Search in sources :

Example 1 with LayeredConnectionSocketFactory

use of org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory in project spring-cloud-openfeign by spring-cloud.

the class HttpClient5FeignConfiguration method httpsSSLConnectionSocketFactory.

private LayeredConnectionSocketFactory httpsSSLConnectionSocketFactory(boolean isDisableSslValidation) {
    final SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = SSLConnectionSocketFactoryBuilder.create().setTlsVersions(TLS.V_1_3, TLS.V_1_2);
    if (isDisableSslValidation) {
        try {
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, new TrustManager[] { new DisabledValidationTrustManager() }, new SecureRandom());
            sslConnectionSocketFactoryBuilder.setSslContext(sslContext);
        } catch (NoSuchAlgorithmException e) {
            LOG.warn("Error creating SSLContext", e);
        } catch (KeyManagementException e) {
            LOG.warn("Error creating SSLContext", e);
        }
    } else {
        sslConnectionSocketFactoryBuilder.setSslContext(SSLContexts.createSystemDefault());
    }
    return sslConnectionSocketFactoryBuilder.build();
}
Also used : SecureRandom(java.security.SecureRandom) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyManagementException(java.security.KeyManagementException) SSLConnectionSocketFactoryBuilder(org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder)

Example 2 with LayeredConnectionSocketFactory

use of org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory in project sslcontext-kickstart by Hakky54.

the class Apache5SslUtilsShould method createLayeredConnectionSocketFactoryWithIdentityMaterialAndTrustMaterial.

@Test
void createLayeredConnectionSocketFactoryWithIdentityMaterialAndTrustMaterial() {
    KeyStore identity = KeyStoreUtils.loadKeyStore(KEYSTORE_LOCATION + IDENTITY_FILE_NAME, IDENTITY_PASSWORD);
    KeyStore trustStore = KeyStoreUtils.loadKeyStore(KEYSTORE_LOCATION + TRUSTSTORE_FILE_NAME, TRUSTSTORE_PASSWORD);
    SSLFactory sslFactory = SSLFactory.builder().withIdentityMaterial(identity, IDENTITY_PASSWORD).withTrustMaterial(trustStore).build();
    assertThat(sslFactory.getSslContext()).isNotNull();
    assertThat(sslFactory.getKeyManager()).isPresent();
    assertThat(sslFactory.getTrustManager()).isNotNull();
    assertThat(sslFactory.getTrustedCertificates()).isNotEmpty();
    assertThat(sslFactory.getTrustManager()).isNotNull();
    assertThat(sslFactory.getHostnameVerifier()).isNotNull();
    LayeredConnectionSocketFactory socketFactory = Apache5SslUtils.toSocketFactory(sslFactory);
    assertThat(socketFactory).isNotNull();
}
Also used : SSLFactory(nl.altindag.ssl.SSLFactory) LayeredConnectionSocketFactory(org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory) KeyStore(java.security.KeyStore) Test(org.junit.jupiter.api.Test)

Example 3 with LayeredConnectionSocketFactory

use of org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory in project sslcontext-kickstart by Hakky54.

the class Apache5SslUtilsShould method createLayeredConnectionSocketFactoryWithTrustMaterial.

@Test
void createLayeredConnectionSocketFactoryWithTrustMaterial() {
    KeyStore trustStore = KeyStoreUtils.loadKeyStore(KEYSTORE_LOCATION + TRUSTSTORE_FILE_NAME, TRUSTSTORE_PASSWORD);
    SSLFactory sslFactory = SSLFactory.builder().withTrustMaterial(trustStore).build();
    assertThat(sslFactory.getSslContext()).isNotNull();
    assertThat(sslFactory.getKeyManager()).isNotPresent();
    assertThat(sslFactory.getTrustManager()).isNotNull();
    assertThat(sslFactory.getTrustedCertificates()).isNotEmpty();
    assertThat(sslFactory.getTrustManager()).isNotNull();
    assertThat(sslFactory.getHostnameVerifier()).isNotNull();
    LayeredConnectionSocketFactory socketFactory = Apache5SslUtils.toSocketFactory(sslFactory);
    assertThat(socketFactory).isNotNull();
}
Also used : SSLFactory(nl.altindag.ssl.SSLFactory) LayeredConnectionSocketFactory(org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory) KeyStore(java.security.KeyStore) Test(org.junit.jupiter.api.Test)

