Change Default SSL Context (jopenlibs#58)

henryx · web-flow · commit 7e56663fd88d · 2023-10-10T00:00:00.000+02:00
diff --git a/build.gradle b/build.gradle
@@ -19,10 +19,10 @@ repositories {
 
 dependencies {
     testImplementation('junit:junit:4.13.2')
-    testImplementation('org.mockito:mockito-core:5.2.0')
-    testImplementation('org.testcontainers:testcontainers:1.17.6')
-    testImplementation('org.eclipse.jetty:jetty-server:11.0.14')
-    testImplementation('org.slf4j:slf4j-api:2.0.5')
+    testImplementation('org.mockito:mockito-core:5.4.0')
+    testImplementation('org.testcontainers:testcontainers:1.19.1')
+    testImplementation('org.eclipse.jetty:jetty-server:11.0.15')
+    testImplementation('org.slf4j:slf4j-api:2.0.7')
     testImplementation('org.bouncycastle:bcprov-jdk15on:1.70')
     testImplementation('org.bouncycastle:bcpkix-jdk15on:1.70')
     testImplementation('org.apache.commons:commons-io:1.3.2')
diff --git a/src/main/java/io/github/jopenlibs/vault/rest/Rest.java b/src/main/java/io/github/jopenlibs/vault/rest/Rest.java
@@ -4,6 +4,7 @@
 import io.github.jopenlibs.vault.VaultConfig;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.Socket;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
@@ -27,8 +28,9 @@
 import java.util.StringJoiner;
 import java.util.TreeMap;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
 
 /**
  * <p>A simple client for issuing HTTP requests.  Supports the HTTP verbs:</p>
@@ -77,7 +79,27 @@ public class Rest {
     static {
         try {
             DISABLED_SSL_CONTEXT = SSLContext.getInstance("TLSv1.2");
-            DISABLED_SSL_CONTEXT.init(null, new TrustManager[]{new X509TrustManager() {
+            DISABLED_SSL_CONTEXT.init(null, new TrustManager[]{new X509ExtendedTrustManager() {
+                @Override
+                public void checkClientTrusted(X509Certificate[] chain, String authType,
+                        Socket socket) throws CertificateException {
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] chain, String authType,
+                        Socket socket) throws CertificateException {
+                }
+
+                @Override
+                public void checkClientTrusted(X509Certificate[] chain, String authType,
+                        SSLEngine engine) throws CertificateException {
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] chain, String authType,
+                        SSLEngine engine) throws CertificateException {
+                }
+
                 @Override
                 public void checkClientTrusted(final X509Certificate[] x509Certificates,
                         final String s) throws CertificateException {
