From 67410e4d1ecad4c09fda8c94c510863493a544fd Mon Sep 17 00:00:00 2001
From: Alex Pogue <apogue@us.ibm.com>
Date: Fri, 11 Sep 2015 16:34:54 -0400
Subject: [PATCH] Add toggle to allow bad SSL certificates to HTTP operators

---
 .../inet/http/AbstractHTTPGetContent.java     | 15 ++++++-
 .../ibm/streamsx/inet/http/HTTPPostOper.java  | 11 +++++-
 .../ibm/streamsx/inet/http/HTTPRequest.java   | 20 ++++++++--
 .../streamsx/inet/http/HTTPStreamReader.java  | 10 ++++-
 .../inet/http/HTTPStreamReaderObj.java        |  4 +-
 .../com/ibm/streamsx/inet/http/HTTPUtils.java | 39 +++++++++++++++++++
 6 files changed, 91 insertions(+), 8 deletions(-)

diff --git a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/AbstractHTTPGetContent.java b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/AbstractHTTPGetContent.java
index 26e4fe7..eabbeec 100644
--- a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/AbstractHTTPGetContent.java
+++ b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/AbstractHTTPGetContent.java
@@ -47,6 +47,8 @@ public abstract class AbstractHTTPGetContent<A> extends
     protected int contentAttributeIndex;
 
     private Metric nFailedRequests;
+    
+    boolean acceptAllCertificates = false;
 
     public String getUrl() {
         return url;
@@ -62,6 +64,12 @@ public void setExtraHeaders(List<String> extraHeaders) {
     	this.extraHeaders = extraHeaders;
     }
 
+    @Parameter(optional = true, description = "Accept all SSL certificates, even those that are self-signed. " +
+			"Setting this option will allow potentially insecure connections. Default is false.")
+    public void setAcceptAllCertificates(boolean acceptAllCertificates) {
+        this.acceptAllCertificates = acceptAllCertificates;
+    }
+
     public Metric getnFailedRequests() {
         return nFailedRequests;
     }
@@ -81,7 +89,12 @@ public TupleAttribute<Tuple, A> getContentAttribute() {
     public synchronized void initialize(OperatorContext context)
             throws Exception {
         super.initialize(context);
-        client = new DefaultHttpClient();
+
+        if(acceptAllCertificates)
+        	client = HTTPUtils.getHttpClientWithNoSSLValidation();
+        else
+        	client = new DefaultHttpClient();
+        
         builder = new URIBuilder(getUrl());
         get = new HttpGet(builder.build());
         get.addHeader("Accept", acceptedContentTypes());
diff --git a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPPostOper.java b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPPostOper.java
index 23916a6..eabf263 100644
--- a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPPostOper.java
+++ b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPPostOper.java
@@ -72,6 +72,7 @@ public class HTTPPostOper extends AbstractOperator
 	private List<String> authenticationProperties = new ArrayList<String>();
 	
 	private String headerContentType = MIME_FORM;
+	private boolean acceptAllCertificates = false;
 
 	private List<String> extraHeaders = new ArrayList<String>();
 
@@ -111,10 +112,17 @@ public void setRetryDelay(double val) {
 	public void setHeaderContentType(String val) {
 		this.headerContentType = val;
 	}
-	@Parameter(optional=true, description="Extra headers to send with request, format is \\\"Header-Name: value\\\".")
+	@Parameter(optional=true,
+			description="Extra headers to send with request, format is \\\"Header-Name: value\\\".")
 	public void setExtraHeaders(List<String> val) {
 		this.extraHeaders = val;
 	}
+	@Parameter(optional=true, 
+			description="Accept all SSL certificates, even those that are self-signed. " +
+			"Setting this option will allow potentially insecure connections. Default is false.")
+	public void setAcceptAllCertificates(boolean val) {
+		this.acceptAllCertificates = val;
+	}
 	
 	//consistent region checks
 	@ContextCheck(compile = true)
@@ -165,6 +173,7 @@ public synchronized void process(StreamingInput<Tuple> stream, Tuple tuple) thro
 		HTTPRequest req = new HTTPRequest(url);
 		req.setHeader("Content-Type", headerContentType);
 		req.setType(RequestType.POST);
+		req.setInsecure(acceptAllCertificates);
 
 		if(headerContentType.equals(MIME_FORM)) {
 			Map<String, String> params = new HashMap<String, String>();
diff --git a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPRequest.java b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPRequest.java
index 119c864..e11e0fe 100644
--- a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPRequest.java
+++ b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPRequest.java
@@ -38,6 +38,7 @@ class HTTPRequest {
 
 	public static enum RequestType {GET, POST};
 	private RequestType type = RequestType.GET;
+	private boolean insecure = false;
 
 	private HttpUriRequest req = null;
 	private HttpEntity entity = null;
@@ -66,6 +67,14 @@ HttpUriRequest getReq() {
 		return req;
 	}
 
