From ccef126ae469181b9a4a15ea16d0ab0ffa22621e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 31 Mar 2020 18:15:49 +0200 Subject: change default SSLContext factory to Apache HTTP-Client based version --- .../eaaf/core/impl/http/HttpClientFactory.java | 59 +++++++++------------- 1 file changed, 24 insertions(+), 35 deletions(-) (limited to 'eaaf_core_utils') diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index 58d7e7b2..00d5891a 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -1,7 +1,6 @@ package at.gv.egiz.eaaf.core.impl.http; import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; import java.util.HashMap; import java.util.Map; @@ -35,12 +34,12 @@ import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; +import org.apache.http.ssl.SSLContexts; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import lombok.extern.slf4j.Slf4j; @@ -53,8 +52,6 @@ public class HttpClientFactory implements IHttpClientFactory { @Autowired private EaafKeyStoreFactory keyStoreFactory; - private static final String ERROR_03 = "internal.httpclient.03"; - public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = "client.http.connection.pool.use"; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = @@ -238,43 +235,35 @@ public class HttpClientFactory implements IHttpClientFactory { private LayeredConnectionSocketFactory getSslContext(final HttpClientConfiguration httpClientConfig) throws EaafException { SSLContext sslContext = null; - try { - if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { - log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); - final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) - .getFirst(); - - log.trace("Injecting SSL client-authentication into http client ... "); - sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, - httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(), - httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName()); - - } else { - log.trace("Initializing default SSL Context ... "); - sslContext = SSLContext.getDefault(); - - } + if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { + log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); + final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) + .getFirst(); - // set hostname verifier - HostnameVerifier hostnameVerifier = null; - if (httpClientConfig.isDisableHostnameValidation()) { - hostnameVerifier = new NoopHostnameVerifier(); - log.warn("HTTP client-builder deactivates SSL Host-name verification!"); + log.trace("Injecting SSL client-authentication into http client ... "); + sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, + httpClientConfig.getSslKeyAlias(), httpClientConfig.getSslKeyPassword(), + httpClientConfig.isDisableTlsHostCertificateValidation(), httpClientConfig.getFriendlyName()); - } - - final LayeredConnectionSocketFactory sslSocketFactory = - new SSLConnectionSocketFactory(sslContext, hostnameVerifier); - log.debug("HTTP client-builder successfuly initialized"); - return sslSocketFactory; + } else { + log.trace("Initializing default SSL Context ... "); + sslContext = SSLContexts.createDefault(); + + } - } catch (final NoSuchAlgorithmException e) { - log.warn("HTTP client-builder can NOT initialze SSL-Context", e); - throw new EaafFactoryException(ERROR_03, new Object[] { - httpClientConfig.getFriendlyName(), e.getMessage()}, e); + // set hostname verifier + HostnameVerifier hostnameVerifier = null; + if (httpClientConfig.isDisableHostnameValidation()) { + hostnameVerifier = new NoopHostnameVerifier(); + log.warn("HTTP client-builder deactivates SSL Host-name verification!"); } + final LayeredConnectionSocketFactory sslSocketFactory = + new SSLConnectionSocketFactory(sslContext, hostnameVerifier); + log.debug("HTTP client-builder successfuly initialized"); + return sslSocketFactory; + } private void injectDefaultConnectionPoolIfRequired( -- cgit v1.2.3