Update

Author: lherman-cs

aws-android-sdk-kinesisvideo/src/main/java/com/amazonaws/kinesisvideo/http/HostnameVerifyingX509ExtendedTrustManager.java

@@ -45,11 +45,9 @@ private X509ExtendedTrustManager getX509ExtendedTrustManager() {
             factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             factory.init((KeyStore) null);
         } catch (NoSuchAlgorithmException nsae) {
-            log.error("Unable to initialize default TrustManagerFactory, using no-op X509ExtendedTrustManager", nsae);
-            return getNoOpInstance();
+            throw new RuntimeException("Unable to initialize default TrustManagerFactory", nsae);
         } catch (KeyStoreException nse) {
-            log.error("Unable to initialize default TrustManagerFactory, using no-op X509ExtendedTrustManager", nse);
-            return getNoOpInstance();
+            throw new RuntimeException("Unable to initialize default TrustManagerFactory", nse);
         }
 
         for (TrustManager tm: factory.getTrustManagers()) {
@@ -58,8 +56,7 @@ private X509ExtendedTrustManager getX509ExtendedTrustManager() {
             }
         }
 
-        log.debug("No default X509TrustManager found, using no-op");
-        return getNoOpInstance();
+        throw new RuntimeException("No default X509TrustManager found");
     }
 
     @Override
@@ -170,65 +167,4 @@ public void performHostVerification(
         log.error("Failed to verify hostname: %s", hostName);
         throw new CertificateException("Failed to verify both host address and host name");
     }
-
-
-    private X509ExtendedTrustManager getNoOpInstance() {
-        return new X509ExtendedTrustManager() {
-            @Override
-            public void checkClientTrusted(
-                    final X509Certificate[] x509Certificates,
-                    final String s,
-                    final Socket socket)
-                    throws CertificateException {
-
-            }
-
-            @Override
-            public void checkServerTrusted(
-                    final X509Certificate[] x509Certificates,
-                    final String s,
-                    final Socket socket)
-                    throws CertificateException {
-
-            }
-
-            @Override
-            public void checkClientTrusted(
-                    final X509Certificate[] x509Certificates,
-                    final String s,
-                    final SSLEngine sslEngine)
-                    throws CertificateException {
-
-            }
-
-            @Override
-            public void checkServerTrusted(
-                    final X509Certificate[] x509Certificates,
-                    final String s,
-                    final SSLEngine sslEngine)
-                    throws CertificateException {
-
-            }
-
-            @Override
-            public void checkClientTrusted(
-                    final X509Certificate[] x509Certificates,
-                    final String s) throws CertificateException {
-
-            }
-
-            @Override
-            public void checkServerTrusted(
-                    final X509Certificate[] x509Certificates,
-                    final String s) throws CertificateException {
-
-            }
-
-            @Override
-            public X509Certificate[] getAcceptedIssuers() {
-                return new X509Certificate[0];
-            }
-        };
-    }
-
 }

aws-android-sdk-kinesisvideo/src/main/java/com/amazonaws/kinesisvideo/http/KinesisVideoApacheHttpClient.java

@@ -23,14 +23,13 @@
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.config.SocketConfig;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 
-import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509ExtendedTrustManager;
 
 import static com.amazonaws.kinesisvideo.common.preconditions.Preconditions.checkNotNull;
 
@@ -43,6 +42,7 @@
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
@@ -87,15 +87,10 @@ public CloseableHttpResponse executeRequest() {
     private CloseableHttpClient buildHttpClient() {
         try {
             final SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
-            // Initializes context. Either of the first two parameters may be null in which case
-            // the installed security providers will be searched for the highest priority implementation
-            // of the appropriate factory. Likewise, the secure random parameter may be null in which case the default
-            // implementation will be used.
-            sslContext.init(null, null, null);
-
-            final SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
-                    sslContext,
-                    HostnameVerifier.INSTANCE);
+            sslContext.init(null, new X509ExtendedTrustManager[] {
+                    new HostnameVerifyingX509ExtendedTrustManager(true)}, new SecureRandom());
+
+            final SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
 
             return HttpClients.custom()
                     .setSSLSocketFactory(sslSocketFactory)