); - InputStream keystoreInputStream = new FileInputStream(config.keyStoreLocation); - try { - keyStore.load(keystoreInputStream, (config.keyStorePassword == null) ? null - : config.keyStorePassword.toCharArray()); - } finally { - keystoreInputStream.close(); + public SSLEngine createClientSSLEngine(AsyncHttpClientConfig config) throws GeneralSecurityException, IOException { + SSLContext sslContext = config.getSSLContext(); + if (sslContext == null) { + sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate()); } - - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(config.keyManagerAlgorithm); - keyManagerFactory.init(keyStore, (config.keyManagerPassword == null) ? null - : config.keyManagerPassword.toCharArray()); - KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); - - KeyStore trustStore = KeyStore.getInstance(config.trustStoreType); - InputStream truststoreInputStream = new FileInputStream(config.trustStoreLocation); - try { - trustStore.load(truststoreInputStream, (config.trustStorePassword == null) ? null - : config.trustStorePassword.toCharArray()); - } finally { - truststoreInputStream.close(); - } - - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(config.trustManagerAlgorithm); - trustManagerFactory.init(trustStore); - TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); - - SSLContext context = SSLContext.getInstance("TLS"); - context.init(keyManagers, trustManagers, null); - - return context; + SSLEngine sslEngine = sslContext.createSSLEngine(); + sslEngine.setUseClientMode(true); + return sslEngine; } - - static SSLContext getLooseSSLContext() - throws GeneralSecurityException { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new TrustManager[]{LooseTrustManager.INSTANCE}, new SecureRandom()); - return sslContext; + + public SSLContext getSSLContext(boolean acceptAnyCertificate) throws GeneralSecurityException, IOException { + // SSLContext.getDefault() doesn't exist in JDK5 + return acceptAnyCertificate ? looseTrustManagerSSLContext : SSLContext.getInstance("Default"); } - static class LooseTrustManager - implements X509TrustManager { - - public static final LooseTrustManager INSTANCE = new LooseTrustManager(); + static class LooseTrustManager implements X509TrustManager { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; @@ -122,53 +64,15 @@ public void checkServerTrusted(java.security.cert.X509Certificate[] certs, Strin } } - private final static class SSLConfig { - - public String keyStoreLocation; - - public String keyStoreType = "JKS"; - - public String keyStorePassword = "changeit"; - - public String keyManagerAlgorithm = "SunX509"; - - public String keyManagerPassword = "changeit"; - - public String trustStoreLocation; - - public String trustStoreType = "JKS"; + private SSLContext looseTrustManagerSSLContext = looseTrustManagerSSLContext(); - public String trustStorePassword = "changeit"; - - public String trustManagerAlgorithm = "SunX509"; - - public SSLConfig() { - keyStoreLocation = System.getProperty("javax.net.ssl.keyStore"); - keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword", "changeit"); - keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); - keyManagerAlgorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); - - if (keyManagerAlgorithm == null) { - keyManagerAlgorithm = "SunX509"; - } - - keyManagerPassword = System.getProperty("javax.net.ssl.keyStorePassword", "changeit"); - - trustStoreLocation = System.getProperty("javax.net.ssl.trustStore"); - if (trustStoreLocation == null) { - trustStoreLocation = keyStoreLocation; - trustStorePassword = keyStorePassword; - trustStoreType = keyStoreType; - } else { - trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword", "changeit"); - trustStoreType = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); - } - trustManagerAlgorithm = Security.getProperty("ssl.TrustManagerFactory.algorithm"); - - if (trustManagerAlgorithm == null) { - trustManagerAlgorithm = "SunX509"; - } + private SSLContext looseTrustManagerSSLContext() { + try { + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, new TrustManager[] { new LooseTrustManager() }, new SecureRandom()); + return sslContext; + } catch (Exception e) { + throw new ExceptionInInitializerError(e); } } - } diff --git a/src/test/java/com/ning/http/client/async/HttpToHttpsRedirectTest.java b/src/test/java/com/ning/http/client/async/HttpToHttpsRedirectTest.java index 8305e4fd15..a757e41eff 100644 --- a/src/test/java/com/ning/http/client/async/HttpToHttpsRedirectTest.java +++ b/src/test/java/com/ning/http/client/async/HttpToHttpsRedirectTest.java @@ -120,7 +120,11 @@ public void setUpGlobal() throws Exception { public void httpToHttpsRedirect() throws Throwable { isSet.getAndSet(false); - AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder().setMaximumNumberOfRedirects(5).setFollowRedirect(true).build(); + AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder()// + .setMaximumNumberOfRedirects(5)// + .setFollowRedirect(true)// + .setAcceptAnyCertificate(true)// + .build(); AsyncHttpClient c = getAsyncHttpClient(cg); Response response = c.prepareGet(getTargetUrl()).setHeader("X-redirect", getTargetUrl2()).execute().get(); @@ -138,7 +142,11 @@ public String getTargetUrl2() { public void httpToHttpsProperConfig() throws Throwable { isSet.getAndSet(false); - AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder().setMaximumNumberOfRedirects(5).setFollowRedirect(true).build(); + AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder()// + .setMaximumNumberOfRedirects(5)// + .setFollowRedirect(true)// + .setAcceptAnyCertificate(true)// + .build(); AsyncHttpClient c = getAsyncHttpClient(cg); try { Response response = c.prepareGet(getTargetUrl()).setHeader("X-redirect", getTargetUrl2() + "/test2").execute().get(); @@ -160,7 +168,11 @@ public void httpToHttpsProperConfig() throws Throwable { public void relativeLocationUrl() throws Throwable { isSet.getAndSet(false); - AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder().setMaximumNumberOfRedirects(5).setFollowRedirect(true).build(); + AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder()// + .setMaximumNumberOfRedirects(5)// + .setFollowRedirect(true)// + .setAcceptAnyCertificate(true)// + .build(); AsyncHttpClient c = getAsyncHttpClient(cg); try { Response response = c.prepareGet(getTargetUrl()).setHeader("X-redirect", "/foo/test").execute().get(); diff --git a/src/test/java/com/ning/http/client/async/ProxyTunnellingTest.java b/src/test/java/com/ning/http/client/async/ProxyTunnellingTest.java index 588532b4a3..56b775c51b 100644 --- a/src/test/java/com/ning/http/client/async/ProxyTunnellingTest.java +++ b/src/test/java/com/ning/http/client/async/ProxyTunnellingTest.java @@ -90,12 +90,14 @@ public void setUpGlobal() throws Exception { @Test(groups = { "online", "default_provider" }) public void testRequestProxy() throws IOException, InterruptedException, ExecutionException, TimeoutException { - AsyncHttpClientConfig.Builder b = new AsyncHttpClientConfig.Builder(); - b.setFollowRedirect(true); ProxyServer ps = new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1); - AsyncHttpClientConfig config = b.build(); + AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()// + .setFollowRedirect(true)// + .setAcceptAnyCertificate(true)// + .build(); + AsyncHttpClient asyncHttpClient = getAsyncHttpClient(config); try { RequestBuilder rb = new RequestBuilder("GET").setProxyServer(ps).setUrl(getTargetUrl2()); @@ -122,13 +124,12 @@ public Response onCompleted(Response response) throws Exception { @Test(groups = { "online", "default_provider" }) public void testConfigProxy() throws IOException, InterruptedException, ExecutionException, TimeoutException { - AsyncHttpClientConfig.Builder b = new AsyncHttpClientConfig.Builder(); - b.setFollowRedirect(true); - - ProxyServer ps = new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1); - b.setProxyServer(ps); + AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()// + .setProxyServer(new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1))// + .setAcceptAnyCertificate(true)// + .setFollowRedirect(true)// + .build(); - AsyncHttpClientConfig config = b.build(); AsyncHttpClient asyncHttpClient = getAsyncHttpClient(config); try { RequestBuilder rb = new RequestBuilder("GET").setUrl(getTargetUrl2()); @@ -155,7 +156,14 @@ public Response onCompleted(Response response) throws Exception { @Test(groups = { "online", "default_provider" }) public void testSimpleAHCConfigProxy() throws IOException, InterruptedException, ExecutionException, TimeoutException { - SimpleAsyncHttpClient client = new SimpleAsyncHttpClient.Builder().setProxyProtocol(ProxyServer.Protocol.HTTPS).setProxyHost("127.0.0.1").setProxyPort(port1).setFollowRedirects(true).setUrl(getTargetUrl2()).setHeader("Content-Type", "text/html").build(); + SimpleAsyncHttpClient client = new SimpleAsyncHttpClient.Builder()// + .setProxyProtocol(ProxyServer.Protocol.HTTPS)// + .setProxyHost("127.0.0.1")// + .setProxyPort(port1)// + .setFollowRedirects(true)// + .setUrl(getTargetUrl2())// + .setAcceptAnyCertificate(true)// + .setHeader("Content-Type", "text/html").build(); try { Response r = client.get().get(); @@ -168,7 +176,12 @@ public void testSimpleAHCConfigProxy() throws IOException, InterruptedException, @Test(groups = { "standalone", "default_provider" }) public void testNonProxyHostsSsl() throws IOException, ExecutionException, TimeoutException, InterruptedException { - AsyncHttpClient client = getAsyncHttpClient(null); + + AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()// + .setAcceptAnyCertificate(true)// + .build(); + + AsyncHttpClient client = getAsyncHttpClient(config); try { Response resp = client.prepareGet(getTargetUrl2()).setProxyServer(new ProxyServer("127.0.0.1", port1 - 1).addNonProxyHost("127.0.0.1")).execute().get(3, TimeUnit.SECONDS); diff --git a/src/test/java/com/ning/http/client/async/grizzly/GrizzlyFeedableBodyGeneratorTest.java b/src/test/java/com/ning/http/client/async/grizzly/GrizzlyFeedableBodyGeneratorTest.java index e023f35908..0b89f7709a 100644 --- a/src/test/java/com/ning/http/client/async/grizzly/GrizzlyFeedableBodyGeneratorTest.java +++ b/src/test/java/com/ning/http/client/async/grizzly/GrizzlyFeedableBodyGeneratorTest.java @@ -139,6 +139,7 @@ private void doSimpleFeeder(final boolean secure) { AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder() .setMaximumConnectionsPerHost(60) .setMaximumConnectionsTotal(60) + .setAcceptAnyCertificate(true) .build(); final AsyncHttpClient client = new AsyncHttpClient(new GrizzlyAsyncHttpProvider(config), config); @@ -243,6 +244,7 @@ private void doNonBlockingFeeder(final boolean secure) { AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder() .setMaximumConnectionsPerHost(60) .setMaximumConnectionsTotal(60) + .setAcceptAnyCertificate(true) .build(); final AsyncHttpClient client = new AsyncHttpClient(new GrizzlyAsyncHttpProvider(config), config); diff --git a/src/test/java/com/ning/http/client/websocket/ProxyTunnellingTest.java b/src/test/java/com/ning/http/client/websocket/ProxyTunnellingTest.java index 932fcaf20c..324a5321d4 100644 --- a/src/test/java/com/ning/http/client/websocket/ProxyTunnellingTest.java +++ b/src/test/java/com/ning/http/client/websocket/ProxyTunnellingTest.java @@ -102,7 +102,7 @@ protected String getTargetUrl() { public void echoText() throws Exception { ProxyServer ps = new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1); - AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder().setProxyServer(ps).build(); + AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder().setProxyServer(ps).setAcceptAnyCertificate(true).build(); AsyncHttpClient asyncHttpClient = getAsyncHttpClient(config); try { final CountDownLatch latch = new CountDownLatch(1);