+++ /dev/null
-/*
- * Copyright (C) The Arvados Authors. All rights reserved.
- *
- * SPDX-License-Identifier: AGPL-3.0 OR Apache-2.0
- *
- */
-
-package org.arvados.client.api.client.factory;
-
-import okhttp3.OkHttpClient;
-import org.arvados.client.exception.ArvadosClientException;
-import org.slf4j.Logger;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-public class OkHttpClientFactory {
-
- private final Logger log = org.slf4j.LoggerFactory.getLogger(OkHttpClientFactory.class);
-
- OkHttpClientFactory() {
- }
-
- public static OkHttpClientFactoryBuilder builder() {
- return new OkHttpClientFactoryBuilder();
- }
-
- public OkHttpClient create(boolean apiHostInsecure) {
- OkHttpClient.Builder builder = new OkHttpClient.Builder();
- if (apiHostInsecure) {
- trustAllCertificates(builder);
- }
- return builder.build();
- }
-
- private void trustAllCertificates(OkHttpClient.Builder builder) {
- log.warn("Creating unsafe OkHttpClient. All SSL certificates will be accepted.");
- try {
- // Create a trust manager that does not validate certificate chains
- final TrustManager[] trustAllCerts = new TrustManager[] { createX509TrustManager() };
-
- // Install the all-trusting trust manager
- SSLContext sslContext = SSLContext.getInstance("SSL");
- sslContext.init(null, trustAllCerts, new SecureRandom());
- // Create an ssl socket factory with our all-trusting manager
- final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
-
- builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
- builder.hostnameVerifier((hostname, session) -> true);
- } catch (NoSuchAlgorithmException | KeyManagementException e) {
- throw new ArvadosClientException("Error establishing SSL context", e);
- }
- }
-
- private static X509TrustManager createX509TrustManager() {
- return new X509TrustManager() {
-
- @Override
- public void checkClientTrusted(X509Certificate[] chain, String authType) {}
-
- @Override
- public void checkServerTrusted(X509Certificate[] chain, String authType) {}
-
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[] {};
- }
- };
- }
-
- public static class OkHttpClientFactoryBuilder {
- OkHttpClientFactoryBuilder() {
- }
-
- public OkHttpClientFactory build() {
- return new OkHttpClientFactory();
- }
-
- public String toString() {
- return "OkHttpClientFactory.OkHttpClientFactoryBuilder()";
- }
- }
-}