import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
 
/**
 * This class provide various static methods that relax X509 certificate and
 * hostname verification while using the SSL over the HTTP protocol.
 * 
 * @author Jiramot.info
 */
public final class SSLUtilities {
 
	/**
	 * Hostname verifier for the Sun's deprecated API.
	 * 
	 * @deprecated see {@link #_hostnameVerifier}.
	 */
	private static com.sun.net.ssl.HostnameVerifier __hostnameVerifier;
	/**
	 * Thrust managers for the Sun's deprecated API.
	 * 
	 * @deprecated see {@link #_trustManagers}.
	 */
	private static com.sun.net.ssl.TrustManager[] __trustManagers;
	/**
	 * Hostname verifier.
	 */
	private static HostnameVerifier _hostnameVerifier;
	/**
	 * Thrust managers.
	 */
	private static TrustManager[] _trustManagers;
 
	/**
	 * Set the default Hostname Verifier to an instance of a fake class that
	 * trust all hostnames. This method uses the old deprecated API from the
	 * com.sun.ssl package.
	 * 
	 * @deprecated see {@link #_trustAllHostnames()}.
	 */
	private static void __trustAllHostnames() {
		// Create a trust manager that does not validate certificate chains
		if (__hostnameVerifier == null) {
			__hostnameVerifier = new _FakeHostnameVerifier();
		} // if
		// Install the all-trusting host name verifier
		com.sun.net.ssl.HttpsURLConnection
				.setDefaultHostnameVerifier(__hostnameVerifier);
	} // __trustAllHttpsCertificates
 
	/**
	 * Set the default X509 Trust Manager to an instance of a fake class that
	 * trust all certificates, even the self-signed ones. This method uses the
	 * old deprecated API from the com.sun.ssl package.
	 * 
	 * @deprecated see {@link #_trustAllHttpsCertificates()}.
	 */
	private static void __trustAllHttpsCertificates() {
		com.sun.net.ssl.SSLContext context;
 
		// Create a trust manager that does not validate certificate chains
		if (__trustManagers == null) {
			__trustManagers = new com.sun.net.ssl.TrustManager[] { new _FakeX509TrustManager() };
		} // if
		// Install the all-trusting trust manager
		try {
			context = com.sun.net.ssl.SSLContext.getInstance("SSL");
			context.init(null, __trustManagers, new SecureRandom());
		} catch (GeneralSecurityException gse) {
			throw new IllegalStateException(gse.getMessage());
		} // catch
		com.sun.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context
				.getSocketFactory());
	} // __trustAllHttpsCertificates
 
	/**
	 * Return true if the protocol handler property java. protocol.handler.pkgs
	 * is set to the Sun's com.sun.net.ssl. internal.www.protocol deprecated
	 * one, false otherwise.
	 * 
	 * @return true if the protocol handler property is set to the Sun's
	 *         deprecated one, false otherwise.
	 */
	private static boolean isDeprecatedSSLProtocol() {
		return ("com.sun.net.ssl.internal.www.protocol".equals(System
				.getProperty("java.protocol.handler.pkgs")));
	} // isDeprecatedSSLProtocol
 
	/**
	 * Set the default Hostname Verifier to an instance of a fake class that
	 * trust all hostnames.
	 */
	private static void _trustAllHostnames() {
		// Create a trust manager that does not validate certificate chains
		if (_hostnameVerifier == null) {
			_hostnameVerifier = new FakeHostnameVerifier();
		} // if
		// Install the all-trusting host name verifier:
		HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);
	} // _trustAllHttpsCertificates
 
	/**
	 * Set the default X509 Trust Manager to an instance of a fake class that
	 * trust all certificates, even the self-signed ones.
	 */
	private static void _trustAllHttpsCertificates() {
		SSLContext context;
 
		// Create a trust manager that does not validate certificate chains
		if (_trustManagers == null) {
			_trustManagers = new TrustManager[] { new FakeX509TrustManager() };
		} // if
		// Install the all-trusting trust manager:
		try {
			context = SSLContext.getInstance("SSL");
			context.init(null, _trustManagers, new SecureRandom());
		} catch (GeneralSecurityException gse) {
			throw new IllegalStateException(gse.getMessage());
		} // catch
		HttpsURLConnection.setDefaultSSLSocketFactory(context
				.getSocketFactory());
	} // _trustAllHttpsCertificates
 
	/**
	 * Set the default Hostname Verifier to an instance of a fake class that
	 * trust all hostnames.
	 */
	public static void trustAllHostnames() {
		// Is the deprecated protocol setted?
		if (isDeprecatedSSLProtocol()) {
			__trustAllHostnames();
		} else {
			_trustAllHostnames();
		} // else
	} // trustAllHostnames
 
	/**
	 * Set the default X509 Trust Manager to an instance of a fake class that
	 * trust all certificates, even the self-signed ones.
	 */
	public static void trustAllHttpsCertificates() {
		// Is the deprecated protocol setted?
		if (isDeprecatedSSLProtocol()) {
			__trustAllHttpsCertificates();
		} else {
			_trustAllHttpsCertificates();
		} // else
	} // trustAllHttpsCertificates
 
