Remove code that trusts all certificates.

web/ojb-web-consent-management-service/src/main/java/org/ojbc/web/consentmanagement/service/SamlServiceImpl.java

@@ -75,45 +75,7 @@ Element retrieveAssertionFromShibboleth(HttpServletRequest request) throws Excep
 	{
 
 		LOG.info("Attempt to retrieve from Shibboleth.");
-
-
-		// Note: pulled this straight from Andrew's demo JSP that displays the assertion and http request...
-
-		/*
-		 *  fix for Exception in thread "main" javax.net.ssl.SSLHandshakeException:
-		 *       sun.security.validator.ValidatorException:
-		 *           PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
-		 *               unable to find valid certification path to requested target
-		 */
-		 TrustManager[] trustAllCerts = new TrustManager[]{
-				    new X509TrustManager() {
-				        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-				            return null;
-				        }
-				        public void checkClientTrusted(
-				            java.security.cert.X509Certificate[] certs, String authType) {
-				        }
-				        public void checkServerTrusted(
-				            java.security.cert.X509Certificate[] certs, String authType) {
-				        }
-				    }
-				};
-		SSLContext sc = SSLContext.getInstance("SSL");
-		sc.init(null, trustAllCerts, new java.security.SecureRandom());
-		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-
-		// Create all-trusting host name verifier
-		HostnameVerifier allHostsValid = new HostnameVerifier() {
-			@Override
-			public boolean verify(String arg0, SSLSession arg1) {
-				return true;  // andrew had this as false...dont know how that would work...
-			}
-		};
-		// Install the all-trusting host verifier
-		HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
-		/*
-		 * end of the fix
-		 */
+
 		 //Hard coded to pick up a single assertion...could loop through assertion headers if there will  be more than one
 		String assertionHttpHeaderName = request.getHeader("shib-assertion-01");
 		LOG.info("Loading assertion from: " + assertionHttpHeaderName);

web/ojb-web-portal/src/main/java/org/ojbc/web/portal/services/SamlServiceImpl.java

@@ -76,43 +76,6 @@ public Element getSamlAssertion(HttpServletRequest request) {
 	Element retrieveAssertionFromShibboleth(HttpServletRequest request) throws Exception
 	{
 		if (request == null) return null;
-		// Note: pulled this straight from Andrew's demo JSP that displays the assertion and http request...
-
-		/*
-		 *  fix for Exception in thread "main" javax.net.ssl.SSLHandshakeException:
-		 *       sun.security.validator.ValidatorException:
-		 *           PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
-		 *               unable to find valid certification path to requested target
-		 */
-		 TrustManager[] trustAllCerts = new TrustManager[]{
-				    new X509TrustManager() {
-				        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-				            return null;
-				        }
-				        public void checkClientTrusted(
-				            java.security.cert.X509Certificate[] certs, String authType) {
-				        }
-				        public void checkServerTrusted(
-				            java.security.cert.X509Certificate[] certs, String authType) {
-				        }
-				    }
-				};
-		SSLContext sc = SSLContext.getInstance("SSL");
-		sc.init(null, trustAllCerts, new java.security.SecureRandom());
-		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-
-		// Create all-trusting host name verifier
-		HostnameVerifier allHostsValid = new HostnameVerifier() {
-			@Override
-			public boolean verify(String arg0, SSLSession arg1) {
-				return true;  // andrew had this as false...dont know how that would work...
-			}
-		};
-		// Install the all-trusting host verifier
-		HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
-		/*
-		 * end of the fix
-		 */
 		 //Hard coded to pick up a single assertion...could loop through assertion headers if there will  be more than one
 		String assertionHttpHeaderName = request.getHeader("Shib-Assertion-01");
 		LOG.info("Loading assertion from: " + assertionHttpHeaderName);

web/ojb-web-util/src/main/java/org/ojbc/web/ShibbolethSamlAssertionRetriever.java

@@ -61,8 +61,6 @@ public class ShibbolethSamlAssertionRetriever {
      */
     public static final String retrieveAssertion(HttpServletRequest request) throws Exception {
 
-        fixCertificatePathError();
-
         String mode = request.getParameter(MODE_KEY);
 
         if (mode == null)
@@ -114,37 +112,4 @@ public static final String retrieveAssertion(HttpServletRequest request) throws
 
     }
 
-    private static void fixCertificatePathError() throws GeneralSecurityException {
-        /*
-         * fix for Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
-         * sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
-         */
-        TrustManager[] trustAllCerts = new TrustManager[] {
-            new X509TrustManager() {
-                public X509Certificate[] getAcceptedIssuers() {
-                    return null;
-                }
-
-                public void checkClientTrusted(X509Certificate[] certs, String authType) {
-                }
-
-                public void checkServerTrusted(X509Certificate[] certs, String authType) {
-                }
-            }
-        };
-        SSLContext sc = SSLContext.getInstance("SSL");
-        sc.init(null, trustAllCerts, new java.security.SecureRandom());
-        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-
-        // Create all-trusting host name verifier
-        HostnameVerifier allHostsValid = new HostnameVerifier() {
-            @Override
-            public boolean verify(String arg0, SSLSession arg1) {
-                return true;
-            }
-        };
-        // Install the all-trusting host verifier
-        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
-    }
-
 }