aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactory.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactory.java')
-rw-r--r--src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactory.java104
1 files changed, 104 insertions, 0 deletions
diff --git a/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactory.java b/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactory.java
new file mode 100644
index 0000000..ca57a64
--- /dev/null
+++ b/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactory.java
@@ -0,0 +1,104 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.pnfsimulator.simulator.client.utils.ssl;
+
+import io.vavr.control.Try;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+class HttpClientFactory {
+ private static final int CONNECTION_TIMEOUT = 1000;
+ private static final RequestConfig CONFIG = RequestConfig.custom()
+ .setConnectTimeout(CONNECTION_TIMEOUT)
+ .setConnectionRequestTimeout(CONNECTION_TIMEOUT)
+ .setSocketTimeout(CONNECTION_TIMEOUT)
+ .build();
+ private static final Logger LOGGER = LoggerFactory.getLogger(HttpClientFactory.class);
+ private final SSLContextFactory sslContextFactory;
+
+ HttpClientFactory(SSLContextFactory sslContextFactory) {
+ this.sslContextFactory = sslContextFactory;
+ }
+
+ HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException {
+ HttpClient client;
+ if (!sslAuthenticationHelper.isClientCertificateEnabled()) {
+ client = "https".equals(new URL(url).getProtocol()) ? createForHttps() : createBasic();
+ } else if (sslAuthenticationHelper.isStrictHostnameVerification()) {
+ client = createSecured(sslContextFactory.create(sslAuthenticationHelper), new DefaultHostnameVerifier());
+ } else {
+ client = createSecured(sslContextFactory.create(sslAuthenticationHelper), new NoopHostnameVerifier());
+ }
+ return client;
+ }
+
+ private HttpClient createForHttps() {
+ return Try.of(this::createSecuredTrustAlways)
+ .onFailure(this::logErrorMessage)
+ .getOrElse(createBasic());
+ }
+
+ private void logErrorMessage(Throwable e) {
+ String message = String.format(
+ "Could not initialize client due to SSL exception: %s. " +
+ "Default client without SSL support will be used instead." +
+ "\nCause: %s",
+ e.getMessage(),
+ e.getCause()
+ );
+ LOGGER.error(message, e);
+ }
+
+
+ private HttpClient createBasic() {
+ return HttpClientBuilder
+ .create()
+ .setDefaultRequestConfig(CONFIG)
+ .build();
+ }
+
+ private HttpClient createSecuredTrustAlways() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+ return createSecured(sslContextFactory.createTrustAlways(), new NoopHostnameVerifier());
+ }
+
+ private HttpClient createSecured(SSLContext trustAlways, HostnameVerifier hostnameVerifier) {
+ return HttpClients.custom()
+ .setSSLContext(trustAlways)
+ .setDefaultRequestConfig(CONFIG)
+ .setSSLHostnameVerifier(hostnameVerifier)
+ .build();
+ }
+}