Search in sources :

Example 1 with TrustStrategyTrustAll

use of com.helger.httpclient.security.TrustStrategyTrustAll in project phoss-directory by phax.

the class PDHttpClientSettings method resetToConfiguration.

/**
 * Overwrite all settings that can appear in the configuration file
 * "pd-client.properties".
 *
 * @param sTargetURI
 *        The target URI to connect to. Makes a difference if this is "http"
 *        or "https". May neither be <code>null</code> nor empty.
 */
public final void resetToConfiguration(@Nonnull @Nonempty final String sTargetURI) {
    ValueEnforcer.notEmpty(sTargetURI, "TargetURI");
    final boolean bUseHttps = EURLProtocol.HTTPS.isUsedInURL(sTargetURI);
    // Proxy host
    final String sProxyHost = PDClientConfiguration.getHttpProxyHost();
    final int nProxyPort = PDClientConfiguration.getHttpProxyPort();
    if (sProxyHost != null && nProxyPort > 0) {
        final HttpHost aProxyHost = new HttpHost(sProxyHost, nProxyPort);
        LOGGER.info("PD client uses proxy host " + aProxyHost);
        setProxyHost(aProxyHost);
    } else
        setProxyHost(null);
    // Proxy credentials
    final String sProxyUsername = PDClientConfiguration.getProxyUsername();
    if (StringHelper.hasText(sProxyUsername)) {
        LOGGER.info("PD client uses proxy credentials");
        setProxyCredentials(new UsernamePasswordCredentials(sProxyUsername, PDClientConfiguration.getProxyPassword()));
    } else
        setProxyCredentials(null);
    // Reset SSL stuff
    setHostnameVerifier(null);
    setSSLContext(null);
    if (bUseHttps) {
        if (PDClientConfiguration.isHttpsHostnameVerificationDisabled()) {
            LOGGER.info("PD client uses disabled hostname verification");
            setHostnameVerifierVerifyAll();
        }
        // Load key store
        final LoadedKeyStore aLoadedKeyStore = PDClientConfiguration.loadKeyStore();
        if (aLoadedKeyStore.isFailure()) {
            LOGGER.error("PD client failed to initialize keystore for service connection - can only use http now! Details: " + PeppolKeyStoreHelper.getLoadError(aLoadedKeyStore));
        } else {
            LOGGER.info("PD client keystore successfully loaded");
            // Sanity check if key can be loaded
            {
                final LoadedKey<PrivateKeyEntry> aLoadedKey = PDClientConfiguration.loadPrivateKey(aLoadedKeyStore.getKeyStore());
                if (aLoadedKey.isFailure()) {
                    LOGGER.error("PD client failed to initialize key from keystore. Details: " + PeppolKeyStoreHelper.getLoadError(aLoadedKey));
                } else
                    LOGGER.info("PD client key successfully loaded");
            }
            // Load trust store (may not be present/configured)
            final LoadedKeyStore aLoadedTrustStore = PDClientConfiguration.loadTrustStore();
            if (aLoadedTrustStore.isFailure())
                LOGGER.error("PD client failed to initialize truststore for service connection. Details: " + PeppolKeyStoreHelper.getLoadError(aLoadedTrustStore));
            else
                LOGGER.info("PD client truststore successfully loaded");
            try {
                final PrivateKeyStrategy aPKS = new PrivateKeyStrategyFromAliasCaseInsensitive(PDClientConfiguration.getKeyStoreKeyAlias());
                final TrustStrategy aTS = new TrustStrategyTrustAll();
                setSSLContext(SSLContexts.custom().loadKeyMaterial(aLoadedKeyStore.getKeyStore(), PDClientConfiguration.getKeyStoreKeyPassword(), aPKS).loadTrustMaterial(aLoadedTrustStore.getKeyStore(), aTS).build());
                LOGGER.info("PD client successfully set SSL context");
            } catch (final GeneralSecurityException ex) {
                throw new IllegalStateException("PD client failed to set SSL context", ex);
            }
        }
    }
    // Timeouts
    setConnectionTimeoutMS(PDClientConfiguration.getConnectTimeoutMS());
    setSocketTimeoutMS(PDClientConfiguration.getRequestTimeoutMS());
}
Also used : PrivateKeyStrategy(org.apache.http.ssl.PrivateKeyStrategy) TrustStrategy(org.apache.http.ssl.TrustStrategy) GeneralSecurityException(java.security.GeneralSecurityException) LoadedKey(com.helger.security.keystore.LoadedKey) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials) TrustStrategyTrustAll(com.helger.httpclient.security.TrustStrategyTrustAll) LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore) HttpHost(org.apache.http.HttpHost) PrivateKeyStrategyFromAliasCaseInsensitive(com.helger.httpclient.security.PrivateKeyStrategyFromAliasCaseInsensitive)

Aggregations

PrivateKeyStrategyFromAliasCaseInsensitive (com.helger.httpclient.security.PrivateKeyStrategyFromAliasCaseInsensitive)1 TrustStrategyTrustAll (com.helger.httpclient.security.TrustStrategyTrustAll)1 LoadedKey (com.helger.security.keystore.LoadedKey)1 LoadedKeyStore (com.helger.security.keystore.LoadedKeyStore)1 GeneralSecurityException (java.security.GeneralSecurityException)1 HttpHost (org.apache.http.HttpHost)1 UsernamePasswordCredentials (org.apache.http.auth.UsernamePasswordCredentials)1 PrivateKeyStrategy (org.apache.http.ssl.PrivateKeyStrategy)1 TrustStrategy (org.apache.http.ssl.TrustStrategy)1