1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/*
* ============LICENSE_START=======================================================
* PNF-REGISTRATION-HANDLER
* ================================================================================
* Copyright (C) 2020 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.pnfsimulator.simulator.client.utils.ssl;
import io.vavr.control.Try;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
class HttpClientFactory {
private static final int CONNECTION_TIMEOUT = 1000;
private static final RequestConfig CONFIG = RequestConfig.custom()
.setConnectTimeout(CONNECTION_TIMEOUT)
.setConnectionRequestTimeout(CONNECTION_TIMEOUT)
.setSocketTimeout(CONNECTION_TIMEOUT)
.build();
private static final Logger LOGGER = LoggerFactory.getLogger(HttpClientFactory.class);
private final SSLContextFactory sslContextFactory;
HttpClientFactory(SSLContextFactory sslContextFactory) {
this.sslContextFactory = sslContextFactory;
}
HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException {
HttpClient client;
if (!sslAuthenticationHelper.isClientCertificateEnabled()) {
client = "https".equals(new URL(url).getProtocol()) ? createForHttps() : createBasic();
} else if (sslAuthenticationHelper.isStrictHostnameVerification()) {
client = createSecured(sslContextFactory.create(sslAuthenticationHelper), new DefaultHostnameVerifier());
} else {
client = createSecured(sslContextFactory.create(sslAuthenticationHelper), new NoopHostnameVerifier());
}
return client;
}
private HttpClient createForHttps() {
return Try.of(this::createSecuredTrustAlways)
.onFailure(this::logErrorMessage)
.getOrElse(createBasic());
}
private void logErrorMessage(Throwable e) {
String message = String.format(
"Could not initialize client due to SSL exception: %s. " +
"Default client without SSL support will be used instead." +
"\nCause: %s",
e.getMessage(),
e.getCause()
);
LOGGER.error(message, e);
}
private HttpClient createBasic() {
return HttpClientBuilder
.create()
.setDefaultRequestConfig(CONFIG)
.build();
}
private HttpClient createSecuredTrustAlways() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
return createSecured(sslContextFactory.createTrustAlways(), new NoopHostnameVerifier());
}
private HttpClient createSecured(SSLContext trustAlways, HostnameVerifier hostnameVerifier) {
return HttpClients.custom()
.setSSLContext(trustAlways)
.setDefaultRequestConfig(CONFIG)
.setSSLHostnameVerifier(hostnameVerifier)
.build();
}
}
|