Merge pull request #157 from alexpogue/ssltoggle

Add toggle to allow bad SSL certificates to HTTP operators

Author: ddebrunner

com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/AbstractHTTPGetContent.java

@@ -47,6 +47,8 @@ public abstract class AbstractHTTPGetContent<A> extends
     protected int contentAttributeIndex;
 
     private Metric nFailedRequests;
+    
+    boolean acceptAllCertificates = false;
 
     public String getUrl() {
         return url;
@@ -62,6 +64,12 @@ public void setExtraHeaders(List<String> extraHeaders) {
     	this.extraHeaders = extraHeaders;
     }
 
+    @Parameter(optional = true, description = "Accept all SSL certificates, even those that are self-signed. " +
+			"Setting this option will allow potentially insecure connections. Default is false.")
+    public void setAcceptAllCertificates(boolean acceptAllCertificates) {
+        this.acceptAllCertificates = acceptAllCertificates;
+    }
+
     public Metric getnFailedRequests() {
         return nFailedRequests;
     }
@@ -81,7 +89,12 @@ public TupleAttribute<Tuple, A> getContentAttribute() {
     public synchronized void initialize(OperatorContext context)
             throws Exception {
         super.initialize(context);
-        client = new DefaultHttpClient();
+
+        if(acceptAllCertificates)
+        	client = HTTPUtils.getHttpClientWithNoSSLValidation();
+        else
+        	client = new DefaultHttpClient();
+        
         builder = new URIBuilder(getUrl());
         get = new HttpGet(builder.build());
         get.addHeader("Accept", acceptedContentTypes());

com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPPostOper.java

@@ -72,6 +72,7 @@ public class HTTPPostOper extends AbstractOperator
 	private List<String> authenticationProperties = new ArrayList<String>();
 
 	private String headerContentType = MIME_FORM;
+	private boolean acceptAllCertificates = false;
 
 	private List<String> extraHeaders = new ArrayList<String>();
 
@@ -111,10 +112,17 @@ public void setRetryDelay(double val) {
 	public void setHeaderContentType(String val) {
 		this.headerContentType = val;
 	}
-	@Parameter(optional=true, description="Extra headers to send with request, format is \\\"Header-Name: value\\\".")
+	@Parameter(optional=true,
+			description="Extra headers to send with request, format is \\\"Header-Name: value\\\".")
 	public void setExtraHeaders(List<String> val) {
 		this.extraHeaders = val;
 	}
+	@Parameter(optional=true, 
+			description="Accept all SSL certificates, even those that are self-signed. " +
+			"Setting this option will allow potentially insecure connections. Default is false.")
+	public void setAcceptAllCertificates(boolean val) {
+		this.acceptAllCertificates = val;
+	}
 
 	//consistent region checks
 	@ContextCheck(compile = true)
@@ -165,6 +173,7 @@ public synchronized void process(StreamingInput<Tuple> stream, Tuple tuple) thro
 		HTTPRequest req = new HTTPRequest(url);
 		req.setHeader("Content-Type", headerContentType);
 		req.setType(RequestType.POST);
+		req.setInsecure(acceptAllCertificates);
 
 		if(headerContentType.equals(MIME_FORM)) {
 			Map<String, String> params = new HashMap<String, String>();

com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPRequest.java

@@ -38,6 +38,7 @@ class HTTPRequest {
 
 	public static enum RequestType {GET, POST};
 	private RequestType type = RequestType.GET;
+	private boolean insecure = false;
 
 	private HttpUriRequest req = null;
 	private HttpEntity entity = null;
@@ -66,6 +67,14 @@ HttpUriRequest getReq() {
 		return req;
 	}
 
+	public boolean isInsecure() {
+		return insecure;
+	}
+
+	public void setInsecure(boolean insecure) {
+		this.insecure = insecure;
+	}
+
 	/**
 	 * Set the parameters for a POST request
 	 * @param params
@@ -100,7 +109,14 @@ public void setParams(String value) throws Exception {
 	 * @throws Exception
 	 */
 	public HTTPResponse sendRequest(IAuthenticate auth) throws Exception {
-		HttpClient client = new DefaultHttpClient();
+		HttpClient client;
+		if(insecure) {
+			client = HTTPUtils.getHttpClientWithNoSSLValidation();
+		}
+		else {
+			client = new DefaultHttpClient();
+		}
+		
 		if(type == RequestType.GET) {
 			HttpGet get = new HttpGet(url);
 			req=get;
@@ -124,8 +140,6 @@ public HTTPResponse sendRequest(IAuthenticate auth) throws Exception {
 		return new HTTPResponse(client.execute(req));
 	}
 
