From 977135f9202bfa713f8f46a313d0b20b3dc90234 Mon Sep 17 00:00:00 2001 From: anmoldeep0123 Date: Sat, 24 Jul 2021 03:46:22 +0530 Subject: [PATCH] BAEL-4456 | Trusting a Self-Signed Cert in OkHTTP (#11065) * BAEL-4220 | A Guide to IllegalAccessError and when it happens * BAEL-4220 | A Guide to IllegalAccessError and when it happens | fix tests * BAEL-4220 | A Guide to IllegalAccessError and when it happens | fix tests * BAEL-4220 | A Guide to IllegalAccessError and when it happens | BDD test names * BAEL-4494 | .toArray(new MyClass[0]) or .toArray(new MyClass[myList.size()])? * BAEL-4494 | .toArray(new MyClass[0]) or .toArray(new MyClass[myList.size()])? * BAEL-4933 | Differences between static classes and the singleton pattern in Java * BAEL-4456 | Trusting a Self-Signed Cert in OkHTTP Co-authored-by: root --- .../test/java/com/baeldung/okhttp/Consts.java | 5 + .../ssl/OkHttpSSLSelfSignedCertLiveTest.java | 108 ++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 libraries-http-2/src/test/java/com/baeldung/okhttp/Consts.java create mode 100644 libraries-http-2/src/test/java/com/baeldung/okhttp/ssl/OkHttpSSLSelfSignedCertLiveTest.java diff --git a/libraries-http-2/src/test/java/com/baeldung/okhttp/Consts.java b/libraries-http-2/src/test/java/com/baeldung/okhttp/Consts.java new file mode 100644 index 0000000000..3e0c47f793 --- /dev/null +++ b/libraries-http-2/src/test/java/com/baeldung/okhttp/Consts.java @@ -0,0 +1,5 @@ +package com.baeldung.okhttp; + +public interface Consts { + int SSL_APPLICATION_PORT = 8443; +} \ No newline at end of file diff --git a/libraries-http-2/src/test/java/com/baeldung/okhttp/ssl/OkHttpSSLSelfSignedCertLiveTest.java b/libraries-http-2/src/test/java/com/baeldung/okhttp/ssl/OkHttpSSLSelfSignedCertLiveTest.java new file mode 100644 index 0000000000..3e7fad2a29 --- /dev/null +++ b/libraries-http-2/src/test/java/com/baeldung/okhttp/ssl/OkHttpSSLSelfSignedCertLiveTest.java @@ -0,0 +1,108 @@ +package com.baeldung.okhttp.ssl; + +import static com.baeldung.okhttp.Consts.SSL_APPLICATION_PORT; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.cert.CertificateException; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLPeerUnverifiedException; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import org.junit.Before; +import org.junit.Test; + +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; + +/** + * Execute spring-security-web-boot-2 module before running this live test + * @see com.baeldung.ssl.HttpsEnabledApplication + */ +public class OkHttpSSLSelfSignedCertLiveTest { + + private final String HTTPS_WELCOME_URL = "https://localhost:" + SSL_APPLICATION_PORT + "/welcome"; + + private OkHttpClient.Builder builder; + + @Before + public void init() { + builder = new OkHttpClient.Builder(); + } + + @Test(expected = SSLHandshakeException.class) + public void whenHTTPSSelfSignedCertGET_thenException() throws IOException { + builder.build() + .newCall(new Request.Builder().url(HTTPS_WELCOME_URL) + .build()) + .execute(); + } + + @Test(expected = SSLPeerUnverifiedException.class) + public void givenTrustAllCerts_whenHTTPSSelfSignedCertGET_thenException() throws GeneralSecurityException, IOException { + final TrustManager TRUST_ALL_CERTS = new X509TrustManager() { + @Override + public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { + } + + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[] {}; + } + }; + final SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init(null, new TrustManager[] { TRUST_ALL_CERTS }, new java.security.SecureRandom()); + builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) TRUST_ALL_CERTS); + builder.build() + .newCall(new Request.Builder().url(HTTPS_WELCOME_URL) + .build()) + .execute(); + } + + @Test + public void givenTrustAllCertsSkipHostnameVerification_whenHTTPSSelfSignedCertGET_then200OK() throws GeneralSecurityException, IOException { + final TrustManager TRUST_ALL_CERTS = new X509TrustManager() { + @Override + public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { + } + + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[] {}; + } + }; + final SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init(null, new TrustManager[] { TRUST_ALL_CERTS }, new java.security.SecureRandom()); + builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) TRUST_ALL_CERTS); + builder.hostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + Response response = builder.build() + .newCall(new Request.Builder().url(HTTPS_WELCOME_URL) + .build()) + .execute(); + assertEquals(200, response.code()); + assertNotNull(response.body()); + assertEquals("

Welcome to Secured Site

", response.body() + .string()); + } +}