Add ability to override the API hostname url (#38)

Author: Crim

src/main/java/com/darksci/pardot/api/Configuration.java

@@ -45,6 +45,13 @@ public class Configuration {
     private String pardotApiHost = "https://pi.pardot.com/api";
     private String pardotApiVersion = "3";
 
+    /**
+     * Optional setting to skip validating Pardot's SSL certificate.
+     * There should be no real valid use case for this option other then use against
+     * development environments.
+     */
+    private boolean ignoreInvalidSslCertificates = false;
+
     /**
      * Constructor.
      * @param email Pardot user's email address.
@@ -139,8 +146,9 @@ public String getPardotApiHost() {
         return pardotApiHost;
     }
 
-    public void setPardotApiHost(final String pardotApiHost) {
+    public Configuration setPardotApiHost(final String pardotApiHost) {
         this.pardotApiHost = pardotApiHost;
+        return this;
     }
 
     public String getPardotApiVersion() {
@@ -159,6 +167,20 @@ public void setApiKey(final String apiKey) {
         this.apiKey = apiKey;
     }
 
+    /**
+     * Skip all validation of SSL Certificates.  This is insecure and highly discouraged!
+     *
+     * @return Configuration instance.
+     */
+    public Configuration useInsecureSslCertificates() {
+        this.ignoreInvalidSslCertificates = true;
+        return this;
+    }
+
+    public boolean getIgnoreInvalidSslCertificates() {
+        return ignoreInvalidSslCertificates;
+    }
+
     @Override
     public String toString() {
         final StringBuilder stringBuilder = new StringBuilder("Configuration{")

src/main/java/com/darksci/pardot/api/PardotClient.java

@@ -102,8 +102,8 @@
 import com.darksci.pardot.api.request.prospect.ProspectUnassignRequest;
 import com.darksci.pardot.api.request.prospect.ProspectUpdateRequest;
 import com.darksci.pardot.api.request.prospect.ProspectUpsertRequest;
-import com.darksci.pardot.api.request.tag.TagReadRequest;
 import com.darksci.pardot.api.request.tag.TagQueryRequest;
+import com.darksci.pardot.api.request.tag.TagReadRequest;
 import com.darksci.pardot.api.request.tagobject.TagObjectQueryRequest;
 import com.darksci.pardot.api.request.tagobject.TagObjectReadRequest;
 import com.darksci.pardot.api.request.user.UserAbilitiesRequest;

src/main/java/com/darksci/pardot/api/request/tagobject/TagObjectQueryRequest.java

@@ -18,8 +18,6 @@
 package com.darksci.pardot.api.request.tagobject;
 
 import com.darksci.pardot.api.request.BaseQueryRequest;
-import com.darksci.pardot.api.request.DateParameter;
-import com.darksci.pardot.api.request.tag.TagQueryRequest;
 
 /**
  * Defines a TagObject Query Request.

src/main/java/com/darksci/pardot/api/rest/HttpClientRestClient.java

@@ -31,6 +31,7 @@
 import org.apache.http.client.entity.UrlEncodedFormEntity;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -40,10 +41,18 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 import java.io.IOException;
-import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -85,12 +94,32 @@ public void init(final Configuration configuration) {
         // Create default SSLContext
         final SSLContext sslcontext = SSLContexts.createDefault();
 
+        // Initialize ssl context with configured key and trust managers.
+        try {
+            sslcontext.init(new KeyManager[0], getTrustManagers(), new SecureRandom());
+        } catch (final KeyManagementException exception) {
+            throw new RuntimeException(exception.getMessage(), exception);
+        }
+
+        // Create hostname verifier instance.
+        final HostnameVerifier hostnameVerifier;
+        // Emit an warning letting everyone know we're using an insecure configuration.
+        if (configuration.getIgnoreInvalidSslCertificates()) {
+            logger.warn("Using insecure configuration, skipping server-side certificate validation checks.");
+
+            // If we're configured to ignore invalid certificates, use the Noop verifier.
+            hostnameVerifier = NoopHostnameVerifier.INSTANCE;
+        } else {
+            // Use default implementation
+            hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
+        }
+
         // Allow TLSv1_1 and TLSv1_2 protocols
         final LayeredConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
             sslcontext,
             new String[] { "TLSv1.1", "TLSv1.2" },
             null,
-            SSLConnectionSocketFactory.getDefaultHostnameVerifier()
+            hostnameVerifier
         );
 
         // Setup client builder
@@ -136,6 +165,31 @@ public void init(final Configuration configuration) {
         httpClient = clientBuilder.build();
     }
 
+    /**
+     * Based on Client Configuration, construct TrustManager instances to use.
+     * @return Array of 0 or more TrustManager instances.
+     */
+    private TrustManager[] getTrustManagers() {
+        try {
+            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+
+            // If client configuration is set to ignore invalid certificates
+            if (configuration.getIgnoreInvalidSslCertificates()) {
+                // Initialize ssl context with a TrustManager instance that just accepts everything blindly.
+                // HIGHLY INSECURE / NOT RECOMMENDED!
+                return new TrustManager[]{ new NoopTrustManager() };
+
+                // If client configuration has a trust store defined.
+            } else {
+                // use default TrustManager instances
+                trustManagerFactory.init((KeyStore) null);
+                return trustManagerFactory.getTrustManagers();
+            }
+        } catch (final KeyStoreException | NoSuchAlgorithmException exception) {
+            throw new RuntimeException(exception.getMessage(), exception);
+        }
+    }
+
     @Override
     public void close() {
         if (httpClient != null) {

src/main/java/com/darksci/pardot/api/rest/NoopTrustManager.java

@@ -0,0 +1,39 @@
+/**
+ * Copyright 2017, 2018, 2019 Stephen Powis https://github.com/Crim/pardot-java-client
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+ * persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+ * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+ * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.darksci.pardot.api.rest;
+
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.X509Certificate;
+
+/**
+ * Implementation of TrustManager that blindly trusts all certificates with no validation or verification.
+ */
+class NoopTrustManager implements X509TrustManager {
+    @Override
+    public void checkClientTrusted(final X509Certificate[] x509Certificates, final String input) {
+    }
+
+    @Override
+    public void checkServerTrusted(final X509Certificate[] x509Certificates, final String input) {
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+    }
+}

src/test/java/com/darksci/pardot/api/PardotClientTest.java

@@ -157,6 +157,12 @@ public void setup() throws IOException {
             properties.getProperty("password"),
             properties.getProperty("user_key")
         );
+        if (properties.getProperty("api_host") != null) {
+            testConfig
+                .setPardotApiHost(properties.getProperty("api_host"))
+                .useInsecureSslCertificates();
+
+        }
         logger.info("Config: {}", testConfig);
 
         // Create client
@@ -269,7 +275,7 @@ public void campaignReadTest() throws IOException {
     public void campaignCreateTest() {
         // Define campaign
         final Campaign campaign = new Campaign();
-        campaign.setName("API Test Campaign " + System.currentTimeMillis());
+        campaign.setName("API 新　Test Campaign " + System.currentTimeMillis());
         campaign.setCost(31337);
 
         // Create request