djangid / rest-assured

Automatically exported from code.google.com/p/rest-assured
0 stars 0 forks source link

Better support for self signed certificates #182

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. test an ssl connection with a self signed certificate (no hostname specified)
2.
3.

What is the expected output? What do you see instead?
I would like to be able to do this but am prevented to because I cannot specify 
the default host name verifier

What version of the product are you using? On what operating system?
1.6.2 (windows)

Please provide any additional information below.

I would like something like this to work. Many thanks!

        /*
         * The following code basically nullifies all SSL checks - this is not recommended to be copied without thought
         * of the consequences!! Sadly rest assured ignores all this so we may well have to ditch rest assured
         */

        TrustManager[] certs = new TrustManager[]
        { new X509TrustManager()
        {
            @Override
            public X509Certificate[] getAcceptedIssuers()
            {
                return null;
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
            {
            }

            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
            {
            }
        } };
        SSLContext ctx = null;
        try
        {
            ctx = SSLContext.getInstance("TLS");
            ctx.init(null, certs, new SecureRandom());
        }
        catch (java.security.GeneralSecurityException ex)
        {
        }

        if (ctx != null)
        {
            HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
        }

        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
        {
            public boolean verify(String hostname, SSLSession session)
            {
                return true;
            }
        });

Original issue reported on code.google.com by mjenk...@idbs.com on 29 Jun 2012 at 12:05

GoogleCodeExporter commented 8 years ago
Actually this should be an enhancement - sorry

Original comment by mjenk...@idbs.com on 29 Jun 2012 at 12:05

GoogleCodeExporter commented 8 years ago
And you just execute this before you make a request with HTTP Client and it 
should work?

Original comment by johan.ha...@gmail.com on 14 Jul 2012 at 6:54

GoogleCodeExporter commented 8 years ago
I just posted to the forum a HttpClient+Jetty sample that might help Johan 
implement this.  included in that post is a suggestion for how I think the API 
should work.  The forum post hasn't show up yet so I can't link it here.  I 
have however attached the sample.

Original comment by kmin...@gmail.com on 22 Oct 2012 at 1:17

Attachments:

GoogleCodeExporter commented 8 years ago
Also see https://github.com/jayway/rest-assured/pull/22

Original comment by webust...@gmail.com on 6 Dec 2013 at 2:20

GoogleCodeExporter commented 8 years ago
Great! I've now merged the pull request.

Original comment by johan.ha...@gmail.com on 7 Dec 2013 at 5:42

GoogleCodeExporter commented 8 years ago
I've actually modified the API (it's not backward compatible). You can now 
specify the host name verification check using "CertificateAuthSettings" that 
you may pass in to the "certificate" method. Please try this out and tell me if 
it works and if you like the API. Depend on version 2.0.2-SNAPSHOT after having 
added the following Maven repo:

<repositories>
        <repository>
            <id>sonatype</id>
            <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
            <snapshots />
        </repository>
</repositories>

Original comment by johan.ha...@gmail.com on 7 Dec 2013 at 7:03