From ccef126ae469181b9a4a15ea16d0ab0ffa22621e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 31 Mar 2020 18:15:49 +0200
Subject: change default SSLContext factory to Apache HTTP-Client based version

---
 .../eaaf/core/impl/http/HttpClientFactory.java     | 59 +++++++++-------------
 1 file changed, 24 insertions(+), 35 deletions(-)

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
index 58d7e7b2..00d5891a 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java
@@ -1,7 +1,6 @@
 package at.gv.egiz.eaaf.core.impl.http;
 
 import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -35,12 +34,12 @@ import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.SSLContexts;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
 import lombok.extern.slf4j.Slf4j;
@@ -53,8 +52,6 @@ public class HttpClientFactory implements IHttpClientFactory {
   @Autowired
   private EaafKeyStoreFactory keyStoreFactory;
 
-  private static final String ERROR_03 = "internal.httpclient.03";
-
   public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
       "client.http.connection.pool.use";
   public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL =
@@ -238,43 +235,35 @@ public class HttpClientFactory implements IHttpClientFactory {
   private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig)
       throws EaafException {
     SSLContext sslContext = null;
-    try {
-      if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
-        log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
-        final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
-            .getFirst();
-
-        log.trace("Injecting SSL client-authentication into http client ... ");
-        sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
-            httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
-            httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
-
-      } else {
-        log.trace("Initializing default SSL Context ... ");
-        sslContext = SSLContext.getDefault();
-
-      }
+    if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) {
+      log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType());
+      final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig())
+          .getFirst();
 
-      // set hostname verifier
-      HostnameVerifier hostnameVerifier = null;
-      if (httpClientConfig.isDisableHostnameValidation()) {
-        hostnameVerifier = new NoopHostnameVerifier();
-        log.warn("HTTP client-builder deactivates SSL Host-name verification!");
+      log.trace("Injecting SSL client-authentication into http client ... ");
+      sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore,
+          httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(),
+          httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName());
 
-      }
-
-      final LayeredConnectionSocketFactory sslSocketFactory =
-          new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
-      log.debug("HTTP client-builder successfuly initialized");
-      return sslSocketFactory;
+    } else {
+      log.trace("Initializing default SSL Context ... ");
+      sslContext = SSLContexts.createDefault();
+     
+    }
 
-    } catch (final NoSuchAlgorithmException e) {
-      log.warn("HTTP client-builder can NOT initialze SSL-Context", e);
-      throw new EaafFactoryException(ERROR_03, new Object[] {
-          httpClientConfig.getFriendlyName(), e.getMessage()}, e);
+    // set hostname verifier
+    HostnameVerifier hostnameVerifier = null;
+    if (httpClientConfig.isDisableHostnameValidation()) {
+      hostnameVerifier = new NoopHostnameVerifier();
+      log.warn("HTTP client-builder deactivates SSL Host-name verification!");
 
     }
 
+    final LayeredConnectionSocketFactory sslSocketFactory =
+        new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+    log.debug("HTTP client-builder successfuly initialized");
+    return sslSocketFactory;
+
   }
 
   private void injectDefaultConnectionPoolIfRequired(
-- 
cgit v1.2.3