mirror of
https://gitlab.com/oeffi/public-transport-enabler.git
synced 2025-07-10 21:28:52 +00:00
HttpClient: Allow trusting all certificates.
This commit is contained in:
parent
d9fe9374df
commit
12a67df357
1 changed files with 42 additions and 1 deletions
|
@ -22,6 +22,8 @@ import static com.google.common.base.Preconditions.checkNotNull;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.nio.charset.Charset;
|
import java.nio.charset.Charset;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -32,7 +34,11 @@ import java.util.regex.Pattern;
|
||||||
|
|
||||||
import javax.annotation.Nullable;
|
import javax.annotation.Nullable;
|
||||||
import javax.net.ssl.HostnameVerifier;
|
import javax.net.ssl.HostnameVerifier;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLSession;
|
import javax.net.ssl.SSLSession;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -69,6 +75,7 @@ public final class HttpClient {
|
||||||
private String sessionCookieName = null;
|
private String sessionCookieName = null;
|
||||||
@Nullable
|
@Nullable
|
||||||
private Cookie sessionCookie = null;
|
private Cookie sessionCookie = null;
|
||||||
|
private boolean trustAllCertificates = false;
|
||||||
@Nullable
|
@Nullable
|
||||||
private CertificatePinner certificatePinner = null;
|
private CertificatePinner certificatePinner = null;
|
||||||
private boolean sslAcceptAllHostnames = false;
|
private boolean sslAcceptAllHostnames = false;
|
||||||
|
@ -111,6 +118,10 @@ public final class HttpClient {
|
||||||
this.sessionCookieName = sessionCookieName;
|
this.sessionCookieName = sessionCookieName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setTrustAllCertificates(final boolean trustAllCertificates) {
|
||||||
|
this.trustAllCertificates = trustAllCertificates;
|
||||||
|
}
|
||||||
|
|
||||||
public void setCertificatePin(final String host, final String... hashes) {
|
public void setCertificatePin(final String host, final String... hashes) {
|
||||||
this.certificatePinner = new CertificatePinner.Builder().add(host, hashes).build();
|
this.certificatePinner = new CertificatePinner.Builder().add(host, hashes).build();
|
||||||
}
|
}
|
||||||
|
@ -182,8 +193,10 @@ public final class HttpClient {
|
||||||
request.header("Cookie", sessionCookie.toString());
|
request.header("Cookie", sessionCookie.toString());
|
||||||
|
|
||||||
final OkHttpClient okHttpClient;
|
final OkHttpClient okHttpClient;
|
||||||
if (certificatePinner != null || sslAcceptAllHostnames) {
|
if (trustAllCertificates || certificatePinner != null || sslAcceptAllHostnames) {
|
||||||
final OkHttpClient.Builder builder = OKHTTP_CLIENT.newBuilder();
|
final OkHttpClient.Builder builder = OKHTTP_CLIENT.newBuilder();
|
||||||
|
if (trustAllCertificates)
|
||||||
|
trustAllCertificates(builder);
|
||||||
if (certificatePinner != null)
|
if (certificatePinner != null)
|
||||||
builder.certificatePinner(certificatePinner);
|
builder.certificatePinner(certificatePinner);
|
||||||
if (sslAcceptAllHostnames)
|
if (sslAcceptAllHostnames)
|
||||||
|
@ -296,6 +309,34 @@ public final class HttpClient {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void trustAllCertificates(final OkHttpClient.Builder okHttpClientBuilder) {
|
||||||
|
try {
|
||||||
|
final SSLContext sslContext = SSLContext.getInstance("SSL");
|
||||||
|
sslContext.init(null, new TrustManager[] { TRUST_ALL_CERTIFICATES }, null);
|
||||||
|
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
|
||||||
|
okHttpClientBuilder.sslSocketFactory(sslSocketFactory, TRUST_ALL_CERTIFICATES);
|
||||||
|
} catch (final Exception x) {
|
||||||
|
throw new RuntimeException(x);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final X509TrustManager TRUST_ALL_CERTIFICATES = new X509TrustManager() {
|
||||||
|
@Override
|
||||||
|
public void checkClientTrusted(final X509Certificate[] chain, final String authType)
|
||||||
|
throws CertificateException {
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void checkServerTrusted(final X509Certificate[] chain, final String authType)
|
||||||
|
throws CertificateException {
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public X509Certificate[] getAcceptedIssuers() {
|
||||||
|
return new X509Certificate[0];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
private static final HostnameVerifier SSL_ACCEPT_ALL_HOSTNAMES = new HostnameVerifier() {
|
private static final HostnameVerifier SSL_ACCEPT_ALL_HOSTNAMES = new HostnameVerifier() {
|
||||||
@Override
|
@Override
|
||||||
public boolean verify(final String hostname, final SSLSession session) {
|
public boolean verify(final String hostname, final SSLSession session) {
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue