org.apache.http.conn.ssl.SSLContextBuilder Java Examples
The following examples show how to use
org.apache.http.conn.ssl.SSLContextBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PostHTTP.java From localization_nifi with Apache License 2.0 | 7 votes |
|
private SSLContext createSSLContext(final SSLContextService service)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder builder = SSLContexts.custom();
final String trustFilename = service.getTrustStoreFile();
if (trustFilename != null) {
final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType());
try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
truststore.load(in, service.getTrustStorePassword().toCharArray());
}
builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
}
final String keyFilename = service.getKeyStoreFile();
if (keyFilename != null) {
final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType());
try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
keystore.load(in, service.getKeyStorePassword().toCharArray());
}
builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
}
builder = builder.useProtocol(service.getSslAlgorithm());
final SSLContext sslContext = builder.build();
return sslContext;
}
Example #2
| Source File: CustomHttpClient.java From zerocode-hello-world with MIT License | 6 votes |
|
/**
* This method has been overridden here simply to show how a custom/project-specific http client
* can be plugged into the framework.
*
* e.g. You can create your own project specific http client needed for http/https/tls connections or
* a Corporate proxy based Http client here.
* Sometimes you may need a simple default http client
* e.g. HttpClients.createDefault() provided by Apache lib.
*
* Note:
* If you do not override this method, the framework anyways creates a http client suitable for both http/https.
*/
@Override
public CloseableHttpClient createHttpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
LOGGER.info("###Used SSL Enabled Http Client for http/https/TLS connections");
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(null, (certificate, authType) -> true).build();
CookieStore cookieStore = new BasicCookieStore();
return HttpClients.custom()
.setSSLContext(sslContext)
.setSSLHostnameVerifier(new NoopHostnameVerifier())
.setDefaultCookieStore(cookieStore)
.build();
}
Example #3
| Source File: DWServerConnection.java From intellij-demandware with MIT License | 6 votes |
|
public DWServerConnection(DWSettingsProvider settingsProvider) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
this.settingsProvider = settingsProvider;
// SSLContextFactory to allow all hosts. Without this an SSLException is thrown with self signed certs
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, (arg0, arg1) -> true).build();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
connectionManager.setMaxTotal(200);
connectionManager.setDefaultMaxPerRoute(20);
client = HttpClients.custom()
.setConnectionManager(connectionManager)
.build();
context = new HttpClientContext();
context.setCredentialsProvider(getCredientials());
}
Example #4
| Source File: BuildWorker.java From anchore-container-scanner-plugin with Apache License 2.0 | 6 votes |
|
private static CloseableHttpClient makeHttpClient(boolean verify) {
CloseableHttpClient httpclient = null;
if (verify) {
httpclient = HttpClients.createDefault();
} else {
//SSLContextBuilder builder;
//SSLConnectionSocketFactory sslsf=null;
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(),
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (Exception e) {
System.out.println(e);
}
}
return (httpclient);
}
Example #5
| Source File: AbstractRestTemplateClient.java From documentum-rest-client-java with Apache License 2.0 | 6 votes |
|
public AbstractRestTemplateClient ignoreAuthenticateServer() {
//backward compatible with android httpclient 4.3.x
if(restTemplate.getRequestFactory() instanceof HttpComponentsClientHttpRequestFactory) {
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
X509HostnameVerifier verifier = ignoreSslWarning ? new AllowAllHostnameVerifier() : new BrowserCompatHostnameVerifier();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, verifier);
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
((HttpComponentsClientHttpRequestFactory)restTemplate.getRequestFactory()).setHttpClient(httpClient);
} catch (Exception e) {
e.printStackTrace();
}
} else {
Debug.error("the request factory " + restTemplate.getRequestFactory().getClass().getName() + " does not support ignoreAuthenticateServer");
}
return this;
}
Example #6
| Source File: SSLConnectionSocketFactoryBuilder.java From cs-actions with Apache License 2.0 | 5 votes |
|
protected void createTrustKeystore(SSLContextBuilder sslContextBuilder, boolean useTrustCert) {
if (useTrustCert) {
KeyStore trustKeyStore;
try {
//todo should we do this 'create' in each and every step?
