Commit bb753be5 authored by j.hoerdt's avatar j.hoerdt
Browse files

disable hostname verification programmatically for a single client that only...

disable hostname verification programmatically for a single client that only trusts a specific self signed cert
add dependency okhttp because it supports custom hostname verifiers unlike java.net.http
parent 16c41a10
......@@ -5,21 +5,22 @@ plugins {
}
repositories {
jcenter()
mavenCentral()
}
dependencies {
testImplementation 'junit:junit:4.12'
implementation 'org.neo4j.driver:neo4j-java-driver:4.2.1'
implementation 'com.google.code.gson:gson:2.8.6'
implementation 'com.squareup.okhttp3:okhttp:4.9.1'
}
mainClassName = 'sensor2graph.Main'
mainClassName = 'sensor2graph.handle.Session'
jar {
manifest {
attributes 'Main-Class': 'sensor2graph.Main'
attributes 'Main-Class': 'sensor2graph.handle.Session'
}
from {
configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
......
// package sensor2graph.handle;
package sensor2graph.handle;
import java.io.*;
import java.net.*;
import java.time.Duration;
import javax.net.ssl.*;
import java.security.*;
import java.security.cert.*;
import java.net.http.*;
import java.net.http.HttpRequest.BodyPublishers;
import java.net.http.HttpResponse.BodyHandlers;
import okhttp3.*;
public class Session {
private static TrustManager[] get_trust_managers() throws Exception {
var server_self_signed_certificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream("server_cert"));
var server_self_signed_certificate = CertificateFactory.getInstance("X.509")
.generateCertificate(new FileInputStream("server_cert"));
var server_cert_public_key_store = KeyStore.getInstance(KeyStore.getDefaultType());
server_cert_public_key_store.load(null, null);
......@@ -32,26 +31,40 @@ public class Session {
return key_manager_factory.getKeyManagers();
}
public static HostnameVerifier allowAllHostNames() {
return (hostname, sslSession) -> true;
}
public static void main(String[] args) throws Exception {
var trust_managers = get_trust_managers();
var trust_self_signed_cert_and_provide_client_cert = SSLContext.getInstance("TLS");
trust_self_signed_cert_and_provide_client_cert.init(get_key_managers(), get_trust_managers(), null);
var client = HttpClient.newBuilder().sslContext(trust_self_signed_cert_and_provide_client_cert).connectTimeout(Duration.ofSeconds(20)).build();
trust_self_signed_cert_and_provide_client_cert.init(get_key_managers(), trust_managers, null);
var challenge_request = HttpRequest.newBuilder(URI.create("https://vm13.pid.gwdg.de:8000/api/handles?prefix=21.11138"))
var client = new OkHttpClient.Builder()
.sslSocketFactory(trust_self_signed_cert_and_provide_client_cert.getSocketFactory(), (X509TrustManager) trust_managers[0])
.hostnameVerifier(allowAllHostNames())
.connectTimeout(Duration.ofSeconds(20))
.build();
Request request = new Request.Builder()
.url("https://vm13.pid.gwdg.de:8000/api/handles?prefix=21.11138")
.post(RequestBody.create(null, new byte[0]))
.header("Accept", "application/json")
.header("Authorization", "Handle clientCert=\"true\"")
.method("POST", BodyPublishers.noBody()).build();
.build();
try (Response response = client.newCall(request).execute()) {
System.out.println(response.body().string() + response.code());
}
var challenge = client.send(challenge_request, BodyHandlers.ofString());
// var challenge = client.send(challenge_request, BodyHandlers.ofString());
System.out.println(challenge.body() + challenge.statusCode());
// System.out.println(challenge.body() + challenge.statusCode());
// if (challenge.statusCode() != 201) {
// throw new Exception("server send status code " + challenge.statusCode() + " instead of 201");
// }
// new Gson().fromJson(response_body, JsonObject.class).get("epic-pid").getAsString();
}
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment