public static SSLContext getSSLContextWithTrustore(File file, String password)
     throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException,
         KeyManagementException {
   if (!file.isFile()) {
     throw new RuntimeException("Truststore file not found: " + file.getAbsolutePath());
   }
   SSLContext theContext =
       SSLContexts.custom()
           .useProtocol("TLS")
           .loadTrustMaterial(file, password == null ? null : password.toCharArray())
           .build();
   return theContext;
 }
 private SSLContext getSSLContext() {
   TrustStrategy acceptingTrustStrategy =
       new TrustStrategy() {
         public boolean isTrusted(X509Certificate[] certificate, String authType) {
           return true;
         }
       };
   SSLContext sslContext = null;
   try {
     sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
   } catch (Exception e) {
     // Handle error
   }
   return sslContext;
 }
Example #3
0
  public static final void main(String[] args) throws Exception {

    // Use custom message parser / writer to customize the way HTTP
    // messages are parsed from and written out to the data stream.
    HttpMessageParserFactory<HttpResponse> responseParserFactory =
        new DefaultHttpResponseParserFactory() {

          @Override
          public HttpMessageParser<HttpResponse> create(
              SessionInputBuffer buffer, MessageConstraints constraints) {
            LineParser lineParser =
                new BasicLineParser() {

                  @Override
                  public Header parseHeader(final CharArrayBuffer buffer) {
                    try {
                      return super.parseHeader(buffer);
                    } catch (ParseException ex) {
                      return new BasicHeader(buffer.toString(), null);
                    }
                  }
                };
            return new DefaultHttpResponseParser(
                buffer, lineParser, DefaultHttpResponseFactory.INSTANCE, constraints) {

              @Override
              protected boolean reject(final CharArrayBuffer line, int count) {
                // try to ignore all garbage preceding a status line infinitely
                return false;
              }
            };
          }
        };
    HttpMessageWriterFactory<HttpRequest> requestWriterFactory =
        new DefaultHttpRequestWriterFactory();

    // Use a custom connection factory to customize the process of
    // initialization of outgoing HTTP connections. Beside standard connection
    // configuration parameters HTTP connection factory can define message
    // parser / writer routines to be employed by individual connections.
    HttpConnectionFactory<HttpRoute, ManagedHttpClientConnection> connFactory =
        new ManagedHttpClientConnectionFactory(requestWriterFactory, responseParserFactory);

    // Client HTTP connection objects when fully initialized can be bound to
    // an arbitrary network socket. The process of network socket initialization,
    // its connection to a remote address and binding to a local one is controlled
    // by a connection socket factory.

    // SSL context for secure connections can be created either based on
    // system or application specific properties.
    SSLContext sslcontext = SSLContexts.createSystemDefault();

    // Create a registry of custom connection socket factories for supported
    // protocol schemes.
    Registry<ConnectionSocketFactory> socketFactoryRegistry =
        RegistryBuilder.<ConnectionSocketFactory>create()
            .register("http", PlainConnectionSocketFactory.INSTANCE)
            .register("https", new SSLConnectionSocketFactory(sslcontext))
            .build();

    // Use custom DNS resolver to override the system DNS resolution.
    DnsResolver dnsResolver =
        new SystemDefaultDnsResolver() {

          @Override
          public InetAddress[] resolve(final String host) throws UnknownHostException {
            if (host.equalsIgnoreCase("myhost")) {
              return new InetAddress[] {InetAddress.getByAddress(new byte[] {127, 0, 0, 1})};
            } else {
              return super.resolve(host);
            }
          }
        };

    // Create a connection manager with custom configuration.
    PoolingHttpClientConnectionManager connManager =
        new PoolingHttpClientConnectionManager(socketFactoryRegistry, connFactory, dnsResolver);

    // Create socket configuration
    SocketConfig socketConfig = SocketConfig.custom().setTcpNoDelay(true).build();
    // Configure the connection manager to use socket configuration either
    // by default or for a specific host.
    connManager.setDefaultSocketConfig(socketConfig);
    connManager.setSocketConfig(new HttpHost("somehost", 80), socketConfig);
    // Validate connections after 1 sec of inactivity
    connManager.setValidateAfterInactivity(1000);

    // Create message constraints
    MessageConstraints messageConstraints =
        MessageConstraints.custom().setMaxHeaderCount(200).setMaxLineLength(2000).build();
    // Create connection configuration
    ConnectionConfig connectionConfig =
        ConnectionConfig.custom()
            .setMalformedInputAction(CodingErrorAction.IGNORE)
            .setUnmappableInputAction(CodingErrorAction.IGNORE)
            .setCharset(Consts.UTF_8)
            .setMessageConstraints(messageConstraints)
            .build();
    // Configure the connection manager to use connection configuration either
    // by default or for a specific host.
    connManager.setDefaultConnectionConfig(connectionConfig);
    connManager.setConnectionConfig(new HttpHost("somehost", 80), ConnectionConfig.DEFAULT);

