Add TrustAllCertificates in CRT S3 Client options

Author: joviegas

.changes/next-release/feature-AWSSDKforJavav2-e102314.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS SDK for Java v2",
+    "contributor": "",
+    "description": "API to Add TrustAllCertificates in CRT S3 Client options for test purposes"
+}

services/s3/src/main/java/software/amazon/awssdk/services/s3/crt/S3CrtHttpConfiguration.java

@@ -38,11 +38,13 @@ public final class S3CrtHttpConfiguration implements ToCopyableBuilder<S3CrtHttp
     private final Duration connectionTimeout;
     private final S3CrtProxyConfiguration proxyConfiguration;
     private final S3CrtConnectionHealthConfiguration healthConfiguration;
+    private final Boolean shouldTrustAllCertificates;
 
     private S3CrtHttpConfiguration(DefaultBuilder builder) {
         this.connectionTimeout = builder.connectionTimeout;
         this.proxyConfiguration = builder.proxyConfiguration;
         this.healthConfiguration = builder.healthConfiguration;
+        this.shouldTrustAllCertificates = builder.shouldTrustAllCertificates;
     }
 
     /**
@@ -73,6 +75,13 @@ public S3CrtConnectionHealthConfiguration healthConfiguration() {
         return healthConfiguration;
     }
 
+    /**
+     * Return the configured {@link Builder#shouldTrustAllCertificates}.
+     */
+    public Boolean shouldTrustAllCertificates() {
+        return shouldTrustAllCertificates;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -90,14 +99,18 @@ public boolean equals(Object o) {
         if (!Objects.equals(proxyConfiguration, that.proxyConfiguration)) {
             return false;
         }
-        return Objects.equals(healthConfiguration, that.healthConfiguration);
+        if (!Objects.equals(healthConfiguration, that.healthConfiguration)) {
+            return false;
+        }
+        return Objects.equals(shouldTrustAllCertificates, that.shouldTrustAllCertificates);
     }
 
     @Override
     public int hashCode() {
         int result = connectionTimeout != null ? connectionTimeout.hashCode() : 0;
         result = 31 * result + (proxyConfiguration != null ? proxyConfiguration.hashCode() : 0);
         result = 31 * result + (healthConfiguration != null ? healthConfiguration.hashCode() : 0);
+        result = 31 * result + (shouldTrustAllCertificates != null ? shouldTrustAllCertificates.hashCode() : 0);
         return result;
     }
 
@@ -115,6 +128,19 @@ public interface Builder extends CopyableBuilder<S3CrtHttpConfiguration.Builder,
          */
         Builder connectionTimeout(Duration connectionTimeout);
 
+
+        /**
+         * <p>
+         *     Option to disable SSL cert validation and SSL host name verification.
+         *     This turns off x.509 validation.
+         *     By default, this option is off.
+         *     Only enable this option for testing purposes.
+         * </p>
+         * @param shouldTrustAllCertificates True if SSL cert validation is disabled.
+         * @return The builder of the method chaining.
+         */
+        Builder shouldTrustAllCertificates(Boolean shouldTrustAllCertificates);
+
         /**
          * Sets the http proxy configuration to use for this client.
          *
@@ -165,6 +191,7 @@ Builder connectionHealthConfiguration(Consumer<S3CrtConnectionHealthConfiguratio
     private static final class DefaultBuilder implements Builder {
         private S3CrtConnectionHealthConfiguration healthConfiguration;
         private Duration connectionTimeout;
+        private Boolean shouldTrustAllCertificates;
         private S3CrtProxyConfiguration proxyConfiguration;
 
         private DefaultBuilder() {
@@ -174,6 +201,7 @@ private DefaultBuilder(S3CrtHttpConfiguration httpConfiguration) {
             this.healthConfiguration = httpConfiguration.healthConfiguration;
             this.connectionTimeout = httpConfiguration.connectionTimeout;
             this.proxyConfiguration = httpConfiguration.proxyConfiguration;
+            this.shouldTrustAllCertificates = httpConfiguration.shouldTrustAllCertificates;
         }
 
         @Override
@@ -182,6 +210,12 @@ public Builder connectionTimeout(Duration connectionTimeout) {
             return this;
         }
 
+        @Override
+        public Builder shouldTrustAllCertificates(Boolean shouldTrustAllCertificates) {
+            this.shouldTrustAllCertificates = shouldTrustAllCertificates;
+            return this;
+        }
+
         @Override
         public Builder proxyConfiguration(S3CrtProxyConfiguration proxyConfiguration) {
             this.proxyConfiguration = proxyConfiguration;

services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/crt/S3NativeClientConfiguration.java

@@ -67,6 +67,11 @@ public S3NativeClientConfiguration(Builder builder) {
         TlsContextOptions clientTlsContextOptions =
             TlsContextOptions.createDefaultClient()
                              .withCipherPreference(TlsCipherPreference.TLS_CIPHER_SYSTEM_DEFAULT);
+
+        if (builder.httpConfiguration != null
+            && builder.httpConfiguration.shouldTrustAllCertificates() != null) {
+            clientTlsContextOptions.withVerifyPeer(!builder.httpConfiguration.shouldTrustAllCertificates());
+        }
         this.tlsContext = new TlsContext(clientTlsContextOptions);
         this.credentialProviderAdapter =
             builder.credentialsProvider == null ?
@@ -175,6 +180,7 @@ public static final class Builder {
         private Integer maxConcurrency;
         private URI endpointOverride;
         private Boolean checksumValidationEnabled;
+
         private S3CrtHttpConfiguration httpConfiguration;
         private StandardRetryOptions standardRetryOptions;