Introduce acceptAnyCertificate config, defaulting to false, close AsyncHttpClient#526, close AsyncHttpClient#352

Author: Stephane Landelle

api/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java

@@ -112,6 +112,7 @@ public class AsyncHttpClientConfig {
     protected int spdyInitialWindowSize;
     protected int spdyMaxConcurrentStreams;
     protected TimeConverter timeConverter;
+    protected boolean acceptAnyCertificate;
 
     protected AsyncHttpClientConfig() {
     }
@@ -151,7 +152,8 @@ private AsyncHttpClientConfig(int maxTotalConnections, //
             boolean spdyEnabled, //
             int spdyInitialWindowSize, //
             int spdyMaxConcurrentStreams, //
-            TimeConverter timeConverter) {
+            TimeConverter timeConverter, //
+            boolean acceptAnyCertificate) {
 
         this.maxTotalConnections = maxTotalConnections;
         this.maxConnectionPerHost = maxConnectionPerHost;
@@ -187,6 +189,7 @@ private AsyncHttpClientConfig(int maxTotalConnections, //
         this.spdyInitialWindowSize = spdyInitialWindowSize;
         this.spdyMaxConcurrentStreams = spdyMaxConcurrentStreams;
         this.timeConverter = timeConverter;
+        this.acceptAnyCertificate = acceptAnyCertificate;
 
     }
 
@@ -533,6 +536,10 @@ public TimeConverter getTimeConverter() {
         return timeConverter;
     }
 
+    public boolean isAcceptAnyCertificate() {
+        return acceptAnyCertificate;
+    }
+
     /**
      * Builder for an {@link AsyncHttpClient}
      */
@@ -564,6 +571,7 @@ public static class Builder {
         private boolean spdyEnabled = defaultSpdyEnabled();
         private int spdyInitialWindowSize = defaultSpdyInitialWindowSize();
         private int spdyMaxConcurrentStreams = defaultSpdyMaxConcurrentStreams();
+        private boolean acceptAnyCertificate = defaultAcceptAnyCertificate();
 
         private ScheduledExecutorService reaper;
         private ExecutorService applicationThreadPool;
@@ -1078,6 +1086,11 @@ public Builder setTimeConverter(TimeConverter timeConverter) {
             return this;
         }
 
+        public Builder setAcceptAnyCertificate(boolean acceptAnyCertificate) {
+            this.acceptAnyCertificate = acceptAnyCertificate;
+            return this;
+        }
+        
         /**
          * Create a config builder with values taken from the given prototype configuration.
          *
@@ -1186,7 +1199,8 @@ public Thread newThread(Runnable r) {
                     spdyEnabled, //
                     spdyInitialWindowSize, //
                     spdyMaxConcurrentStreams, //
-                    timeConverter);
+                    timeConverter, //
+                    acceptAnyCertificate);
         }
     }
 }

api/src/main/java/org/asynchttpclient/AsyncHttpClientConfigBean.java

@@ -70,6 +70,7 @@ void configureDefaults() {
         spdyEnabled = defaultSpdyEnabled();
         spdyInitialWindowSize = defaultSpdyInitialWindowSize();
         spdyMaxConcurrentStreams = defaultSpdyMaxConcurrentStreams();
+        acceptAnyCertificate = defaultAcceptAnyCertificate();
         if (defaultUseProxySelector()) {
             proxyServerSelector = ProxyUtils.getJdkDefaultProxyServerSelector();
         } else if (defaultUseProxyProperties()) {
@@ -234,4 +235,9 @@ public AsyncHttpClientConfigBean setIoThreadMultiplier(int ioThreadMultiplier) {
         this.ioThreadMultiplier = ioThreadMultiplier;
         return this;
     }
+
+    public AsyncHttpClientConfigBean setAcceptAnyCertificate(boolean acceptAnyCertificate) {
+        this.acceptAnyCertificate = acceptAnyCertificate;
+        return this;
+    }
 }

api/src/main/java/org/asynchttpclient/AsyncHttpClientConfigDefaults.java

@@ -133,4 +133,8 @@ public static int defaultSpdyInitialWindowSize() {
     public static int defaultSpdyMaxConcurrentStreams() {
         return Integer.getInteger(ASYNC_CLIENT + "spdyMaxConcurrentStreams", 100);
     }
+    
+    public static boolean defaultAcceptAnyCertificate() {
+        return getBoolean(ASYNC_CLIENT + "acceptAnyCertificate", false);
+    }
 }

api/src/main/java/org/asynchttpclient/SimpleAsyncHttpClient.java

@@ -678,6 +678,11 @@ public Builder setProviderClass(String providerClass) {
             return this;
         }
 
