summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-03-31 18:15:49 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-03-31 18:15:49 +0200
commitccef126ae469181b9a4a15ea16d0ab0ffa22621e (patch)
tree937fb98c9288ad35dbd904dc2954c43a5b5e2fac /eaaf_core_utils/src
parentfc360a112b7e4714edde1ad9bd44f6397b4e7449 (diff)
downloadEAAF-Components-ccef126ae469181b9a4a15ea16d0ab0ffa22621e.tar.gz
EAAF-Components-ccef126ae469181b9a4a15ea16d0ab0ffa22621e.tar.bz2
EAAF-Components-ccef126ae469181b9a4a15ea16d0ab0ffa22621e.zip
change default SSLContext factory to Apache HTTP-Client based version
Diffstat (limited to 'eaaf_core_utils/src')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java59
1 files changed, 24 insertions, 35 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
index 58d7e7b2..00d5891a 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -1,7 +1,6 @@
package at.gv.egiz.eaaf.core.impl.http;
import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
@@ -35,12 +34,12 @@ import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import lombok.extern.slf4j.Slf4j;
@@ -53,8 +52,6 @@ public class HttpClientFactory implements IHttpClientFactory {
@Autowired
private EaafKeyStoreFactory keyStoreFactory;
- private static final String ERROR_03 = "internal.httpclient.03";
-
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
"client.http.connection.pool.use";
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL =
@@ -238,43 +235,35 @@ public class HttpClientFactory implements IHttpClientFactory {
private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig)
throws EaafException {
SSLContext sslContext = null;
- try {
- if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
- log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
- final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
- .getFirst();
-
- log.trace("Injecting SSL client-authentication into http client ... ");
- sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
- httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
- httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
-
- } else {
- log.trace("Initializing default SSL Context ... ");
- sslContext = SSLContext.getDefault();
-
- }
+ if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
+ log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
+ .getFirst();
- // set hostname verifier
- HostnameVerifier hostnameVerifier = null;
- if (httpClientConfig.isDisableHostnameValidation()) {
- hostnameVerifier = new NoopHostnameVerifier();
- log.warn("HTTP client-builder deactivates SSL Host-name verification!");
+ log.trace("Injecting SSL client-authentication into http client ... ");
+ sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
+ httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
+ httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
- }
-
- final LayeredConnectionSocketFactory sslSocketFactory =
- new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
- log.debug("HTTP client-builder successfuly initialized");
- return sslSocketFactory;
+ } else {
+ log.trace("Initializing default SSL Context ... ");
+ sslContext = SSLContexts.createDefault();
+
+ }
- } catch (final NoSuchAlgorithmException e) {
- log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
- throw new EaafFactoryException(ERROR_03, new Object[] {
- httpClientConfig.getFriendlyName(), e.getMessage()}, e);
+ // set hostname verifier
+ HostnameVerifier hostnameVerifier = null;
+ if (httpClientConfig.isDisableHostnameValidation()) {
+ hostnameVerifier = new NoopHostnameVerifier();
+ log.warn("HTTP client-builder deactivates SSL Host-name verification!");
}
+ final LayeredConnectionSocketFactory sslSocketFactory =
+ new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+ log.debug("HTTP client-builder successfuly initialized");
+ return sslSocketFactory;
+
}
private void injectDefaultConnectionPoolIfRequired(