Below is a unit test that attempts to use the "SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER" option. It never works and the wire level debug indicates that HC is always using "BrowserCompatHostnameVerifier" instead. Can someone explain why or where my code is incorrect?
WIRE LEVEL DEBUG I/O =================== 12-16 10:01:42.873|INFO |main |gws-unit-test |n.common.AllowAllIssue.main(AllowAllIssue.java:68)|unit test started. 12-16 10:01:42.878|INFO |main |gws-unit-test |n.common.AllowAllIssue.main(AllowAllIssue.java:74)|creating http method... 12-16 10:01:42.893|INFO |main |gws-unit-test |n.common.AllowAllIssue.main(AllowAllIssue.java:84)|creating http client... 12-16 10:01:42.986|INFO |main |gws-unit-test |.common.AllowAllIssue.main(AllowAllIssue.java:110)|creating http context... 12-16 10:01:43.004|INFO |main |gws-unit-test |.common.AllowAllIssue.main(AllowAllIssue.java:123)|invoking: https://pkeyes668377:8443/block/ct-env/all/tp-haws_sys_svcs/tx-sync/alert?durMins=2 12-16 10:01:43.025|DEBUG|main | |uestAddCookies.process(RequestAddCookies.java:122)|CookieSpec selected: best-match 12-16 10:01:43.045|DEBUG|main | |nection(BasicHttpClientConnectionManager.java:246)|Get connection for route {s}->https://pkeyes668377:8443 12-16 10:01:43.074|DEBUG|main | |in.MainClientExec.execute(MainClientExec.java:217)|Opening connection {s}->https://pkeyes668377:8443 12-16 10:01:43.082|DEBUG|main | |tor.connect(HttpClientConnectionOperator.java:122)|Connecting to pkeyes668377/127.0.0.1:8443 12-16 10:01:43.528|DEBUG|main | |utdown(LoggingManagedHttpClientConnection.java:87)|http-outgoing-0: Shutdown connection 12-16 10:01:43.528|DEBUG|main | |nHolder.abortConnection(ConnectionHolder.java:126)|Connection discarded 12-16 10:01:43.529|DEBUG|main | |nection(BasicHttpClientConnectionManager.java:269)|Releasing connection [Not bound] 12-16 10:01:43.529|FATAL|main |gws-unit-test |.common.AllowAllIssue.main(AllowAllIssue.java:133)|service exec failed: err=javax.net.ssl.SSLException: hostname in certificate didn't match: <pkeyes668377> != <localhost> javax.net.ssl.SSLException: hostname in certificate didn't match: <pkeyes668377> != <localhost> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:159) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:301) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:291) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:318) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[apache-httpclient-4.3.6.jar:4.3.6] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[apache-httpclient-4.3.6.jar:4.3.6] at com.sbux.ws.admin.common.AllowAllIssue.main(AllowAllIssue.java:124) [classes/:?] 12-16 10:01:43.535|INFO |main |gws-unit-test |.common.AllowAllIssue.main(AllowAllIssue.java:141)|unit test complete. JAVA UNIT TEST CODE ================== package com.sbux.ws.admin.common; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.URL; import java.util.ArrayList; import java.util.List; import javax.net.ssl.SSLContext; import javax.ws.rs.core.MediaType; import org.apache.http.HttpHost; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.AuthCache; import org.apache.http.client.CredentialsProvider; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.HttpPut; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.protocol.HttpClientContext; import org.apache.http.client.utils.URIBuilder; import org.apache.http.config.ConnectionConfig; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.SSLContexts; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.auth.BasicScheme; import org.apache.http.impl.client.BasicAuthCache; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.BasicHttpClientConnectionManager; import org.apache.http.message.BasicNameValuePair; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.apache.logging.log4j.Marker; import org.apache.logging.log4j.MarkerManager; public class AllowAllIssue { private static final Logger log = LogManager.getLogger(GWSUnitTestContext.class); private static final Marker gMarker = MarkerManager.getMarker("gws-unit-test"); public static void main(String args[]) throws Exception { System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "DEBUG"); // v3.1 System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http", "DEBUG"); // v4.x System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "DEBUG"); // v3.1 System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire", "DEBUG"); // v4.x System.setProperty("log4j.logger.httpclient.wire", "DEBUG"); System.setProperty("log4j.logger.org.apache.commons.httpclient", "DEBUG"); System.setProperty("javax.net.ssl.keyStore", "/opt/gsit/tomee/gsit-keystore/gws-cacerts.