-
-
 	@Override
 	public String toString() {
 		return "URL: " + url;

com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReader.java

@@ -63,6 +63,7 @@ public class HTTPStreamReader extends AbstractOperator {
 	private static Logger trace = Logger.getLogger(CLASS_NAME);
 	private boolean retryOnClose = false;
 	private boolean disableCompression = false;
+	private boolean acceptAllCertificates = false;
 
 	@Parameter(optional= false, description="URL endpoint to connect to.")
 	public void setUrl(String url) {
@@ -123,6 +124,12 @@ public void setDisableCompression(boolean val) {
 	public void setExtraHeaders(List<String> val) {
 		this.extraHeaders = val;
 	}
+	@Parameter(optional=true, 
+			description="Accept all SSL certificates, even those that are self-signed. " +
+			"Setting this option will allow potentially insecure connections. Default is false.")
+	public void setAcceptAllCertificates(boolean val) {
+		this.acceptAllCertificates = val;
+	}
 
 	@ContextCheck(compile=true)
 	public static boolean checkAuthParams(OperatorContextChecker occ) {
@@ -189,8 +196,7 @@ public void initialize(OperatorContext op) throws Exception {
         URI baseConfigURI = op.getPE().getApplicationDirectory().toURI();
 		IAuthenticate auth = AuthHelper.getAuthenticator(authenticationType, PathConversionHelper.convertToAbsPath(baseConfigURI, authenticationFile), authenticationProperties);
 		Map<String, String> extraHeaderMap = HTTPUtils.getHeaderMap(extraHeaders);
-		
-		reader = new HTTPStreamReaderObj(this.url, auth, this, postDataParams, disableCompression, extraHeaderMap);
+		reader = new HTTPStreamReaderObj(this.url, auth, this, postDataParams, disableCompression, extraHeaderMap, acceptAllCertificates);
 		th = op.getThreadFactory().newThread(reader);
 		th.setDaemon(false);
 	}

com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReaderObj.java

@@ -48,7 +48,8 @@ class HTTPStreamReaderObj implements Runnable
 
 	public HTTPStreamReaderObj(String url, IAuthenticate auth, 
 			HTTPStreamReader reader,  Map<String, String> postD, 
-			boolean disableCompression, Map<String, String> extraHeaders) 
+			boolean disableCompression, Map<String, String> extraHeaders,
+			boolean insecure) 
 			throws Exception 	{
 		this.auth = auth;
 		this.reader = reader;
@@ -67,6 +68,7 @@ public HTTPStreamReaderObj(String url, IAuthenticate auth,
 			req.setHeader(header.getKey(), header.getValue());
 		}
 		req.setParams(postData);
+		req.setInsecure(insecure);
 	}
 
 

com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPUtils.java

@@ -15,6 +15,21 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.BasicClientConnectionManager;
 
 public class HTTPUtils {
 
@@ -53,4 +68,28 @@ public static Map<String, String> getHeaderMap(List<String> headers) {
 		}
 		return headerMap;
 	}
+	
+	public static HttpClient getHttpClientWithNoSSLValidation() throws Exception {
+		SSLContext sslContext = SSLContext.getInstance("SSL");
+		sslContext.init(null, new TrustManager[] {
+			new X509TrustManager() {
+				public X509Certificate[] getAcceptedIssuers() {
+					return null;
+				}
+				public void checkClientTrusted(X509Certificate[] certs, String authType) {
+				}
+				public void checkServerTrusted(X509Certificate[] certs, String authType) {
+				}
+			}
+		}, new SecureRandom());
+
+		SSLSocketFactory sf = new SSLSocketFactory(sslContext, new AllowAllHostnameVerifier());
+		Scheme httpsScheme = new Scheme("https", 443, sf);
+		SchemeRegistry schemeRegistry = new SchemeRegistry();
+		schemeRegistry.register(httpsScheme);
+
+		ClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
+
+		return new DefaultHttpClient(cm);
+	}
 }