SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); sslContextBuilder.useProtocol("TLSv1.2");
public CloseableHttpClient build() throws Exception { HttpClientBuilder builder = HttpClients.custom(); builder.useSystemProperties(); builder .setDefaultSocketConfig(SocketConfig.custom() .setTcpNoDelay(true) .setSoKeepAlive(true) .build() ) .setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE); HostnameVerifier hostnameVerifier = sslVerificationMode.verifier(); TrustStrategy trustStrategy = sslVerificationMode.trustStrategy(); KeyStore trustStore = agentTruststore(); SSLContextBuilder sslContextBuilder = SSLContextBuilder.create() .setProtocol(systemEnvironment.get(SystemEnvironment.GO_SSL_TRANSPORT_PROTOCOL_TO_BE_USED_BY_AGENT)); if (trustStore != null || trustStrategy != null) { sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy); } sslContextBuilder.loadKeyMaterial(agentKeystore(), keystorePassword().toCharArray()); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), hostnameVerifier); builder.setSSLSocketFactory(sslConnectionSocketFactory); return builder.build(); }
@Override protected TTransport newTransport(String uri, HttpHeaders headers) throws TTransportException { final SSLContext sslContext; try { sslContext = SSLContextBuilder.create() .loadTrustMaterial((TrustStrategy) (chain, authType) -> true) .build(); } catch (GeneralSecurityException e) { throw new TTransportException("failed to initialize an SSL context", e); } final THttpClient client = new THttpClient( uri, HttpClientBuilder.create() .setSSLHostnameVerifier((hostname, session) -> true) .setSSLContext(sslContext) .build()); client.setCustomHeaders( headers.names().stream() .collect(toImmutableMap(AsciiString::toString, name -> String.join(", ", headers.getAll(name))))); return client; }
/** * Creates custom SSL context. * * @return default system SSL context */ public static SSLContextBuilder custom() { return SSLContextBuilder.create(); }
/** * Creates custom SSL context. * * @return default system SSL context */ public static SSLContextBuilder custom() { return SSLContextBuilder.create(); }
/** * Creates custom SSL context. * * @return default system SSL context */ public static SSLContextBuilder custom() { return SSLContextBuilder.create(); }
/** * Creates custom SSL context. * * @return default system SSL context */ public static SSLContextBuilder custom() { return SSLContextBuilder.create(); }
public SSLContext sslContext() throws Exception { return SSLContextBuilder.create() .loadTrustMaterial(trustStore.getFile(), trustStorePassword.toCharArray()).build(); } }
public SSLContext sslContext() throws Exception { return SSLContextBuilder.create() .loadKeyMaterial(keyStore.getFile(), keyStorePassword.toCharArray(), keyPassword.toCharArray()) .loadTrustMaterial(trustStore.getFile(), trustStorePassword.toCharArray()).build(); } }
private static SSLConnectionSocketFactory buildStrictFactory() { try { SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( SSLContextBuilder.create().build(), getSSLPrototocolsFromSystemProperties(), null, // new String[]{"TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA"}, SSLConnectionSocketFactory.getDefaultHostnameVerifier()); return sslsf; } catch (KeyManagementException | NoSuchAlgorithmException e) { throw new RuntimeException("Error creating HttpClient", e); } }
@Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) { httpClientBuilder.useSystemProperties(); if (!sslRejectUnauthorized) { httpClientBuilder.setSSLHostnameVerifier((host,session) -> true); try { httpClientBuilder.setSSLContext(SSLContextBuilder.create().loadTrustMaterial((chain,authType) -> true).build()); } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { throw new UncheckedIOException(new IOException("Unable to create SSLContext", e)); } } return httpClientBuilder; } });
private static SSLIOSessionStrategy buildStrictSSLIOSessionStrategy(){ try { SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy( SSLContextBuilder.create().build(), getSSLPrototocolsFromSystemProperties(), null, SSLConnectionSocketFactory.getDefaultHostnameVerifier()); return sessionStrategy; } catch (KeyManagementException | NoSuchAlgorithmException e) { throw new RuntimeException("Error creating HttpAsycClient", e); } }
