下面列出了org.apache.http.impl.client.HttpClientBuilder#setSSLHostnameVerifier() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Creates a new {@link HttpClientBuilder} for the given options.
*
* @return the new http client builder
*/
public static HttpClientBuilder createHttpClientBuilder(Map<String, Object> options) {
HttpClientBuilder builder = HttpClientBuilder.create();
SSLContext sslContext = createSSLContext(options);
if (sslContext != null) {
// Skip verifying hostname
HostnameVerifier allowAllHosts = new NoopHostnameVerifier();
builder.setSSLContext(sslContext);
builder.setSSLHostnameVerifier(allowAllHosts);
}
CredentialsProvider credentialsProvider = createCredentialProvider(options);
if (credentialsProvider != null) {
builder.setDefaultCredentialsProvider(credentialsProvider).build();
}
return builder;
}
protected HttpClient getHttpClient(Map<String, Object> options) throws GeneralSecurityException {
SocketConfig socketConfig = SocketConfig.custom()
.setSoKeepAlive(true).build();
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setDefaultSocketConfig(socketConfig);
httpClientBuilder.disableAuthCaching();
httpClientBuilder.disableAutomaticRetries();
if(options.containsKey("sslVerify") && !Boolean.parseBoolean(options.get("sslVerify").toString())) {
log.debug("Disabling all SSL certificate verification.");
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true;
}
});
httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
httpClientBuilder.setSSLContext(sslContextBuilder.build());
}
return httpClientBuilder.build();
}
/**
* Returns a client with all our selected properties / params and SSL enabled.
*
* @return client
*/
public static final HttpClient getSecureClient() {
HttpClientBuilder client = HttpClientBuilder.create();
// set the ssl verifier to accept all
client.setSSLHostnameVerifier(new NoopHostnameVerifier());
// set the connection manager
client.setConnectionManager(connectionManager);
// dont retry
client.setRetryHandler(new DefaultHttpRequestRetryHandler(0, false));
// establish a connection within x seconds
RequestConfig config = RequestConfig.custom().setSocketTimeout(connectionTimeout).build();
client.setDefaultRequestConfig(config);
// no redirects
client.disableRedirectHandling();
// set custom ua
client.setUserAgent(userAgent);
return client.build();
}
public static CloseableHttpClient newClient(int timeout) {
HttpClientBuilder builder = HttpClients.custom();
builder.useSystemProperties();
builder.addInterceptorFirst(REMOVE_INCORRECT_CONTENT_ENCODING);
builder.disableAutomaticRetries();
builder.setSSLContext(SSL_CONTEXT);
builder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
RequestConfig.Builder configBuilder = RequestConfig.custom();
configBuilder.setCookieSpec(CookieSpecs.IGNORE_COOKIES);
configBuilder.setSocketTimeout(timeout);
configBuilder.setConnectTimeout(timeout);
configBuilder.setConnectionRequestTimeout(timeout);
builder.setDefaultRequestConfig(configBuilder.build());
builder.setDefaultConnectionConfig(ConnectionConfig.custom().setCharset(Consts.ISO_8859_1).build());
return builder.build();
}
@Override
public HttpClientBuilder extend(HttpClientBuilder httpClientBuilder, GerritAuthData authData) {
HttpClientBuilder builder = super.extend(httpClientBuilder, authData);
builder.setSSLContext(trustAnyX509Certificate);
builder.setSSLHostnameVerifier(acceptAnyX509Hostname);
return builder;
}
public static CloseableHttpClient get(SSLContext ssl, CookieStore cookieStore, boolean hostVerificationEnabled) {
RequestConfig defaultRequestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
HttpClientBuilder builder = HttpClients.custom().setSSLContext(ssl).setDefaultCookieStore(cookieStore)
.setDefaultRequestConfig(defaultRequestConfig);
if (hostVerificationEnabled) {
builder.setSSLHostnameVerifier(new DefaultHostnameVerifier());
} else {
builder.setSSLHostnameVerifier(new NoopHostnameVerifier());
}
return builder.build();
}
/**
* Ensures that the passed-in {@link RestTemplate} is using the Apache HTTP Client. If the optional {@code username} AND
* {@code password} are not empty, then a {@link BasicCredentialsProvider} will be added to the {@link CloseableHttpClient}.
*
* Furthermore, you can set the underlying {@link SSLContext} of the {@link HttpClient} allowing you to accept self-signed
* certificates.
*
* @param restTemplate Must not be null
* @param username Can be null
* @param password Can be null
* @param skipSslValidation Use with caution! If true certificate warnings will be ignored.
