dashboard/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/util/HttpsURLConnectionUtils.java

   1 /*-
   2  * ========================LICENSE_START=================================
   3  * O-RAN-SC
   4  * %%
   5  * Copyright (C) 2019 AT&T Intellectual Property
   6  * %%
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ========================LICENSE_END===================================
  19  */
  20
  21 package org.oransc.ric.portal.dashboard.util;
  22
  23 import java.security.KeyManagementException;
  24 import java.security.NoSuchAlgorithmException;
  25 import java.security.cert.X509Certificate;
  26
  27 import javax.net.ssl.HostnameVerifier;
  28 import javax.net.ssl.HttpsURLConnection;
  29 import javax.net.ssl.SSLContext;
  30 import javax.net.ssl.TrustManager;
  31 import javax.net.ssl.X509TrustManager;
  32
  33 /**
  34  * Disables and enables certificate and host-name checking in
  35  * HttpsURLConnection, the default JVM implementation of the HTTPS/TLS protocol.
  36  * Has no effect on implementations such as Apache Http Client, Ok Http.
  37  *
  38  * https://stackoverflow.com/questions/23504819/how-to-disable-ssl-certificate-checking-with-spring-resttemplate/58291331#58291331
  39  */
  40 public final class HttpsURLConnectionUtils {
  41
  42     private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
  43
  44     private static final HostnameVerifier trivialHostnameVerifier =
  45         (hostname, sslSession) -> hostname.equalsIgnoreCase(sslSession.getPeerHost());
  46
  47     private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] {new X509TrustManager() {
  48         @SuppressWarnings("squid:S1168") // Must return null to get wanted behaviour.
  49         @Override
  50         public java.security.cert.X509Certificate[] getAcceptedIssuers() {
  51             return null;
  52         }
  53
  54         @Override
  55         public void checkClientTrusted(X509Certificate[] certs, String authType) {
  56             // Do nothing.
  57         }
  58
  59         @Override
  60         public void checkServerTrusted(X509Certificate[] certs, String authType) {
  61             // Do nothing.
  62         }
  63     }};
  64
  65     public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
  66         HttpsURLConnection.setDefaultHostnameVerifier(trivialHostnameVerifier);
  67         // Install the all-trusting trust manager
  68         SSLContext sc = SSLContext.getInstance("SSL");
  69         sc.init(null, UNQUESTIONING_TRUST_MANAGER, null);
  70         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  71     }
  72
  73     public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {
  74         HttpsURLConnection.setDefaultHostnameVerifier(jvmHostnameVerifier);
  75         // Return it to the initial state (discovered by reflection, now hardcoded)
  76         SSLContext sc = SSLContext.getInstance("SSL");
  77         sc.init(null, null, null);
  78         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  79     }
  80
  81     private HttpsURLConnectionUtils() {
  82         throw new UnsupportedOperationException("Do not instantiate libraries.");
  83     }
  84 }