Merge pull request #44 from taskadapter/bug43-ignore-invalid-ssl

alexeyOnGitHub · alexeyOnGitHub · commit 384f5fc75da7 · 2012-06-23T20:19:33.000-07:00
#43 ignore invalid (e.g. self-issued) SSL certificates
diff --git a/pom.xml b/pom.xml
@@ -8,7 +8,7 @@
 
     <groupId>com.taskadapter</groupId>
     <artifactId>redmine-java-api</artifactId>
-    <version>1.13</version>
+    <version>1.14-SNAPSHOT</version>
 
     <description>Free open-source Java API for Redmine and Chiliproject bug/task management systems.
         This project was originally a part of Task Adapter application (http://www.taskadapter.com)
@@ -95,7 +95,12 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.1.2</version>
+            <version>4.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+            <version>4.2</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
diff --git a/src/main/java/com/taskadapter/redmineapi/internal/comm/FakeSSLSocketFactory.java b/src/main/java/com/taskadapter/redmineapi/internal/comm/FakeSSLSocketFactory.java
diff --git a/src/main/java/com/taskadapter/redmineapi/internal/comm/HttpUtil.java b/src/main/java/com/taskadapter/redmineapi/internal/comm/HttpUtil.java
@@ -1,13 +1,7 @@
 package com.taskadapter.redmineapi.internal.comm;
 
-import java.io.IOException;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-
+import com.taskadapter.redmineapi.RedmineConfigurationException;
+import com.taskadapter.redmineapi.internal.comm.naivessl.NaiveSSLFactory;
 import org.apache.http.Header;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHost;
@@ -20,13 +14,20 @@
 import org.apache.http.conn.scheme.SchemeRegistry;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.PoolingClientConnectionManager;
 import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
 import org.apache.http.params.BasicHttpParams;
 import org.apache.http.params.HttpParams;
 import org.apache.http.params.HttpProtocolParams;
 import org.apache.http.protocol.HTTP;
 import org.apache.http.util.EntityUtils;
-import com.taskadapter.redmineapi.RedmineConfigurationException;
+
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
 
 class HttpUtil {
 	public static DefaultHttpClient getNewHttpClient(
@@ -46,26 +47,20 @@ public static DefaultHttpClient getNewHttpClient(
 		}
 	}
 
-	@SuppressWarnings("deprecation")
-	static ThreadSafeClientConnManager createConnectionManager(
+	static PoolingClientConnectionManager createConnectionManager(
 			int maxConnections) throws KeyStoreException,
 			NoSuchAlgorithmException, CertificateException, IOException,
 			KeyManagementException, UnrecoverableKeyException {
-		KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
-		trustStore.load(null, null);
-		SSLSocketFactory sf = new FakeSSLSocketFactory(trustStore);
-		sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+        SSLSocketFactory factory = NaiveSSLFactory.createNaiveSSLSocketFactory();
 
-		SchemeRegistry registry = new SchemeRegistry();
-		registry.register(new Scheme("http", 80, PlainSocketFactory
-				.getSocketFactory()));
-		registry.register(new Scheme("https", 443, sf));
+        SchemeRegistry registry = new SchemeRegistry();
+		registry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
+		registry.register(new Scheme("https", 443, factory));
 
-		ThreadSafeClientConnManager ccm = new ThreadSafeClientConnManager(
-				registry);
-		ccm.setMaxTotal(maxConnections);
-		ccm.setDefaultMaxPerRoute(maxConnections);
-		return ccm;
+        PoolingClientConnectionManager manager = new PoolingClientConnectionManager(registry);
+		manager.setMaxTotal(maxConnections);
+		manager.setDefaultMaxPerRoute(maxConnections);
+		return manager;
 	}
 
 	private static void configureProxy(DefaultHttpClient httpclient) {
diff --git a/src/main/java/com/taskadapter/redmineapi/internal/comm/naivessl/NaiveSSLFactory.java b/src/main/java/com/taskadapter/redmineapi/internal/comm/naivessl/NaiveSSLFactory.java
@@ -0,0 +1,37 @@
+package com.taskadapter.redmineapi.internal.comm.naivessl;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.http.conn.ssl.SSLSocketFactory;
+
+
+/**
+ * Create naive SSLSocket factory which will authorize any TSL/SSL host.
+ *
+ * @author Bartosz Firyn (SarXos)
+ */
+public class NaiveSSLFactory {
+
+    /**
+     * @return Return naive SSL socket factory (authorize any SSL/TSL host)
+     */
+    public static SSLSocketFactory createNaiveSSLSocketFactory() {
+        X509TrustManager manager = new NaiveX509TrustManager();
+        SSLContext sslcontext = null;
+        try {
+            TrustManager[] managers = new TrustManager[] { manager };
+            sslcontext = SSLContext.getInstance("SSL");
+            sslcontext.init(null, managers, null);
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (KeyManagementException e) {
+            e.printStackTrace();
+        }
+        return new SSLSocketFactory(sslcontext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+    }
+}
diff --git a/src/main/java/com/taskadapter/redmineapi/internal/comm/naivessl/NaiveX509TrustManager.java b/src/main/java/com/taskadapter/redmineapi/internal/comm/naivessl/NaiveX509TrustManager.java
@@ -0,0 +1,29 @@
+package com.taskadapter.redmineapi.internal.comm.naivessl;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.X509TrustManager;
+
+
+/**
+ * The goal of this trust manager is to do nothing - it will authorize
+ * any TSL/SSL secure connection.
+ *
+ * @author Bartosz Firyn (SarXos)
+ */
+public class NaiveX509TrustManager implements X509TrustManager {
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] certs, String str) throws CertificateException {
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] certs, String str) throws CertificateException {
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return null;
+    }
+}
