public static SslContextFactory createSslContextFactory(boolean tlsAllowInsecureConnection, String tlsTrustCertsFilePath, String tlsCertificateFilePath, String tlsKeyFilePath, boolean tlsRequireTrustedClientCertOnConnect) throws GeneralSecurityException { SslContextFactory sslCtxFactory = new SslContextFactory(); SSLContext sslCtx = createSslContext(tlsAllowInsecureConnection, tlsTrustCertsFilePath, tlsCertificateFilePath, tlsKeyFilePath); sslCtxFactory.setSslContext(sslCtx); if (tlsRequireTrustedClientCertOnConnect) { sslCtxFactory.setNeedClientAuth(true); } else { sslCtxFactory.setWantClientAuth(true); } sslCtxFactory.setTrustAll(true); return sslCtxFactory; } }
contextFactory.setTrustAll(sslSettings.valueOfIndex("trustAll").toBoolean());
private SslContextFactory(boolean trustAll, String keyStorePath) { setTrustAll(trustAll); setExcludeProtocols(DEFAULT_EXCLUDED_PROTOCOLS); setExcludeCipherSuites(DEFAULT_EXCLUDED_CIPHER_SUITES); if (keyStorePath != null) setKeyStorePath(keyStorePath); }
/** * Construct an instance of SslContextFactory * Default constructor for use in XmlConfiguration files * @param trustAll whether to blindly trust all certificates * @see #setTrustAll(boolean) */ public SslContextFactory(boolean trustAll) { setTrustAll(trustAll); }
/** * Construct an instance of SslContextFactory * Default constructor for use in XmlConfiguration files * @param trustAll whether to blindly trust all certificates * @see #setTrustAll(boolean) */ public SslContextFactory(boolean trustAll) { setTrustAll(trustAll); }
/** * Construct an instance of SslContextFactory * Default constructor for use in XmlConfiguration files * @param trustAll whether to blindly trust all certificates * @see #setTrustAll(boolean) */ public SslContextFactory(boolean trustAll) { setTrustAll(trustAll); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); }
@Provides @Singleton public HttpClient provideHttpClient(ExecutorService executorService, @Named("httpClient.maxConnectionsQueued") Integer maxConnectionsQueued, @Named("httpClient.maxConnectionPerRoute") Integer maxConnectionPerRoute, @Named("httpClient.requestBufferSize") Integer requestBufferSize, @Named("httpClient.responseBufferSize") Integer responseBufferSize, @Named("httpClient.maxRedirects") Integer maxRedirects, @Named("httpClient.trustAllCertificates") Boolean trustAllCertificates) { try { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setTrustAll(trustAllCertificates); HttpClient httpClient = new HttpClient(sslContextFactory); httpClient.setExecutor(executorService); httpClient.setMaxConnectionsPerDestination(maxConnectionsQueued); httpClient.setMaxRequestsQueuedPerDestination(maxConnectionPerRoute); httpClient.setRequestBufferSize(requestBufferSize); httpClient.setResponseBufferSize(responseBufferSize); httpClient.setMaxRedirects(maxRedirects); httpClient.start(); registerHttpClientShutdownHook(httpClient); return httpClient; } catch (Exception e) { System.out.println(Arrays.toString(e.getStackTrace())); throw new RuntimeException(e.getLocalizedMessage(), e); } }
public static SslContextFactory createSslContextFactory(boolean tlsAllowInsecureConnection, String tlsTrustCertsFilePath, String tlsCertificateFilePath, String tlsKeyFilePath, boolean tlsRequireTrustedClientCertOnConnect) throws GeneralSecurityException { SslContextFactory sslCtxFactory = new SslContextFactory(); SSLContext sslCtx = createSslContext(tlsAllowInsecureConnection, tlsTrustCertsFilePath, tlsCertificateFilePath, tlsKeyFilePath); sslCtxFactory.setSslContext(sslCtx); if (tlsRequireTrustedClientCertOnConnect) { sslCtxFactory.setNeedClientAuth(true); } else { sslCtxFactory.setWantClientAuth(true); } sslCtxFactory.setTrustAll(true); return sslCtxFactory; } }
keyManagerPassword = keyStorePassword; sslContextFactory.setTrustAll(true);
