Merge pull request #12 from gaberger/feature/fix-insecure

martinklepsch · web-flow · commit febcad0b5589 · 2020-08-31T13:13:05.000+02:00
Feature/fix insecure
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+### unreleased
+Update to support self-signed certificates via insecure? option
+
 ### 0.4.3
 
 - **Feature:** Parse link headers from response and put them under `:links` ([#1](https://github.com/martinklepsch/clj-http-lite/pull/1))
diff --git a/Readme.md b/Readme.md
@@ -22,7 +22,6 @@ A Clojure HTTP library similar to [clj-http](http://github.com/dakrone/clj-http)
 - No proxy-ing DELETEs with body
 - No multipart form uploads
 - No persistent connection support
-- No support for insecure HTTPS connection (yet)
 - namespace rename clj-http.* -> clj-http.lite.*
 
 ## Usage
diff --git a/deps.edn b/deps.edn
@@ -1,3 +1,2 @@
 {:paths ["src"]
- :deps {org.clojure/clojure {:mvn/version "1.6.0"}
-        slingshot {:mvn/version "0.12.1"}}}
+ :deps {org.clojure/clojure {:mvn/version "1.10.0"}}}
diff --git a/src/clj_http/lite/core.clj b/src/clj_http/lite/core.clj
@@ -2,7 +2,9 @@
   "Core HTTP request/response implementation."
   (:require [clojure.java.io :as io])
   (:import (java.io ByteArrayOutputStream InputStream IOException)
-           (java.net URI URL HttpURLConnection)))
+           (java.net URL HttpURLConnection)
+           (javax.net.ssl HttpsURLConnection SSLContext TrustManager X509TrustManager HostnameVerifier SSLSession)
+           (java.security SecureRandom)))
 
 (set! *warn-on-reflection* true)
 
@@ -41,6 +43,17 @@
         (.flush baos)
         (.toByteArray baos)))))
 
+(defn my-host-verifier []
+  (proxy [HostnameVerifier] []
+    (verify [^String hostname ^SSLSession session] true)))
+
+(defn trust-invalid-manager []
+  "This allows the ssl socket to connect with invalid/self-signed SSL certs."
+  (reify X509TrustManager
+    (getAcceptedIssuers [this] nil)
+    (checkClientTrusted [this certs authType])
+    (checkServerTrusted [this certs authType])))
+
 (defn request
   "Executes the HTTP request corresponding to the given Ring request map and
    returns the Ring response map corresponding to the resulting HTTP response.
@@ -55,6 +68,13 @@
                       (when server-port (str ":" server-port))
                       uri
                       (when query-string (str "?" query-string)))
+        _ (when insecure?
+            (do (HttpsURLConnection/setDefaultSSLSocketFactory
+                  (.getSocketFactory
+                    (doto (SSLContext/getInstance "SSL")
+                      (.init nil (into-array TrustManager [(trust-invalid-manager)])
+                             (new SecureRandom)))))
+                (HttpsURLConnection/setDefaultHostnameVerifier (my-host-verifier))))
         ^HttpURLConnection conn (.openConnection ^URL (URL. http-url))]
     (when (and content-type character-encoding)
       (.setRequestProperty conn "Content-Type" (str content-type
