2727import org .apache .http .client .CredentialsProvider ;
2828import org .apache .http .client .methods .HttpUriRequest ;
2929import org .apache .http .conn .ClientConnectionManager ;
30- import org .apache .http .conn .scheme .Scheme ;
31- import org .apache .http .conn .scheme .SchemeRegistry ;
32- import org .apache .http .conn .ssl .SSLSocketFactory ;
33- import org .apache .http .conn .ssl .X509HostnameVerifier ;
3430import org .apache .http .impl .client .DefaultHttpClient ;
3531import org .apache .http .params .HttpParams ;
3632import org .slf4j .Logger ;
3733import org .slf4j .LoggerFactory ;
3834
3935import java .io .IOException ;
40- import java .security .KeyManagementException ;
41- import java .security .NoSuchAlgorithmException ;
42- import java .security .SecureRandom ;
43- import java .security .cert .CertificateException ;
44- import java .security .cert .X509Certificate ;
45-
46- import javax .net .ssl .SSLContext ;
47- import javax .net .ssl .SSLException ;
48- import javax .net .ssl .SSLSession ;
49- import javax .net .ssl .SSLSocket ;
50- import javax .net .ssl .TrustManager ;
51- import javax .net .ssl .X509TrustManager ;
5236
5337/** Implementation of HttpClient that makes http requests. */
5438public class HttpClientImpl implements HttpClient {
@@ -57,7 +41,7 @@ public class HttpClientImpl implements HttpClient {
5741 private static final Logger logger = LoggerFactory .getLogger (HttpClientImpl .class );
5842
5943 /** client used for all http requests. */
60- private DefaultHttpClient defaultHttpClient = makeHttpClient ();
44+ private DefaultHttpClient defaultHttpClient = new DefaultHttpClient ();
6145
6246 /** See org.opencastproject.kernel.http.api.HttpClient */
6347 @ Override
@@ -83,123 +67,4 @@ public ClientConnectionManager getConnectionManager() {
8367 return defaultHttpClient .getConnectionManager ();
8468 }
8569
86- /**
87- * Creates a new client that can deal with all kinds of oddities with regards to http/https connections.
88- *
89- * @return the client
90- */
91- private DefaultHttpClient makeHttpClient () {
92-
93- DefaultHttpClient defaultHttpClient = new DefaultHttpClient ();
94- try {
95- logger .debug ("Installing forgiving hostname verifier and trust managers" );
96- X509TrustManager trustManager = createTrustManager ();
97- X509HostnameVerifier hostNameVerifier = createHostNameVerifier ();
98- SSLContext sslContext = SSLContext .getInstance ("TLS" );
99- sslContext .init (null , new TrustManager [] { trustManager }, new SecureRandom ());
100- SSLSocketFactory ssf = new SSLSocketFactory (sslContext , hostNameVerifier );
101- ClientConnectionManager ccm = defaultHttpClient .getConnectionManager ();
102- SchemeRegistry sr = ccm .getSchemeRegistry ();
103- sr .register (new Scheme ("https" , 443 , ssf ));
104- } catch (NoSuchAlgorithmException e ) {
105- logger .error ("Error creating context to handle TLS connections: {}" , e .getMessage ());
106- } catch (KeyManagementException e ) {
107- logger .error ("Error creating context to handle TLS connections: {}" , e .getMessage ());
108- }
109-
110- return defaultHttpClient ;
111- }
112-
113- /**
114- * Returns a new trust manager which will be in charge of checking the SSL certificates that are being presented by
115- * SSL enabled hosts.
116- *
117- * @return the trust manager
118- */
119- private X509TrustManager createTrustManager () {
120- X509TrustManager trustManager = new X509TrustManager () {
121-
122- /**
123- * {@InheritDoc}
124- *
125- * @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)
126- */
127- public void checkClientTrusted (X509Certificate [] xcs , String string ) throws CertificateException {
128- logger .trace ("Skipping trust check on client certificate {}" , string );
129- }
130-
131- /**
132- * {@InheritDoc}
133- *
134- * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)
135- */
136- public void checkServerTrusted (X509Certificate [] xcs , String string ) throws CertificateException {
137- logger .trace ("Skipping trust check on server certificate {}" , string );
138- }
139-
140- /**
141- * {@InheritDoc}
142- *
143- * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
144- */
145- public X509Certificate [] getAcceptedIssuers () {
146- logger .trace ("Returning empty list of accepted issuers" );
147- return null ;
148- }
149-
150- };
151-
152- return trustManager ;
153- }
154-
155- /**
156- * Creates a host name verifier that will make sure the SSL host's name matches the name in the SSL certificate.
157- *
158- * @return the host name verifier
159- */
160- private X509HostnameVerifier createHostNameVerifier () {
161- X509HostnameVerifier verifier = new X509HostnameVerifier () {
162-
163- /**
164- * {@InheritDoc}
165- *
166- * @see org.apache.http.conn.ssl.X509HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSocket)
167- */
168- public void verify (String host , SSLSocket ssl ) throws IOException {
169- logger .trace ("Skipping SSL host name check on {}" , host );
170- }
171-
172- /**
173- * {@InheritDoc}
174- *
175- * @see org.apache.http.conn.ssl.X509HostnameVerifier#verify(java.lang.String, java.security.cert.X509Certificate)
176- */
177- public void verify (String host , X509Certificate xc ) throws SSLException {
178- logger .trace ("Skipping X509 certificate host name check on {}" , host );
179- }
180-
181- /**
182- * {@InheritDoc}
183- *
184- * @see org.apache.http.conn.ssl.X509HostnameVerifier#verify(java.lang.String, java.lang.String[],
185- * java.lang.String[])
186- */
187- public void verify (String host , String [] cns , String [] subjectAlts ) throws SSLException {
188- logger .trace ("Skipping DNS host name check on {}" , host );
189- }
190-
191- /**
192- * {@InheritDoc}
193- *
194- * @see javax.net.ssl.HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSession)
195- */
196- public boolean verify (String host , SSLSession ssl ) {
197- logger .trace ("Skipping SSL session host name check on {}" , host );
198- return true ;
199- }
200- };
201-
202- return verifier ;
203- }
204-
20570}
0 commit comments