/
DropwizardSSLConnectionSocketFactory.java
104 lines (90 loc) · 4.09 KB
/
DropwizardSSLConnectionSocketFactory.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package io.dropwizard.client;
import io.dropwizard.client.ssl.TlsConfiguration;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLInitializationException;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.List;
public class DropwizardSSLConnectionSocketFactory {
private final TlsConfiguration configuration;
private final HostnameVerifier verifier;
public DropwizardSSLConnectionSocketFactory(TlsConfiguration configuration) {
this(configuration, null);
}
public DropwizardSSLConnectionSocketFactory(TlsConfiguration configuration, HostnameVerifier verifier) {
this.configuration = configuration;
this.verifier = verifier;
}
public SSLConnectionSocketFactory getSocketFactory() throws SSLInitializationException {
return new SSLConnectionSocketFactory(buildSslContext(), getSupportedProtocols(), getSupportedCiphers(),
chooseHostnameVerifier());
}
private String[] getSupportedCiphers() {
final List<String> supportedCiphers = configuration.getSupportedCiphers();
if (supportedCiphers == null) {
return null;
}
return supportedCiphers.toArray(new String[supportedCiphers.size()]);
}
private String[] getSupportedProtocols() {
final List<String> supportedProtocols = configuration.getSupportedProtocols();
if (supportedProtocols == null) {
return null;
}
return supportedProtocols.toArray(new String[supportedProtocols.size()]);
}
private HostnameVerifier chooseHostnameVerifier() {
if (configuration.isVerifyHostname()) {
return verifier != null ? verifier : SSLConnectionSocketFactory.getDefaultHostnameVerifier();
} else {
return new NoopHostnameVerifier();
}
}
private SSLContext buildSslContext() throws SSLInitializationException {
final SSLContext sslContext;
try {
final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
sslContextBuilder.useProtocol(configuration.getProtocol());
loadKeyMaterial(sslContextBuilder);
loadTrustMaterial(sslContextBuilder);
sslContext = sslContextBuilder.build();
} catch (Exception e) {
throw new SSLInitializationException(e.getMessage(), e);
}
return sslContext;
}
private void loadKeyMaterial(SSLContextBuilder sslContextBuilder) throws Exception {
if (configuration.getKeyStorePath() != null) {
final KeyStore keystore = loadKeyStore(configuration.getKeyStoreType(), configuration.getKeyStorePath(),
configuration.getKeyStorePassword());
sslContextBuilder.loadKeyMaterial(keystore, configuration.getKeyStorePassword().toCharArray());
}
}
private void loadTrustMaterial(SSLContextBuilder sslContextBuilder) throws Exception {
KeyStore trustStore = null;
if (configuration.getTrustStorePath() != null) {
trustStore = loadKeyStore(configuration.getTrustStoreType(), configuration.getTrustStorePath(),
configuration.getTrustStorePassword());
}
TrustStrategy trustStrategy = null;
if (configuration.isTrustSelfSignedCertificates()) {
trustStrategy = new TrustSelfSignedStrategy();
}
sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy);
}
private static KeyStore loadKeyStore(String type, File path, String password) throws Exception {
final KeyStore keyStore = KeyStore.getInstance(type);
try (InputStream inputStream = new FileInputStream(path)) {
keyStore.load(inputStream, password.toCharArray());
}
return keyStore;
}
}