Introduce acceptAnyCertificate config, defaulting to false, backport df6ed70, close #352

Author: Stephane Landelle

src/main/java/com/ning/http/client/AsyncHttpClientConfig.java

@@ -25,9 +25,7 @@
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
 
-import java.security.GeneralSecurityException;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
@@ -68,7 +66,6 @@ public class AsyncHttpClientConfig {
     protected ExecutorService applicationThreadPool;
     protected ProxyServerSelector proxyServerSelector;
     protected SSLContext sslContext;
-    protected SSLEngineFactory sslEngineFactory;
     protected AsyncHttpProviderConfig<?, ?> providerConfig;
     protected ConnectionsPool<?, ?> connectionsPool;
     protected Realm realm;
@@ -86,6 +83,7 @@ public class AsyncHttpClientConfig {
     protected boolean useRelativeURIsWithSSLProxies;
     protected int maxConnectionLifeTimeInMs;
     protected TimeConverter timeConverter;
+    protected boolean acceptAnyCertificate;
 
     protected AsyncHttpClientConfig() {
     }
@@ -106,7 +104,6 @@ private AsyncHttpClientConfig(int maxTotalConnections,
                                   ExecutorService applicationThreadPool,
                                   ProxyServerSelector proxyServerSelector,
                                   SSLContext sslContext,
-                                  SSLEngineFactory sslEngineFactory,
                                   AsyncHttpProviderConfig<?, ?> providerConfig,
                                   ConnectionsPool<?, ?> connectionsPool, Realm realm,
                                   List<RequestFilter> requestFilters,
@@ -121,7 +118,8 @@ private AsyncHttpClientConfig(int maxTotalConnections,
                                   int ioThreadMultiplier,
                                   boolean strict302Handling,
                                   boolean useRelativeURIsWithSSLProxies,
-                                  TimeConverter timeConverter) {
+                                  TimeConverter timeConverter, //
+                                  boolean acceptAnyCertificate) {
 
         this.maxTotalConnections = maxTotalConnections;
         this.maxConnectionPerHost = maxConnectionPerHost;
@@ -137,7 +135,6 @@ private AsyncHttpClientConfig(int maxTotalConnections,
         this.userAgent = userAgent;
         this.allowPoolingConnection = keepAlive;
         this.sslContext = sslContext;
-        this.sslEngineFactory = sslEngineFactory;
         this.providerConfig = providerConfig;
         this.connectionsPool = connectionsPool;
         this.realm = realm;
@@ -161,6 +158,7 @@ private AsyncHttpClientConfig(int maxTotalConnections,
         this.proxyServerSelector = proxyServerSelector;
         this.disableUrlEncodingForBoundedRequests = disableUrlEncodingForBoundedRequests;
         this.timeConverter = timeConverter;
+        this.acceptAnyCertificate = acceptAnyCertificate;
     }
 
     /**
@@ -310,28 +308,6 @@ public SSLContext getSSLContext() {
         return connectionsPool;
     }
 
-    /**
-     * Return an instance of {@link SSLEngineFactory} used for SSL connection.
-     *
-     * @return an instance of {@link SSLEngineFactory} used for SSL connection.
-     */
-    public SSLEngineFactory getSSLEngineFactory() {
-        if (sslEngineFactory == null) {
-            return new SSLEngineFactory() {
-                public SSLEngine newSSLEngine() {
-                    if (sslContext != null) {
-                        SSLEngine sslEngine = sslContext.createSSLEngine();
-                        sslEngine.setUseClientMode(true);
-                        return sslEngine;
-                    } else {
-                        return null;
-                    }
-                }
-            };
-        }
-        return sslEngineFactory;
-    }
-
     /**
      * Return the {@link com.ning.http.client.AsyncHttpProviderConfig}
      *
@@ -491,12 +467,19 @@ public int getMaxConnectionLifeTimeInMs() {
     }
 
     /**
-     * @return 1.8.2
+     * since 1.8.2
      */
     public TimeConverter getTimeConverter() {
         return timeConverter;
     }
 
+    /**
+     * since 1.9.0
+     */
+    public boolean isAcceptAnyCertificate() {
+        return acceptAnyCertificate;
+    }
+
     /**
      * Builder for an {@link AsyncHttpClient}
      */
@@ -525,11 +508,11 @@ public static class Builder {
         private boolean removeQueryParamOnRedirect = defaultRemoveQueryParamOnRedirect();
         private boolean strict302Handling = defaultStrict302Handling();
         private HostnameVerifier hostnameVerifier = defaultHostnameVerifier();
+        private boolean acceptAnyCertificate = defaultAcceptAnyCertificate();
 
         private ExecutorService applicationThreadPool;
         private ProxyServerSelector proxyServerSelector = null;
         private SSLContext sslContext;
-        private SSLEngineFactory sslEngineFactory;
         private AsyncHttpProviderConfig<?, ?> providerConfig;
         private ConnectionsPool<?, ?> connectionsPool;
         private Realm realm;
@@ -713,31 +696,13 @@ public Builder setProxyServer(ProxyServer proxyServer) {
             return this;
         }
 
