2 * ========================LICENSE_START=================================
5 * Copyright (C) 2019 AT&T Intellectual Property
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ========================LICENSE_END===================================
21 package org.oransc.ric.portal.dashboard.util;
23 import java.security.KeyManagementException;
24 import java.security.NoSuchAlgorithmException;
25 import java.security.cert.CertificateException;
26 import java.security.cert.X509Certificate;
28 import javax.net.ssl.HostnameVerifier;
29 import javax.net.ssl.HttpsURLConnection;
30 import javax.net.ssl.SSLContext;
31 import javax.net.ssl.TrustManager;
32 import javax.net.ssl.X509TrustManager;
35 * Disables and enables certificate and host-name checking in
36 * HttpsURLConnection, the default JVM implementation of the HTTPS/TLS protocol.
37 * Has no effect on implementations such as Apache Http Client, Ok Http.
39 * https://stackoverflow.com/questions/23504819/how-to-disable-ssl-certificate-checking-with-spring-resttemplate/58291331#58291331
41 public final class HttpsURLConnectionUtils {
43 private static final HostnameVerifier jvmHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
45 private static final HostnameVerifier trivialHostnameVerifier = (hostname, sslSession) -> true;
47 private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[] { new X509TrustManager() {
48 public java.security.cert.X509Certificate[] getAcceptedIssuers() {
49 return new java.security.cert.X509Certificate[0];
52 public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
53 // empty implementation
56 public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
57 // empty implementation
61 public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
62 HttpsURLConnection.setDefaultHostnameVerifier(trivialHostnameVerifier);
63 // Install the all-trusting trust manager
64 SSLContext sc = SSLContext.getInstance("TLS");
65 sc.init(null, UNQUESTIONING_TRUST_MANAGER, null);
66 HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
69 public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {
70 HttpsURLConnection.setDefaultHostnameVerifier(jvmHostnameVerifier);
71 // Return it to the initial state (discovered by reflection, now hardcoded)
72 SSLContext sc = SSLContext.getInstance("TLS");
73 sc.init(null, null, null);
74 HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
77 private HttpsURLConnectionUtils() {
78 throw new UnsupportedOperationException("Do not instantiate libraries.");