use of com.helger.httpclient.security.TrustStrategyTrustAll in project phoss-directory by phax.
the class PDHttpClientSettings method resetToConfiguration.
/**
* Overwrite all settings that can appear in the configuration file
* "pd-client.properties".
*
* @param sTargetURI
* The target URI to connect to. Makes a difference if this is "http"
* or "https". May neither be <code>null</code> nor empty.
*/
public final void resetToConfiguration(@Nonnull @Nonempty final String sTargetURI) {
ValueEnforcer.notEmpty(sTargetURI, "TargetURI");
final boolean bUseHttps = EURLProtocol.HTTPS.isUsedInURL(sTargetURI);
// Proxy host
final String sProxyHost = PDClientConfiguration.getHttpProxyHost();
final int nProxyPort = PDClientConfiguration.getHttpProxyPort();
if (sProxyHost != null && nProxyPort > 0) {
final HttpHost aProxyHost = new HttpHost(sProxyHost, nProxyPort);
LOGGER.info("PD client uses proxy host " + aProxyHost);
setProxyHost(aProxyHost);
} else
setProxyHost(null);
// Proxy credentials
final String sProxyUsername = PDClientConfiguration.getProxyUsername();
if (StringHelper.hasText(sProxyUsername)) {
LOGGER.info("PD client uses proxy credentials");
setProxyCredentials(new UsernamePasswordCredentials(sProxyUsername, PDClientConfiguration.getProxyPassword()));
} else
setProxyCredentials(null);
// Reset SSL stuff
setHostnameVerifier(null);
setSSLContext(null);
if (bUseHttps) {
if (PDClientConfiguration.isHttpsHostnameVerificationDisabled()) {
LOGGER.info("PD client uses disabled hostname verification");
setHostnameVerifierVerifyAll();
}
// Load key store
final LoadedKeyStore aLoadedKeyStore = PDClientConfiguration.loadKeyStore();
if (aLoadedKeyStore.isFailure()) {
LOGGER.error("PD client failed to initialize keystore for service connection - can only use http now! Details: " + PeppolKeyStoreHelper.getLoadError(aLoadedKeyStore));
} else {
LOGGER.info("PD client keystore successfully loaded");
// Sanity check if key can be loaded
{
final LoadedKey<PrivateKeyEntry> aLoadedKey = PDClientConfiguration.loadPrivateKey(aLoadedKeyStore.getKeyStore());
if (aLoadedKey.isFailure()) {
LOGGER.error("PD client failed to initialize key from keystore. Details: " + PeppolKeyStoreHelper.getLoadError(aLoadedKey));
} else
LOGGER.info("PD client key successfully loaded");
}
// Load trust store (may not be present/configured)
final LoadedKeyStore aLoadedTrustStore = PDClientConfiguration.loadTrustStore();
if (aLoadedTrustStore.isFailure())
LOGGER.error("PD client failed to initialize truststore for service connection. Details: " + PeppolKeyStoreHelper.getLoadError(aLoadedTrustStore));
else
LOGGER.info("PD client truststore successfully loaded");
try {
final PrivateKeyStrategy aPKS = new PrivateKeyStrategyFromAliasCaseInsensitive(PDClientConfiguration.getKeyStoreKeyAlias());
final TrustStrategy aTS = new TrustStrategyTrustAll();
setSSLContext(SSLContexts.custom().loadKeyMaterial(aLoadedKeyStore.getKeyStore(), PDClientConfiguration.getKeyStoreKeyPassword(), aPKS).loadTrustMaterial(aLoadedTrustStore.getKeyStore(), aTS).build());
LOGGER.info("PD client successfully set SSL context");
} catch (final GeneralSecurityException ex) {
throw new IllegalStateException("PD client failed to set SSL context", ex);
}
}
}
// Timeouts
setConnectionTimeoutMS(PDClientConfiguration.getConnectTimeoutMS());
setSocketTimeoutMS(PDClientConfiguration.getRequestTimeoutMS());
}
Aggregations