src/main/java/org/arvados/client/api/client/factory/OkHttpClientFactory.java

   1 /*
   2  * Copyright (C) The Arvados Authors. All rights reserved.
   3  *
   4  * SPDX-License-Identifier: AGPL-3.0 OR Apache-2.0
   5  *
   6  */
   7
   8 package org.arvados.client.api.client.factory;
   9
  10 import okhttp3.OkHttpClient;
  11 import org.arvados.client.exception.ArvadosClientException;
  12 import org.slf4j.Logger;
  13
  14 import javax.net.ssl.SSLContext;
  15 import javax.net.ssl.SSLSocketFactory;
  16 import javax.net.ssl.TrustManager;
  17 import javax.net.ssl.X509TrustManager;
  18 import java.security.KeyManagementException;
  19 import java.security.NoSuchAlgorithmException;
  20 import java.security.SecureRandom;
  21 import java.security.cert.X509Certificate;
  22
  23 public class OkHttpClientFactory {
  24
  25     private final Logger log = org.slf4j.LoggerFactory.getLogger(OkHttpClientFactory.class);
  26
  27     OkHttpClientFactory() {
  28     }
  29
  30     public static OkHttpClientFactoryBuilder builder() {
  31         return new OkHttpClientFactoryBuilder();
  32     }
  33
  34     public OkHttpClient create(boolean apiHostInsecure) {
  35         OkHttpClient.Builder builder = new OkHttpClient.Builder();
  36         if (apiHostInsecure) {
  37             trustAllCertificates(builder);
  38         }
  39         return builder.build();
  40     }
  41
  42     private void trustAllCertificates(OkHttpClient.Builder builder) {
  43         log.warn("Creating unsafe OkHttpClient. All SSL certificates will be accepted.");
  44         try {
  45             // Create a trust manager that does not validate certificate chains
  46             final TrustManager[] trustAllCerts = new TrustManager[] { createX509TrustManager() };
  47
  48             // Install the all-trusting trust manager
  49             SSLContext sslContext = SSLContext.getInstance("SSL");
  50             sslContext.init(null, trustAllCerts, new SecureRandom());
  51             // Create an ssl socket factory with our all-trusting manager
  52             final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
  53
  54             builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
  55             builder.hostnameVerifier((hostname, session) -> true);
  56         } catch (NoSuchAlgorithmException | KeyManagementException e) {
  57             throw new ArvadosClientException("Error establishing SSL context", e);
  58         }
  59     }
  60
  61     private static X509TrustManager createX509TrustManager() {
  62         return new X509TrustManager() {
  63
  64             @Override
  65             public void checkClientTrusted(X509Certificate[] chain, String authType) {}
  66
  67             @Override
  68             public void checkServerTrusted(X509Certificate[] chain, String authType) {}
  69
  70             @Override
  71             public X509Certificate[] getAcceptedIssuers() {
  72                 return new X509Certificate[] {};
  73             }
  74         };
  75     }
  76
  77     public static class OkHttpClientFactoryBuilder {
  78         OkHttpClientFactoryBuilder() {
  79         }
  80
  81         public OkHttpClientFactory build() {
  82             return new OkHttpClientFactory();
  83         }
  84
  85         public String toString() {
  86             return "OkHttpClientFactory.OkHttpClientFactoryBuilder()";
  87         }
  88     }
  89 }