@Override public SSLContext newSslContext(KeyStore keyStore, char[] keyPassword, KeyStore trustStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException { return SSLContexts.custom() .loadTrustMaterial(trustStore, null) .loadKeyMaterial(keyStore, keyPassword) .build(); } }
SSLContext sslContext = builder.build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( sslContext, new X509HostnameVerifier() {
/** * 初始化证书 * @return */ public SSLContext initSSLContext() { FileInputStream inputStream = null; try { inputStream = new FileInputStream(new File(this.keyPath)); } catch (IOException e) { throw new RuntimeException("读取微信商户证书文件出错", e); } try { KeyStore keystore = KeyStore.getInstance("PKCS12"); char[] partnerId2charArray = mchId.toCharArray(); keystore.load(inputStream, partnerId2charArray); this.sslContext = SSLContexts.custom().loadKeyMaterial(keystore, partnerId2charArray).build(); return this.sslContext; } catch (Exception e) { throw new RuntimeException("证书文件有问题,请核实!", e); } finally { IOUtils.closeQuietly(inputStream); } } }
SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( builder.build()); CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory( sslsf).build(); HttpGet httpGet = new HttpGet("https://some-server"); CloseableHttpResponse response = httpclient.execute(httpGet); try { System.out.println(response.getStatusLine()); HttpEntity entity = response.getEntity(); EntityUtils.consume(entity); } finally { response.close(); }
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() { return true; }).build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { "TLSv1" },
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); if (StringUtils.isNotBlank(service.getTrustStoreFile())) { final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); } sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } if (StringUtils.isNotBlank(service.getKeyStoreFile())) { final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); } sslContextBuilder.useProtocol(service.getSslAlgorithm()); return sslContextBuilder.build(); }
public CloseableHttpClient build() throws Exception { HttpClientBuilder builder = HttpClients.custom(); builder.useSystemProperties(); builder .setDefaultSocketConfig(SocketConfig.custom() .setTcpNoDelay(true) .setSoKeepAlive(true) .build() ) .setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE); HostnameVerifier hostnameVerifier = sslVerificationMode.verifier(); TrustStrategy trustStrategy = sslVerificationMode.trustStrategy(); KeyStore trustStore = agentTruststore(); SSLContextBuilder sslContextBuilder = SSLContextBuilder.create() .setProtocol(systemEnvironment.get(SystemEnvironment.GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT)); if (trustStore != null || trustStrategy != null) { sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy); } sslContextBuilder.loadKeyMaterial(agentKeystore(), keystorePassword().toCharArray()); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier); builder.setSSLSocketFactory(sslConnectionSocketFactory); return builder.build(); }
@Override protected TTransport newTransport(String uri, HttpHeaders headers) throws TTransportException { final SSLContext sslContext; try { sslContext = SSLContextBuilder.create() .loadTrustMaterial((TrustStrategy) (chain, authType) -> true) .build(); } catch (GeneralSecurityException e) { throw new TTransportException("failed to initialize an SSL context", e); } final THttpClient client = new THttpClient( uri, HttpClientBuilder.create() .setSSLHostnameVerifier((hostname, session) -> true) .setSSLContext(sslContext) .build()); client.setCustomHeaders( headers.names().stream() .collect(toImmutableMap(AsciiString::toString, name -> String.join(", ", headers.getAll(name))))); return client; }
private SSLContext buildSslContext() throws SSLInitializationException { final SSLContext sslContext; try { final SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); sslContextBuilder.setProtocol(configuration.getProtocol()); final String configuredProvider = configuration.getProvider(); if (configuredProvider != null) { sslContextBuilder.setProvider(configuredProvider); } loadKeyMaterial(sslContextBuilder); loadTrustMaterial(sslContextBuilder); sslContext = sslContextBuilder.build(); } catch (Exception e) { throw new SSLInitializationException(e.getMessage(), e); } return sslContext; }
private void loadTrustMaterial(SSLContextBuilder sslContextBuilder) throws Exception { KeyStore trustStore = null; if (configuration.getTrustStorePath() != null) { trustStore = loadKeyStore(configuration.getTrustStoreType(), configuration.getTrustStorePath(), requireNonNull(configuration.getTrustStorePassword()), configuration.getTrustStoreProvider()); } TrustStrategy trustStrategy = null; if (configuration.isTrustSelfSignedCertificates()) { trustStrategy = new TrustSelfSignedStrategy(); } sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy); }
private void loadKeyMaterial(SSLContextBuilder sslContextBuilder) throws Exception { if (configuration.getKeyStorePath() != null) { final KeyStore keystore = loadKeyStore(configuration.getKeyStoreType(), configuration.getKeyStorePath(), requireNonNull(configuration.getKeyStorePassword()), configuration.getKeyStoreProvider()); sslContextBuilder.loadKeyMaterial(keystore, requireNonNull(configuration.getKeyStorePassword()).toCharArray(), choosePrivateKeyStrategy()); } }
