Reputation: 20210
ning asynch http client how to accept any certificates
I see on this page how to do https
http://sonatype.github.com/async-http-client/ssl.html
but what if I just want to ignore and accept any certificate as in this environment I don't care about man in the middle right now since it is in an isolated environment and I am just doing some stuff for automated testing on QA data.
Maybe my question instead is how to fake out the SSL in java's SSL stack so it accepts any cert on the other end(this is not bi-directional since it is https).
The common code for the client in the above link is
char[] keyStorePassword = "changeit".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
//ks.load(keyStoreStream, keyStorePassword);
char[] certificatePassword = "changeit".toCharArray();
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, certificatePassword);
KeyManager[] keyManagers = kmf.getKeyManagers();
javax.net.ssl.TrustManager tm = new MyTrustMgr();
javax.net.ssl.TrustManager[] trustManagers = new javax.net.ssl.TrustManager[]{tm };
SecureRandom secureRandom = new SecureRandom();
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(keyManagers, trustManagers, secureRandom);
return ctx;
okay, working off that, I found out this which is still not working for some reason
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs,
String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs,
String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { tm }, null);
return ctx;
thanks, Dean
Upvotes: 4
Views: 3985
Answers (1)
Reputation: 365
5 years late to the party, but I was facing the same problem today and your question came up pretty high in Google searches. So maybe my answer will help someone else.
Taking your code of creating the SSLContext, this code will create an AsyncHttpClient that will ignore (or blindly accept) all SSL certificates:
AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()
.setSSLContext(createSslContext())
.build();
httpClient = new AsyncHttpClient(config);
The createSslContext method is, as mentioned above, an exact copy & paste of the code you had in your answer:
private SSLContext createSslContext() throws Exception {
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs,
String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs,
String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { tm }, null);
return ctx;
}
The above examples work with Async HTTP Client 1.9.40 & Java 1.8
Upvotes: 7
Related Questions
- Using SSL Certificates on Netty
- Netty server does not sent "Certificate Request"
- How to write an aynchronous HttpServer using Netty
- How can I add certificate chain to netty server?
- Ning's AsyncHttpClient don't use proxy when requesting HTTPS page
- netty 4 client ssl configuration to request all https sites
- CertificateException with async-http-client for https
- Async Netty HttpServer and HttpClient
- C# Asynchronous Tcp Server with SSL. How can I get mutual authentication with iOS NSStream?
- Asynchronous HTTP client with Netty