Reputation: 4161
Download file over HTTPS and SSO in groovy avoiding server certificate validation
I want to download a file in groovy over a connection that is both using single sign on (SSO) over HTTPS (SSL) is there an easy way to do this. I'm not intending to build a full blown application so security is not as much of a concern.
def data = new URL("https://server/context/servlet?param1=value1").getText()
print data
I currently do the download using curl but would ideally not have to call curl. current used call below.
curl --negotiate -u user:pass -L --insecure -o filename.txt "https://server/context/servlet?param1=value1"
Two key points to the solution i'm looking for - It does not involve making a system call to curl - It does not include manually setting up a certificate.
Would consider libraries.
Upvotes: 0
Views: 749
Answers (1)
Reputation: 18517
To avoid the SSL PKIX validation check, in Groovy, you can implement a X509TrustManager in the same way that you do it in Java.
Note that this disable the validation server certificate validation, therefore it's a security risk:
import javax.net.ssl.*
// create a TrustManager to avoid PKIX path validation
def trustManager = [
checkClientTrusted: { chain, authType -> },
checkServerTrusted: { chain, authType -> },
getAcceptedIssuers: { null }
] as X509TrustManager
// creat a sslCtx to use "lax" trustManager
def context = SSLContext.getInstance("TLS")
context.init(null, [trustManager] as TrustManager[], null)
// set as default ssl context
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory())
// finally you can connect to the server "insecurely"
def data = new URL("https://server/context/servlet?param1=value1").getText()
print data
About your second question, to provide a basic authentication like curl does with --user argument, you can set a default user/password for your connections using Authenticator class:
Authenticator.setDefault (new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication ("user", "pass".toCharArray())
}
})
Note that is possible to do so on other ways in Groovy using some libraries, but this is a possible way using standard Java classes.
Upvotes: 1
Related Questions
- SSL certificate rejected trying to access GitHub over HTTPS behind firewall
- curl - Is data encrypted when using the --insecure option?
- Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint
- How to configure properly HTTPS from certificate chain, certificate and private key? Akka HTTP
- Allowing websockets over https for local server
- Does Java Apache httpclient need Server certificate to call https service?
- Curl command for https ( SSL )
- Installing an SSL certificate and running nitrogen webframe work over cowboy server over https