*/
public static void prepareRestTemplate(
RestTemplate restTemplate,
String username,
String password,
boolean skipSslValidation) {
Assert.notNull(restTemplate, "The provided RestTemplate must not be null.");
final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(
username,
password));
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
if (skipSslValidation) {
httpClientBuilder.setSSLContext(HttpClientUtils.buildCertificateIgnoringSslContext());
httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
}
final CloseableHttpClient httpClient = httpClientBuilder.build();
final HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
restTemplate.setRequestFactory(requestFactory);
}
@NotNull
private static Client createClient(@NotNull AuthProvider auth, @NotNull CmdArgs cmd) throws GeneralSecurityException {
final HttpClientBuilder httpBuilder = HttpClients.custom();
httpBuilder.setUserAgent("git-lfs-migrate");
if (cmd.noCheckCertificate) {
httpBuilder.setSSLHostnameVerifier((hostname, session) -> true);
httpBuilder.setSSLContext(SSLContexts.custom()
.loadTrustMaterial((chain, authType) -> true)
.build());
}
return new Client(auth, httpBuilder.build());
}
public static HttpClientBuilder builder(
HttpEnvironmentRepositoryProperties environmentProperties)
throws GeneralSecurityException {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
HttpClientBuilder httpClientBuilder = HttpClients.custom();
if (environmentProperties.isSkipSslValidation()) {
sslContextBuilder.loadTrustMaterial(null, (certificate, authType) -> true);
httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
}
if (!CollectionUtils.isEmpty(environmentProperties.getProxy())) {
ProxyHostProperties httpsProxy = environmentProperties.getProxy()
.get(ProxyHostProperties.ProxyForScheme.HTTPS);
ProxyHostProperties httpProxy = environmentProperties.getProxy()
.get(ProxyHostProperties.ProxyForScheme.HTTP);
httpClientBuilder
.setRoutePlanner(new SchemeBasedRoutePlanner(httpsProxy, httpProxy));
httpClientBuilder.setDefaultCredentialsProvider(
new ProxyHostCredentialsProvider(httpProxy, httpsProxy));
}
else {
httpClientBuilder.setRoutePlanner(
new SystemDefaultRoutePlanner(ProxySelector.getDefault()));
httpClientBuilder.setDefaultCredentialsProvider(
new SystemDefaultCredentialsProvider());
}
int timeout = environmentProperties.getTimeout() * 1000;
return httpClientBuilder.setSSLContext(sslContextBuilder.build())
.setDefaultRequestConfig(RequestConfig.custom().setSocketTimeout(timeout)
.setConnectTimeout(timeout).build());
}
protected CloseableHttpClient getHttpsAwareClient() {
HttpClientBuilder builder = HttpClientBuilder.create()
.setRedirectStrategy(new LaxRedirectStrategy());
if (AUTH_SERVER_SSL_REQUIRED) {
builder.setSSLHostnameVerifier((s, sslSession) -> true);
}
return builder.build();
}
@Override
public IHttpClient buildHttpClient(HttpClientConfig config)
{
HttpClientBuilder builder = HttpClientBuilder.create();
builder.setDefaultHeaders(config.createHeaders());
if (config.hasCookieStore())
{
builder.setDefaultCookieStore(config.getCookieStore());
}
if (config.hasCredentials())
{
AuthScope authScope = config.hasAuthScope() ? config.getAuthScope()
: ClientBuilderUtils.DEFAULT_AUTH_SCOPE;
CredentialsProvider credProvider = ClientBuilderUtils.createCredentialsProvider(authScope,
config.getCredentials());
builder.setDefaultCredentialsProvider(credProvider);
}
sslContextFactory.getSslContext(SSLConnectionSocketFactory.SSL, !config.isSslCertificateCheckEnabled())
.ifPresent(builder::setSSLContext);
if (!config.isSslHostnameVerificationEnabled())
{
builder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
}
builder.setConnectionManager(config.getConnectionManager());
builder.setMaxConnTotal(config.getMaxTotalConnections());
builder.setMaxConnPerRoute(config.getMaxConnectionsPerRoute());
builder.addInterceptorLast(config.getLastRequestInterceptor());
builder.addInterceptorLast(config.getLastResponseInterceptor());
builder.setRedirectStrategy(config.getRedirectStrategy());
builder.setRetryHandler(config.getHttpRequestRetryHandler());