	/**
	 * This class implements a fake hostname verificator, trusting any host
	 * name. This class uses the old deprecated API from the com.sun. ssl
	 * package.
	 * 
	 * @author Jiramot.info
	 * 
	 * @deprecated see {@link SSLUtilities.FakeHostnameVerifier}.
	 */
	public static class _FakeHostnameVerifier implements
			com.sun.net.ssl.HostnameVerifier {
 
		/**
		 * Always return true, indicating that the host name is an acceptable
		 * match with the server's authentication scheme.
		 * 
		 * @param hostname
		 *            the host name.
		 * @param session
		 *            the SSL session used on the connection to host.
		 * @return the true boolean value indicating the host name is trusted.
		 */
		public boolean verify(String hostname, String session) {
			return (true);
		} // verify
	} // _FakeHostnameVerifier
 
	/**
	 * This class allow any X509 certificates to be used to authenticate the
	 * remote side of a secure socket, including self-signed certificates. This
	 * class uses the old deprecated API from the com.sun.ssl package.
	 * 
	 * @author Jiramot.info
	 * 
	 * @deprecated see {@link SSLUtilities.FakeX509TrustManager}.
	 */
	public static class _FakeX509TrustManager implements
			com.sun.net.ssl.X509TrustManager {
 
		/**
		 * Empty array of certificate authority certificates.
		 */
		private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {};
 
		/**
		 * Always return true, trusting for client SSL chain peer certificate
		 * chain.
		 * 
		 * @param chain
		 *            the peer certificate chain.
		 * @return the true boolean value indicating the chain is trusted.
		 */
		public boolean isClientTrusted(X509Certificate[] chain) {
			return (true);
		} // checkClientTrusted
 
		/**
		 * Always return true, trusting for server SSL chain peer certificate
		 * chain.
		 * 
		 * @param chain
		 *            the peer certificate chain.
		 * @return the true boolean value indicating the chain is trusted.
		 */
		public boolean isServerTrusted(X509Certificate[] chain) {
			return (true);
		} // checkServerTrusted
 
		/**
		 * Return an empty array of certificate authority certificates which are
		 * trusted for authenticating peers.
		 * 
		 * @return a empty array of issuer certificates.
		 */
		public X509Certificate[] getAcceptedIssuers() {
			return (_AcceptedIssuers);
		} // getAcceptedIssuers
	} // _FakeX509TrustManager
 
	/**
	 * This class implements a fake hostname verificator, trusting any host
	 * name.
	 * 
	 * @author Jiramot.info
	 */
	public static class FakeHostnameVerifier implements HostnameVerifier {
 
		/**
		 * Always return true, indicating that the host name is an acceptable
		 * match with the server's authentication scheme.
		 * 
		 * @param hostname
		 *            the host name.
		 * @param session
		 *            the SSL session used on the connection to host.
		 * @return the true boolean value indicating the host name is trusted.
		 */
		public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
			return (true);
		} // verify
	} // FakeHostnameVerifier
 
	/**
	 * This class allow any X509 certificates to be used to authenticate the
	 * remote side of a secure socket, including self-signed certificates.
	 * 
	 * @author Jiramot.info
	 */
	public static class FakeX509TrustManager implements X509TrustManager {
 
		/**
		 * Empty array of certificate authority certificates.
		 */
		private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {};
 
		/**
		 * Always trust for client SSL chain peer certificate chain with any
		 * authType authentication types.
		 * 
		 * @param chain
		 *            the peer certificate chain.
		 * @param authType
		 *            the authentication type based on the client certificate.
		 */
		public void checkClientTrusted(X509Certificate[] chain, String authType) {
		} // checkClientTrusted
 
		/**
		 * Always trust for server SSL chain peer certificate chain with any
		 * authType exchange algorithm types.
		 * 
		 * @param chain
		 *            the peer certificate chain.
		 * @param authType
		 *            the key exchange algorithm used.
		 */
		public void checkServerTrusted(X509Certificate[] chain, String authType) {
		} // checkServerTrusted
 
		/**
		 * Return an empty array of certificate authority certificates which are
		 * trusted for authenticating peers.
		 * 
		 * @return a empty array of issuer certificates.
		 */
		public X509Certificate[] getAcceptedIssuers() {
			return (_AcceptedIssuers);
		} // getAcceptedIssuers
	} // FakeX509TrustManager
} // SSLUtilities

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.ssl.X509TrustManager;
 
public class NaiveTrustManager implements X509TrustManager{
 
	/**
	* Doesn't throw an exception, so this is how it approves a certificate.
	* @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], String)
	**/
	public void checkClientTrusted(X509Certificate[] chain, String authType)
			throws CertificateException {
 
	}
 
	/**
	* Doesn't throw an exception, so this is how it approves a certificate.
	* @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], String)
	**/
	public void checkServerTrusted(X509Certificate[] chain, String authType)
			throws CertificateException {
 
