Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation.

This commit is contained in:
Gary D. Gregory 2017-02-20 22:40:41 +00:00 committed by Oleg Kalnichevski
parent 4438e47411
commit 7ff6b6c438
4 changed files with 120 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
RELEASE_NOTES.txt
View File

@ -8,6 +8,9 @@ Please note that as of 4.4 HttpClient requires Java 1.6 or newer.
Changelog:
-------------------
* [HTTPCLIENT-1817] Add a "Trust All" TrustStrategy implementation.
Contributed by Gary Gregory <ggregory at apache.org>
* [HTTPCLIENT-1816] Update Apache Commons Codec 1.9 to 1.10.
Contributed by Gary Gregory <ggregory at apache.org>

48
httpclient/src/main/java/org/apache/http/conn/ssl/TrustAllStrategy.java Normal file
View File

@ -0,0 +1,48 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.http.conn.ssl;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* A trust strategy that accepts all certificates as trusted. Verification of
* all other certificates is done by the trust manager configured in the SSL
* context.
*
* @since 4.5.4
*/
public class TrustAllStrategy implements TrustStrategy {
public static final TrustAllStrategy INSTANCE = new TrustAllStrategy();
@Override
public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
return true;
}
}

8
httpclient/src/main/java/org/apache/http/conn/ssl/TrustStrategy.java
View File

@ -27,12 +27,14 @@
package org.apache.http.conn.ssl;
/**
* A strategy to establish trustworthiness of certificates without consulting the trust manager
* configured in the actual SSL context. This interface can be used to override the standard
* JSSE certificate verification process.
* A strategy to establish trustworthiness of certificates without consulting
* the trust manager configured in the actual SSL context. This interface can be
* used to override the standard JSSE certificate verification process.
*
* @since 4.1
*/
public interface TrustStrategy extends org.apache.http.ssl.TrustStrategy {
// Empty! Inherits from org.apache.http.ssl.TrustStrategy.
}

87
httpclient/src/test/java/org/apache/http/conn/ssl/TestSSLSocketFactory.java
View File

@ -30,6 +30,9 @@ package org.apache.http.conn.ssl;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
@ -86,10 +89,12 @@ public class TestSSLSocketFactory {
@Test
public void testBasicSSL() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
@ -99,7 +104,8 @@ public class TestSSLSocketFactory {
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
try {
final SSLSession sslsession = sslSocket.getSession();
@ -112,10 +118,12 @@ public class TestSSLSocketFactory {
@Test
public void testBasicDefaultHostnameVerifier() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
@ -124,7 +132,8 @@ public class TestSSLSocketFactory {
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
try {
final SSLSession sslsession = sslSocket.getSession();
@ -136,10 +145,12 @@ public class TestSSLSocketFactory {
@Test
public void testClientAuthSSL() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
@ -149,7 +160,8 @@ public class TestSSLSocketFactory {
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
try {
final SSLSession sslsession = sslSocket.getSession();
@ -160,8 +172,9 @@ public class TestSSLSocketFactory {
}
}
@Test(expected=IOException.class)
@Test(expected = IOException.class)
public void testClientAuthSSLFailure() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
@ -174,6 +187,7 @@ public class TestSSLSocketFactory {
})
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
@ -183,7 +197,8 @@ public class TestSSLSocketFactory {
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
try {
final SSLSession sslsession = sslSocket.getSession();
@ -194,12 +209,14 @@ public class TestSSLSocketFactory {
}
}
@Test(expected=SSLException.class)
@Test(expected = SSLException.class)
public void testSSLTrustVerification() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
@ -212,45 +229,65 @@ public class TestSSLSocketFactory {
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
sslSocket.close();
}
@Test
public void testSSLTrustVerificationOverride() throws Exception {
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
this.server.start();
final HttpContext context = new BasicHttpContext();
public void testSSLTrustVerificationOverrideWithCustsom() throws Exception {
final TrustStrategy trustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(
final X509Certificate[] chain, final String authType) throws CertificateException {
public boolean isTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
return chain.length == 1;
}
};
testSSLTrustVerificationOverride(trustStrategy);
}
@Test
public void testSSLTrustVerificationOverrideWithTrustSelfSignedStrategy() throws Exception {
testSSLTrustVerificationOverride(TrustSelfSignedStrategy.INSTANCE);
}
@Test
public void testSSLTrustVerificationOverrideWithTrustAllStrategy() throws Exception {
testSSLTrustVerificationOverride(TrustAllStrategy.INSTANCE);
}
private void testSSLTrustVerificationOverride(final TrustStrategy trustStrategy)
throws Exception, IOException, NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
// @formatter:off
final SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(null, trustStrategy)
.build();
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
sslcontext,
// @formatter:on
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslcontext,
NoopHostnameVerifier.INSTANCE);
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
sslSocket.close();
}
@Test
public void testTLSOnly() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
@ -263,6 +300,7 @@ public class TestSSLSocketFactory {
})
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();
@ -271,13 +309,15 @@ public class TestSSLSocketFactory {
final Socket socket = socketFactory.createSocket(context);
final InetSocketAddress remoteAddress = new InetSocketAddress("localhost", this.server.getLocalPort());
final HttpHost target = new HttpHost("localhost", this.server.getLocalPort(), "https");
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null, context);
final SSLSocket sslSocket = (SSLSocket) socketFactory.connectSocket(0, socket, target, remoteAddress, null,
context);
final SSLSession sslsession = sslSocket.getSession();
Assert.assertNotNull(sslsession);
}
@Test(expected=IOException.class)
@Test(expected = IOException.class)
public void testSSLDisabledByDefault() throws Exception {
// @formatter:off
this.server = ServerBootstrap.bootstrap()
.setServerInfo(LocalServerTestBase.ORIGIN)
.setSslContext(SSLTestContexts.createServerSSLContext())
@ -290,6 +330,7 @@ public class TestSSLSocketFactory {
})
.create();
// @formatter:on
this.server.start();
final HttpContext context = new BasicHttpContext();