Need to ignore certificate when using restTemplate

I am trying to send a request to following address. The certificate is not valid and I would like to ignore it. I wrote following code based on my research on 1, 2 but I am not able to complete it. I am using Java 1.7,

https://api.stubhubsandbox.com/search/catalog/events/v3 

Code

private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{     new X509TrustManager() {         public java.security.cert.X509Certificate[] getAcceptedIssuers(){             return null;         }         public void checkClientTrusted( X509Certificate[] certs, String authType ){}         public void checkServerTrusted( X509Certificate[] certs, String authType ){}         public void checkClientTrusted(                 java.security.cert.X509Certificate[] arg0, String arg1)                 throws CertificateException {             // TODO Auto-generated method stub          }         public void checkServerTrusted(                 java.security.cert.X509Certificate[] arg0, String arg1)                 throws CertificateException {             // TODO Auto-generated method stub          }     } };  public static void main(String[] args) {     TrustStrategy acceptingTrustStrategy =       SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()             .loadTrustMaterial(null, acceptingTrustStrategy)             .build();      SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);      CloseableHttpClient httpClient = HttpClients.custom()             .setSSLSocketFactory(csf)             .build();      HttpComponentsClientHttpRequestFactory requestFactory =             new HttpComponentsClientHttpRequestFactory();      requestFactory.setHttpClient(httpClient);      RestTemplate restTemplate = new RestTemplate(requestFactory);     String url = "https://api.stubhubsandbox.com/search/catalog/events/v3";     RestTemplate rest = new RestTemplate();     Map<String, String> mvm = new HashMap<String, String>();     mvm.put("Authorization", "Bearer TOKEEEEEEEN");     Object object = rest.postForObject(url, null, Object.class, mvm);     System.err.println("done");   } 

3 Answers

Answers 1

As you may have noticed, Spring's RestTemplate delegates all the HTTP(S) related stuff to the underlying implementation of ClientHttpRequestFactory. Since you're using the HttpClient-based implementation, here are a couple of useful SO links on how to achieve this for the internal HttpClient:

• Ignoring SSL certificate in Apache HttpClient 4.3
• How to ignore SSL certificate errors in Apache HttpClient 4.0

Apparently, since version 4.4, this can be done as:

CloseableHttpClient httpClient = HttpClients.custom().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build(); 

Answers 2

Not sure if things have changed after jdk6, but last time I was trying to do this we needed to import the SSL certificate to the keystore of the JAVA_HOME used to run the programs utilizing the trusted ssl.

First, you will need to export the certificate to a file. In windows, you can use any browser to save the SSL certificate to your personal certificates store and then run mmc, add certificates snapin (File/Add Remove Snapin) and save the certificate to disk.

Then you need to import the certificate to trusted domain cacerts using the keytool. But you need to import it to the keystore that your java_home uses when running your programs above.

The command below will add certificate file "mycertificate.cer" to keystore in file "cacerts.jks". The alias is "webservice" :

"%JAVA_HOME%\bin\keytool" -import -trustcacerts -alias webservice -file mycertificate.cer -keystore cacerts.jks 

Usually, the Keystore password is "changeit", no quotes. Change it for production use

Answers 3

To bypass SSL checks in several spring projects I always re-use a SSLUtils class I wrote (or found) some time ago in conjunction with spring's RestTemplate. Using the class provided below you just need to call the static method SSLUtils.turnOffSslChecking() before you send your request.

import javax.net.ssl.*; import java.security.*; import java.security.cert.CertificateException; import java.security.cert.X509Certificate;  public final class SSLUtil{      static {         //for localhost testing only         javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(         new javax.net.ssl.HostnameVerifier(){              public boolean verify(String hostname,                     javax.net.ssl.SSLSession sslSession) {                 if (hostname.equals("localhost")) {                     return true;                 }                 return false;             }         });     }      private static final TrustManager[] UNQUESTIONING_TRUST_MANAGER = new TrustManager[]{             new X509TrustManager() {                 public java.security.cert.X509Certificate[] getAcceptedIssuers(){                     return null;                 }                 public void checkClientTrusted( X509Certificate[] certs, String authType ){}                 public void checkServerTrusted( X509Certificate[] certs, String authType ){}             }         };      public  static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {         // Install the all-trusting trust manager         final SSLContext sc = SSLContext.getInstance("SSL");         sc.init( null, UNQUESTIONING_TRUST_MANAGER, null );         HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());     }      public static void turnOnSslChecking() throws KeyManagementException, NoSuchAlgorithmException {         // Return it to the initial state (discovered by reflection, now hardcoded)         SSLContext.getInstance("SSL").init( null, null, null );     }      private SSLUtil(){         throw new UnsupportedOperationException( "Do not instantiate libraries.");     } } 

Give it a try. Hope this works and turns out as an easy solution for you.

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati