summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-10-08 13:03:28 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-10-08 13:03:28 +0200
commitfe41a2e6e0e2b9eb37515a63ff84aff827733386 (patch)
tree2f9f119a69d663943bc9efb5289b8a5962aeeb65
parenta33be2d176e30e929ad043f9a31b2f55f4738202 (diff)
downloadEAAF-Components-fe41a2e6e0e2b9eb37515a63ff84aff827733386.tar.gz
EAAF-Components-fe41a2e6e0e2b9eb37515a63ff84aff827733386.tar.bz2
EAAF-Components-fe41a2e6e0e2b9eb37515a63ff84aff827733386.zip
fix problem with SSL Client Auth. and ConnectionPools
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java55
1 files changed, 41 insertions, 14 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
index d1cde6fa..a8cfa7c1 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -23,7 +23,11 @@ import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.RedirectStrategy;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
@@ -62,6 +66,8 @@ public class HttpClientFactory implements IHttpClientFactory {
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH = "client.auth.ssl.keystore.path";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD = "client.auth.ssl.keystore.password";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE = "client.auth.ssl.keystore.type";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = "client.auth.ssl.key.password";
+ public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_ALIAS = "client.auth.ssl.key.alias";
// default configuration values
public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "15";
@@ -199,9 +205,6 @@ public class HttpClientFactory implements IHttpClientFactory {
.build();
httpClientBuilder.setDefaultRequestConfig(requestConfig);
- //set pool connection if required
- injectConnectionPoolIfRequired();
-
ClientAuthMode clientAuthMode = ClientAuthMode.fromString(
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_MODE, ClientAuthMode.NONE.getMode()));
if (clientAuthMode == null) {
@@ -215,7 +218,11 @@ public class HttpClientFactory implements IHttpClientFactory {
injectBasicAuthenticationIfRequired(clientAuthMode);
//inject authentication if required
- injectSSLContext(clientAuthMode);
+ final LayeredConnectionSocketFactory sslConnectionFactory = getSSLContext(clientAuthMode);
+
+ //set pool connection if required
+ injectConnectionPoolIfRequired(sslConnectionFactory);
+
}
@@ -247,7 +254,7 @@ public class HttpClientFactory implements IHttpClientFactory {
private SSLContext buildSSLContextWithSSLClientAuthentication() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, EAAFConfigurationException {
log.trace("Injecting SSL client-authentication into http client ... ");
final KeyStore keystore = getSSLAuthKeyStore();
- final String keyPasswordString = basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD);
+ final String keyPasswordString = basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);
log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray() : keyPasswordString.toCharArray();
return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();
@@ -295,7 +302,7 @@ public class HttpClientFactory implements IHttpClientFactory {
}
- private void injectSSLContext(ClientAuthMode clientAuthMode) {
+ private LayeredConnectionSocketFactory getSSLContext(ClientAuthMode clientAuthMode) {
SSLContext sslContext = null;
try {
if (clientAuthMode.equals(ClientAuthMode.SSL)) {
@@ -316,37 +323,57 @@ public class HttpClientFactory implements IHttpClientFactory {
log.warn("HTTP client-builder deactivates SSL Host-name verification!");
}
-
+
final LayeredConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext , hostnameVerifier);
- httpClientBuilder.setSSLSocketFactory(sslSocketFactory );
+ return sslSocketFactory;
+
} catch (final NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException | EAAFConfigurationException e) {
log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
-
+
}
log.info("HTTP client-builder successfuly initialized");
+ return null;
}
- private void injectConnectionPoolIfRequired() {
+ private void injectConnectionPoolIfRequired(LayeredConnectionSocketFactory sslConnectionFactory) {
if (basicConfig.getBasicConfigurationBoolean(
PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
true)) {
- final PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager();
+ PoolingHttpClientConnectionManager pool;
+
+ //set socketFactoryRegistry if SSLConnectionFactory is Set
+ if (sslConnectionFactory != null) {
+ final Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+ .register("http", PlainConnectionSocketFactory.getSocketFactory())
+ .register("https", sslConnectionFactory)
+ .build();
+ log.trace("Inject SSLSocketFactory into pooled connection");
+ pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
+
+ } else {
+ pool = new PoolingHttpClientConnectionManager();
+
+ }
+
pool.setDefaultMaxPerRoute(Integer.valueOf(basicConfig.getBasicConfiguration(
PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
pool.setMaxTotal(Integer.valueOf(basicConfig.getBasicConfiguration(
PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
-
-
-
+
httpClientBuilder.setConnectionManager(pool);
log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), pool.getDefaultMaxPerRoute());
+ } else if (sslConnectionFactory != null) {
+ log.trace("Inject SSLSocketFactory without connection pool");
+ httpClientBuilder.setSSLSocketFactory(sslConnectionFactory );
+
}
+
}