Example 4 with LayeredConnectionSocketFactory

use of org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory in project wiremock by wiremock.

the class HttpClientFactory method createClient.

public static CloseableHttpClient createClient(int maxConnections, int timeoutMilliseconds, ProxySettings proxySettings, KeyStoreSettings trustStoreSettings, boolean trustSelfSignedCertificates, final List<String> trustedHosts, boolean useSystemProperties) {
    HttpClientBuilder builder = HttpClientBuilder.create().disableAuthCaching().disableAutomaticRetries().disableCookieManagement().disableRedirectHandling().disableContentCompression().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setMaxConnPerRoute(maxConnections).setMaxConnTotal(maxConnections).setValidateAfterInactivity(// TODO Verify duration
    TimeValue.ofSeconds(5)).setConnectionFactory(new ManagedHttpClientConnectionFactory(null, CharCodingConfig.custom().setCharset(UTF_8).build(), null)).build()).setDefaultRequestConfig(RequestConfig.custom().setResponseTimeout(Timeout.ofMilliseconds(timeoutMilliseconds)).build()).setConnectionReuseStrategy((request, response, context) -> false).setKeepAliveStrategy((response, context) -> TimeValue.ZERO_MILLISECONDS);
    if (useSystemProperties) {
        builder.useSystemProperties();
    }
    if (proxySettings != NO_PROXY) {
        HttpHost proxyHost = new HttpHost(proxySettings.host(), proxySettings.port());
        builder.setProxy(proxyHost);
        if (!isEmpty(proxySettings.getUsername()) && !isEmpty(proxySettings.getPassword())) {
            // TODO Verify
            builder.setProxyAuthenticationStrategy(new DefaultAuthenticationStrategy());
            BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(new AuthScope(proxySettings.host(), proxySettings.port()), new UsernamePasswordCredentials(proxySettings.getUsername(), proxySettings.getPassword().toCharArray()));
            builder.setDefaultCredentialsProvider(credentialsProvider);
        }
    }
    final SSLContext sslContext = buildSslContext(trustStoreSettings, trustSelfSignedCertificates, trustedHosts);
    LayeredConnectionSocketFactory sslSocketFactory = buildSslConnectionSocketFactory(sslContext);
    PoolingHttpClientConnectionManager connectionManager = PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(sslSocketFactory).build();
    builder.setConnectionManager(connectionManager);
    return builder.build();
}
Also used : SSLContext(javax.net.ssl.SSLContext) AuthScope(org.apache.hc.client5.http.auth.AuthScope) Enumeration(java.util.Enumeration) CharCodingConfig(org.apache.hc.core5.http.config.CharCodingConfig) LayeredConnectionSocketFactory(org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory) Exceptions.throwUnchecked(com.github.tomakehurst.wiremock.common.Exceptions.throwUnchecked) BasicCredentialsProvider(org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider) TextUtils(org.apache.hc.core5.util.TextUtils) ManagedHttpClientConnectionFactory(org.apache.hc.client5.http.impl.io.ManagedHttpClientConnectionFactory) PoolingHttpClientConnectionManagerBuilder(org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder) LocalNotifier.notifier(com.github.tomakehurst.wiremock.common.LocalNotifier.notifier) org.apache.hc.client5.http.classic.methods(org.apache.hc.client5.http.classic.methods) URI(java.net.URI) RequestConfig(org.apache.hc.client5.http.config.RequestConfig) StringUtils.isEmpty(org.apache.commons.lang3.StringUtils.isEmpty) java.security(java.security) HttpClientBuilder(org.apache.hc.client5.http.impl.classic.HttpClientBuilder) TimeValue(org.apache.hc.core5.util.TimeValue) UsernamePasswordCredentials(org.apache.hc.client5.http.auth.UsernamePasswordCredentials) UTF_8(java.nio.charset.StandardCharsets.UTF_8) DefaultAuthenticationStrategy(org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy) NoopHostnameVerifier(org.apache.hc.client5.http.ssl.NoopHostnameVerifier) PoolingHttpClientConnectionManager(org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager) Timeout(org.apache.hc.core5.util.Timeout) SSLConnectionSocketFactory(org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory) com.github.tomakehurst.wiremock.http.ssl(com.github.tomakehurst.wiremock.http.ssl) List(java.util.List) HttpHost(org.apache.hc.core5.http.HttpHost) NO_STORE(com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings.NO_STORE) RequestMethod(com.github.tomakehurst.wiremock.http.RequestMethod) KeyStoreSettings(com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings) CloseableHttpClient(org.apache.hc.client5.http.impl.classic.CloseableHttpClient) ProxySettings(com.github.tomakehurst.wiremock.common.ProxySettings) Collections(java.util.Collections) NO_PROXY(com.github.tomakehurst.wiremock.common.ProxySettings.NO_PROXY) BasicCredentialsProvider(org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider) LayeredConnectionSocketFactory(org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory) HttpHost(org.apache.hc.core5.http.HttpHost) AuthScope(org.apache.hc.client5.http.auth.AuthScope) ManagedHttpClientConnectionFactory(org.apache.hc.client5.http.impl.io.ManagedHttpClientConnectionFactory) HttpClientBuilder(org.apache.hc.client5.http.impl.classic.HttpClientBuilder) DefaultAuthenticationStrategy(org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy) SSLContext(javax.net.ssl.SSLContext) UsernamePasswordCredentials(org.apache.hc.client5.http.auth.UsernamePasswordCredentials) PoolingHttpClientConnectionManager(org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager)

