forked from apache/fineract
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ProcessorHelper.java
141 lines (120 loc) · 5.43 KB
/
ProcessorHelper.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.fineract.infrastructure.hooks.processor;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import retrofit2.Call;
import retrofit2.Callback;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;
@Service
public final class ProcessorHelper {
// Nota bene: Similar code to insecure HTTPS is also in Fineract Client's
// org.apache.fineract.client.util.FineractClient.Builder.insecure()
private static final Logger LOG = LoggerFactory.getLogger(ProcessorHelper.class);
@SuppressWarnings("unused")
private static final X509TrustManager insecureX509TrustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}// NOSONAR
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}// NOSONAR
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};
}
};
/**
* Configure HTTP client to be "insecure", as in skipping host SSL certificate verification. While this can be
* useful during development e.g. when using self-signed certificates, it should never be enabled in production (due
* to "man in the middle").
*/
private final boolean insecureHttpClient = Boolean.getBoolean("fineract.insecureHttpClient");
private final SSLContext insecureSSLContext;
public ProcessorHelper() throws KeyManagementException, NoSuchAlgorithmException {
if (insecureHttpClient) {
insecureSSLContext = createInsecureSSLContext();
} else {
insecureSSLContext = null;
}
}
private OkHttpClient createClient() {
var okBuilder = new OkHttpClient.Builder();
if (insecureHttpClient) {
configureInsecureClient(okBuilder);
}
return okBuilder.build();
}
private void configureInsecureClient(final OkHttpClient.Builder okBuilder) {
okBuilder.sslSocketFactory(insecureSSLContext.getSocketFactory(), insecureX509TrustManager);
HostnameVerifier insecureHostnameVerifier = (hostname, session) -> true;// NOSONAR
okBuilder.hostnameVerifier(insecureHostnameVerifier);
}
private SSLContext createInsecureSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext insecureSSLContext = SSLContext.getInstance("TLS"); // TODO "TLS" or "SSL" as in
// FineractClient.Builder?
insecureSSLContext.init(null, new TrustManager[] { insecureX509TrustManager }, new SecureRandom());
return insecureSSLContext;
}
@SuppressWarnings("rawtypes")
public Callback createCallback(final String url) {
return new Callback() {
@Override
public void onResponse(@SuppressWarnings("unused") Call call, retrofit2.Response response) {
LOG.debug("URL: {} - Status: {}", url, response.code());
}
@Override
public void onFailure(@SuppressWarnings("unused") Call call, Throwable t) {
LOG.error("URL: {} - Retrofit failure occurred", url, t);
}
};
}
public WebHookService createWebHookService(final String url) {
final OkHttpClient client = createClient();
final Retrofit.Builder retrofitBuilder = new Retrofit.Builder();
retrofitBuilder.baseUrl(url);
retrofitBuilder.client(client);
retrofitBuilder.addConverterFactory(GsonConverterFactory.create());
final Retrofit retrofit = retrofitBuilder.build();
return retrofit.create(WebHookService.class);
}
@SuppressWarnings("rawtypes")
public Callback createCallback(final String url, String payload) {
return new Callback() {
@Override
public void onResponse(@SuppressWarnings("unused") Call call, retrofit2.Response response) {
LOG.debug("URL: {} - Status: {}", url, response.code());
}
@Override
public void onFailure(@SuppressWarnings("unused") Call call, Throwable t) {
LOG.error("URL: {} - Retrofit failure occured", url, t);
}
};
}
}