diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspScheme.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspScheme.java index 78b387466..040bcdda2 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspScheme.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspScheme.java @@ -31,12 +31,9 @@ import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.PublicKey; import java.security.cert.Certificate; -import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Arrays; @@ -48,8 +45,6 @@ import javax.net.ssl.SSLEngineResult.Status; import javax.net.ssl.SSLException; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; import org.apache.commons.codec.binary.Base64; import org.apache.hc.client5.http.auth.AuthChallenge; @@ -64,8 +59,6 @@ import org.apache.hc.core5.annotation.Experimental; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.HttpRequest; import org.apache.hc.core5.http.protocol.HttpContext; -import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.hc.core5.ssl.SSLInitializationException; import org.apache.hc.core5.util.Args; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -119,6 +112,7 @@ public class CredSspScheme implements AuthScheme CREDENTIALS_SENT; } + private final SSLContext sslContext; private State state; private SSLEngine sslEngine; private NTCredentials ntcredentials; @@ -131,7 +125,8 @@ public class CredSspScheme implements AuthScheme private byte[] peerPublicKey; - public CredSspScheme() { + public CredSspScheme(final SSLContext sslContext) { + this.sslContext = Args.notNull(sslContext, "SSL context"); state = State.UNINITIATED; } @@ -169,53 +164,6 @@ public class CredSspScheme implements AuthScheme private SSLEngine createSSLEngine() { - final SSLContext sslContext; - try - { - sslContext = SSLContexts.custom().build(); - } - catch (final NoSuchAlgorithmException | KeyManagementException ex ) - { - throw new SSLInitializationException( "Error creating SSL Context: " + ex.getMessage(), ex ); - } - - final X509TrustManager tm = new X509TrustManager() - { - - @Override - public void checkClientTrusted( final X509Certificate[] chain, final String authType ) - throws CertificateException - { - // Nothing to do. - } - - - @Override - public void checkServerTrusted( final X509Certificate[] chain, final String authType ) - throws CertificateException - { - // Nothing to do, accept all. CredSSP server is using its own certificate without any - // binding to the PKI trust chains. The public key is verified as part of the CredSSP - // protocol exchange. - } - - - @Override - public X509Certificate[] getAcceptedIssuers() - { - return null; - } - - }; - try - { - sslContext.init( null, new TrustManager[] - { tm }, null ); - } - catch ( final KeyManagementException e ) - { - throw new SSLInitializationException( "SSL Context initialization error: " + e.getMessage(), e ); - } final SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode( true ); return sslEngine; diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspSchemeFactory.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspSchemeFactory.java index e4fc32953..3abfe5868 100644 --- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspSchemeFactory.java +++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/CredSspSchemeFactory.java @@ -27,18 +27,47 @@ package org.apache.hc.client5.http.impl.auth; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; + +import javax.net.ssl.SSLContext; + import org.apache.hc.client5.http.auth.AuthScheme; import org.apache.hc.client5.http.auth.AuthSchemeProvider; +import org.apache.hc.client5.http.ssl.TrustAllStrategy; import org.apache.hc.core5.annotation.Experimental; import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.ssl.SSLContexts; +import org.apache.hc.core5.ssl.SSLInitializationException; @Experimental public class CredSspSchemeFactory implements AuthSchemeProvider { + private final SSLContext sslContext; + + public CredSspSchemeFactory() { + this(createDefaultContext()); + } + + public CredSspSchemeFactory(final SSLContext sslContext) { + this.sslContext = sslContext != null ? sslContext : createDefaultContext(); + } + + private static SSLContext createDefaultContext() throws SSLInitializationException { + try { + return SSLContexts.custom() + .loadTrustMaterial(new TrustAllStrategy()) + .build(); + } catch (final NoSuchAlgorithmException | KeyManagementException | KeyStoreException ex) { + throw new SSLInitializationException(ex.getMessage(), ex); + } + } + @Override public AuthScheme create(final HttpContext context) { - return new CredSspScheme(); + return new CredSspScheme(sslContext); } }