Ignore CERT and Host Name Verification for Services Accessible Over https
During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.
Join the DZone community and get the full member experience.
Join For FreeDuring development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.
One such case would be auto-generated certs with some dummy hostname.
You can do the following to ignore SSL cert and host name verification.
- Create your trust manager with null certificate
- Override/set new SSL Scheme to allow all host names
if you are using org.springframework.web.client.RestTemplate, then you can reuse the method below to bypass cert/ssl validation.
/**
* WARNING!!! testing/development purpose only!!!
* @param restTemplate
* @throws Exception
*/
public static void ignoreCertAndHostVerification(RestTemplate restTemplate) throws Exception {
SSLContext sslContext = SSLContext.getInstance("SSL");
javax.net.ssl.TrustManager[] trustManagers= {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
}
};
sslContext.init(null,trustManagers , new SecureRandom());
SSLSocketFactory sslFactory=new SSLSocketFactory(sslContext,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme scheme=new Scheme("https",443,sslFactory);
HttpComponentsClientHttpRequestFactory factory=new HttpComponentsClientHttpRequestFactory();
factory.getHttpClient().getConnectionManager().getSchemeRegistry().register(scheme);
restTemplate.setRequestFactory(factory);
}if you are using groovy's HttpBuilder, you can do the following:
def httpBuilder = new HTTPBuilder(baseURL)
def nullTrustManager = [
checkClientTrusted: { chain, authType -> },
checkServerTrusted: { chain, authType -> },
getAcceptedIssuers: { null }
]
def nullHostnameVerifier = [
verify: { hostname, session -> true }
]
SSLContext sc = SSLContext.getInstance("SSL")
sc.init(null, [nullTrustManager as X509TrustManager] as TrustManager[], new SecureRandom())
SSLSocketFactory sf=new SSLSocketFactory(sc)
sf.hostnameVerifier=SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
httpBuilder.getClient().getConnectionManager().schemeRegistry.register(new Scheme("https",sf,443))WARNING::::The above code is for testing purpose during development only.. not recommended for production!!!
Host (Unix)
Opinions expressed by DZone contributors are their own.
Comments