diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000..a8ee3f71 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,23 @@ +version: 2.1 +executors: + my-custom-executor: + docker: + - image: cimg/base:stable + auth: + # ensure you have first added these secrets + # visit app.circleci.com/settings/project/github/Dargon789/binance/environment-variables + username: $DOCKER_HUB_USER + password: $DOCKER_HUB_PASSWORD +jobs: + my-job-name: + + executor: my-custom-executor + steps: + - checkout + - run: | + # echo Hello, World! + +workflows: + my-custom-workflow: + jobs: + - my-job-name diff --git a/clients/common/src/main/java/com/binance/connector/client/common/ApiClient.java b/clients/common/src/main/java/com/binance/connector/client/common/ApiClient.java index d56da079..4c65ea36 100644 --- a/clients/common/src/main/java/com/binance/connector/client/common/ApiClient.java +++ b/clients/common/src/main/java/com/binance/connector/client/common/ApiClient.java @@ -1717,37 +1717,29 @@ private void applySslSettings() { try { TrustManager[] trustManagers; HostnameVerifier hostnameVerifier; + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); if (!verifyingSsl) { - trustManagers = - new TrustManager[] { - new X509TrustManager() { - @Override - public void checkClientTrusted( - java.security.cert.X509Certificate[] chain, String authType) - throws CertificateException {} - - @Override - public void checkServerTrusted( - java.security.cert.X509Certificate[] chain, String authType) - throws CertificateException {} - - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return new java.security.cert.X509Certificate[] {}; - } - } - }; - hostnameVerifier = - new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - }; + if (sslCaCert == null) { + throw new IllegalStateException("SSL verification is disabled, but no trusted certificate provided in sslCaCert. Refusing to trust all certificates for security reasons."); + } else { + char[] password = null; // Any password will work. + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + Collection certificates = + certificateFactory.generateCertificates(sslCaCert); + if (certificates.isEmpty()) { + throw new IllegalArgumentException( + "expected non-empty set of trusted certificates"); + } + KeyStore caKeyStore = newEmptyKeyStore(password); + int index = 0; + for (Certificate certificate : certificates) { + String certificateAlias = "ca" + (index++); + caKeyStore.setCertificateEntry(certificateAlias, certificate); + } + trustManagerFactory.init(caKeyStore); + } + hostnameVerifier = OkHostnameVerifier.INSTANCE; } else { - TrustManagerFactory trustManagerFactory = - TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - if (sslCaCert == null) { trustManagerFactory.init((KeyStore) null); } else { @@ -1767,8 +1759,9 @@ public boolean verify(String hostname, SSLSession session) { } trustManagerFactory.init(caKeyStore); } - trustManagers = trustManagerFactory.getTrustManagers(); hostnameVerifier = OkHostnameVerifier.INSTANCE; + trustManagers = trustManagerFactory.getTrustManagers(); + } SSLContext sslContext = SSLContext.getInstance("TLS");