Merge pull request #4115 from wsargent/ws-move-acceptanycert-to-loose

Move acceptAnyCertificate

documentation/manual/detailedTopics/configuration/ws/LooseSSL.md

@@ -16,7 +16,7 @@ The information security community is very well aware of how insecure most inter
 
 The average company can expect to have seven or eight [Man in the Middle](https://sites.google.com/site/cse825maninthemiddle/) attacks a year.  In some cases, up to 300,000 users can be compromised [over several months](https://security.stackexchange.com/questions/12041/are-man-in-the-middle-attacks-extremely-rare).
 
-### Attackers have a suite of tools that automatically exploit flaws 
+### Attackers have a suite of tools that automatically exploit flaws
 
 The days of the expert hacker are over.  Most security professionals use automated linux environments such as Kali Linux to do penetration testing, packed with hundreds of tools to check for exploits.  A video of [Cain & Abel](https://www.youtube.com/watch?v=pfHsRscy540) shows passwords being compromised in less than 20 seconds.
 
@@ -26,7 +26,7 @@ Hackers won't bother to see whether something will "look encrypted" or not.  Ins
 
 More and more information flows through computers every day.  The public and the media are taking increasing notice of the possibility that their private communications can be intercepted.  Google, Facebook, Yahoo, and other leading companies have made secure communication a priority and have devoted millions to ensuring that [data cannot be read](https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what).
 
-### Ethernet / Password protected WiFi does not provide a meaningful level of security. 
+### Ethernet / Password protected WiFi does not provide a meaningful level of security.
 
 A networking auditing tool such as a [Wifi Pineapple](https://wifipineapple.com/) costs around $100, picks up all traffic sent over a wifi network, and is so good at intercepting traffic that people have turned it on and started [intercepting traffic accidentally](http://www.troyhunt.com/2013/04/the-beginners-guide-to-breaking-website.html).
 
@@ -66,10 +66,10 @@ Finally, here are the options themselves.
 If you've read the above and you still want to completely disable certificate verification, set the following;
 
 ```
-play.ws.acceptAnyCertificate=true
+play.ws.ssl.loose.acceptAnyCertificate=true
 ```
 
-With certificate verification completely disabled, you are vulnerable to attack from anyone on the network using a tool such as [mitmproxy](http://mitmproxy.org/). 
+With certificate verification completely disabled, you are vulnerable to attack from anyone on the network using a tool such as [mitmproxy](http://mitmproxy.org/).
 
 ### Disabling Weak Ciphers Checking
 

documentation/manual/working/javaGuide/main/ws/code/javaguide/ws/JavaWS.java

@@ -174,8 +174,7 @@ public void clientExamples() {
                     true, // followRedirects
                     true, // useProxyProperties
                     noneString, // userAgent
-                    true, // compressionEnabled
-                    false, // acceptAnyCertificate
+                    true, // compressionEnabled / enforced
                     SSLConfigFactory.defaultConfig());
 
             NingWSClientConfig clientConfig = NingWSClientConfigFactory.forClientConfig(wsClientConfig);

framework/src/play-ws/src/main/resources/reference.conf

@@ -31,9 +31,6 @@ play {
     # Whether compression should be used on incoming and outgoing requests
     compressionEnabled = false
 
-    # Whether any certificate should be accepted or not
-    acceptAnyCertificate = false
-
     # ssl configuration
     ssl {
 
@@ -132,6 +129,9 @@ play {
 
         # Whether hostname verification should be disabled
         disableHostnameVerification = false
+
+        # Whether any certificate should be accepted or not
+        acceptAnyCertificate = false
       }
 
       # Debug configuration

framework/src/play-ws/src/main/scala/play/api/libs/ws/Config.scala

@@ -22,7 +22,6 @@ case class WSClientConfig(connectionTimeout: Duration = 2.minutes,
   useProxyProperties: Boolean = true,
   userAgent: Option[String] = None,
   compressionEnabled: Boolean = false,
-  acceptAnyCertificate: Boolean = false,
   ssl: SSLConfig = SSLConfig())
 
 /**
@@ -48,8 +47,6 @@ class WSConfigParser @Inject() (configuration: Configuration, environment: Envir
 
     val compressionEnabled = config.get[Boolean]("compressionEnabled")
 
-    val acceptAnyCertificate = config.get[Boolean]("acceptAnyCertificate")
-
     val sslConfig = new SSLConfigParser(config.get[PlayConfig]("ssl"), environment.classLoader).parse()
 