Builder requestConfigBuilder = RequestConfig.custom();
requestConfigBuilder.setConnectionRequestTimeout(config.getConnectionRequestTimeout());
requestConfigBuilder.setConnectTimeout(config.getConnectTimeout());
requestConfigBuilder.setCircularRedirectsAllowed(config.isCircularRedirectsAllowed());
requestConfigBuilder.setSocketTimeout(config.getSocketTimeout());
Optional.ofNullable(config.getCookieSpec()).ifPresent(requestConfigBuilder::setCookieSpec);
builder.setDefaultRequestConfig(requestConfigBuilder.build());
builder.setDefaultSocketConfig(SocketConfig.copy(SocketConfig.DEFAULT)
.setSoTimeout(config.getSocketTimeout())
.build());
builder.setDnsResolver(config.getDnsResolver());
HttpClient httpClient = new HttpClient();
httpClient.setCloseableHttpClient(builder.build());
if (config.hasBaseUrl())
{
httpClient.setHttpHost(HttpHost.create(config.getBaseUrl()));
}
httpClient.setSkipResponseEntity(config.isSkipResponseEntity());
return httpClient;
}
protected HttpClientBuilder getClientBuilder(boolean useSSL, String url,
Map<String, String> stringHeaders, int socketTimeout) {
HttpClientBuilder cb = HttpClientBuilder.create();
/*
* Setup SSL
*/
if (useSSL) {
/*
* All trusting SSL context
*/
try {
cb.setSSLContext(getSSLContext());
} catch (Exception e) {
throw new RuntimeException(e);
}
/*
* All trusting hostname verifier
*/
cb.setSSLHostnameVerifier(new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
/*
* Add default headers
*/
ArrayList<BasicHeader> headers = new ArrayList<BasicHeader>(stringHeaders.size());
stringHeaders.forEach((k, v) -> headers.add(new BasicHeader(k, v)));
cb.setDefaultHeaders(headers);
/*
* Set socket timeout and transport threads
*/
SocketConfig sc = SocketConfig.custom().setSoTimeout(socketTimeout).build();
cb.setDefaultSocketConfig(sc);
cb.setMaxConnPerRoute(this.config.getThreads());
cb.setMaxConnTotal(this.config.getThreads());
return cb;
}
public HttpClient createClient() {
HttpClientBuilder clientBuilder;
if (connectionParams.useTlsConfigFromEnvironment()) {
clientBuilder = VespaHttpClientBuilder.create();
} else {
clientBuilder = HttpClientBuilder.create();
if (connectionParams.getSslContext() != null) {
setSslContext(clientBuilder, connectionParams.getSslContext());
} else {
SslContextBuilder builder = new SslContextBuilder();
if (connectionParams.getPrivateKey() != null && connectionParams.getCertificate() != null) {
builder.withKeyStore(connectionParams.getPrivateKey(), connectionParams.getCertificate());
}
if (connectionParams.getCaCertificates() != null) {
builder.withTrustStore(connectionParams.getCaCertificates());
}
setSslContext(clientBuilder, builder.build());
}
if (connectionParams.getHostnameVerifier() != null) {
clientBuilder.setSSLHostnameVerifier(connectionParams.getHostnameVerifier());
}
clientBuilder.setUserTokenHandler(context -> null); // https://stackoverflow.com/a/42112034/1615280
}
clientBuilder.setMaxConnPerRoute(1);
clientBuilder.setMaxConnTotal(1);
clientBuilder.setConnectionTimeToLive(connectionParams.getConnectionTimeToLive().getSeconds(), TimeUnit.SECONDS);
clientBuilder.setUserAgent(String.format("vespa-http-client (%s)", Vtag.currentVersion));
clientBuilder.setDefaultHeaders(Collections.singletonList(new BasicHeader(Headers.CLIENT_VERSION, Vtag.currentVersion)));
clientBuilder.disableContentCompression();
// Try to disable the disabling to see if system tests become stable again.
// clientBuilder.disableAutomaticRetries();
RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
requestConfigBuilder.setSocketTimeout(0);
if (connectionParams.getProxyHost() != null) {
requestConfigBuilder.setProxy(new HttpHost(connectionParams.getProxyHost(), connectionParams.getProxyPort()));
}
clientBuilder.setDefaultRequestConfig(requestConfigBuilder.build());
log.fine("Creating HttpClient: " + " ConnectionTimeout "
+ " SocketTimeout 0 secs "
+ " proxyhost (can be null) " + connectionParams.getProxyHost()
+ ":" + connectionParams.getProxyPort()
+ (useSsl ? " using ssl " : " not using ssl")
);
return clientBuilder.build();
}