trustKeyStore = createKeyStore(new URL(trustKeystore), trustPassword);
sslContextBuilder.loadTrustMaterial(trustKeyStore);
} catch (IOException ioe) {
throw new IllegalArgumentException(ioe.getMessage() + ". " + BAD_TRUST_KEYSTORE_ERROR, ioe);
} catch (GeneralSecurityException gse) {
throw new IllegalArgumentException(gse.getMessage() + ". " + INVALID_TRUST_KEYSTORE_ERROR, gse);
}
}
}
Example #7
| Source File: SSLConnectionSocketFactoryBuilder.java From cs-actions with Apache License 2.0 | 5 votes |
|
protected void createKeystore(SSLContextBuilder sslContextBuilder, boolean useClientCert) {
if (useClientCert) {
KeyStore clientKeyStore;
try {
clientKeyStore = createKeyStore(new URL(keystore), keystorePassword);
sslContextBuilder.loadKeyMaterial(clientKeyStore, keystorePassword.toCharArray());
} catch (UnrecoverableKeyException | IOException ue) {
throw new IllegalArgumentException(ue.getMessage() + ". " + BAD_KEYSTORE_ERROR, ue);
} catch (GeneralSecurityException gse) {
throw new IllegalArgumentException(gse.getMessage() + ". " + INVALID_KEYSTORE_ERROR, gse);
}
}
}
Example #8
| Source File: UnsafeHttpsClient.java From mobilecloud-15 with Apache License 2.0 | 5 votes |
|
public static HttpClient createUnsafeClient() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf).build();
return httpclient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #9
| Source File: UnsafeHttpsClient.java From mobilecloud-15 with Apache License 2.0 | 5 votes |
|
public static HttpClient createUnsafeClient() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf).build();
return httpclient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #10
| Source File: UnsafeHttpsClient.java From mobilecloud-15 with Apache License 2.0 | 5 votes |
|
public static HttpClient createUnsafeClient() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf).build();
return httpclient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Example #11
| Source File: CommonHttpClientBuilder.java From scheduling with GNU Affero General Public License v3.0 | 5 votes |
|
protected SSLContext createSslContext() {
try {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(null, ACCEPT_ANY_CERTIFICATE_TRUST_STRATEGY);
return sslContextBuilder.build();
} catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
}
}
Example #12
| Source File: BaseLivyInterpreter.java From zeppelin with Apache License 2.0 | 5 votes |
|
private SSLContext getSslContext() {
try {
// Build truststore
String trustStoreFile = getProperty("zeppelin.livy.ssl.trustStore");
String trustStorePassword = getProperty("zeppelin.livy.ssl.trustStorePassword");
String trustStoreType = getProperty("zeppelin.livy.ssl.trustStoreType",
KeyStore.getDefaultType());
if (StringUtils.isBlank(trustStoreFile)) {
throw new RuntimeException("No zeppelin.livy.ssl.trustStore specified for livy ssl");
}
if (StringUtils.isBlank(trustStorePassword)) {
throw new RuntimeException("No zeppelin.livy.ssl.trustStorePassword specified " +
"for livy ssl");
}
KeyStore trustStore = getStore(trustStoreFile, trustStoreType, trustStorePassword);
SSLContextBuilder builder = SSLContexts.custom();
builder.loadTrustMaterial(trustStore);
// Build keystore
String keyStoreFile = getProperty("zeppelin.livy.ssl.keyStore");
String keyStorePassword = getProperty("zeppelin.livy.ssl.keyStorePassword");
String keyPassword = getProperty("zeppelin.livy.ssl.keyPassword", keyStorePassword);
String keyStoreType = getProperty("zeppelin.livy.ssl.keyStoreType",
KeyStore.getDefaultType());
if (StringUtils.isNotBlank(keyStoreFile)) {
KeyStore keyStore = getStore(keyStoreFile, keyStoreType, keyStorePassword);
builder.loadKeyMaterial(keyStore, keyPassword.toCharArray()).useTLS();
}
return builder.build();
} catch (Exception e) {
throw new RuntimeException("Failed to create SSL Context", e);
}
}
Example #13
| Source File: JWTClientUtil.java From carbon-device-mgt with Apache License 2.0 | 5 votes |
|
/**
* Return a http client instance
*
* @param protocol- service endpoint protocol http/https
* @return
*/
public static HttpClient getHttpClient(String protocol)
throws IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClient httpclient;
if (HTTPS_PROTOCOL.equals(protocol)) {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).useSystemProperties().build();
} else {
httpclient = HttpClients.createDefault();
}
return httpclient;
}
Example #14
| Source File: HttpUtil.java From 07kit with GNU General Public License v3.0 | 5 votes |
|
public static HttpClient getClient() {
try {
SSLContext context = new SSLContextBuilder()
.loadTrustMaterial(null, (arg0, arg1) -> true)
.build();
return HttpClients.custom()
.setHostnameVerifier(new AllowAllHostnameVerifier())
.setSslcontext(context)
.build();
} catch (Exception e) {
e.printStackTrace();
return HttpClients.createDefault();
}
}
Example #15
| Source File: RestUtil.java From cf-java-client-sap with Apache License 2.0 | 5 votes |
|
private javax.net.ssl.SSLContext buildSslContext() {
try {
return new SSLContextBuilder().useSSL()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
} catch (GeneralSecurityException gse) {
throw new RuntimeException("An error occurred setting up the SSLContext", gse);
