Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Ignore CERT and Host Name Verification for Services Accessible Over https

DZone's Guide to

Ignore CERT and Host Name Verification for Services Accessible Over https

During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.

· Java Zone ·
Free Resource

The CMS developers love. Open Source, API-first and Enterprise-grade. Try BloomReach CMS for free.


During development, it sometimes helps/speed up work if we ignore certificate and hostname verification for testing RESTful services accessible over https.

One such case would be auto-generated certs with some dummy hostname. 

You can do the following to ignore SSL cert and host name verification.

  1. Create your trust manager with null certificate
  2.  Override/set new SSL Scheme to allow all host names

if you are using org.springframework.web.client.RestTemplate, then you can reuse the method below to bypass cert/ssl validation.

/**
* WARNING!!! testing/development purpose only!!!
* @param restTemplate
* @throws Exception
*/
public static void ignoreCertAndHostVerification(RestTemplate restTemplate) throws Exception {
SSLContext sslContext = SSLContext.getInstance("SSL");
javax.net.ssl.TrustManager[] trustManagers= {new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
}
}
};
sslContext.init(null,trustManagers , new SecureRandom());
SSLSocketFactory sslFactory=new SSLSocketFactory(sslContext,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme scheme=new Scheme("https",443,sslFactory);
HttpComponentsClientHttpRequestFactory factory=new HttpComponentsClientHttpRequestFactory();
factory.getHttpClient().getConnectionManager().getSchemeRegistry().register(scheme);
restTemplate.setRequestFactory(factory);
}

if you are using groovy's HttpBuilder, you can do the following:

def httpBuilder = new HTTPBuilder(baseURL)
def nullTrustManager = [
checkClientTrusted: { chain, authType ->  },
checkServerTrusted: { chain, authType ->  },
getAcceptedIssuers: { null }
]
def nullHostnameVerifier = [
verify: { hostname, session -> true }
]
SSLContext sc = SSLContext.getInstance("SSL")
sc.init(null, [nullTrustManager as X509TrustManager] as TrustManager[], new SecureRandom())
SSLSocketFactory sf=new SSLSocketFactory(sc)
sf.hostnameVerifier=SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
httpBuilder.getClient().getConnectionManager().schemeRegistry.register(new Scheme("https",sf,443))
WARNING::::The above code is for testing purpose during development only.. not recommended for production!!! 


BloomReach CMS: the API-first CMS of the future. Open-source & enterprise-grade. - As a Java developer, you will feel at home using Maven builds and your favorite IDE (e.g. Eclipse or IntelliJ) and continuous integration server (e.g. Jenkins). Manage your Java objects using Spring Framework, write your templates in JSP or Freemarker. Try for free.

Topics:
java ,news ,groovy ,ssl ,https

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}