fix problem with SSL Client Auth. and ConnectionPools

1 files changed, 41 insertions, 14 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
index d1cde6fa..a8cfa7c1 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -23,7 +23,11 @@ import org.apache.http.client.CredentialsProvider;
 import org.apache.http.client.RedirectStrategy;
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
 import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.BasicCredentialsProvider;
@@ -62,6 +66,8 @@ public class HttpClientFactory implements IHttpClientFactory {
 	public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH = "client.auth.ssl.keystore.path";
 	public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD = "client.auth.ssl.keystore.password";
 	public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = "client.auth.ssl.keystore.type";
+	public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = "client.auth.ssl.key.password";
+	public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = "client.auth.ssl.key.alias";
 	
 	// default configuration values
 	public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15";
@@ -199,9 +205,6 @@ public class HttpClientFactory implements IHttpClientFactory {
 											.build();		
 		httpClientBuilder.setDefaultRequestConfig(requestConfig);
 				
-		//set  pool connection if required
-		injectConnectionPoolIfRequired();
-		
 		ClientAuthMode clientAuthMode = ClientAuthMode.fromString(
 				basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, ClientAuthMode.NONE.getMode()));
 		if (clientAuthMode == null) {
@@ -215,7 +218,11 @@ public class HttpClientFactory implements IHttpClientFactory {
 		injectBasicAuthenticationIfRequired(clientAuthMode);
 				
 		//inject authentication if required
-		injectSSLContext(clientAuthMode);
+		final LayeredConnectionSocketFactory sslConnectionFactory = getSSLContext(clientAuthMode);
+		
+		//set  pool connection if required
+		injectConnectionPoolIfRequired(sslConnectionFactory);
+				
 				
 	}
 
@@ -247,7 +254,7 @@ public class HttpClientFactory implements IHttpClientFactory {
 	private SSLContext buildSSLContextWithSSLClientAuthentication() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, EAAFConfigurationException  {
 		log.trace("Injecting SSL client-authentication into http client ... ");				
 		final KeyStore keystore = getSSLAuthKeyStore();
-		final String keyPasswordString = basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD);
+		final String keyPasswordString = basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);
 		log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
 		final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray() : keyPasswordString.toCharArray();
 		return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();
@@ -295,7 +302,7 @@ public class HttpClientFactory implements IHttpClientFactory {
 				
 	}
 
-	private void injectSSLContext(ClientAuthMode clientAuthMode) {				
+	private LayeredConnectionSocketFactory getSSLContext(ClientAuthMode clientAuthMode) {				
 		SSLContext sslContext = null;		
 		try {
 			if (clientAuthMode.equals(ClientAuthMode.SSL)) {
@@ -316,37 +323,57 @@ public class HttpClientFactory implements IHttpClientFactory {
 				log.warn("HTTP client-builder deactivates SSL Host-name verification!");
 				
 			}
-			
+						
 			final LayeredConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext , hostnameVerifier);						
-			httpClientBuilder.setSSLSocketFactory(sslSocketFactory );
 			
+			return sslSocketFactory;
+						
 		} catch (final NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | EAAFConfigurationException e) {
 			log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
-			
+						
 		}
 		
 		log.info("HTTP client-builder successfuly initialized");
+		return null;
 		
 	}
 
-	private void injectConnectionPoolIfRequired() {
+	private void injectConnectionPoolIfRequired(LayeredConnectionSocketFactory sslConnectionFactory) {
 		if (basicConfig.getBasicConfigurationBoolean(
 				PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, 
 				true)) {
-			final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager();
+			PoolingHttpClientConnectionManager pool;
+			
+			//set socketFactoryRegistry if SSLConnectionFactory is Set
+			if (sslConnectionFactory != null) {
+				final Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+			        .register("http", PlainConnectionSocketFactory.getSocketFactory())
+			        .register("https", sslConnectionFactory)
+			        .build();
+				log.trace("Inject SSLSocketFactory into pooled connection");			
+				pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
+				
+			} else {
+				pool = new PoolingHttpClientConnectionManager();
+				
+			}
+			
 			pool.setDefaultMaxPerRoute(Integer.valueOf(basicConfig.getBasicConfiguration(
 					PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, 
 					DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));			
 			pool.setMaxTotal(Integer.valueOf(basicConfig.getBasicConfiguration(
 					PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, 
 					DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
-			
-			
-			
+									
 			httpClientBuilder.setConnectionManager(pool);
 			log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), pool.getDefaultMaxPerRoute());
 					
+		} else if (sslConnectionFactory != null) {
+			log.trace("Inject SSLSocketFactory without connection pool");
+			httpClientBuilder.setSSLSocketFactory(sslConnectionFactory );
+			
 		}
+			
 		
 	}