Package com.elastisys.scale.commons.net.ssl

Source Code of com.elastisys.scale.commons.net.ssl.SslUtils

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package com.elastisys.scale.commons.net.ssl;

import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class SslUtils {
  /**
   * Creates a promiscuous {@link HostnameVerifier} that accepts all host
   * names without further verification.
   *
   * @return
   */
  public static HostnameVerifier allowAllHostNames() {
    // Install host name verifier that always approves host names
    HostnameVerifier alwaysAllowHostVerifier = new HostnameVerifier() {
      @Override
      public boolean verify(String hostname, SSLSession session) {
        return true;
      }
    };
    return alwaysAllowHostVerifier;
  }

  /**
   * Creates an all-trusting {@link SSLContext} that trusts all server
   * certificates it is presented with. The created {@link SSLContext} will
   * not attempt to authenticate the client to the server.
   * <p/>
   * The resulting {@link SSLContext} is similar to to using the
   * <code>--insecure</code> flag in <code>curl</code>.
   *
   * @see SslContextBuilder
   * @return
   */
  public static SSLContext trustAllCertsSslContext() {
    try {
      // Create a trust manager that does not validate certificate chains
      TrustManager trustAllCerts = insecureTrustManager();

      // Install the all-trusting trust manager
      SSLContext trustAllCertsSslContext = SSLContext.getInstance("TLS");
      trustAllCertsSslContext.init(new KeyManager[0],
          new TrustManager[] { trustAllCerts }, new SecureRandom());

      return trustAllCertsSslContext;
    } catch (Exception e) {
      throw new RuntimeException("failed to create an insecure "
          + "(trust-all-certs) ssl context: " + e.getMessage(), e);
    }
  }

  /**
   * Creates a {@link TrustManager} that trusts all server certificates it is
   * presented with. That is, all certificate chain/host identity checks are
   * disabled.
   * <p/>
   * This is similar to using the <code>--insecure</code> flag in
   * <code>curl</code>.
   *
   * @return
   */
  public static TrustManager insecureTrustManager() {
    TrustManager trustAllCerts = new X509TrustManager() {
      @Override
      public X509Certificate[] getAcceptedIssuers() {
        return null;
      }

      @Override
      public void checkClientTrusted(X509Certificate[] certs,
          String authType) {
      }

      @Override
      public void checkServerTrusted(X509Certificate[] certs,
          String authType) {
      }
    };
    return trustAllCerts;
  }

}
TOP

Related Classes of com.elastisys.scale.commons.net.ssl.SslUtils

  • javax.net.ssl.HostnameVerifier
  • javax.net.ssl.X509TrustManager
  • javax.net.ssl.SSLContext
  • java.security.SecureRandom
  • javax.net.ssl.TrustManager
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.