23

Per the docs, you can go through a rather clunky process of export a cert from a browser manually and getting it recognized locally. Is there anything similar to curl's --insecure switch to make this practical?

Josh Diehl
  • 2,913
  • 2
  • 31
  • 43
  • 1
    You can install your own trust manager and hostname verifier to skip the SSL certificate checks: http://stackoverflow.com/questions/3242335/how-to-use-ssl-with-a-self-signed-certificate-in-groovy – ataylor Jul 24 '12 at 20:34
  • It is reported here -> http://jira.codehaus.org/browse/GMOD-266 but no response yet. – Vigneshwaran Nov 30 '12 at 06:58

2 Answers2

36

Good news everyone! :-) Just found out that new version (0.7.1) of HttpBuilder introduces method:

ignoreSSLIssues()

This solves all problems regarding invalid SSL certificates (of course you have to be aware that it also decreases security).

More information about this method: https://github.com/jgritman/httpbuilder/wiki/SSL (section at the bottom)

sdf3qrxewqrxeqwxfew3123
  • 1,265
  • 11
  • 16
5

Found a way that non involve import of certificates or httpbuilder hacks

//== HTTPBUILDER IMPORTS
@Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.5.0-RC2' )
import groovyx.net.http.*
import static groovyx.net.http.ContentType.*
import static groovyx.net.http.Method.*
//== END HTTPBUILDER IMPORTS

import javax.net.ssl.X509TrustManager
import javax.net.ssl.SSLContext
import java.security.cert.X509Certificate
import javax.net.ssl.TrustManager
import java.security.SecureRandom
import org.apache.http.conn.ssl.SSLSocketFactory
import org.apache.http.conn.scheme.Scheme
import org.apache.http.conn.scheme.SchemeRegistry

def http = new HTTPBuilder( "https://your_unsecure_certificate_host" )

    //=== SSL UNSECURE CERTIFICATE ===
   def sslContext = SSLContext.getInstance("SSL")              
   sslContext.init(null, [ new X509TrustManager() {public X509Certificate[]   
   getAcceptedIssuers() {null }
   public void checkClientTrusted(X509Certificate[] certs, String authType) { }
   public void checkServerTrusted(X509Certificate[] certs, String authType) { }
   } ] as TrustManager[], new SecureRandom())
   def sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
   def httpsScheme = new Scheme("https", sf, 443)
   http.client.connectionManager.schemeRegistry.register( httpsScheme )
   //================================

//do your http call with the http object
http.request( ....
Fabiano Taioli
  • 5,270
  • 1
  • 35
  • 49
  • `new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)` didn't work for me, constructor not found. I had to do this: `def sf = new SSLSocketFactory(sslContext) sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)` – David Betts Feb 12 '13 at 15:25
  • If you get a java.lang.VerifyError exception try to move the code from your controller or service to a groovy or java class. I think grails artificats enhancer conflicts with some of the above code. – Fabiano Taioli Feb 19 '13 at 11:18
  • 1
    Hey Fabiano, the solution you gave doesn't compile in GroovyConsole Version 2.1.3 (i.e. a recent version). Would you please let me know what is wrong/provide a fix? Would be much appreciated. – Ray Jul 19 '13 at 16:15
  • Hi Ray. The sample is missing HttpBuilder imports. – Fabiano Taioli Jul 22 '13 at 09:46