From f2d8753391c3aac4bcbc18d42f0921eba35a1e34 Mon Sep 17 00:00:00 2001 From: Gaetano Piazzolla Date: Sat, 22 Jul 2023 15:19:21 +0200 Subject: [PATCH] JAVA-23317 | Added dummy TrustManager (#14444) * JAVA-23317 | Added dummy TrustManager * JAVA-23317 | Added comment * JAVA-23317 | renamed dummy to mock * JAVA-23317 | renamed unit test --- .../ssl/HttpClientSSLBypassUnitTest.java | 63 +++++++++++++++++-- 1 file changed, 59 insertions(+), 4 deletions(-) diff --git a/core-java-modules/core-java-11-2/src/test/java/com/baeldung/httpclient/ssl/HttpClientSSLBypassUnitTest.java b/core-java-modules/core-java-11-2/src/test/java/com/baeldung/httpclient/ssl/HttpClientSSLBypassUnitTest.java index 68fcaae6d1..d0733d7149 100644 --- a/core-java-modules/core-java-11-2/src/test/java/com/baeldung/httpclient/ssl/HttpClientSSLBypassUnitTest.java +++ b/core-java-modules/core-java-11-2/src/test/java/com/baeldung/httpclient/ssl/HttpClientSSLBypassUnitTest.java @@ -4,29 +4,84 @@ import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import java.io.IOException; +import java.net.Socket; import java.net.URI; +import java.net.URISyntaxException; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; import java.util.Properties; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509ExtendedTrustManager; + public class HttpClientSSLBypassUnitTest { @Test - public void whenHttpsRequest_thenCorrect() throws IOException, InterruptedException { + public void givenDisableUsingJVMProperty_whenByPassCertificationVerification_thenSuccessHttpResponse() throws IOException, InterruptedException { final Properties props = System.getProperties(); props.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.TRUE.toString()); HttpClient httpClient = HttpClient.newBuilder() - .build(); + .build(); HttpRequest request = HttpRequest.newBuilder() - .uri(URI.create("https://wrong.host.badssl.com/")) - .build(); + .uri(URI.create("https://wrong.host.badssl.com/")) + .build(); HttpResponse response = httpClient.send(request, HttpResponse.BodyHandlers.ofString()); props.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.FALSE.toString()); Assertions.assertEquals(200, response.statusCode()); } + + @Test + public void givenMockTrustManager_whenByPassCertificateVerification_thenSuccessHttpResponse() throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException, URISyntaxException { + SSLContext sslContext = SSLContext.getInstance("SSL"); // OR TLS + sslContext.init(null, new TrustManager[]{ MOCK_TRUST_MANAGER }, new SecureRandom()); + HttpClient httpClient = HttpClient.newBuilder().sslContext(sslContext).build(); + HttpRequest request = HttpRequest.newBuilder() + .uri(new URI("https://wrong.host.badssl.com/")) + .build(); + HttpResponse response = httpClient.send(request, HttpResponse.BodyHandlers.ofString()); + Assertions.assertEquals(200, response.statusCode()); + } + + + private static final TrustManager MOCK_TRUST_MANAGER = new X509ExtendedTrustManager() { + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) { + } + + @Override + public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) { + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) { + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) { + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) { + } + }; }