001package org.hl7.fhir.utilities.npm; 002 003import javax.net.ssl.*; 004import java.security.cert.X509Certificate; 005 006/** 007 * This is a _temporary_ fix to get around the fact that the build server's SSL certs have expired and people cannot 008 * publish IGs or run tests that rely on that box. The intention is to overhaul much of the current networking code 009 * to a more central, unified, HttpClient module. 010 * <p> 011 * If this is still in the code in 2021, contact markiantorno on github and yell at him. 012 */ 013public class SSLCertTruster { 014 015 // always verify the host - dont check for certificate 016 public final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() { 017 public boolean verify(String hostname, SSLSession session) { 018 return true; 019 } 020 }; 021 022 /** 023 * Trust every server - don't check for any certificate 024 */ 025 public static void trustAllHosts() { 026 // Create a trust manager that does not validate certificate chains 027 TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() { 028 @Override 029 public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {} 030 031 @Override 032 public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {} 033 034 public X509Certificate[] getAcceptedIssuers() { 035 return new X509Certificate[]{}; 036 } 037 }}; 038 039 // Install the all-trusting trust manager 040 try { 041 SSLContext sc = SSLContext.getInstance("TLS"); 042 sc.init(null, trustAllCerts, new java.security.SecureRandom()); 043 HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 044 } catch (Exception e) { 045 e.printStackTrace(); 046 } 047 } 048}