下面列出了org.apache.http.conn.ssl.StrictHostnameVerifier#org.apache.http.conn.ssl.X509HostnameVerifier 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public AbstractRestTemplateClient ignoreAuthenticateServer() {
//backward compatible with android httpclient 4.3.x
if(restTemplate.getRequestFactory() instanceof HttpComponentsClientHttpRequestFactory) {
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
X509HostnameVerifier verifier = ignoreSslWarning ? new AllowAllHostnameVerifier() : new BrowserCompatHostnameVerifier();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext, verifier);
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
((HttpComponentsClientHttpRequestFactory)restTemplate.getRequestFactory()).setHttpClient(httpClient);
} catch (Exception e) {
e.printStackTrace();
}
} else {
Debug.error("the request factory " + restTemplate.getRequestFactory().getClass().getName() + " does not support ignoreAuthenticateServer");
}
return this;
}
/**
* Constructs a new HttpCache object, that will be initialized with the
* default set of HttpRequestOptions.
*
* @see HttpRequestOptions
*/
public HttpCache(SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
{
super();
_client = HttpClientFactory.getInstance(
getDefaultRequestOptions().getMaxRedirects(),
getDefaultRequestOptions().getAllowCircularRedirects(),
getDefaultRequestOptions().getSocketTimeout(),
getDefaultRequestOptions().getConnTimeout(),
null, sslContext, hostnameVerifier);
}
private static HttpClient createHttpsClient() {
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory
.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
registry.register(new Scheme("https", socketFactory, 443));
HttpClient client = new DefaultHttpClient();
SingleClientConnManager mgr = new SingleClientConnManager(
client.getParams(), registry);
DefaultHttpClient httpClient = new DefaultHttpClient(mgr,
client.getParams());
return httpClient;
}
@Test
public void testAllowAnyHostnameFalse() throws Exception {
httpClientBuilder.allowAnyHostname(false);
httpClientBuilder.build();
Mockito.verify(internalHttpClientBuilder).build();
Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any());
}
@Test
public void testInsecureFalse() throws Exception {
httpClientBuilder.insecure(false);
httpClientBuilder.build();
Mockito.verify(httpClientBuilder).allowAnyHostname(false);
Mockito.verify(httpClientBuilder).allowAnyCertificate(false);
Mockito.verify(internalHttpClientBuilder).build();
Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any());
Mockito.verify(internalHttpClientBuilder, never()).setSslcontext(Mockito.<SSLContext> any());
}
@Test
public void testUseSystemPropertiesTrue2() throws Exception {
httpClientBuilder.useSystemProperties(true);
httpClientBuilder.build();
Mockito.verify(internalHttpClientBuilder).build();
Mockito.verify(internalHttpClientBuilder).useSystemProperties();
Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any());
Mockito.verify(internalHttpClientBuilder, never()).setSslcontext(Mockito.<SSLContext> any());
}
@Test
public void testUseSystemPropertiesFalse2() throws Exception {
WebProperties.WEB_HTTPS_ALLOW_ANY_CERTIFICATE.updateProperty("tRuE");
WebProperties.WEB_HTTPS_ALLOW_ANY_HOSTNAME.updateProperty("FalsE");
WebProperties.storeInSystemProperties();
httpClientBuilder.useSystemProperties(false);
httpClientBuilder.build();
Mockito.verify(internalHttpClientBuilder).build();
Mockito.verify(internalHttpClientBuilder, never()).useSystemProperties();
Mockito.verify(internalHttpClientBuilder, never()).setSslcontext(Mockito.<SSLContext> any());
Mockito.verify(internalHttpClientBuilder, never()).setHostnameVerifier(Mockito.<X509HostnameVerifier> any());
}
/**
* @since 4.1
*/
public SSLSocketFactory(
String algorithm,
final KeyStore keystore,
final String keystorePassword,
final KeyStore truststore,
final SecureRandom random,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(createSSLContext(
algorithm, keystore, keystorePassword, truststore, random, null),
hostnameVerifier);
}
/**
* @since 4.1
*/
public SSLSocketFactory(
String algorithm,
final KeyStore keystore,
final String keystorePassword,
final KeyStore truststore,
final SecureRandom random,
final TrustStrategy trustStrategy,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(createSSLContext(
algorithm, keystore, keystorePassword, truststore, random, trustStrategy),
hostnameVerifier);
}
/**
* @since 4.1
*/
public SSLSocketFactory(
final TrustStrategy trustStrategy,
final X509HostnameVerifier hostnameVerifier)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
