summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFServiceException.java30
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolResponseExceptions.java14
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java121
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java62
4 files changed, 227 insertions, 0 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFServiceException.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFServiceException.java
new file mode 100644
index 00000000..309834a2
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/EAAFServiceException.java
@@ -0,0 +1,30 @@
+package at.gv.egiz.eaaf.core.exceptions;
+
+import org.springframework.lang.NonNull;
+
+public abstract class EAAFServiceException extends EAAFException {
+
+ private static final long serialVersionUID = -867758153828290337L;
+
+ public EAAFServiceException(String errorId, Object[] params) {
+ super(errorId, params);
+
+ }
+
+ public EAAFServiceException(String errorId, Object[] params, Throwable e) {
+ super(errorId, params, e);
+
+ }
+
+ /**
+ * Get a textual identifier of the service that throws this exception
+ *
+ * @return
+ */
+ @NonNull
+ protected abstract String getServiceIdentifier();
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolResponseExceptions.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolResponseExceptions.java
new file mode 100644
index 00000000..194505d3
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/exceptions/ProtocolResponseExceptions.java
@@ -0,0 +1,14 @@
+package at.gv.egiz.eaaf.core.exceptions;
+
+public class ProtocolResponseExceptions extends EAAFProtocolException {
+
+ private static final long serialVersionUID = -7866198705324084601L;
+
+ public ProtocolResponseExceptions(String internalMsgId, Object[] params) {
+ super(internalMsgId, params);
+ }
+
+ public ProtocolResponseExceptions(String internalMsgId, Object[] params, Throwable e) {
+ super(internalMsgId, params, e);
+ }
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
new file mode 100644
index 00000000..6f6f9f49
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -0,0 +1,121 @@
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.annotation.PostConstruct;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+
+@Service
+public class HttpClientFactory {
+ private static final Logger log = LoggerFactory.getLogger(HttpClientFactory.class);
+ @Autowired(required=true) private IConfiguration basicConfig;
+
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = "client.http.connection.pool.use";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "client.http.connection.pool.maxtotal";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "client.http.connection.pool.maxperroute";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "client.http.connection.timeout.socket";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "client.http.connection.timeout.connection";
+ public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "client.http.connection.timeout.request";
+ public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL = "client.http.ssl.hostnameverifier.trustall";
+
+ // default configuration values
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET = "300";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION = "300";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "1500";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500";
+ public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100";
+
+ private HttpClientBuilder httpClientBuilder = null;
+
+ /**
+ * Return an instance of a Apache HTTP client
+ *
+ * @return
+ */
+ public CloseableHttpClient getHttpClient() {
+ return httpClientBuilder.build();
+
+ }
+
+
+ @PostConstruct
+ private void initalize() {
+ //initialize http client
+ log.trace("Initializing HTTP Client-builder ... ");
+ HttpClientBuilder httpClientBuilder = HttpClients.custom();
+
+ //set default request configuration
+ RequestConfig requestConfig = RequestConfig.custom()
+ .setConnectTimeout(Integer.valueOf(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_CONNECTION)) * 1000)
+ .setConnectionRequestTimeout(Integer.valueOf(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST)) * 1000)
+ .setSocketTimeout(Integer.valueOf(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) * 1000)
+ .build();
+ httpClientBuilder.setDefaultRequestConfig(requestConfig);
+
+ //set pool connection if requested
+ if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE,
+ true)) {
+ PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager();
+ pool.setDefaultMaxPerRoute(Integer.valueOf(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE)));
+ pool.setMaxTotal(Integer.valueOf(basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL,
+ DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL)));
+
+
+
+ httpClientBuilder.setConnectionManager(pool);
+ log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), pool.getDefaultMaxPerRoute());
+
+ }
+
+ try {
+ log.trace("Initializing SSL Context ... ");
+ SSLContext sslContext = SSLContext.getDefault();
+ HostnameVerifier hostnameVerifier = null;
+ if (basicConfig.getBasicMOAIDConfigurationBoolean(
+ PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL,
+ false)) {
+ hostnameVerifier = new NoopHostnameVerifier();
+ log.warn("HTTP client-builder deactivates SSL Host-name verification!");
+ }
+
+ LayeredConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext , hostnameVerifier);
+ httpClientBuilder.setSSLSocketFactory(sslSocketFactory );
+
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
+
+ }
+
+
+ log.info("HTTP client-builder successfuly initialized");
+
+ }
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java
new file mode 100644
index 00000000..b3fb42c4
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java
@@ -0,0 +1,62 @@
+package at.gv.egiz.eaaf.core.impl.utils;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+public class X509Utils {
+
+ /**
+ * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname,
+ * the last Element should be the Root Certificate.
+ *
+ * @param certs
+ * The first element must be the correct one.
+ * @return sorted Certificate Chain
+ */
+ public static List<X509Certificate> sortCertificates(
+ List<X509Certificate> certs)
+ {
+ int length = certs.size();
+ if (certs.size() <= 1)
+ {
+ return certs;
+ }
+
+ for (X509Certificate cert : certs)
+ {
+ if (cert == null)
+ {
+ throw new NullPointerException();
+ }
+ }
+
+ for (int i = 0; i < length; i++)
+ {
+ boolean found = false;
+ X500Principal issuer = certs.get(i).getIssuerX500Principal();
+ for (int j = i + 1; j < length; j++)
+ {
+ X500Principal subject = certs.get(j).getSubjectX500Principal();
+ if (issuer.equals(subject))
+ {
+ // sorting necessary?
+ if (i + 1 != j)
+ {
+ X509Certificate tmp = certs.get(i + 1);
+ certs.set(i + 1, certs.get(j));
+ certs.set(j, tmp);
+ }
+ found = true;
+ }
+ }
+ if (!found)
+ {
+ break;
+ }
+ }
+
+ return certs;
+ }
+}