	}
 
	/**
	* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
	**/
	public X509Certificate[] getAcceptedIssuers() {
		return null;	// I've seen someone return new X509Certificate[ 0 ]; 
	}
 
}

package etherdia.gen.util.ssl;
 
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
 
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
 
import org.apache.log4j.Logger;
 
public class SelfSignedSSLSocketFactory {
	private static SSLSocketFactory sslSocketFactory;
	private static Logger logger = Logger
			.getLogger(SelfSignedSSLSocketFactory .class);
 
	/**
	 * Returns a SSL Factory instance that accepts all server certificates.
	 * 
	 * SSLSocket sock = (SSLSocket) getSocketFactory.createSocket(host, 443);
	 * 
	 * @return An SSL-specific socket factory.
	 **/
	public static final SSLSocketFactory getSocketFactory() {
		System.setProperty("javax.net.ssl.trustStore ",
				"org.jiramot.sslutils.NaiveTrustManager");
 
		if (sslSocketFactory == null) {
			try {
				TrustManager[] tm = new TrustManager[] { new NaiveTrustManager() };
				SSLContext context = SSLContext.getInstance("SSL");
				context.init(new KeyManager[0], tm, new SecureRandom());
 
				sslSocketFactory = (SSLSocketFactory) context
						.getSocketFactory();
 
			} catch (KeyManagementException e) {
				logger.error("No SSL algorithm support: " + e.getMessage(), e);
			} catch (NoSuchAlgorithmException e) {
				logger.error(
						"Exception when setting up the Naive key management.",
						e);
			}
		}
		return sslSocketFactory;
	}
 
}

import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
 
/**
 * Provides all secure socket factories, with a socket that ignores problems in
 * the chain of certificate trust. This is good for embedded applications that
 * just want the encryption aspect of SSL communication, without worrying too
 * much about validating the identify of the server at the other end of the
 * connection. In other words, this may leave you vulnerable to a
 * man-in-the-middle attack.
 */
 
public class NaiveTrustProvider extends Provider {
	/** The name of our algorithm **/
	private static final String TRUST_PROVIDER_ALG = "NaiveTrustAlgorithm";
 
	/** Need to refer to ourselves somehow to know if we're already registered **/
	private static final String TRUST_PROVIDER_ID = "NaiveTrustProvider";
 
	/**
	 * Hook in at the provider level to handle libraries and 3rd party utilities
	 * that use their own factory. Requires permission to execute
	 * AccessController.doPrivileged, so this probably won't work in applets or
	 * other high-security jvms
	 **/
 
	public NaiveTrustProvider() {
		super(
				TRUST_PROVIDER_ID,
				(double) 0.1,
				"NaiveTrustProvider (provides all secure socket factories by ignoring problems in the chain of certificate trust)");
 
		AccessController.doPrivileged(new PrivilegedAction() {
			public Object run() {
				put("TrustManagerFactory."
						+ NaiveTrustManagerFactory.getAlgorithm(),
						NaiveTrustManagerFactory.class.getName());
				return null;
			}
		});
	}
 
	/**
	 * This is the only method the client code need to call. Yup, just put
	 * NaiveTrustProvider.setAlwaysTrust() into your initialization code and
	 * you're good to go
	 * 
	 * @param enableNaiveTrustProvider
	 *            set to true to always trust (set to false it not yet
	 *            implemented)
	 **/
 
	public static void setAlwaysTrust(boolean enableNaiveTrustProvider) {
		if (enableNaiveTrustProvider) {
			Provider registered = Security.getProvider(TRUST_PROVIDER_ID);
			if (null == registered) {
				Security.insertProviderAt(new NaiveTrustProvider(), 1);
				Security.setProperty("ssl.TrustManagerFactory.algorithm",
						TRUST_PROVIDER_ALG);
			}
		} else {
			throw new UnsupportedOperationException(
					"Disable Naive trust provider not yet implemented");
		}
	}
 
	/**
	 * The factory for the NaiveTrustProvider
	 **/
	public final static class NaiveTrustManagerFactory extends
			TrustManagerFactorySpi {
		public NaiveTrustManagerFactory() {
		}
 
		protected void engineInit(ManagerFactoryParameters mgrparams) {
		}
 
		protected void engineInit(KeyStore keystore) {
		}
 
		/**
		 * Returns a collection of trust managers that are naive. This
		 * collection is just a single element array containing our
		 * {@link NaiveTrustManager} class.
		 **/
		protected TrustManager[] engineGetTrustManagers() {
			// Returns a new array of just a single NaiveTrustManager.
			return new TrustManager[] { new NaiveTrustManager() };
		}
 
		/**
		 * Returns our "NaiveTrustAlgorithm" string.
		 * 
		 * @return The string, "NaiveTrustAlgorithm"
		 */
		public static String getAlgorithm() {
			return TRUST_PROVIDER_ALG;
		}
	}
}