Github user whhe commented on a diff in the pull request: https://github.com/apache/incubator-griffin/pull/441#discussion_r227194519 --- Diff: service/src/main/java/org/apache/griffin/core/login/ldap/SelfSignedSocketFactory.java --- @@ -0,0 +1,100 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package org.apache.griffin.core.login.ldap; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +/** + * SocketFactory ignoring insecure (self-signed, expired) certificates. + * + * Maintains internal {@code SSLSocketFactory} configured with {@code NoopTrustManager}. + * All SocketFactory methods are proxied to internal SSLSocketFactory instance. + * Accepts all client and server certificates, from any issuers. + */ +public class SelfSignedSocketFactory extends SocketFactory { + private SSLSocketFactory sf; + + private SelfSignedSocketFactory() throws Exception { + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(null, new TrustManager[]{new NoopTrustManager()}, null); + sf = ctx.getSocketFactory(); + } + + /** + * Part of SocketFactory contract, used by javax.net internals to create new instance. + */ + public static SocketFactory getDefault() { + try { + return new SelfSignedSocketFactory(); + } catch (Exception e) { + throw new RuntimeException(e); --- End diff -- It is not recommended to throw RuntimeException directly in Griffin, maybe you can use ServiceException from GriffinException class instead.
---