    // Configure total max or per route limits for persistent connections
    // that can be kept in the pool or leased by the connection manager.
    connManager.setMaxTotal(100);
    connManager.setDefaultMaxPerRoute(10);
    connManager.setMaxPerRoute(new HttpRoute(new HttpHost("somehost", 80)), 20);

    // Use custom cookie store if necessary.
    CookieStore cookieStore = new BasicCookieStore();
    // Use custom credentials provider if necessary.
    CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    // Create global request configuration
    RequestConfig defaultRequestConfig =
        RequestConfig.custom()
            .setCookieSpec(CookieSpecs.DEFAULT)
            .setExpectContinueEnabled(true)
            .setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM, AuthSchemes.DIGEST))
            .setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC))
            .build();

    // Create an HttpClient with the given custom dependencies and configuration.
    CloseableHttpClient httpclient =
        HttpClients.custom()
            .setConnectionManager(connManager)
            .setDefaultCookieStore(cookieStore)
            .setDefaultCredentialsProvider(credentialsProvider)
            .setProxy(new HttpHost("myproxy", 8080))
            .setDefaultRequestConfig(defaultRequestConfig)
            .build();

    try {
      HttpGet httpget = new HttpGet("http://httpbin.org/get");
      // Request configuration can be overridden at the request level.
      // They will take precedence over the one set at the client level.
      RequestConfig requestConfig =
          RequestConfig.copy(defaultRequestConfig)
              .setSocketTimeout(5000)
              .setConnectTimeout(5000)
              .setConnectionRequestTimeout(5000)
              .setProxy(new HttpHost("myotherproxy", 8080))
              .build();
      httpget.setConfig(requestConfig);

      // Execution context can be customized locally.
      HttpClientContext context = HttpClientContext.create();
      // Contextual attributes set the local context level will take
      // precedence over those set at the client level.
      context.setCookieStore(cookieStore);
      context.setCredentialsProvider(credentialsProvider);

      System.out.println("executing request " + httpget.getURI());
      CloseableHttpResponse response = httpclient.execute(httpget, context);
      try {
        System.out.println("----------------------------------------");
        System.out.println(response.getStatusLine());
        System.out.println(EntityUtils.toString(response.getEntity()));
        System.out.println("----------------------------------------");

        // Once the request has been executed the local context can
        // be used to examine updated state and various objects affected
        // by the request execution.

        // Last executed request
        context.getRequest();
        // Execution route
        context.getHttpRoute();
        // Target auth state
        context.getTargetAuthState();
        // Proxy auth state
        context.getTargetAuthState();
        // Cookie origin
        context.getCookieOrigin();
        // Cookie spec used
        context.getCookieSpec();
        // User security token
        context.getUserToken();

      } finally {
        response.close();
      }
    } finally {
      httpclient.close();
    }
  }
Example #4
0
  public static synchronized void setGlobalSSLAuth(
      String keypath, String keypassword, String trustpath, String trustpassword) {
    // load the stores if defined
    try {
      if (trustpath != null && trustpassword != null) {
        truststore = KeyStore.getInstance(KeyStore.getDefaultType());
        try (FileInputStream instream = new FileInputStream(new File(trustpath))) {
          truststore.load(instream, trustpassword.toCharArray());
        }
      } else truststore = null;
      if (keypath != null && keypassword != null) {
        keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        try (FileInputStream instream = new FileInputStream(new File(keypath))) {
          keystore.load(instream, keypassword.toCharArray());
        }
      } else keystore = null;
    } catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException ex) {
      log.error("Illegal -D keystore parameters: " + ex.getMessage());
      truststore = null;
      keystore = null;
    }
    try {
      // set up the context
      SSLContext scxt = null;
      if (IGNORECERTS) {
        scxt = SSLContext.getInstance("TLS");
        TrustManager[] trust_mgr =
            new TrustManager[] {
              new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                  return null;
                }

                public void checkClientTrusted(X509Certificate[] certs, String t) {}

                public void checkServerTrusted(X509Certificate[] certs, String t) {}
              }
            };
        scxt.init(
            null, // key manager
            trust_mgr, // trust manager
            new SecureRandom()); // random number generator
      } else {
        SSLContextBuilder sslbuilder = SSLContexts.custom();
        TrustStrategy strat = new LooseTrustStrategy();
        if (truststore != null) sslbuilder.loadTrustMaterial(truststore, strat);
        else sslbuilder.loadTrustMaterial(strat);
        sslbuilder.loadTrustMaterial(truststore, new LooseTrustStrategy());
        if (keystore != null) sslbuilder.loadKeyMaterial(keystore, keypassword.toCharArray());
        scxt = sslbuilder.build();
      }
      globalsslfactory = new SSLConnectionSocketFactory(scxt, new NoopHostnameVerifier());

      RegistryBuilder rb = RegistryBuilder.<ConnectionSocketFactory>create();
      rb.register("https", globalsslfactory);
      sslregistry = rb.build();
    } catch (KeyStoreException
        | NoSuchAlgorithmException
        | KeyManagementException
        | UnrecoverableEntryException e) {
      log.error("Failed to set key/trust store(s): " + e.getMessage());
      sslregistry = null;
      globalsslfactory = null;
    }
  }