diff options
| author | Thomas <> | 2024-03-27 14:33:10 +0100 |
|---|---|---|
| committer | Thomas <> | 2024-03-27 14:33:10 +0100 |
| commit | d233142006490a667d0d5b83e768fd27172e5122 (patch) | |
| tree | 995cfa6cf75ce1d2399326371ac556580fe70405 /eaaf_core_utils/src/main | |
| parent | cf96fc9847809b5aee2f37659fb6a1a3a6db0372 (diff) | |
| download | EAAF-Components-d233142006490a667d0d5b83e768fd27172e5122.tar.gz EAAF-Components-d233142006490a667d0d5b83e768fd27172e5122.tar.bz2 EAAF-Components-d233142006490a667d0d5b83e768fd27172e5122.zip | |
fix(http): allow SSL host-certificate validation in any case
Before, it was only supported in case of SSL client authentication
Diffstat (limited to 'eaaf_core_utils/src/main')
| -rw-r--r-- | eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java | 4 | ||||
| -rw-r--r-- | eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java | 28 |
2 files changed, 30 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index 5e8edfa3..f929c7eb 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -37,7 +37,6 @@ import org.apache.hc.core5.http.config.RegistryBuilder; import org.apache.hc.core5.http.io.SocketConfig; import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.hc.core5.pool.PoolConcurrencyPolicy; -import org.apache.hc.core5.ssl.SSLContexts; import org.apache.hc.core5.util.TimeValue; import org.springframework.beans.factory.annotation.Autowired; @@ -319,7 +318,8 @@ public class HttpClientFactory implements IHttpClientFactory { } else { log.trace("Initializing default SSL Context ... "); - sslContext = SSLContexts.createDefault(); + sslContext = HttpUtils.buildSslContext(httpClientConfig.isDisableTlsHostCertificateValidation(), + httpClientConfig.getFriendlyName()); } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index d26672f2..491d641f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -258,6 +258,34 @@ public class HttpUtils { } /** + * Initialize a {@link SSLContext} + * + * @param trustAllServerCertificates Deactivate SSL server-certificate + * validation + * @param friendlyName FriendlyName of the http client for logging + * purposes + * @return {@link SSLContext} with X509 client authentication + * @throws EaafConfigurationException In case of a configuration error + * @throws EaafFactoryException In case of a {@link SSLContext} + * initialization error + */ + public static SSLContext buildSslContext( + boolean trustAllServerCertificates, @Nonnull String friendlyName) + throws EaafConfigurationException, EaafFactoryException { + try { + EaafSslContextBuilder sslContextBuilder = EaafSslContextBuilder.create(); + + injectTrustStore(sslContextBuilder, null, trustAllServerCertificates, friendlyName); + + return sslContextBuilder.build(); + + } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { + throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); + + } + } + + /** * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client * authentication. * |