@Override protected ConnectionFactory[] getConnectionFactorys() throws URISyntaxException { SslContextFactory sslContextFactory = new SslContextFactory(); String path = get(HttpServer.KEY_STORE_PATH); File keystoreFile = FileUtil.file(path); if (!keystoreFile.exists()) { String msg = path + " is not exist"; Log.get("sumk.http").error(msg); SumkException.throwException(-2345345, msg); } sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath()); sslContextFactory.setKeyStorePassword(get("http.ssl.storePassword")); sslContextFactory.setKeyManagerPassword(get("http.ssl.managerPassword")); sslContextFactory.setCertAlias(get("http.ssl.alias")); String v = AppInfo.get("http.ssl.storeType", null); if (v != null) { sslContextFactory.setKeyStoreType(v); } v = AppInfo.get("http.ssl.trustAll", null); if (v != null) { sslContextFactory.setTrustAll("1".equals(v) || v.equalsIgnoreCase(v)); } Log.get("sumk.http").info("using https"); return new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory() }; }
sslContextFactory.setWantClientAuth( clientAuthWanted ); sslContextFactory.setTrustAll( trustAllCerts ); if (sslIncludeCiphers != null && !sslIncludeCiphers.isEmpty()) { sslContextFactory.setIncludeCipherSuites( sslIncludeCiphers.toArray(new String[sslIncludeCiphers.size()]) );
sslContextFactory.setWantClientAuth( clientAuthWanted ); sslContextFactory.setTrustAll( trustAllCerts ); if (sslIncludeCiphers != null && !sslIncludeCiphers.isEmpty()) { sslContextFactory.setIncludeCipherSuites( sslIncludeCiphers.toArray(new String[0]) );
sslContextFactory.setTrustAll(true);
sslContextFactory.setTrustAll(true);
private SslContextFactory(boolean trustAll, String keyStorePath) { setTrustAll(trustAll); addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3"); // Exclude weak / insecure ciphers setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); // Exclude ciphers that don't support forward secrecy addExcludeCipherSuites("^TLS_RSA_.*$"); // The following exclusions are present to cleanup known bad cipher // suites that may be accidentally included via include patterns. // The default enabled cipher list in Java will not include these // (but they are available in the supported list). addExcludeCipherSuites("^SSL_.*$"); addExcludeCipherSuites("^.*_NULL_.*$"); addExcludeCipherSuites("^.*_anon_.*$"); if (keyStorePath != null) setKeyStorePath(keyStorePath); }
@Override protected void configureClient() { boolean addSslSupport = StringUtils.isNotEmpty(metadata.getKeyStorePath()) && StringUtils.isNotEmpty(metadata.getKeyStorePassword()); if(addSslSupport){ SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(metadata.getKeyStorePath()); sslContextFactory.setKeyStorePassword(metadata.getKeyStorePassword()); boolean addTrustSupport = StringUtils.isNotEmpty(metadata.getTrustStorePath()) && StringUtils.isNotEmpty(metadata.getTrustStorePassword()); if(addTrustSupport){ sslContextFactory.setTrustStorePath(metadata.getTrustStorePath()); sslContextFactory.setTrustStorePassword(metadata.getTrustStorePassword()); }else{ sslContextFactory.setTrustAll(true); } httpClient = new HttpClient(sslContextFactory); } httpClient.setConnectTimeout(metadata.getConnectTimeout()); httpClient.setIdleTimeout(metadata.getIdleTimeout()); httpClient.setMaxConnectionsPerDestination(metadata.getMaxConnectionsPerAddress()); httpClient.setMaxRequestsQueuedPerDestination(metadata.getMaxQueueSizePerAddress()); httpClient.setFollowRedirects(followRedirects); try { httpClient.start(); } catch (Exception e) { throw new ClientException("failed to start jetty http client: " + e, e); } }
sslContextFactory.setTrustAll(false); sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
sslContexFactory.setTrustAll(isIgnoreSslErrors()); WebSocketClient webSocketClient = new WebSocketClient(sslContexFactory, executor);
sslContextFactory.setTrustAll(true); sslContextFactory.setKeyStorePassword("password");