To bypass SSL certificate errors in Apache HttpClient 4.0, you can create a custom TrustManager that allows all certificates without validation, and then use it to create a custom SSLContext that is used by HttpClient.
Here is an example code to achieve this:
import javax.net.ssl.*;
public class SSLUtils {
public static SSLContext createEasySSLContext() throws IOException {
try {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[] { new EasyX509TrustManager(null) }, null);
return context;
} catch (Exception e) {
throw new IOException(e.getMessage());
}
}
public static SSLConnectionSocketFactory createSSLSocketFactory() throws IOException {
return new SSLConnectionSocketFactory(createEasySSLContext());
}
public static HttpClient createHttpClient() throws IOException {
return HttpClients.custom().setSSLSocketFactory(createSSLSocketFactory()).build();
}
private static class EasyX509TrustManager implements X509TrustManager {
private X509TrustManager standardTrustManager = null;
public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
super();
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
factory.init(keystore);
TrustManager[] trustmanagers = factory.getTrustManagers();
if (trustmanagers.length == 0) {
throw new NoSuchAlgorithmException("No trust manager found");
}
this.standardTrustManager = (X509TrustManager) trustmanagers[0];
}
public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
standardTrustManager.checkClientTrusted(certificates, authType);
}
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
if (certificates != null && certificates.length == 1) {
certificates[0].checkValidity();
} else {
standardTrustManager.checkServerTrusted(certificates, authType);
}
}
public X509Certificate[] getAcceptedIssuers() {
return this.standardTrustManager.getAcceptedIssuers();
}
}
}
You can then use this custom HttpClient to make HTTPS requests as follows:
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
public class Main {
public static void main(String[] args) throws Exception {
HttpClient client = SSLUtils.createHttpClient(); // create custom HttpClient
HttpGet request = new HttpGet("https://example.com");
client.execute(request); // make request using custom HttpClient
}
}
Note that bypassing SSL certificate errors is a security risk and should only be done in certain situations, such as testing or working with self-signed certificates in development environments. Ultimately, it is recommended to properly configure SSL certificates on your server rather than bypassing their validation.
Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss
Asked: 2023-06-10 20:33:42 +0000
Seen: 13 times
Last updated: Jun 10 '23
How can the rejection of the class text_plain from JavaMail API due to a VerifyError be confirmed?
What is the process for generating a dynamic subdomain/URL using vue.js?
How can the style of the loader be modified while the form submission is being processed?
I'm attempting to develop a Javascript-based comments section for my website.
What are some feasible methods to enable MIDI file playback on a web browser?
How can I resolve the issue of being unable to use Fetch to POST an array of Selected Checkboxes?
What is the method to hide the scroll button when reaching the bottom?