下面列出了怎么用org.apache.http.conn.ssl.SSLContextBuilder的API类实例代码及写法,或者点击链接到github查看源代码。
private SSLContext createSSLContext(final SSLContextService service)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder builder = SSLContexts.custom();
final String trustFilename = service.getTrustStoreFile();
if (trustFilename != null) {
final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType());
try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
truststore.load(in, service.getTrustStorePassword().toCharArray());
}
builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
}
final String keyFilename = service.getKeyStoreFile();
if (keyFilename != null) {
final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType());
try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
keystore.load(in, service.getKeyStorePassword().toCharArray());
}
builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
}
builder = builder.useProtocol(service.getSslAlgorithm());
final SSLContext sslContext = builder.build();
return sslContext;
}
/**
* This method has been overridden here simply to show how a custom/project-specific http client
* can be plugged into the framework.
*
* e.g. You can create your own project specific http client needed for http/https/tls connections or
* a Corporate proxy based Http client here.
* Sometimes you may need a simple default http client
* e.g. HttpClients.createDefault() provided by Apache lib.
*
* Note:
* If you do not override this method, the framework anyways creates a http client suitable for both http/https.
*/
@Override
public CloseableHttpClient createHttpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
LOGGER.info("###Used SSL Enabled Http Client for http/https/TLS connections");
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(null, (certificate, authType) -> true).build();
CookieStore cookieStore = new BasicCookieStore();
return HttpClients.custom()
.setSSLContext(sslContext)
.setSSLHostnameVerifier(new NoopHostnameVerifier())
.setDefaultCookieStore(cookieStore)
.build();
}
private static CloseableHttpClient makeHttpClient(boolean verify) {
CloseableHttpClient httpclient = null;
if (verify) {
httpclient = HttpClients.createDefault();
} else {
//SSLContextBuilder builder;
//SSLConnectionSocketFactory sslsf=null;
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(),
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (Exception e) {
System.out.println(e);
}
}
return (httpclient);
}
public AbstractRestTemplateClient ignoreAuthenticateServer() {
//backward compatible with android httpclient 4.3.x
if(restTemplate.getRequestFactory() instanceof HttpComponentsClientHttpRequestFactory) {
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
X509HostnameVerifier verifier = ignoreSslWarning ? new AllowAllHostnameVerifier() : new BrowserCompatHostnameVerifier();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, verifier);
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
((HttpComponentsClientHttpRequestFactory)restTemplate.getRequestFactory()).setHttpClient(httpClient);
} catch (Exception e) {
e.printStackTrace();
}
} else {
Debug.error("the request factory " + restTemplate.getRequestFactory().getClass().getName() + " does not support ignoreAuthenticateServer");
}
return this;
}
public DWServerConnection(DWSettingsProvider settingsProvider) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
this.settingsProvider = settingsProvider;
// SSLContextFactory to allow all hosts. Without this an SSLException is thrown with self signed certs
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, (arg0, arg1) -> true).build();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", socketFactory).build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
connectionManager.setMaxTotal(200);
connectionManager.setDefaultMaxPerRoute(20);
client = HttpClients.custom()
.setConnectionManager(connectionManager)
.build();
context = new HttpClientContext();
context.setCredentialsProvider(getCredientials());
}
public static CloseableHttpClient getNotValidatingClient(int timeout, String proxyServer, Integer proxyPort,
String proxyUser, String proxyPassword) {
try {
HttpClientBuilder clientBuilder = HttpClients.custom();
RequestConfig.Builder requestBuilder = RequestConfig.custom().setConnectTimeout(timeout * 1000)
.setSocketTimeout(timeout * 1000).setConnectionRequestTimeout(timeout * 1000)
.setRedirectsEnabled(true);
if (StringUtils.isNotEmpty(proxyServer)) {
HttpHost proxyHost = new HttpHost(proxyServer, proxyPort);
requestBuilder.setProxy(proxyHost);
DefaultProxyRoutePlanner routePlanner = new DefaultProxyRoutePlanner(proxyHost);
clientBuilder.setRoutePlanner(routePlanner);