-        /**
-         * Set the {@link SSLEngineFactory} for secure connection.
-         *
-         * @param sslEngineFactory the {@link SSLEngineFactory} for secure connection
-         * @return a {@link Builder}
-         */
-        public Builder setSSLEngineFactory(SSLEngineFactory sslEngineFactory) {
-            this.sslEngineFactory = sslEngineFactory;
-            return this;
-        }
-
         /**
          * Set the {@link SSLContext} for secure connection.
          *
          * @param sslContext the {@link SSLContext} for secure connection
          * @return a {@link Builder}
          */
         public Builder setSSLContext(final SSLContext sslContext) {
-            this.sslEngineFactory = new SSLEngineFactory() {
-                public SSLEngine newSSLEngine() throws GeneralSecurityException {
-                    SSLEngine sslEngine = sslContext.createSSLEngine();
-                    sslEngine.setUseClientMode(true);
-                    return sslEngine;
-                }
-            };
             this.sslContext = sslContext;
             return this;
         }
@@ -998,6 +963,11 @@ public Builder setTimeConverter(TimeConverter timeConverter) {
             return this;
         }
 
+        public Builder setAcceptAnyCertificate(boolean acceptAnyCertificate) {
+            this.acceptAnyCertificate = acceptAnyCertificate;
+            return this;
+        }
+
         /**
          * Create a config builder with values taken from the given prototype configuration.
          *
@@ -1018,7 +988,6 @@ public Builder(AsyncHttpClientConfig prototype) {
             realm = prototype.getRealm();
             requestTimeoutInMs = prototype.getRequestTimeoutInMs();
             sslContext = prototype.getSSLContext();
-            sslEngineFactory = prototype.getSSLEngineFactory();
             userAgent = prototype.getUserAgent();
             followRedirect = prototype.isFollowRedirect();
             compressionEnabled = prototype.isCompressionEnabled();
@@ -1041,6 +1010,7 @@ public Builder(AsyncHttpClientConfig prototype) {
             hostnameVerifier = prototype.getHostnameVerifier();
             strict302Handling = prototype.isStrict302Handling();
             timeConverter = prototype.timeConverter;
+            acceptAnyCertificate = prototype.acceptAnyCertificate;
         }
 
         /**
@@ -1073,40 +1043,39 @@ public Thread newThread(Runnable r) {
                 proxyServerSelector = ProxyServerSelector.NO_PROXY_SELECTOR;
             }
 
-            return new AsyncHttpClientConfig(maxTotalConnections,
-                    maxConnectionPerHost,
-                    connectionTimeOutInMs,
-                    webSocketIdleTimeoutInMs,
-                    idleConnectionInPoolTimeoutInMs,
-                    idleConnectionTimeoutInMs,
-                    requestTimeoutInMs,
-                    maxConnectionLifeTimeInMs,
-                    followRedirect,
-                    maxDefaultRedirects,
-                    compressionEnabled,
-                    userAgent,
-                    allowPoolingConnection,
-                    applicationThreadPool,
-                    proxyServerSelector,
-                    sslContext,
-                    sslEngineFactory,
-                    providerConfig,
-                    connectionsPool,
-                    realm,
-                    requestFilters,
-                    responseFilters,
-                    ioExceptionFilters,
-                    requestCompressionLevel,
-                    maxRequestRetry,
-                    allowSslConnectionPool,
-                    disableUrlEncodingForBoundedRequests,
-                    removeQueryParamOnRedirect,
-                    hostnameVerifier,
-                    ioThreadMultiplier,
-                    strict302Handling,
-                    useRelativeURIsWithSSLProxies,
-                    timeConverter);
+            return new AsyncHttpClientConfig(maxTotalConnections, //
+                    maxConnectionPerHost, //
+                    connectionTimeOutInMs, //
+                    webSocketIdleTimeoutInMs, //
+                    idleConnectionInPoolTimeoutInMs, //
+                    idleConnectionTimeoutInMs, //
+                    requestTimeoutInMs, //
+                    maxConnectionLifeTimeInMs, //
+                    followRedirect, //
+                    maxDefaultRedirects, //
+                    compressionEnabled, //
+                    userAgent, //
+                    allowPoolingConnection, //
+                    applicationThreadPool, //
+                    proxyServerSelector, //
+                    sslContext, //
+                    providerConfig, //
+                    connectionsPool, //
+                    realm, //
+                    requestFilters, //
+                    responseFilters, //
+                    ioExceptionFilters, //
+                    requestCompressionLevel, //
+                    maxRequestRetry, //
+                    allowSslConnectionPool, //
+                    disableUrlEncodingForBoundedRequests, //
+                    removeQueryParamOnRedirect, //
+                    hostnameVerifier, //
+                    ioThreadMultiplier, //
+                    strict302Handling, //
+                    useRelativeURIsWithSSLProxies, //
+                    timeConverter, //
+                    acceptAnyCertificate);
         }
     }
 }
-

