1 package org.openecomp.sdc.common.http.client.api;
3 import java.io.FileInputStream;
4 import java.io.IOException;
5 import java.io.InputStream;
6 import java.security.GeneralSecurityException;
7 import java.security.KeyStore;
9 import java.util.concurrent.ConcurrentHashMap;
11 import org.apache.commons.lang3.StringUtils;
12 import org.apache.http.config.Registry;
13 import org.apache.http.config.RegistryBuilder;
14 import org.apache.http.conn.HttpClientConnectionManager;
15 import org.apache.http.conn.socket.ConnectionSocketFactory;
16 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
17 import org.apache.http.conn.ssl.NoopHostnameVerifier;
18 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
19 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
20 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
21 import org.apache.http.ssl.SSLContextBuilder;
22 import org.openecomp.sdc.common.api.Constants;
23 import org.openecomp.sdc.common.http.config.ClientCertificate;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
27 public class HttpConnectionMngFactory {
29 private static final String P12_KEYSTORE_EXTENTION = ".p12";
30 private static final String PFX_KEYSTORE_EXTENTION = ".pfx";
31 private static final String JKS_KEYSTORE_EXTENTION = ".jks";
33 private static final String P12_KEYSTORE_TYPE = "pkcs12";
34 private static final String JKS_KEYSTORE_TYPE = "jks";
36 private static final Logger logger = LoggerFactory.getLogger(HttpConnectionMngFactory.class);
37 private static final int DEFAULT_CONNECTION_POOL_SIZE = 30;
38 private static final int DEFAULT_MAX_CONNECTION_PER_ROUTE = 5;
39 private static final int VALIDATE_CONNECTION_AFTER_INACTIVITY_MS = 10000;
41 private Map<ClientCertificate, HttpClientConnectionManager> sslClientConnectionManagers = new ConcurrentHashMap<>();
42 private HttpClientConnectionManager plainClientConnectionManager;
44 HttpConnectionMngFactory() {
45 plainClientConnectionManager = createConnectionMng(null);
48 HttpClientConnectionManager getOrCreate(ClientCertificate clientCertificate) {
49 if(clientCertificate == null) {
50 return plainClientConnectionManager;
52 return sslClientConnectionManagers.computeIfAbsent(clientCertificate, k -> createConnectionMng(clientCertificate));
55 private HttpClientConnectionManager createConnectionMng(ClientCertificate clientCertificate) {
57 SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
58 SSLConnectionSocketFactory sslsf = null;
60 sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
62 if(clientCertificate != null) {
63 setClientSsl(clientCertificate, sslContextBuilder);
65 sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
67 catch (GeneralSecurityException e) {
68 logger.debug("Create SSL connection socket factory failed with exception, use default SSL factory ", e);
69 sslsf = SSLConnectionSocketFactory.getSocketFactory();
72 Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
73 .register(Constants.HTTP, PlainConnectionSocketFactory.getSocketFactory())
74 .register(Constants.HTTPS, sslsf).build();
76 PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager(registry);
78 manager.setMaxTotal(DEFAULT_CONNECTION_POOL_SIZE);
79 manager.setDefaultMaxPerRoute(DEFAULT_MAX_CONNECTION_PER_ROUTE);
80 manager.setValidateAfterInactivity(VALIDATE_CONNECTION_AFTER_INACTIVITY_MS);
85 private void setClientSsl(ClientCertificate clientCertificate, SSLContextBuilder sslContextBuilder) {
87 char[] keyStorePassword = clientCertificate.getKeyStorePassword().toCharArray();
88 KeyStore clientKeyStore = createClientKeyStore(clientCertificate.getKeyStore(), keyStorePassword);
89 sslContextBuilder.loadKeyMaterial(clientKeyStore, keyStorePassword);
90 logger.debug("#setClientSsl - Set Client Certificate authentication");
92 catch (IOException | GeneralSecurityException e) {
93 logger.debug("#setClientSsl - Set Client Certificate authentication failed with exception, diasable client SSL authentication ", e);
97 private KeyStore createClientKeyStore(String keyStorePath, char[] keyStorePassword) throws IOException, GeneralSecurityException {
98 KeyStore keyStore = null;
99 try (InputStream stream = new FileInputStream(keyStorePath)) {
100 keyStore = KeyStore.getInstance(getKeyStoreType(keyStorePath));
101 keyStore.load(stream, keyStorePassword);
106 private String getKeyStoreType(String keyStore) {
107 if(!StringUtils.isEmpty(keyStore)) {
108 if(keyStore.endsWith(P12_KEYSTORE_EXTENTION) || keyStore.endsWith(PFX_KEYSTORE_EXTENTION)) {
109 return P12_KEYSTORE_TYPE;
111 else if(keyStore.endsWith(JKS_KEYSTORE_EXTENTION)) {
112 return JKS_KEYSTORE_TYPE;
115 return KeyStore.getDefaultType();