if (StringUtils.isNotEmpty(proxyUser)) {
CredentialsProvider credentialProvider = new BasicCredentialsProvider();
credentialProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(proxyUser, proxyPassword));
clientBuilder.setRoutePlanner(routePlanner);
}
}
RequestConfig requestConfig = requestBuilder.build();
CloseableHttpClient httpclient = clientBuilder.setHostnameVerifier(new AllowAllHostnameVerifier())
.setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}).build()).setDefaultRequestConfig(requestConfig).build();
return httpclient;
} catch (Throwable t) {
return null;
}
}
private javax.net.ssl.SSLContext buildSslContext() {
try {
return new SSLContextBuilder().useSSL()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
} catch (GeneralSecurityException gse) {
throw new RuntimeException("An error occurred setting up the SSLContext", gse);
}
}
public static HttpClient getClient() {
try {
SSLContext context = new SSLContextBuilder()
.loadTrustMaterial(null, (arg0, arg1) -> true)
.build();
return HttpClients.custom()
.setHostnameVerifier(new AllowAllHostnameVerifier())
.setSslcontext(context)
.build();
} catch (Exception e) {
e.printStackTrace();
return HttpClients.createDefault();
}
}
/**
* Return a http client instance
*
* @param protocol- service endpoint protocol http/https
* @return
*/
public static HttpClient getHttpClient(String protocol)
throws IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClient httpclient;
if (HTTPS_PROTOCOL.equals(protocol)) {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).useSystemProperties().build();
} else {
httpclient = HttpClients.createDefault();
}
return httpclient;
}
private SSLContext getSslContext() {
try {
// Build truststore
String trustStoreFile = getProperty("zeppelin.livy.ssl.trustStore");
String trustStorePassword = getProperty("zeppelin.livy.ssl.trustStorePassword");
String trustStoreType = getProperty("zeppelin.livy.ssl.trustStoreType",
KeyStore.getDefaultType());
if (StringUtils.isBlank(trustStoreFile)) {
throw new RuntimeException("No zeppelin.livy.ssl.trustStore specified for livy ssl");
}
if (StringUtils.isBlank(trustStorePassword)) {
throw new RuntimeException("No zeppelin.livy.ssl.trustStorePassword specified " +
"for livy ssl");
}
KeyStore trustStore = getStore(trustStoreFile, trustStoreType, trustStorePassword);
SSLContextBuilder builder = SSLContexts.custom();
builder.loadTrustMaterial(trustStore);
// Build keystore
String keyStoreFile = getProperty("zeppelin.livy.ssl.keyStore");
String keyStorePassword = getProperty("zeppelin.livy.ssl.keyStorePassword");
String keyPassword = getProperty("zeppelin.livy.ssl.keyPassword", keyStorePassword);
String keyStoreType = getProperty("zeppelin.livy.ssl.keyStoreType",
KeyStore.getDefaultType());
if (StringUtils.isNotBlank(keyStoreFile)) {
KeyStore keyStore = getStore(keyStoreFile, keyStoreType, keyStorePassword);
builder.loadKeyMaterial(keyStore, keyPassword.toCharArray()).useTLS();
}
return builder.build();
} catch (Exception e) {
throw new RuntimeException("Failed to create SSL Context", e);
}
}
protected SSLContext createSslContext() {
try {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(null, ACCEPT_ANY_CERTIFICATE_TRUST_STRATEGY);
return sslContextBuilder.build();
} catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
}
}
public static HttpClient createUnsafeClient() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf).build();
return httpclient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static HttpClient createUnsafeClient() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf).build();
return httpclient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static HttpClient createUnsafeClient() {
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
builder.build());
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf).build();
return httpclient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
protected void createKeystore(SSLContextBuilder sslContextBuilder, boolean useClientCert) {
if (useClientCert) {
KeyStore clientKeyStore;
try {
clientKeyStore = createKeyStore(new URL(keystore), keystorePassword);
sslContextBuilder.loadKeyMaterial(clientKeyStore, keystorePassword.toCharArray());
} catch (UnrecoverableKeyException | IOException ue) {
throw new IllegalArgumentException(ue.getMessage() + ". " + BAD_KEYSTORE_ERROR, ue);
} catch (GeneralSecurityException gse) {
throw new IllegalArgumentException(gse.getMessage() + ". " + INVALID_KEYSTORE_ERROR, gse);
}
}
}
protected void createTrustKeystore(SSLContextBuilder sslContextBuilder, boolean useTrustCert) {
if (useTrustCert) {
KeyStore trustKeyStore;
try {
//todo should we do this 'create' in each and every step?
