001package org.hl7.fhir.utilities.npm; 002 003import java.security.cert.X509Certificate; 004 005import javax.net.ssl.HostnameVerifier; 006import javax.net.ssl.HttpsURLConnection; 007import javax.net.ssl.SSLContext; 008import javax.net.ssl.SSLSession; 009import javax.net.ssl.TrustManager; 010import javax.net.ssl.X509TrustManager; 011 012/** 013 * This is a _temporary_ fix to get around the fact that the build server's SSL certs have expired and people cannot 014 * publish IGs or run tests that rely on that box. The intention is to overhaul much of the current networking code 015 * to a more central, unified, HttpClient module. 016 * <p> 017 * If this is still in the code in 2021, contact markiantorno on github and yell at him. 018 */ 019public class SSLCertTruster { 020 021 // always verify the host - dont check for certificate 022 public final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() { 023 public boolean verify(String hostname, SSLSession session) { 024 return true; 025 } 026 }; 027 028 /** 029 * Trust every server - don't check for any certificate 030 */ 031 public static void trustAllHosts() { 032 // Create a trust manager that does not validate certificate chains 033 TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { 034 @Override 035 public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {} 036 037 @Override 038 public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {} 039 040 public X509Certificate[] getAcceptedIssuers() { 041 return new X509Certificate[]{}; 042 } 043 }}; 044 045 // Install the all-trusting trust manager 046 try { 047 SSLContext sc = SSLContext.getInstance("TLS"); 048 sc.init(null, trustAllCerts, new java.security.SecureRandom()); 049 HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 050 } catch (Exception e) { 051 e.printStackTrace(); 052 } 053 } 054}