src/main/java/com/ning/http/client/AsyncHttpClientConfigBean.java

@@ -67,6 +67,7 @@ void configureDefaults() {
         removeQueryParamOnRedirect = defaultRemoveQueryParamOnRedirect();
         strict302Handling = defaultStrict302Handling();
         hostnameVerifier = defaultHostnameVerifier();
+        acceptAnyCertificate = defaultAcceptAnyCertificate();
 
         if (defaultUseProxySelector()) {
             proxyServerSelector = ProxyUtils.getJdkDefaultProxyServerSelector();
@@ -173,11 +174,6 @@ public AsyncHttpClientConfigBean setSslContext(SSLContext sslContext) {
         return this;
     }
 
-    public AsyncHttpClientConfigBean setSslEngineFactory(SSLEngineFactory sslEngineFactory) {
-        this.sslEngineFactory = sslEngineFactory;
-        return this;
-    }
-
     public AsyncHttpClientConfigBean setProviderConfig(AsyncHttpProviderConfig<?, ?> providerConfig) {
         this.providerConfig = providerConfig;
         return this;
@@ -242,4 +238,9 @@ public AsyncHttpClientConfigBean setIoThreadMultiplier(int ioThreadMultiplier) {
         this.ioThreadMultiplier = ioThreadMultiplier;
         return this;
     }
+
+    public AsyncHttpClientConfigBean setAcceptAnyCertificate(boolean acceptAnyCertificate) {
+        this.acceptAnyCertificate = acceptAnyCertificate;
+        return this;
+    }
 }

src/main/java/com/ning/http/client/AsyncHttpClientConfigDefaults.java

@@ -121,4 +121,8 @@ public static boolean defaultRemoveQueryParamOnRedirect() {
     public static HostnameVerifier defaultHostnameVerifier() {
         return new DefaultHostnameVerifier();
     }
+    
+    public static boolean defaultAcceptAnyCertificate() {
+        return getBoolean(ASYNC_CLIENT + "acceptAnyCertificate", false);
+    }
 }

src/main/java/com/ning/http/client/SSLEngineFactory.java

@@ -539,11 +539,6 @@ public Builder setExecutorService(ExecutorService applicationThreadPool) {
             return this;
         }
 
-        public Builder setSSLEngineFactory(SSLEngineFactory sslEngineFactory) {
-            configBuilder.setSSLEngineFactory(sslEngineFactory);
-            return this;
-        }
-
         public Builder setSSLContext(final SSLContext sslContext) {
             configBuilder.setSSLContext(sslContext);
             return this;
@@ -669,6 +664,11 @@ public Builder setProviderClass(String providerClass) {
             return this;
         }
 
+        public Builder setAcceptAnyCertificate(boolean acceptAnyCertificate) {
+            configBuilder.setAcceptAnyCertificate(acceptAnyCertificate);
+            return this;
+        }
+
         public SimpleAsyncHttpClient build() {
 
             if (realmBuilder != null) {

src/main/java/com/ning/http/client/SimpleAsyncHttpClient.java

@@ -383,7 +383,7 @@ public void onTimeout(Connection connection) {
         boolean defaultSecState = (context != null);
         if (context == null) {
             try {
-                context = SslUtils.getSSLContext();
+                context = SslUtils.getInstance().getSSLContext(clientConfig.isAcceptAnyCertificate());
             } catch (Exception e) {
                 throw new IllegalStateException(e);
             }

src/main/java/com/ning/http/client/providers/grizzly/GrizzlyAsyncHttpProvider.java

@@ -186,7 +186,7 @@ private HttpURLConnection createUrlConnection(Request request) throws IOExceptio
             SSLContext sslContext = config.getSSLContext();
             if (sslContext == null) {
                 try {
-                    sslContext = SslUtils.getSSLContext();
+                    sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate());
                 } catch (NoSuchAlgorithmException e) {
                     throw new IOException(e.getMessage());
                 } catch (GeneralSecurityException e) {