From 518839d9ade1e97d878e494903e088a5b0cf0359 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 4 Nov 2016 09:50:25 +0100 Subject: update Http client for MIS communication --- .../moa/id/commons/api/AuthConfiguration.java | 14 +++++ .../commons/utils/HttpClientWithProxySupport.java | 73 +++++++++++++++++----- 2 files changed, 70 insertions(+), 17 deletions(-) (limited to 'id/server/moa-id-commons/src/main') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java index 2a8f8727a..d2c827d55 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java @@ -11,7 +11,12 @@ import iaik.pki.revocation.RevocationSourceTypes; public interface AuthConfiguration extends ConfigurationProvider{ + public static final String PROP_KEY_SSL_HOSTNAME_VALIDATION = "configuration.ssl.validation.hostname"; + public static final String PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION = "service.onlinemandates.ssl.validation.hostname"; + public static final String DEFAULT_X509_CHAININGMODE = "pkix"; + + public Properties getGeneralPVP2ProperiesConfig(); @@ -187,4 +192,13 @@ public interface AuthConfiguration extends ConfigurationProvider{ * @return Array of {@link RevocationSourceTypes} values */ public String[] getRevocationMethodOrder(); + + /** + * Get a boolean value from basic MOA-ID configuration file + * + * @param key Configuration key + * @param defaultValue Default result + * @return returns the value of the configuration key, or the default value if the key is not set + */ + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java index 733c03bf0..7121c4a2a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/HttpClientWithProxySupport.java @@ -22,9 +22,20 @@ */ package at.gv.egovernment.moa.id.commons.utils; -import org.apache.commons.httpclient.HttpClient; -import org.apache.commons.httpclient.UsernamePasswordCredentials; -import org.apache.commons.httpclient.auth.AuthScope; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.http.HttpHost; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.CredentialsProvider; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,27 +46,55 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class HttpClientWithProxySupport { - public static HttpClient getHttpClient() { - HttpClient client = new HttpClient(); - + public static CloseableHttpClient getHttpClient(SSLSocketFactory sSLSocketFactory, boolean validateHostname) { + + HttpClientBuilder clientBuilder = HttpClients.custom(); + + //set proxy functionality String host = System.getProperty("http.proxyHost"); //$NON-NLS-1$ - String port = System.getProperty("http.proxyPort"); //$NON-NLS-1$ - if (MiscUtil.isNotEmpty(host) && - MiscUtil.isNotEmpty(port)) { - int p = Integer.parseInt(port); - client.getHostConfiguration().setProxy(host, p); + String port = System.getProperty("http.proxyPort"); //$NON-NLS-1$ + int p = -1; + + if (MiscUtil.isNotEmpty(host) && MiscUtil.isNotEmpty(port)) { + p = Integer.parseInt(port); + HttpHost proxy = null; + if (host.startsWith("https")) + proxy = new HttpHost(host, p, "https"); + else + proxy = new HttpHost(host, p, "http"); + + clientBuilder.setProxy(proxy); + Logger.info("Initial HTTPClient with proxy usage. " + "ProxyHost=" + host + " ProxyPort=" + port); - + String user = System.getProperty("http.proxyUser"); //$NON-NLS-1$ String pass = System.getProperty("http.proxyPassword"); //$NON-NLS-1$ - if (MiscUtil.isNotEmpty(user) && pass != null) { - client.getState().setProxyCredentials(new AuthScope(host, p), - new UsernamePasswordCredentials(user, pass)); + if (MiscUtil.isNotEmpty(user) && pass != null) { + CredentialsProvider credsProvider = new BasicCredentialsProvider(); + credsProvider.setCredentials(new AuthScope(host, p), new UsernamePasswordCredentials(user, pass)); } - } - return client; + } + + //set SSL context + if (sSLSocketFactory != null) { + HostnameVerifier hostnameVerifier = null; + + //set hostName validation filter + if (validateHostname) + hostnameVerifier = new DefaultHostnameVerifier(); + else + hostnameVerifier = new NoopHostnameVerifier(); + + clientBuilder.setSSLSocketFactory( + new SSLConnectionSocketFactory(sSLSocketFactory, hostnameVerifier)); + + } + + + + return clientBuilder.build(); } } -- cgit v1.2.3