this(TLS, null, null, null, null, trustStrategy, hostnameVerifier);
}
/**
* @since 4.1
*/
public SSLSocketFactory(
final SSLContext sslContext, final X509HostnameVerifier hostnameVerifier) {
super();
this.socketfactory = sslContext.getSocketFactory();
this.hostnameVerifier = hostnameVerifier;
this.nameResolver = null;
}
@Deprecated
public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier) {
if ( hostnameVerifier == null ) {
throw new IllegalArgumentException("Hostname verifier may not be null");
}
this.hostnameVerifier = hostnameVerifier;
}
public KeyStoreAwareSocketFactory(final AbstractSslContextFactory abstractFactory, X509HostnameVerifier hostnameVerifier) throws ClientSslSocketFactoryException, NoSuchAlgorithmException{
super(abstractFactory == null ? SSLContext.getDefault() : abstractFactory.getSSLContext(), hostnameVerifier);
if(abstractFactory == null){
this.keyStore = null;
this.trustStore = null;
}else{
this.keyStore = abstractFactory.getKeyStore();
this.trustStore = abstractFactory.getTrustStore();
}
}
private static HttpClient initWeakSSLClient() {
HttpClientBuilder b = HttpClientBuilder.create();
// setup a Trust Strategy that allows all certificates.
//
SSLContext sslContext = null;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) {
return true;
}
}).build();
} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
// do nothing, has been handled outside
}
b.setSslcontext(sslContext);
// don't check Hostnames, either.
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
X509HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
// here's the special part:
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
// -- and create a Registry, to register it.
//
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory)
.build();
// now, we create connection-manager using our Registry.
// -- allows multi-threaded use
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
b.setConnectionManager(connMgr);
/**
* Set timeout option
*/
RequestConfig.Builder configBuilder = RequestConfig.custom();
configBuilder.setConnectTimeout(TIMEOUT);
configBuilder.setSocketTimeout(TIMEOUT);
b.setDefaultRequestConfig(configBuilder.build());
// finally, build the HttpClient;
// -- done!
HttpClient sslClient = b.build();
return sslClient;
}
public HttpFetcherFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
{
this(new HttpCacheProvider(sslContext, hostnameVerifier));
}
public HttpCacheProvider(SSLContext sslContext, X509HostnameVerifier hostnameVerifier)
{
this.sslContext = sslContext;
this.hostnameVerifier = hostnameVerifier;
}
public X509HostnameVerifier getHostnameVerifier() {
return this.hostnameVerifier;
}
public KeyStoreAwareSocketFactory(X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyStoreException{
super(SSLContext.getDefault(), hostnameVerifier);
this.keyStore = null;
this.trustStore = null;
}
public SniSSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(algorithm, keystore, keyPassword, truststore, random, trustStrategy, hostnameVerifier);
}
public SniSSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(algorithm, keystore, keyPassword, truststore, random, hostnameVerifier);
}
public SniSSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(trustStrategy, hostnameVerifier);
}
public SniSSLSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier) {
super(sslContext, hostnameVerifier);
}
public SniSSLSocketFactory(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier) {
super(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier);
}
public SniSSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier) {
super(socketfactory, hostnameVerifier);
}
public SniSSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier) {
super(socketfactory, supportedProtocols, supportedCipherSuites, hostnameVerifier);
}
public SniSSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(algorithm, keystore, keyPassword, truststore, random, trustStrategy, hostnameVerifier);
}
public SniSSLSocketFactory(String algorithm, KeyStore keystore, String keyPassword, KeyStore truststore, SecureRandom random, X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(algorithm, keystore, keyPassword, truststore, random, hostnameVerifier);
}
public SniSSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(trustStrategy, hostnameVerifier);
}
public SniSSLSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier) {
super(sslContext, hostnameVerifier);
}
public SniSSLSocketFactory(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier) {
super(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier);
}