SslUtils.java

/**
 * Copyright (C) 2017 HttpBuilder-NG Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package groovyx.net.http.util;

import groovyx.net.http.HttpObjectConfig;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

/**
 * SSL helper utilities.
 */
public class SslUtils {

    /**
     * A `HostnameVerifier` that accepts any host name.
     */
    @SuppressWarnings("WeakerAccess")
    public static final HostnameVerifier ANY_HOSTNAME = (s, sslSession) -> true;

    // trust manager that trusts everything
    private static final TrustManager[] TRUST_MANAGERS = {new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[]{};
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    }};

    /**
     * Configuration helper used to ignore any SSL certificate-related issues by configuring an `SSLContext` that allows everything.
     *
     * [source,groovy]
     * ----
     * def http = JavaHttpBuilder.configure {
     *     ignoreSslIssues(execution)
     * }
     * ----
     *
     * This will inject the correct configuration to set the `sslContext` and `hostnameVerifier` - these configuration properties should not
     * be directly specified when this method is applied.
     *
     * @param execution the {@link HttpObjectConfig.Execution} instance
     */
    public static void ignoreSslIssues(final HttpObjectConfig.Execution execution){
        execution.setSslContext(acceptingSslContext());
        execution.setHostnameVerifier(ANY_HOSTNAME);
    }

    /**
     * Creates an {@link SSLContext} that allows all requests, regardless of certificate issues.
     *
     * @return an all-accepting {@link SSLContext}
     */
    public static SSLContext acceptingSslContext() {
        try {
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, TRUST_MANAGERS, new SecureRandom());
            return sslContext;

        } catch (NoSuchAlgorithmException | KeyManagementException ex) {
            throw new RuntimeException("Unable to create issue-ignoring SSLContext: " + ex.getMessage(), ex);
        }
    }
}