Example 5 with LayeredConnectionSocketFactory

use of org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory in project wiremock by wiremock.

the class HttpClientFactory method buildSslConnectionSocketFactory.

private static LayeredConnectionSocketFactory buildSslConnectionSocketFactory(final SSLContext sslContext) {
    final String[] supportedProtocols = split(System.getProperty("https.protocols"));
    final String[] supportedCipherSuites = split(System.getProperty("https.cipherSuites"));
    return new SSLConnectionSocketFactory(new HostVerifyingSSLSocketFactory(sslContext.getSocketFactory()), supportedProtocols, supportedCipherSuites, // using Java's hostname verification
    new NoopHostnameVerifier());
}
Also used : NoopHostnameVerifier(org.apache.hc.client5.http.ssl.NoopHostnameVerifier) SSLConnectionSocketFactory(org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory)

Aggregations

LayeredConnectionSocketFactory (org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory)3 KeyStore (java.security.KeyStore)2 SSLContext (javax.net.ssl.SSLContext)2 SSLFactory (nl.altindag.ssl.SSLFactory)2 NoopHostnameVerifier (org.apache.hc.client5.http.ssl.NoopHostnameVerifier)2 SSLConnectionSocketFactory (org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory)2 Test (org.junit.jupiter.api.Test)2 Exceptions.throwUnchecked (com.github.tomakehurst.wiremock.common.Exceptions.throwUnchecked)1 LocalNotifier.notifier (com.github.tomakehurst.wiremock.common.LocalNotifier.notifier)1 ProxySettings (com.github.tomakehurst.wiremock.common.ProxySettings)1 NO_PROXY (com.github.tomakehurst.wiremock.common.ProxySettings.NO_PROXY)1 KeyStoreSettings (com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings)1 NO_STORE (com.github.tomakehurst.wiremock.common.ssl.KeyStoreSettings.NO_STORE)1 RequestMethod (com.github.tomakehurst.wiremock.http.RequestMethod)1 com.github.tomakehurst.wiremock.http.ssl (com.github.tomakehurst.wiremock.http.ssl)1 URI (java.net.URI)1 UTF_8 (java.nio.charset.StandardCharsets.UTF_8)1 java.security (java.security)1 KeyManagementException (java.security.KeyManagementException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1