use sslcontext-kickstart to create ssl factory

2022-01-02 20:54:28 +01:00
parent b3dd6acfe6
commit 089be99287
2 changed files with 32 additions and 58 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -538,6 +538,11 @@
 			<artifactId>gwt-servlet</artifactId>
 			<version>2.9.0</version>
 		</dependency>
 		<dependency>
 			<groupId>io.github.hakky54</groupId>
 			<artifactId>sslcontext-kickstart</artifactId>
 			<version>7.2.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.google.apis</groupId>
--- a/src/main/java/com/commafeed/backend/HttpGetter.java
+++ b/src/main/java/com/commafeed/backend/HttpGetter.java
@@ -1,20 +1,9 @@
 package com.commafeed.backend;
 import java.io.IOException;
 import java.security.SecureRandom;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import javax.inject.Inject;
 import javax.inject.Singleton;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -34,7 +23,6 @@ import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.client.protocol.HttpClientContext;
 import org.apache.http.config.ConnectionConfig;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
@@ -42,11 +30,14 @@ import org.apache.http.util.EntityUtils;
 import com.commafeed.CommaFeedConfiguration;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import nl.altindag.ssl.SSLFactory;
 /**
 * Smart HTTP getter: handles gzip, ssl, last modified and etag headers
- * 
+ *
 */
@Slf4j
@Singleton
 public class HttpGetter {
@@ -56,15 +47,7 @@ public class HttpGetter {
 	private static final HttpResponseInterceptor REMOVE_INCORRECT_CONTENT_ENCODING = new ContentEncodingInterceptor();
-	private static SSLContext SSL_CONTEXT = null;
+	private static final SSLFactory SSL_FACTORY = SSLFactory.builder().withUnsafeTrustMaterial().withUnsafeHostnameVerifier().build();
 	static {
 		try {
 			SSL_CONTEXT = SSLContext.getInstance("TLS");
 			SSL_CONTEXT.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
 		} catch (Exception e) {
 			log.error("Could not configure ssl context");
 		}
 	}
 	private String userAgent;
@@ -81,7 +64,7 @@ public class HttpGetter {
 	}
 	/**
-	 * 
+	 *
 	 * @param url
 	 *            the url to retrive
 	 * @param lastModified
@@ -94,8 +77,8 @@ public class HttpGetter {
 	 * @throws NotModifiedException
 	 *             if the url hasn't changed since we asked for it last time
 	 */
-	public HttpResult getBinary(String url, String lastModified, String eTag, int timeout) throws ClientProtocolException, IOException,
+	public HttpResult getBinary(String url, String lastModified, String eTag, int timeout)
-			NotModifiedException {
+			throws ClientProtocolException, IOException, NotModifiedException {
 		HttpResult result = null;
 		long start = System.currentTimeMillis();
@@ -171,25 +154,14 @@ public class HttpGetter {
 		return result;
 	}
 	@Getter
 	@RequiredArgsConstructor
 	public static class HttpResult {
 		private final byte[] content;
 		private final String contentType;
 		private final String lastModifiedSince;
 		private final String eTag;
 		private final long duration;
 		private final String urlAfterRedirect;
 	}
 	public static CloseableHttpClient newClient(int timeout) {
 		HttpClientBuilder builder = HttpClients.custom();
 		builder.useSystemProperties();
 		builder.addInterceptorFirst(REMOVE_INCORRECT_CONTENT_ENCODING);
 		builder.disableAutomaticRetries();
-		builder.setSSLContext(SSL_CONTEXT);
+		builder.setSSLContext(SSL_FACTORY.getSslContext());
-		builder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
+		builder.setSSLHostnameVerifier(SSL_FACTORY.getHostnameVerifier());
 		RequestConfig.Builder configBuilder = RequestConfig.custom();
 		configBuilder.setCookieSpec(CookieSpecs.IGNORE_COOKIES);
@@ -203,6 +175,13 @@ public class HttpGetter {
 		return builder.build();
 	}
 	public static void main(String[] args) throws Exception {
 		CommaFeedConfiguration config = new CommaFeedConfiguration();
 		HttpGetter getter = new HttpGetter(config);
 		HttpResult result = getter.getBinary("https://sourceforge.net/projects/mpv-player-windows/rss", 30000);
 		System.out.println(new String(result.content));
 	}
 	public static class NotModifiedException extends Exception {
 		private static final long serialVersionUID = 1L;
@@ -212,25 +191,15 @@ public class HttpGetter {
 	}
-	private static class DefaultTrustManager implements X509TrustManager {
+	@Getter
-		@Override
+	@RequiredArgsConstructor
-		public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+	public static class HttpResult {
-		}
+		private final byte[] content;
-
+		private final String contentType;
-		@Override
+		private final String lastModifiedSince;
-		public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+		private final String eTag;
-		}
+		private final long duration;
-
+		private final String urlAfterRedirect;
 		@Override
 		public X509Certificate[] getAcceptedIssuers() {
 			return null;
 		}
 	}
 	public static void main(String[] args) throws Exception {
 		CommaFeedConfiguration config = new CommaFeedConfiguration();
 		HttpGetter getter = new HttpGetter(config);
 		HttpResult result = getter.getBinary("https://sourceforge.net/projects/mpv-player-windows/rss", 30000);
 		System.out.println(new String(result.content));
 	}
 }