+        public Builder setAcceptAnyCertificate(boolean acceptAnyCertificate) {
+            configBuilder.setAcceptAnyCertificate(acceptAnyCertificate);
+            return this;
+        }
+
         public SimpleAsyncHttpClient build() {
 
             if (realmBuilder != null) {

api/src/main/java/org/asynchttpclient/util/MiscUtil.java

@@ -44,4 +44,8 @@ public static boolean getBoolean(String systemPropName, boolean defaultValue) {
         String systemPropValue = System.getProperty(systemPropName);
         return systemPropValue != null ? systemPropValue.equalsIgnoreCase("true") : defaultValue;
     }
+
+    public static <T> T withDefault(T value, T defaults) {
+        return value != null? value : value;
+    }
 }

api/src/main/java/org/asynchttpclient/util/SslUtils.java

@@ -16,14 +16,47 @@
 package org.asynchttpclient.util;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 
 /**
  * This class is a copy of http://github.com/sonatype/wagon-ning/raw/master/src/main/java/org/apache/maven/wagon/providers/http/SslUtils.java
  */
 public class SslUtils {
+    
+    static class LooseTrustManager implements X509TrustManager {
+
+        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+            return new java.security.cert.X509Certificate[0];
+        }
+
+        public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
+        }
 
+        public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
+        }
+    }
+
+    private SSLContext looseTrustManagerSSLContext = looseTrustManagerSSLContext(); 
+    
+    private SSLContext looseTrustManagerSSLContext() {
+        try {
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, new TrustManager[] { new LooseTrustManager() }, new SecureRandom());
+            return sslContext;
+        } catch (NoSuchAlgorithmException e) {
+           throw new ExceptionInInitializerError(e);
+        } catch (KeyManagementException e) {
+            throw new ExceptionInInitializerError(e);
+        }
+    }
+    
     private static class SingletonHolder {
         public static final SslUtils instance = new SslUtils();
     }
@@ -32,7 +65,7 @@ public static SslUtils getInstance() {
         return SingletonHolder.instance;
     }
 
-    public SSLContext getSSLContext() throws GeneralSecurityException, IOException {
-        return SSLContext.getDefault();
+    public SSLContext getSSLContext(boolean acceptAnyCertificate) throws GeneralSecurityException, IOException {
+        return acceptAnyCertificate? looseTrustManagerSSLContext: SSLContext.getDefault();
     }
 }

api/src/test/java/org/asynchttpclient/async/HttpToHttpsRedirectTest.java

@@ -96,7 +96,11 @@ public void runAllSequentiallyBecauseNotThreadSafe() throws Exception {
     public void httpToHttpsRedirect() throws Exception {
         redirectDone.getAndSet(false);
 
-        AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder().setMaxRedirects(5).setFollowRedirects(true).build();
+        AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder()//
+                .setMaxRedirects(5)//
+                .setFollowRedirects(true)//
+                .setAcceptAnyCertificate(true)//
+                .build();
         AsyncHttpClient c = getAsyncHttpClient(cg);
         try {
             Response response = c.prepareGet(getTargetUrl()).setHeader("X-redirect", getTargetUrl2()).execute().get();
@@ -112,7 +116,11 @@ public void httpToHttpsRedirect() throws Exception {
     public void httpToHttpsProperConfig() throws Exception {
         redirectDone.getAndSet(false);
 
-        AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder().setMaxRedirects(5).setFollowRedirects(true).build();
+        AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder()//
+                .setMaxRedirects(5)//
+                .setFollowRedirects(true)//
+                .setAcceptAnyCertificate(true)//
+                .build();
         AsyncHttpClient c = getAsyncHttpClient(cg);
         try {
             Response response = c.prepareGet(getTargetUrl()).setHeader("X-redirect", getTargetUrl2() + "/test2").execute().get();
@@ -134,7 +142,11 @@ public void httpToHttpsProperConfig() throws Exception {
     public void relativeLocationUrl() throws Exception {
         redirectDone.getAndSet(false);
 
-        AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder().setMaxRedirects(5).setFollowRedirects(true).build();
+        AsyncHttpClientConfig cg = new AsyncHttpClientConfig.Builder()//
+                .setMaxRedirects(5)//
+                .setFollowRedirects(true)//
+                .setAcceptAnyCertificate(true)//
+                .build();
         AsyncHttpClient c = getAsyncHttpClient(cg);
         try {
             Response response = c.prepareGet(getTargetUrl()).setHeader("X-redirect", "/foo/test").execute().get();

api/src/test/java/org/asynchttpclient/async/ProxyTunnellingTest.java

@@ -74,12 +74,14 @@ public void tearDownGlobal() throws Exception {
 
     @Test(groups = { "online", "default_provider" })
     public void testRequestProxy() throws IOException, InterruptedException, ExecutionException, TimeoutException {
-        AsyncHttpClientConfig.Builder b = new AsyncHttpClientConfig.Builder();
-        b.setFollowRedirects(true);
 
         ProxyServer ps = new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1);
 
-        AsyncHttpClientConfig config = b.build();
+        AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()//
+        .setFollowRedirects(true)//
+        .setAcceptAnyCertificate(true)//
+        .build();
+
         AsyncHttpClient asyncHttpClient = getAsyncHttpClient(config);
         try {
             RequestBuilder rb = new RequestBuilder("GET").setProxyServer(ps).setUrl(getTargetUrl2());
@@ -108,6 +110,7 @@ public void testConfigProxy() throws IOException, InterruptedException, Executio
         AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()//
                 .setFollowRedirects(true)//
                 .setProxyServer(new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1))//
+                .setAcceptAnyCertificate(true)//
                 .build();
         AsyncHttpClient asyncHttpClient = getAsyncHttpClient(config);
         try {
@@ -136,7 +139,12 @@ public void testSimpleAHCConfigProxy() throws IOException, InterruptedException,
 
         SimpleAsyncHttpClient client = new SimpleAsyncHttpClient.Builder()//
                 .setProviderClass(getProviderClass())//
-                .setProxyProtocol(ProxyServer.Protocol.HTTPS).setProxyHost("127.0.0.1").setProxyPort(port1).setFollowRedirects(true).setUrl(getTargetUrl2())//
+                .setProxyProtocol(ProxyServer.Protocol.HTTPS)//
+                .setProxyHost("127.0.0.1")//
+                .setProxyPort(port1)//
+                .setFollowRedirects(true)//
+                .setUrl(getTargetUrl2())//
+                .setAcceptAnyCertificate(true)//
                 .setHeader("Content-Type", "text/html")//
                 .build();
         try {

api/src/test/java/org/asynchttpclient/websocket/ProxyTunnellingTest.java

@@ -78,7 +78,7 @@ protected String getTargetUrl() {
     public void echoText() throws Exception {
 
         ProxyServer ps = new ProxyServer(ProxyServer.Protocol.HTTPS, "127.0.0.1", port1);
-        AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder().setProxyServer(ps).build();
+        AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder().setProxyServer(ps).setAcceptAnyCertificate(true).build();
         AsyncHttpClient asyncHttpClient = getAsyncHttpClient(config);
         try {
             final CountDownLatch latch = new CountDownLatch(1);

providers/grizzly/src/main/java/org/asynchttpclient/providers/grizzly/GrizzlyAsyncHttpProvider.java

@@ -253,7 +253,7 @@ public void onTimeout(Connection connection) {
         SSLContext context = clientConfig.getSSLContext();
         if (context == null) {
             try {
-                context = SslUtils.getInstance().getSSLContext();
+                context = SslUtils.getInstance().getSSLContext(clientConfig.isAcceptAnyCertificate());
             } catch (Exception e) {
                 throw new IllegalStateException(e);
             }

providers/grizzly/src/test/java/org/asynchttpclient/providers/grizzly/GrizzlyFeedableBodyGeneratorTest.java

@@ -138,6 +138,7 @@ private void doSimpleFeeder(final boolean secure) {
         AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()
                 .setMaxConnectionsPerHost(60)
                 .setMaxConnectionsTotal(60)
+                .setAcceptAnyCertificate(true)
                 .build();
         final AsyncHttpClient client =
                 new DefaultAsyncHttpClient(new GrizzlyAsyncHttpProvider(config), config);
@@ -240,6 +241,7 @@ private void doNonBlockingFeeder(final boolean secure) {
         AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()
                 .setMaxConnectionsPerHost(60)
                 .setMaxConnectionsTotal(60)
+                .setAcceptAnyCertificate(true)
                 .build();
         final AsyncHttpClient client =
                 new DefaultAsyncHttpClient(new GrizzlyAsyncHttpProvider(config), config);

providers/netty/src/main/java/org/asynchttpclient/providers/netty/channel/Channels.java

@@ -209,10 +209,9 @@ private SSLEngine createSSLEngine() throws IOException, GeneralSecurityException
 
         } else {
             SSLContext sslContext = config.getSSLContext();
-            if (sslContext == null) {
-                sslContext = SslUtils.getInstance().getSSLContext();
-            }
-            
+            if (sslContext == null)
+                sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate());
+
             SSLEngine sslEngine = sslContext.createSSLEngine();
             sslEngine.setUseClientMode(true);
             return sslEngine;