From: Jussi Koskela <jussi.koskela@semantum.fi>
Date: Fri, 20 Apr 2018 06:13:28 +0000 (+0300)
Subject: Create HTTP(s) client in SCL with certificate verification disabled
X-Git-Tag: v1.43.0~136^2~490
X-Git-Url: https://gerrit.simantics.org/r/gitweb?p=simantics%2Fplatform.git;a=commitdiff_plain;h=69c49563a4bc5dff7d4e57541f15f384648f5b83

Create HTTP(s) client in SCL with certificate verification disabled

Also fixed buildClient function to actually use the provided
ClientBuilder.

refs #7870

Change-Id: Ie0d7ae420fc3b96df607efacb64a8bc8384ec717
---

diff --git a/bundles/org.simantics.scl.rest/scl/HTTP/Client.scl b/bundles/org.simantics.scl.rest/scl/HTTP/Client.scl
index 34fc6a77e..9ebeeea8f 100644
--- a/bundles/org.simantics.scl.rest/scl/HTTP/Client.scl
+++ b/bundles/org.simantics.scl.rest/scl/HTTP/Client.scl
@@ -76,6 +76,7 @@ importJava "org.simantics.scl.rest.HttpClientUtils" where
     buildClient :: ClientBuilder -> Client
     statusMessageOf :: Response -> <Proc> String
     asyncInvoke :: Invocation -> ResponseHandler -> FailureHandler -> <Proc> Future Response
+    trustAllClientBuilder :: <Proc> ClientBuilder
 
 importJava "javax.ws.rs.client.Entity" where
     data Entity
diff --git a/bundles/org.simantics.scl.rest/src/org/simantics/scl/rest/HttpClientUtils.java b/bundles/org.simantics.scl.rest/src/org/simantics/scl/rest/HttpClientUtils.java
index dfdbf5ba9..ef42cc859 100644
--- a/bundles/org.simantics.scl.rest/src/org/simantics/scl/rest/HttpClientUtils.java
+++ b/bundles/org.simantics.scl.rest/src/org/simantics/scl/rest/HttpClientUtils.java
@@ -1,7 +1,15 @@
 package org.simantics.scl.rest;
 
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.Future;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.client.Invocation;
@@ -20,7 +28,7 @@ public class HttpClientUtils {
     public static Client buildClient(ClientBuilder clientBuilder) {
         final ClientConfig clientConfig = new ClientConfig();
         clientConfig.register(MultiPartFeature.class);
-        return ClientBuilder.newBuilder().withConfig((Configuration) clientConfig).build();
+        return clientBuilder.withConfig((Configuration) clientConfig).build();
     }
     
     public static String statusMessageOf(Response response) {
@@ -54,4 +62,27 @@ public class HttpClientUtils {
             }
         });
     }
+    
+    public static ClientBuilder trustAllClientBuilder() throws NoSuchAlgorithmException, KeyManagementException {
+        TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
+            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                return null;
+            }
+            public void checkClientTrusted(X509Certificate[] certs, String authType) {
+            }
+            public void checkServerTrusted(X509Certificate[] certs, String authType) {
+            }
+        }
+        };
+
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, trustAllCerts, new java.security.SecureRandom());
+
+        return ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(new HostnameVerifier() {
+            @Override
+            public boolean verify(String hostname, SSLSession session) {
+                return true;
+            }
+        });
+    }
 }