     WSClientConfig(
@@ -60,7 +57,6 @@ class WSConfigParser @Inject() (configuration: Configuration, environment: Envir
       useProxyProperties = useProxyProperties,
       userAgent = userAgent,
       compressionEnabled = compressionEnabled,
-      acceptAnyCertificate = acceptAnyCertificate,
       ssl = sslConfig)
   }
 }

framework/src/play-ws/src/main/scala/play/api/libs/ws/ning/NingConfig.scala

@@ -120,10 +120,6 @@ class NingAsyncHttpClientConfigBuilder(ningConfig: NingWSClientConfig = NingWSCl
 
     configureWS(ningConfig)
 
-    // acceptAnyCertificate is technically a "NingConfig" setting for SSL, but
-    // was added before the refactor.
-    builder.setAcceptAnyCertificate(config.acceptAnyCertificate)
-
     configureSSL(config.ssl)
 
     addCustomSettings(builder)
@@ -262,6 +258,8 @@ class NingAsyncHttpClientConfigBuilder(ningConfig: NingWSClientConfig = NingWSCl
     defaultParams.setCipherSuites(cipherSuites)
     builder.setEnabledCipherSuites(cipherSuites)
 
+    builder.setAcceptAnyCertificate(sslConfig.loose.acceptAnyCertificate)
+
     // Hostname Processing
     if (!sslConfig.loose.disableHostnameVerification) {
       val hostnameVerifier = buildHostnameVerifier(sslConfig)

framework/src/play-ws/src/main/scala/play/api/libs/ws/ssl/Config.scala

@@ -144,13 +144,15 @@ case class SSLDebugRecordOptions(plaintext: Boolean = false, packet: Boolean = f
  * @param allowUnsafeRenegotiation Whether unsafe renegotiation should be allowed or not. If None, uses the platform
  *                                 default.
  * @param disableHostnameVerification Whether hostname verification should be disabled.
+ * @param acceptAnyCertificate Whether any X.509 certificate should be accepted or not.
  */
 case class SSLLooseConfig(
   allowWeakCiphers: Boolean = false,
   allowWeakProtocols: Boolean = false,
   allowLegacyHelloMessages: Option[Boolean] = None,
   allowUnsafeRenegotiation: Option[Boolean] = None,
-  disableHostnameVerification: Boolean = false)
+  disableHostnameVerification: Boolean = false,
+  acceptAnyCertificate: Boolean = false)
 
 /**
  * The SSL configuration.
@@ -254,13 +256,15 @@ class SSLConfigParser(c: PlayConfig, classLoader: ClassLoader) {
     val allowMessages = config.getOptional[Boolean]("allowLegacyHelloMessages")
     val allowUnsafeRenegotiation = config.getOptional[Boolean]("allowUnsafeRenegotiation")
     val disableHostnameVerification = config.get[Boolean]("disableHostnameVerification")
+    val acceptAnyCertificate = config.get[Boolean]("acceptAnyCertificate")
 
     SSLLooseConfig(
       allowWeakCiphers = allowWeakCiphers,
       allowWeakProtocols = allowWeakProtocols,
       allowLegacyHelloMessages = allowMessages,
       allowUnsafeRenegotiation = allowUnsafeRenegotiation,
-      disableHostnameVerification = disableHostnameVerification
+      disableHostnameVerification = disableHostnameVerification,
+      acceptAnyCertificate = acceptAnyCertificate
     )
   }
 

framework/src/play-ws/src/test/scala/play/api/libs/ws/WSConfigParserSpec.scala

@@ -29,7 +29,6 @@ object WSConfigParserSpec extends Specification with NoTimeConversions {
                                 |play.ws.followRedirects = false
                                 |play.ws.useProxyProperties = false
                                 |play.ws.useragent = "FakeUserAgent"
-                                |play.ws.acceptAnyCertificate = true
                               """.stripMargin)
 
       actual.connectionTimeout must_== 9999.millis
@@ -43,9 +42,6 @@ object WSConfigParserSpec extends Specification with NoTimeConversions {
       actual.useProxyProperties must beFalse
 
       actual.userAgent must beSome.which(_ must_== "FakeUserAgent")
-
-      actual.acceptAnyCertificate must beTrue
-
     }
   }
 }

framework/src/play-ws/src/test/scala/play/api/libs/ws/ssl/SSLConfigParserSpec.scala

@@ -60,13 +60,15 @@ object SSLConfigParserSpec extends Specification {
                                 | allowWeakCiphers = true
                                 | allowWeakProtocols = true
                                 | disableHostnameVerification = true
+                                | acceptAnyCertificate = true
                                 |}
                               """.stripMargin)
       actual.loose.allowLegacyHelloMessages must beSome(true)
       actual.loose.allowUnsafeRenegotiation must beSome(true)
       actual.loose.allowWeakCiphers must beTrue
       actual.loose.allowWeakProtocols must beTrue
       actual.loose.disableHostnameVerification must beTrue
+      actual.loose.acceptAnyCertificate must beTrue
     }
 
     "say debug is disabled if all debug is disabled" in new WithApplication() {