HAWKULAR-135 Pinger is completely trusting each SSL certificate

hawkular · May 7, 2015 · 676cab7 · 676cab7
1 parent 69ff8e7
commit 676cab7
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 4 deletions.
diff --git a/modules/pinger/src/main/java/org/hawkular/component/pinger/Pinger.java b/modules/pinger/src/main/java/org/hawkular/component/pinger/Pinger.java
@@ -18,34 +18,74 @@
 
 import java.io.IOException;
 import java.net.UnknownHostException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.Future;
 
 import javax.ejb.AsyncResult;
 import javax.ejb.Asynchronous;
 import javax.ejb.Stateless;
+import javax.net.ssl.SSLContext;
 
 import org.apache.http.HttpResponse;
 import org.apache.http.StatusLine;
-import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.HttpHead;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.SSLContexts;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 
 /**
  * Bean that does the pinging. Runs async.
  *
  * @author Heiko W. Rupp
+ * @author Martin Večeřa
  *
  */
 @Stateless
 public class Pinger {
 
+    /**
+     * SSL Context trusting all certificates.
+     */
+    private final SSLContext sslContext;
+
+    public Pinger() throws Exception {
+        SSLContext tmpSslContext;
+
+        try {
+            SSLContextBuilder builder = SSLContexts.custom();
+            builder.loadTrustMaterial(null, new TrustStrategy() {
+                @Override
+                public boolean isTrusted(X509Certificate[] chain, String authType)
+                      throws CertificateException {
+                    return true;
+                }
+            });
+            tmpSslContext = builder.build();
+
+        } catch (Exception e) {
+            tmpSslContext = null;
+        }
+
+        sslContext = tmpSslContext;
+    }
+
+    private CloseableHttpClient getHttpClient(final String url) {
+        if (url != null && url.startsWith("https") && sslContext != null) {
+            return HttpClientBuilder.create().setSslcontext(sslContext).build();
+        } else {
+            return HttpClientBuilder.create().build();
+        }
+    }
+
     @Asynchronous
-    public Future<PingStatus> ping(PingStatus status) {
+    public Future<PingStatus> ping(final PingStatus status) {
 
         HttpHead head = new HttpHead(status.destination.url);
-        HttpClient client = HttpClientBuilder.create().build();
 
-        try {
+        try (CloseableHttpClient client = getHttpClient(status.destination.url)) {
             HttpResponse httpResponse = client.execute(head);
             StatusLine statusLine = httpResponse.getStatusLine();
             long now = System.currentTimeMillis();

diff --git a/modules/pinger/src/test/java/org/hawkular/component/pinger/test/PingerTest.java b/modules/pinger/src/test/java/org/hawkular/component/pinger/test/PingerTest.java
@@ -46,6 +46,17 @@ public void testPinger() throws Exception {
 
     }
 
+    @org.junit.Test
+    public void testSslPinger() throws Exception {
+
+        Pinger pinger = new Pinger();
+        PingDestination destination = new PingDestination("123","https://www.perfcake.org");
+        PingStatus status = pinger.ping(new PingStatus(destination)).get();
+
+        assert status.getCode()==200;
+        assert status.isTimedOut()==false;
+    }
+
     @Test
     public void testPingManagerSimple() throws Exception {