Add insecure SSLContext

Author: swallez

java-client/src/main/java/co/elastic/clients/elasticsearch/_helpers/builders/ElasticsearchClientBuilderBase.java

@@ -121,13 +121,20 @@ public ElasticsearchClientBuilderBase<T> apiKey(String apiKey) {
 
     /**
      * Set the SSL context. See {@link co.elastic.clients.transport.TransportUtils} to create it
-     * from certificate files or fingerprint.
+     * from certificate files or a certificate fingerprint.
+     *
+     * @see co.elastic.clients.transport.TransportUtils
      */
     public ElasticsearchClientBuilderBase<T> sslContext(SSLContext sslContext) {
         this.sslContext = sslContext;
         return this;
     }
 
+    public ElasticsearchClientBuilderBase<T> setHosts(List<URI> hosts) {
+        this.hosts = hosts;
+        return this;
+    }
+
     /**
      * Set the JSON mapper.
      */

java-client/src/main/java/co/elastic/clients/transport/TransportUtils.java

@@ -26,6 +26,7 @@
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -144,4 +145,40 @@ public X509Certificate[] getAcceptedIssuers() {
             throw new RuntimeException(e);
         }
     }
+
+    /**
+     * Returns an <b>insecure</b> SSLContext that will accept any server certificate.
+     * <p>
+     * <b>Use with care as it allows man-in-the-middle attacks.</b>
+     */
+    public static SSLContext insecureSSLContext() {
+        SSLContext result;
+
+        X509TrustManager trustManager = new X509TrustManager() {
+            @Override
+            public void checkClientTrusted(X509Certificate[] certs, String authType) {
+                // Accept anything
+            }
+
+            @Override
+            public void  checkServerTrusted(X509Certificate[] certs, String authType) {
+                // Accept anything
+            }
+
+            @Override
+            public X509Certificate[] getAcceptedIssuers() {
+                return new X509Certificate[0];
+            }
+        };
+
+        try {
+            result = SSLContext.getInstance("SSL");
+            result.init(null, new X509TrustManager[] { trustManager }, null);
+        } catch (GeneralSecurityException e) {
+            // An exception here means SSL is not supported, which is unlikely
+            throw new RuntimeException(e);
+        }
+
+        return result;
+    }
 }

java-client/src/test/java/co/elastic/clients/transport/TransportUtilsTest.java

@@ -77,6 +77,10 @@ public void testCaCertificate() throws Exception {
         );
     }
 
+    @Test void testInsecureContext() throws Exception {
+        checkConnection(TransportUtils.insecureSSLContext());
+    }
+
     private void checkConnection(SSLContext sslContext) throws Exception {
         var server = ElasticsearchTestServer.global();
         var esClient = ElasticsearchTestClient.createClient(server.url(), null, sslContext);