private static HttpClientConnectionManager createConnectionManager(DefaultBotOptions options) { Registry<ConnectionSocketFactory> registry; switch (options.getProxyType()) { case NO_PROXY: return null; case HTTP: registry = RegistryBuilder.<ConnectionSocketFactory> create() .register("http", new HttpConnectionSocketFactory()) .register("https", new HttpSSLConnectionSocketFactory(SSLContexts.createSystemDefault())).build(); return new PoolingHttpClientConnectionManager(registry); case SOCKS4: case SOCKS5: registry = RegistryBuilder.<ConnectionSocketFactory> create() .register("http", new SocksConnectionSocketFactory()) .register("https", new SocksSSLConnectionSocketFactory(SSLContexts.createSystemDefault())).build(); return new PoolingHttpClientConnectionManager(registry); } return null; }
private static Registry<ConnectionSocketFactory> getSslFactoryRegistry(String certPath) throws IOException { try { KeyStore keyStore = KeyStoreUtil.createDockerKeyStore(certPath); SSLContext sslContext = SSLContexts.custom() .setProtocol(SSLConnectionSocketFactory.TLS) .loadKeyMaterial(keyStore, "docker".toCharArray()) .loadTrustMaterial(keyStore, null) .build(); String tlsVerify = System.getenv("DOCKER_TLS_VERIFY"); SSLConnectionSocketFactory sslsf = tlsVerify != null && !tlsVerify.equals("0") && !tlsVerify.equals("false") ? new SSLConnectionSocketFactory(sslContext) : new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); return RegistryBuilder.<ConnectionSocketFactory> create().register("https", sslsf).build(); } catch (GeneralSecurityException e) { // this isn't ideal but the net effect is the same throw new IOException(e); } } }
private static CloseableHttpClient getHttpClient() throws IOException { try { // Self sign SSL SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, (TrustStrategy) new TrustSelfSignedStrategy()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build()); // Create client return HttpClients.custom().setSSLSocketFactory(sslsf).setDefaultCookieStore(new BasicCookieStore()).build(); } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { throw new IOException("Issue with creating http client", e); } }
try { SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; }).build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext); socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
private SSLContext createSSLContext(final SSLContextService service) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { SSLContextBuilder builder = SSLContexts.custom(); final String trustFilename = service.getTrustStoreFile(); if (trustFilename != null) { final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType()); try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) { truststore.load(in, service.getTrustStorePassword().toCharArray()); } builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy()); } final String keyFilename = service.getKeyStoreFile(); if (keyFilename != null) { final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType()); try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) { keystore.load(in, service.getKeyStorePassword().toCharArray()); } builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()); final String alias = keystore.aliases().nextElement(); final Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) { principal = ((X509Certificate) cert).getSubjectDN(); } } builder = builder.setProtocol(service.getSslAlgorithm()); final SSLContext sslContext = builder.build(); return sslContext; }
/** configure HttpClient to ignore self-signed certs as described here: http://literatejava.com/networks/ignore-ssl-certificate-errors-apache-httpclient-4-4/ */ protected CloseableHttpClient createTrustingHttpClient() throws IOException { try { HttpClientBuilder builder = HttpClientBuilder.create(); SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustAllStrategy()).build(); builder.setSSLContext(sslContext); HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslSocketFactory) .build(); PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry); builder.setConnectionManager(connMgr); return builder.build(); } catch (Exception e) { throw new IOException(e); } }
private Executor executor() { if (executor == null) { if (this.host.startsWith("https://")) { Try.run(() -> { SSLContext sslContext = SSLContexts.custom() .loadTrustMaterial(null, (chain, authType) -> true) .build(); builder.setSSLContext(sslContext); builder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE); }).throwException(); } client = builder.build(); executor = Executor.newInstance(client); if (creds != null) { executor.auth(creds); } } return executor; }
keyStore.load(new FileInputStream(FileHelper.getAbsoluteFilePathFromClassPath(keystore).toFile()), "changeit".toCharArray()); final SSLContextBuilder sslContextbBuilder = SSLContexts.custom(); sslContextbBuilder.loadTrustMaterial(myTrustStore, null); sslContextbBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray()); final SSLContext sslContext = sslContextbBuilder.build();
@Before public void setup() throws Exception { this.server.setHandler(new CheckRequestHandler()); this.server.afterPropertiesSet(); this.server.start(); // Set dynamically chosen port this.port = this.server.getPort(); SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(new TrustSelfSignedStrategy()); SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( builder.build(), NoopHostnameVerifier.INSTANCE); CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory( socketFactory).build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpclient); this.restTemplate = new RestTemplate(requestFactory); }