trustKeyStore = createKeyStore(new URL(trustKeystore), trustPassword);
sslContextBuilder.loadTrustMaterial(trustKeyStore);
} catch (IOException ioe) {
throw new IllegalArgumentException(ioe.getMessage() + ". " + BAD_TRUST_KEYSTORE_ERROR, ioe);
} catch (GeneralSecurityException gse) {
throw new IllegalArgumentException(gse.getMessage() + ". " + INVALID_TRUST_KEYSTORE_ERROR, gse);
}
}
}
public static void init() throws RuntimeException {
try {
logger.warn(NOTICELINE + " httpUtil init begin " + NOTICELINE);
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
// sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
sslContextBuilder.loadTrustMaterial(null,new TrustAnyTrustManager());
SSLConnectionSocketFactory sslConnectionSocketFactory =
new SSLConnectionSocketFactory(
sslContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().
register("http", new PlainConnectionSocketFactory()).
register("https", sslConnectionSocketFactory).
build();
logger.warn(NOTICELINE + " SSL context init done " + NOTICELINE);
//init connectionManager , ThreadSafe pooled conMgr
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(registry);
poolingHttpClientConnectionManager.setMaxTotal(30);
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(3);
//init request config. pooltimeout,sotime,contimeout
RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(POOL_TIMECOUT).setConnectTimeout(CON_TIMEOUT).setSocketTimeout(SO_TIMEOUT).build();
// begin construct httpclient
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setConnectionManager(poolingHttpClientConnectionManager);
httpClientBuilder.setDefaultRequestConfig(requestConfig);
httpClientBuilder.setRetryHandler(new HttpRequestRetryHandler() {
@Override
public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
if (executionCount >= HTTP_RETRY_COUNT) {
return false;
}
if (exception instanceof InterruptedIOException) {
// Timeout
logger.warn("httpUtil retry for InterruptIOException");
return true;
}
if (exception instanceof UnknownHostException) {
// Unknown host
return false;
}
if (exception instanceof SSLException) {
// SSL handshake exception
return false;
}
HttpClientContext clientContext = HttpClientContext.adapt(context);
HttpRequest request = clientContext.getRequest();
boolean idempotent = !(request instanceof HttpEntityEnclosingRequest);
if (idempotent) {
// Retry if the request is considered idempotent
logger.warn("httpUtil retry for idempotent");
return true;
}
return false;
}
});
logger.warn(NOTICELINE + " poolManager , requestconfig init done " + NOTICELINE);
httpclient = httpClientBuilder.build();
logger.warn(NOTICELINE + " httpUtil init done " + NOTICELINE);
} catch (Exception e) {
logger.error(NOTICELINE + "httpclient init fail" + NOTICELINE, e);
throw new RuntimeException(e);
}
}
private static HttpClient buildClient(URL proxy, String username, String password) throws Exception
{
HttpClient client = new HttpClient(); // Start with a default TAXII HTTP client.
// Create an Apache HttpClientBuilder to be customized by the command line arguments.
HttpClientBuilder builder = HttpClientBuilder.create().useSystemProperties();
// Proxy
if (proxy != null) {
HttpHost proxyHost = new HttpHost(proxy.getHost(), proxy.getPort(), proxy.getProtocol());
builder.setProxy(proxyHost);
}
// Basic authentication. User & Password
if (username != null ^ password != null) {
throw new Exception("'username' and 'password' arguments are required to appear together.");
}
// from: http://stackoverflow.com/questions/19517538/ignoring-ssl-certificate-in-apache-httpclient-4-3
SSLContextBuilder ssbldr = new SSLContextBuilder();
ssbldr.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(ssbldr.build(),SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(20);//max connection
System.setProperty("jsse.enableSNIExtension", "false"); //""
CloseableHttpClient httpClient = builder
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
client.setHttpclient(httpClient);
return client;
}