feat: allow to skip ssl validation

Author: pavel-snyk

build.gradle

@@ -6,7 +6,7 @@ plugins {
 
 group = "io.snyk.code.sdk"
 archivesBaseName = "snyk-code-client"
-version = "2.1.9"
+version = "2.1.10"
 
 repositories {
     mavenCentral()

src/main/java/ai/deepcode/javaclient/DeepCodeRestApi.java

@@ -3,6 +3,11 @@
  */
 package ai.deepcode.javaclient;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 import ai.deepcode.javaclient.requests.*;
 import ai.deepcode.javaclient.responses.*;
 
@@ -16,6 +21,10 @@
 import retrofit2.http.*;
 
 import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
@@ -31,29 +40,64 @@ private DeepCodeRestApi() {}
 
   private static final String API_URL = "https://www.deepcode.ai/";
 
-  private static Retrofit retrofit = buildRetrofit(API_URL);
+  private static Retrofit retrofit = buildRetrofit(API_URL, false);
 
   // Create simple REST adapter which points the baseUrl.
-  private static Retrofit buildRetrofit(String baseUrl) {
-    OkHttpClient client = new OkHttpClient.Builder()
+  private static Retrofit buildRetrofit(String baseUrl, boolean disableSslVerification) {
+    OkHttpClient.Builder builder = new OkHttpClient.Builder()
             .connectTimeout(100, TimeUnit.SECONDS)
             .writeTimeout(100, TimeUnit.SECONDS)
-            .readTimeout(100, TimeUnit.SECONDS).build();
+            .readTimeout(100, TimeUnit.SECONDS);
+    if (disableSslVerification) {
+      X509TrustManager x509TrustManager = buildUnsafeTrustManager();
+      final TrustManager[] trustAllCertificates = new TrustManager[]{ x509TrustManager };
+
+      try {
+        SSLContext sslContext = SSLContext.getInstance("SSL");
+        sslContext.init(null, trustAllCertificates, new SecureRandom());
+        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+        builder.sslSocketFactory(sslSocketFactory, x509TrustManager);
+      } catch (NoSuchAlgorithmException | KeyManagementException e) {
+        //TODO(pavel): extract Retrofit and OkHttpClient into configuration object to simplify API client building.
+        e.printStackTrace();
+      }
+    }
+    OkHttpClient client = builder.build();
     return new Retrofit.Builder()
         .baseUrl(baseUrl + "publicapi/")
-            .client(client)
+        .client(client)
         .addConverterFactory(GsonConverterFactory.create())
         .build();
   }
 
+  @NotNull
+  private static X509TrustManager buildUnsafeTrustManager() {
+    return new X509TrustManager() {
+      @Override
+      public void checkClientTrusted(X509Certificate[] chain, String authType) {}
+
+      @Override
+      public void checkServerTrusted(X509Certificate[] chain, String authType) {}
+
+      @Override
+      public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[]{};
+      }
+    };
+  }
+
   /**
    * Re-set baseUrl for retrofit instance
    *
    * @param baseUrl new baseUrl. <b>Null</b> or empty "" value will reset to default {@code
    *     #API_URL}
    */
   public static void setBaseUrl(@Nullable String baseUrl) {
-    retrofit = buildRetrofit((baseUrl == null || baseUrl.isEmpty()) ? API_URL : baseUrl);
+    setBaseUrl(baseUrl, false);
+  }
+
+  public static void setBaseUrl(@Nullable String baseUrl, boolean disableSslVerification) {
+    retrofit = buildRetrofit((baseUrl == null || baseUrl.isEmpty()) ? API_URL : baseUrl, disableSslVerification);
   }
 
   private interface LoginCall {

src/main/java/ai/deepcode/javaclient/core/DeepCodeParamsBase.java

@@ -8,6 +8,7 @@ public abstract class DeepCodeParamsBase {
   // Settings
   private boolean isEnable;
   private String apiUrl;
+  private boolean disableSslVerification;
   private boolean useLinter;
   private int minSeverity;
   private String sessionToken;
@@ -19,13 +20,15 @@ public abstract class DeepCodeParamsBase {
   protected DeepCodeParamsBase(
       boolean isEnable,
       String apiUrl,
+      boolean disableSslVerification,
       boolean useLinter,
       int minSeverity,
       String sessionToken,
       String loginUrl,
       String ideProductName) {
     this.isEnable = isEnable;
     this.apiUrl = apiUrl;
+    this.disableSslVerification = disableSslVerification;
     this.useLinter = useLinter;
     this.minSeverity = minSeverity;
     this.sessionToken = sessionToken;
@@ -78,11 +81,24 @@ public String getApiUrl() {
   }
 
   public void setApiUrl(@NotNull String apiUrl) {
+    setApiUrl(apiUrl, false);
+  }
+
+  public void setApiUrl(@NotNull String apiUrl, boolean disableSslVerification) {
     if (apiUrl.isEmpty()) apiUrl = "https://www.deepcode.ai/";
     if (!apiUrl.endsWith("/")) apiUrl += "/";
     if (apiUrl.equals(this.apiUrl)) return;
     this.apiUrl = apiUrl;
-    DeepCodeRestApi.setBaseUrl(apiUrl);
+    this.disableSslVerification = disableSslVerification;
+    DeepCodeRestApi.setBaseUrl(apiUrl, disableSslVerification);
+  }
+
+  public boolean isDisableSslVerification() {
+    return disableSslVerification;
+  }
+
+  public void setDisableSslVerification(boolean disableSslVerification) {
+    this.disableSslVerification = disableSslVerification;
   }
 
   public boolean isEnable() {