+	public boolean isInsecure() {
+		return insecure;
+	}
+
+	public void setInsecure(boolean insecure) {
+		this.insecure = insecure;
+	}
+
 	/**
 	 * Set the parameters for a POST request
 	 * @param params
@@ -100,7 +109,14 @@ public void setParams(String value) throws Exception {
 	 * @throws Exception
 	 */
 	public HTTPResponse sendRequest(IAuthenticate auth) throws Exception {
-		HttpClient client = new DefaultHttpClient();
+		HttpClient client;
+		if(insecure) {
+			client = HTTPUtils.getHttpClientWithNoSSLValidation();
+		}
+		else {
+			client = new DefaultHttpClient();
+		}
+		
 		if(type == RequestType.GET) {
 			HttpGet get = new HttpGet(url);
 			req=get;
@@ -124,8 +140,6 @@ public HTTPResponse sendRequest(IAuthenticate auth) throws Exception {
 		return new HTTPResponse(client.execute(req));
 	}
 
-
-
 	@Override
 	public String toString() {
 		return "URL: " + url;
diff --git a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReader.java b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReader.java
index 6f74dac..7a4d336 100644
--- a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReader.java
+++ b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReader.java
@@ -63,6 +63,7 @@ public class HTTPStreamReader extends AbstractOperator {
 	private static Logger trace = Logger.getLogger(CLASS_NAME);
 	private boolean retryOnClose = false;
 	private boolean disableCompression = false;
+	private boolean acceptAllCertificates = false;
 
 	@Parameter(optional= false, description="URL endpoint to connect to.")
 	public void setUrl(String url) {
@@ -123,6 +124,12 @@ public void setDisableCompression(boolean val) {
 	public void setExtraHeaders(List<String> val) {
 		this.extraHeaders = val;
 	}
+	@Parameter(optional=true, 
+			description="Accept all SSL certificates, even those that are self-signed. " +
+			"Setting this option will allow potentially insecure connections. Default is false.")
+	public void setAcceptAllCertificates(boolean val) {
+		this.acceptAllCertificates = val;
+	}
 
 	@ContextCheck(compile=true)
 	public static boolean checkAuthParams(OperatorContextChecker occ) {
@@ -189,8 +196,7 @@ public void initialize(OperatorContext op) throws Exception {
         URI baseConfigURI = op.getPE().getApplicationDirectory().toURI();
 		IAuthenticate auth = AuthHelper.getAuthenticator(authenticationType, PathConversionHelper.convertToAbsPath(baseConfigURI, authenticationFile), authenticationProperties);
 		Map<String, String> extraHeaderMap = HTTPUtils.getHeaderMap(extraHeaders);
-		
-		reader = new HTTPStreamReaderObj(this.url, auth, this, postDataParams, disableCompression, extraHeaderMap);
+		reader = new HTTPStreamReaderObj(this.url, auth, this, postDataParams, disableCompression, extraHeaderMap, acceptAllCertificates);
 		th = op.getThreadFactory().newThread(reader);
 		th.setDaemon(false);
 	}
diff --git a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReaderObj.java b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReaderObj.java
index c1911f2..43d7f77 100644
--- a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReaderObj.java
+++ b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPStreamReaderObj.java
@@ -48,7 +48,8 @@ class HTTPStreamReaderObj implements Runnable
 	
 	public HTTPStreamReaderObj(String url, IAuthenticate auth, 
 			HTTPStreamReader reader,  Map<String, String> postD, 
-			boolean disableCompression, Map<String, String> extraHeaders) 
+			boolean disableCompression, Map<String, String> extraHeaders,
+			boolean insecure) 
 			throws Exception 	{
 		this.auth = auth;
 		this.reader = reader;
@@ -67,6 +68,7 @@ public HTTPStreamReaderObj(String url, IAuthenticate auth,
 			req.setHeader(header.getKey(), header.getValue());
 		}
 		req.setParams(postData);
+		req.setInsecure(insecure);
 	}
 	
 
diff --git a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPUtils.java b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPUtils.java
index c5de6ab..826933d 100644
--- a/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPUtils.java
+++ b/com.ibm.streamsx.inet/impl/java/src/com/ibm/streamsx/inet/http/HTTPUtils.java
@@ -15,6 +15,21 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.BasicClientConnectionManager;
 
 public class HTTPUtils {
 
@@ -53,4 +68,28 @@ public static Map<String, String> getHeaderMap(List<String> headers) {
 		}
 		return headerMap;
 	}
+	
+	public static HttpClient getHttpClientWithNoSSLValidation() throws Exception {
+		SSLContext sslContext = SSLContext.getInstance("SSL");
+		sslContext.init(null, new TrustManager[] {
+			new X509TrustManager() {
+				public X509Certificate[] getAcceptedIssuers() {
+					return null;
+				}
+				public void checkClientTrusted(X509Certificate[] certs, String authType) {
+				}
+				public void checkServerTrusted(X509Certificate[] certs, String authType) {
+				}
+			}
+		}, new SecureRandom());
+
+		SSLSocketFactory sf = new SSLSocketFactory(sslContext, new AllowAllHostnameVerifier());
+		Scheme httpsScheme = new Scheme("https", 443, sf);
+		SchemeRegistry schemeRegistry = new SchemeRegistry();
+		schemeRegistry.register(httpsScheme);
+
+		ClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
+
+		return new DefaultHttpClient(cm);
+	}
 }