}
}
Example #16
| Source File: HttpUtil.java From document-management-software with GNU Lesser General Public License v3.0 | 5 votes |
|
public static CloseableHttpClient getNotValidatingClient(int timeout, String proxyServer, Integer proxyPort,
String proxyUser, String proxyPassword) {
try {
HttpClientBuilder clientBuilder = HttpClients.custom();
RequestConfig.Builder requestBuilder = RequestConfig.custom().setConnectTimeout(timeout * 1000)
.setSocketTimeout(timeout * 1000).setConnectionRequestTimeout(timeout * 1000)
.setRedirectsEnabled(true);
if (StringUtils.isNotEmpty(proxyServer)) {
HttpHost proxyHost = new HttpHost(proxyServer, proxyPort);
requestBuilder.setProxy(proxyHost);
DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxyHost);
clientBuilder.setRoutePlanner(routePlanner);
if (StringUtils.isNotEmpty(proxyUser)) {
CredentialsProvider credentialProvider = new BasicCredentialsProvider();
credentialProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(proxyUser, proxyPassword));
clientBuilder.setRoutePlanner(routePlanner);
}
}
RequestConfig requestConfig = requestBuilder.build();
CloseableHttpClient httpclient = clientBuilder.setHostnameVerifier(new AllowAllHostnameVerifier())
.setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}).build()).setDefaultRequestConfig(requestConfig).build();
return httpclient;
} catch (Throwable t) {
return null;
}
}
Example #17
| Source File: HttpUtil.java From codehelper.generator with Apache License 2.0 | 4 votes |
|
public static void init() throws RuntimeException {
try {
logger.warn(NOTICELINE + " httpUtil init begin " + NOTICELINE);
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
// sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
sslContextBuilder.loadTrustMaterial(null,new TrustAnyTrustManager());
SSLConnectionSocketFactory sslConnectionSocketFactory =
new SSLConnectionSocketFactory(
sslContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().
register("http", new PlainConnectionSocketFactory()).
register("https", sslConnectionSocketFactory).
build();
logger.warn(NOTICELINE + " SSL context init done " + NOTICELINE);
//init connectionManager , ThreadSafe pooled conMgr
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(registry);
poolingHttpClientConnectionManager.setMaxTotal(30);
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(3);
//init request config. pooltimeout,sotime,contimeout
RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(POOL_TIMECOUT).setConnectTimeout(CON_TIMEOUT).setSocketTimeout(SO_TIMEOUT).build();
// begin construct httpclient
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setConnectionManager(poolingHttpClientConnectionManager);
httpClientBuilder.setDefaultRequestConfig(requestConfig);
httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler() {
@Override
public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
if (executionCount >= HTTP_RETRY_COUNT) {
return false;
}
if (exception instanceof InterruptedIOException) {
// Timeout
logger.warn("httpUtil retry for InterruptIOException");
return true;
}
if (exception instanceof UnknownHostException) {
// Unknown host
return false;
}
if (exception instanceof SSLException) {
// SSL handshake exception
return false;
}
HttpClientContext clientContext = HttpClientContext.adapt(context);
HttpRequest request = clientContext.getRequest();
boolean idempotent = !(request instanceof HttpEntityEnclosingRequest);
if (idempotent) {
// Retry if the request is considered idempotent
logger.warn("httpUtil retry for idempotent");
return true;
}
return false;
}
});
logger.warn(NOTICELINE + " poolManager , requestconfig init done " + NOTICELINE);
httpclient = httpClientBuilder.build();
logger.warn(NOTICELINE + " httpUtil init done " + NOTICELINE);
} catch (Exception e) {
logger.error(NOTICELINE + "httpclient init fail" + NOTICELINE, e);
throw new RuntimeException(e);
}
}
Example #18
| Source File: TaxiiHandler.java From metron with Apache License 2.0 | 4 votes |
|
private static HttpClient buildClient(URL proxy, String username, String password) throws Exception
{
HttpClient client = new HttpClient(); // Start with a default TAXII HTTP client.
// Create an Apache HttpClientBuilder to be customized by the command line arguments.
HttpClientBuilder builder = HttpClientBuilder.create().useSystemProperties();
// Proxy
if (proxy != null) {
HttpHost proxyHost = new HttpHost(proxy.getHost(), proxy.getPort(), proxy.getProtocol());
builder.setProxy(proxyHost);
}
// Basic authentication. User & Password
if (username != null ^ password != null) {
throw new Exception("'username' and 'password' arguments are required to appear together.");
}
// from: http://stackoverflow.com/questions/19517538/ignoring-ssl-certificate-in-apache-httpclient-4-3
SSLContextBuilder ssbldr = new SSLContextBuilder();
ssbldr.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(ssbldr.build(),SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(20);//max connection
System.setProperty("jsse.enableSNIExtension", "false"); //""
CloseableHttpClient httpClient = builder
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
client.setHttpclient(httpClient);
return client;
}
