Allow insecure HTTPS connection for Java JDK 11 HttpClient

by

As suggested already you need an SSLContext which ignores the bad certificates. The exact code which obtains the SSLContext in one of the links in the question should work by basically creating a null TrustManager which doesn’t look at the certs:

private static TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(
            java.security.cert.X509Certificate[] certs, String authType) {
        }
    }
};

public static  void main (String[] args) throws Exception {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, trustAllCerts, new SecureRandom());

    HttpClient client = HttpClient.newBuilder()
        .sslContext(sslContext)
        .build();

The problem with the above is obviously that server authentication is disabled completely for all sites. If there were only one bad certificate then you could import it into a keystore with:

keytool -importcert -keystore keystorename -storepass pass -alias cert -file certfile

and then initialize the SSLContext using an InputStream reading the keystore as follows:

char[] passphrase = ..
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(i, passphrase); // i is an InputStream reading the keystore

KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(ks, passphrase);

TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(ks);

sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

Either of the above solutions will work for a self-signed certificate. A third option is in the case where the server provides a valid, non self-signed certificate but for a host which does not match any of the names in the certificate it provides, then a system property “jdk.internal.httpclient.disableHostnameVerification” can be set to “true” and this will force the certificate to be accepted in the same way that the HostnameVerifier API was used previously. Note, that in normal deployments it isn’t expected that any of these mechanisms would be used, as it should be possible to automatically verify the certificate supplied by any correctly configured HTTPS server.

More Related Contents:

  1. Differences of components missing from OpenJDK-17 (Eclipse Temurin) which was present in OracleJDK-11 [closed]
  2. Run Java 8 code on JDK 11 – what might break? [closed]
  3. How to resolve java.lang.NoClassDefFoundError: javax/xml/bind/JAXBException
  4. IntelliJ can’t recognize JavaFX 11 with OpenJDK 11
  5. How to upload a file using Java HttpClient library working with PHP
  6. Unable to compile simple Java 10 / Java 11 project with Maven
  7. How can I get Java 11 run-time environment working since there is no more JRE 11 for download?
  8. How to add JavaFX runtime to Eclipse in Java 11?
  9. Java 11 package javax.xml.bind does not exist [duplicate]
  10. Unable to derive module descriptor: Provider {class X} not in module
  11. Unable to import org.openqa.selenium.WebDriver using Selenium and Java 11
  12. Minimum Spring version compatible with Java 11
  13. Does G1GC release back memory to the OS even if Xms = Xmx?
  14. Where is JRE 11? [duplicate]
  15. How to open JavaFX .jar file with JDK 11?
  16. How to use JDK without JRE in Java 11 [duplicate]
  17. Spring Boot 2.6.0 / Spring fox 3 – Failed to start bean ‘documentationPluginsBootstrapper’
  18. Difference between String trim() and strip() methods in Java 11
  19. Java 11 package javax.xml.soap does not exist [duplicate]
  20. What is the difference between JDK_JAVA_OPTIONS and JAVA_TOOL_OPTIONS when using Java 11?
  21. Running javafx sample on JDK 11 with OpenJFX 11 JMODS on Module Path
  22. The jdk.incubator.httpclient module not found in Java11
  23. Create Java DateTime Instant from microseconds
  24. Build and deploy javafx application using java11
  25. Iterate through a possibly infinite amount of nested ArrayLists
  26. Normalization in DOM parsing with java – how does it work?
  27. How can I get a list of all the implementations of an interface programmatically in Java?
  28. What’s the difference between a System property and environment variable
  29. Array List of objects via intent
  30. how to print selected rows JTable

Leave a Comment