temporarily disabled all certificate validation

author: Florian Rinke <develop@torui.de> 2021-09-23 21:11:11 +0200
committer: Florian Rinke <develop@torui.de> 2021-09-23 21:11:11 +0200
commit: 6c6170f129f20ba70e633de5f28a409590a94f2f (patch)
tree: 1295606b3aeaac1dc5c5c47d97d66fc9130a0bc4 /src/main/java/de/torui/coflsky/websocket
parent: 2c585a31b719e9a6fee3800a1cc57bd4eae6bd2d (diff)
download: COFL-6c6170f129f20ba70e633de5f28a409590a94f2f.tar.gz
COFL-6c6170f129f20ba70e633de5f28a409590a94f2f.tar.bz2
COFL-6c6170f129f20ba70e633de5f28a409590a94f2f.zip
3 files changed, 153 insertions, 1 deletions
diff --git a/src/main/java/de/torui/coflsky/websocket/NaiveSSLContext.java b/src/main/java/de/torui/coflsky/websocket/NaiveSSLContext.java
new file mode 100644
index 0000000..aea65c8
--- /dev/null
+++ b/src/main/java/de/torui/coflsky/websocket/NaiveSSLContext.java
@@ -0,0 +1,125 @@
+package de.torui.coflsky.websocket;
+/*
+ * Copyright (C) 2015 Neo Visionaries Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+
+/**
+ * A factory class which creates an {@link SSLContext} that
+ * naively accepts all certificates without verification.
+ *
+ * <pre>
+ * // Create an SSL context that naively accepts all certificates.
+ * SSLContext context = NaiveSSLContext.getInstance("TLS");
+ *
+ * // Create a socket factory from the SSL context.
+ * SSLSocketFactory factory = context.getSocketFactory();
+ *
+ * // Create a socket from the socket factory.
+ * SSLSocket socket = factory.createSocket("www.example.com", 443);
+ * </pre>
+ *
+ * @author Takahiko Kawasaki
+ */
+public class NaiveSSLContext
+{
+    private NaiveSSLContext()
+    {
+    }
+
+
+    /**
+     * Get an SSLContext that implements the specified secure
+     * socket protocol and naively accepts all certificates
+     * without verification.
+     */
+    public static SSLContext getInstance(String protocol) throws NoSuchAlgorithmException
+    {
+        return init(SSLContext.getInstance(protocol));
+    }
+
+
+    /**
+     * Get an SSLContext that implements the specified secure
+     * socket protocol and naively accepts all certificates
+     * without verification.
+     */
+    public static SSLContext getInstance(String protocol, Provider provider) throws NoSuchAlgorithmException
+    {
+        return init(SSLContext.getInstance(protocol, provider));
+    }
+
+
+    /**
+     * Get an SSLContext that implements the specified secure
+     * socket protocol and naively accepts all certificates
+     * without verification.
+     */
+    public static SSLContext getInstance(String protocol, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
+    {
+        return init(SSLContext.getInstance(protocol, provider));
+    }
+
+
+    /**
+     * Set NaiveTrustManager to the given context.
+     */
+    private static SSLContext init(SSLContext context)
+    {
+        try
+        {
+            // Set NaiveTrustManager.
+            context.init(null, new TrustManager[] { new NaiveTrustManager() }, null);
+        }
+        catch (KeyManagementException e)
+        {
+            throw new RuntimeException("Failed to initialize an SSLContext.", e);
+        }
+
+        return context;
+    }
+
+
+    /**
+     * A {@link TrustManager} which trusts all certificates naively.
+     */
+    private static class NaiveTrustManager implements X509TrustManager
+    {
+        @Override
+        public X509Certificate[] getAcceptedIssuers()
+        {
+            return null;
+        }
+
+
+        public void checkClientTrusted(X509Certificate[] certs, String authType)
+        {
+        }
+
+
+        public void checkServerTrusted(X509Certificate[] certs, String authType)
+        {
+        }
+    }
+}
+\ No newline at end of file
diff --git a/src/main/java/de/torui/coflsky/websocket/WSClient.java b/src/main/java/de/torui/coflsky/websocket/WSClient.java
index 59e9abb..c893bb1 100644
--- a/src/main/java/de/torui/coflsky/websocket/WSClient.java
+++ b/src/main/java/de/torui/coflsky/websocket/WSClient.java
@@ -2,6 +2,9 @@ package de.torui.coflsky.websocket;
 
 import java.io.IOException;
 import java.net.URI;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
@@ -39,8 +42,28 @@ public class WSClient extends WebSocketAdapter {
 		this.uri = uri;
 	}
 	
-	public void start() throws IOException, WebSocketException {
+	public void start() throws IOException, WebSocketException, NoSuchAlgorithmException {
 		WebSocketFactory factory = new WebSocketFactory();
+		
+		// Create a custom SSL context.
+		SSLContext context = NaiveSSLContext.getInstance("TLS");
+
+		// Set the custom SSL context.
+		factory.setSSLContext(context);
+
+		// Disable manual hostname verification for NaiveSSLContext.
+		//
+		// Manual hostname verification has been enabled since the
+		// version 2.1. Because the verification is executed manually
+		// after Socket.connect(SocketAddress, int) succeeds, the
+		// hostname verification is always executed even if you has
+		// passed an SSLContext which naively accepts any server
+		// certificate. However, this behavior is not desirable in
+		// some cases and you may want to disable the hostname
+		// verification. You can disable the hostname verification
+		// by calling WebSocketFactory.setVerifyHostname(false).
+		factory.setVerifyHostname(false);
+		
 		this.socket = factory.createSocket(uri);
 		this.socket.addListener(this);
 		this.socket.connect();
diff --git a/src/main/java/de/torui/coflsky/websocket/WSClientWrapper.java b/src/main/java/de/torui/coflsky/websocket/WSClientWrapper.java
index b3c8832..90b8059 100644
--- a/src/main/java/de/torui/coflsky/websocket/WSClientWrapper.java
+++ b/src/main/java/de/torui/coflsky/websocket/WSClientWrapper.java
@@ -3,6 +3,7 @@ package de.torui.coflsky.websocket;
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.NoSuchAlgorithmException;
 import java.util.UUID;
 
 import com.neovisionaries.ws.client.WebSocketException;
@@ -43,6 +44,9 @@ public class WSClientWrapper {
 			} catch (WebSocketException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
+			} catch (NoSuchAlgorithmException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
 			}
     	}
     }
author	Florian Rinke <develop@torui.de>	2021-09-23 21:11:11 +0200
committer	Florian Rinke <develop@torui.de>	2021-09-23 21:11:11 +0200
commit	6c6170f129f20ba70e633de5f28a409590a94f2f (patch)
tree	1295606b3aeaac1dc5c5c47d97d66fc9130a0bc4 /src/main/java/de/torui/coflsky/websocket
parent	2c585a31b719e9a6fee3800a1cc57bd4eae6bd2d (diff)
download	COFL-6c6170f129f20ba70e633de5f28a409590a94f2f.tar.gz COFL-6c6170f129f20ba70e633de5f28a409590a94f2f.tar.bz2 COFL-6c6170f129f20ba70e633de5f28a409590a94f2f.zip