private void addBuilderSSLContext() { try { SSLContext sslContext; HostnameVerifier hostnameVerifier; if (alwaysTrustServerCertificate) { sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustAllStrategy()).build(); hostnameVerifier = new NoopHostnameVerifier(); } else { sslContext = SSLContexts.createDefault(); hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); } SSLConnectionSocketFactory connectionFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); clientBuilder.setSSLSocketFactory(connectionFactory); } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { throw new IllegalArgumentException(e.getMessage(), e); } }
@Bean @Scope("prototype") public CloseableHttpClient build() { final RequestConfig config = RequestConfig.custom() .setConnectionRequestTimeout(1000) .setConnectTimeout(1000) .setSocketTimeout(1000) .build(); try { return HttpClientBuilder.create() .disableAuthCaching() .disableAutomaticRetries() .disableConnectionState() .disableCookieManagement() .disableRedirectHandling() .setDefaultRequestConfig(config) .setUserAgent("fullstop-job (https://github.com/zalando-stups/fullstop)") .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) .setSSLContext( SSLContextBuilder.create() .loadTrustMaterial( null, (arrayX509Certificate, value) -> true) .build()) .build(); } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { throw new IllegalStateException("Could not initialize httpClient", e); } }
public HttpFederationClient(GlobalStateHolder global, IFederationDomainResolver resolver) { this.global = global; this.resolver = resolver; try { // FIXME properly handle SSL context by validating certificate hostname SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustAllStrategy()).build(); HostnameVerifier hostnameVerifier = new NoopHostnameVerifier(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); this.client = HttpClientBuilder.create() .disableAuthCaching() .disableAutomaticRetries() .disableCookieManagement() .disableRedirectHandling() .setSSLSocketFactory(sslSocketFactory) .setDefaultRequestConfig(RequestConfig.custom() .setConnectTimeout(30 * 1000) // FIXME make configurable .setConnectionRequestTimeout(5 * 60 * 1000) // FIXME make configurable .setSocketTimeout(5 * 60 * 1000) // FIXME make configurable .build()) .setMaxConnPerRoute(Integer.MAX_VALUE) // FIXME make configurable .setMaxConnTotal(Integer.MAX_VALUE) // FIXME make configurable .setUserAgent(global.getAppName() + "/" + global.getAppVersion()) .build(); } catch (KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) { throw new RuntimeException(e); } }
private RegistryBuilder<ConnectionSocketFactory> setConnectionManagerSchemeHttps( final RegistryBuilder<ConnectionSocketFactory> socketFactoryRegistryBuilder) { try { SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); sslContextBuilder.setProtocol(sslProtocol); final KeyStore sslTrustStore = getSSLTrustStore(); if (sslTrustStore != null) { LOG.debug("Set the SSL trust store as trust materials"); sslContextBuilder.loadTrustMaterial(sslTrustStore, getTrustStrategy()); } final KeyStore sslKeystore = getSSLKeyStore(); if (sslKeystore != null) { LOG.debug("Set the SSL keystore as key materials"); final char[] password = sslKeystorePassword != null ? sslKeystorePassword.toCharArray() : null; sslContextBuilder.loadKeyMaterial(sslKeystore, password); if (loadKeyStoreAsTrustMaterial) { LOG.debug("Set the SSL keystore as trust materials"); sslContextBuilder.loadTrustMaterial(sslKeystore, getTrustStrategy()); } } SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(), getSupportedSSLProtocols(), getSupportedSSLCipherSuites(), getHostnameVerifier()); return socketFactoryRegistryBuilder.register("https", sslConnectionSocketFactory); } catch (final Exception e) { throw new DSSException("Unable to configure the SSLContext/SSLConnectionSocketFactory", e); } }
private SSLContext createSSLContext() throws Exception { SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); sslContextBuilder.useProtocol(protocol);
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build(); HostnameVerifier hostnameVerifier = new NoopHostnameVerifier(); SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
.setSSLContext(SSLContextBuilder.create().loadTrustMaterial(new TrustStrategy() { @Override public boolean isTrusted(final X509Certificate[] chain, final String authType)