001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.reef.runtime.hdinsight.client.sslhacks; 020 021import org.apache.http.conn.ClientConnectionManager; 022import org.apache.http.conn.scheme.Scheme; 023import org.apache.http.conn.scheme.SchemeRegistry; 024import org.apache.http.conn.ssl.SSLSocketFactory; 025import org.apache.http.impl.client.CloseableHttpClient; 026import org.apache.http.impl.client.DefaultHttpClient; 027import org.apache.http.impl.conn.BasicClientConnectionManager; 028import org.apache.reef.tang.ExternalConstructor; 029 030import javax.inject.Inject; 031import javax.net.ssl.KeyManager; 032import javax.net.ssl.SSLContext; 033import javax.net.ssl.TrustManager; 034import java.security.KeyManagementException; 035import java.security.NoSuchAlgorithmException; 036import java.security.SecureRandom; 037import java.util.logging.Level; 038import java.util.logging.Logger; 039 040/** 041 * A Client constructor that produces Clients that do not check SSL. 042 */ 043public final class UnsafeClientConstructor implements ExternalConstructor<CloseableHttpClient> { 044 045 @Inject 046 UnsafeClientConstructor() { 047 Logger.getLogger(UnsafeClientConstructor.class.getName()) 048 .log(Level.SEVERE, "DANGER: INSTANTIATING HTTP CLIENT WITH NO SSL CHECKS."); 049 } 050 051 @Override 052 public CloseableHttpClient newInstance() { 053 try { 054 final SSLSocketFactory socketFactory = new SSLSocketFactory(this.getSSLContext()); 055 socketFactory.setHostnameVerifier(new UnsafeHostNameVerifier()); 056 final SchemeRegistry schemeRegistry = new SchemeRegistry(); 057 schemeRegistry.register(new Scheme("https", 443, socketFactory)); 058 final ClientConnectionManager clientConnectionManager = new BasicClientConnectionManager(schemeRegistry); 059 return new DefaultHttpClient(clientConnectionManager); 060 } catch (final KeyManagementException | NoSuchAlgorithmException ex) { 061 throw new RuntimeException("Unable to instantiate HTTP Client", ex); 062 } 063 } 064 065 private SSLContext getSSLContext() throws KeyManagementException, NoSuchAlgorithmException { 066 final SSLContext sc = SSLContext.getInstance("TLS"); 067 sc.init(new KeyManager[0], new TrustManager[]{new UnsafeTrustManager()}, new SecureRandom()); 068 return sc; 069 } 070 071 072}