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); System.setProperty("javax.net.ssl.trustStore", "/opt/gsit/tomee/gsit-keystore/gws-cacerts.jks"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); org.apache.logging.log4j.core.config.Configurator.initialize("basic", null, "/opt/gsit/tomee/tomee-lib/log4j2.xml"); final BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in)); System.out.print("enter http user: "); System.out.flush(); String user = stdin.readLine(); System.out.print("enter http pass: "); System.out.flush(); String pass = stdin.readLine(); System.out.print("enter http host: "); System.out.flush(); String host = stdin.readLine(); System.out.println("\n\n\n"); final BasicHttpClientConnectionManager basicHttpConnMgr = new BasicHttpClientConnectionManager(); final int portNo = 8443; final String hostAndPortNo = "https://"; + host + ":" + portNo; log.info(gMarker, "unit test started."); HttpRequestBase method; CloseableHttpClient httpClient = null; HttpClientContext httpContext; HttpResponse rsp=null; try { log.info(gMarker, "creating http method..."); URL url = new URL(hostAndPortNo + "/block/ct-env/all/tp-haws_sys_svcs/tx-sync/alert"); method = new HttpPut(url.toString()); method.setHeader("Accept", MediaType.APPLICATION_XML); final List<NameValuePair> queryParams = new ArrayList<>(); queryParams.add(new BasicNameValuePair("durMins", "2")); method.setURI( new URIBuilder(method.getURI()).addParameters(queryParams).build() ); log.info(gMarker, "creating http client..."); final RequestConfig requestConfig = RequestConfig.custom() .setAuthenticationEnabled(true) .setRedirectsEnabled(true) .build() ; final SSLContext sslContext = SSLContexts.custom() .useTLS() .loadTrustMaterial(null, new TrustSelfSignedStrategy()) .build() ; final SSLConnectionSocketFactory sslConnFactory = new SSLConnectionSocketFactory( sslContext , SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER ); final HttpClientBuilder builder = HttpClients.custom() .setDefaultConnectionConfig(ConnectionConfig.DEFAULT) .setDefaultRequestConfig(requestConfig) .setConnectionManager(basicHttpConnMgr) .setSslcontext(sslContext) .setSSLSocketFactory(sslConnFactory) .setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) ; httpClient = builder.build(); log.info(gMarker, "creating http context..."); httpContext = HttpClientContext.create(); final HttpHost httpHost = new HttpHost(host); final AuthScope authScope = new AuthScope(host, portNo); final UsernamePasswordCredentials basic = new UsernamePasswordCredentials(user, pass); final CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(authScope, basic); httpContext.setCredentialsProvider(credsProvider); final AuthCache authCache = new BasicAuthCache(); final BasicScheme basicScheme = new BasicScheme(); authCache.put(httpHost, basicScheme); httpContext.setAuthCache(authCache); log.info(gMarker, "invoking: " + method.getURI().toString()); rsp = httpClient.execute(method, httpContext); log.info(gMarker, "service exec success:" + " s-code=" + rsp.getStatusLine().getStatusCode() + "; re=" + rsp.getStatusLine().getReasonPhrase() + "\n" + rsp.getEntity().toString() ); } catch(Throwable t) { log.fatal(gMarker, "service exec failed: err=" + t, t); } finally { try { rsp.getEntity().getContent().close(); } catch(Throwable t) {} try { httpClient.close(); } catch(Throwable t) {} try { basicHttpConnMgr.shutdown(); } catch(Throwable t) {} } log.info(gMarker, "unit test complete."); System.exit(0); } } -- Pete Keyes Starbucks Coffee Co.
