1 package org.openecomp.sdc.common.http.client.api;
3 import org.apache.commons.lang3.StringUtils;
4 import org.apache.http.config.Registry;
5 import org.apache.http.config.RegistryBuilder;
6 import org.apache.http.conn.HttpClientConnectionManager;
7 import org.apache.http.conn.socket.ConnectionSocketFactory;
8 import org.apache.http.conn.socket.PlainConnectionSocketFactory;
9 import org.apache.http.conn.ssl.NoopHostnameVerifier;
10 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
11 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
12 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
13 import org.apache.http.ssl.SSLContextBuilder;
14 import org.openecomp.sdc.common.api.Constants;
15 import org.openecomp.sdc.common.http.config.ClientCertificate;
16 import org.openecomp.sdc.common.log.wrappers.Logger;
18 import java.io.FileInputStream;
19 import java.io.IOException;
20 import java.io.InputStream;
21 import java.security.GeneralSecurityException;
22 import java.security.KeyStore;
24 import java.util.concurrent.ConcurrentHashMap;
26 public class HttpConnectionMngFactory {
28 private static final String P12_KEYSTORE_EXTENTION = ".p12";
29 private static final String PFX_KEYSTORE_EXTENTION = ".pfx";
30 private static final String JKS_KEYSTORE_EXTENTION = ".jks";
32 private static final String P12_KEYSTORE_TYPE = "pkcs12";
33 private static final String JKS_KEYSTORE_TYPE = "jks";
35 private static final Logger logger = Logger.getLogger(HttpConnectionMngFactory.class.getName());
36 private static final int DEFAULT_CONNECTION_POOL_SIZE = 30;
37 private static final int DEFAULT_MAX_CONNECTION_PER_ROUTE = 5;
38 private static final int VALIDATE_CONNECTION_AFTER_INACTIVITY_MS = 10000;
40 private Map<ClientCertificate, HttpClientConnectionManager> sslClientConnectionManagers = new ConcurrentHashMap<>();
41 private HttpClientConnectionManager plainClientConnectionManager;
43 HttpConnectionMngFactory() {
44 plainClientConnectionManager = createConnectionMng(null);
47 HttpClientConnectionManager getOrCreate(ClientCertificate clientCertificate) {
48 if(clientCertificate == null) {
49 return plainClientConnectionManager;
51 return sslClientConnectionManagers.computeIfAbsent(clientCertificate, k -> createConnectionMng(clientCertificate));
54 private HttpClientConnectionManager createConnectionMng(ClientCertificate clientCertificate) {
56 SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
57 SSLConnectionSocketFactory sslsf = null;
59 sslContextBuilder.loadTrustMaterial(new TrustSelfSignedStrategy());
61 if(clientCertificate != null) {
62 setClientSsl(clientCertificate, sslContextBuilder);
64 sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build(), NoopHostnameVerifier.INSTANCE);
66 catch (GeneralSecurityException e) {
67 logger.debug("Create SSL connection socket factory failed with exception, use default SSL factory ", e);
68 sslsf = SSLConnectionSocketFactory.getSocketFactory();
71 Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
72 .register(Constants.HTTP, PlainConnectionSocketFactory.getSocketFactory())
73 .register(Constants.HTTPS, sslsf).build();
75 PoolingHttpClientConnectionManager manager = new PoolingHttpClientConnectionManager(registry);
77 manager.setMaxTotal(DEFAULT_CONNECTION_POOL_SIZE);
78 manager.setDefaultMaxPerRoute(DEFAULT_MAX_CONNECTION_PER_ROUTE);
79 manager.setValidateAfterInactivity(VALIDATE_CONNECTION_AFTER_INACTIVITY_MS);
84 private void setClientSsl(ClientCertificate clientCertificate, SSLContextBuilder sslContextBuilder) {
86 char[] keyStorePassword = clientCertificate.getKeyStorePassword().toCharArray();
87 KeyStore clientKeyStore = createClientKeyStore(clientCertificate.getKeyStore(), keyStorePassword);
88 sslContextBuilder.loadKeyMaterial(clientKeyStore, keyStorePassword);
89 logger.debug("#setClientSsl - Set Client Certificate authentication");
91 catch (IOException | GeneralSecurityException e) {
92 logger.debug("#setClientSsl - Set Client Certificate authentication failed with exception, diasable client SSL authentication ", e);
96 private KeyStore createClientKeyStore(String keyStorePath, char[] keyStorePassword) throws IOException, GeneralSecurityException {
97 KeyStore keyStore = null;
98 try (InputStream stream = new FileInputStream(keyStorePath)) {
99 keyStore = KeyStore.getInstance(getKeyStoreType(keyStorePath));
100 keyStore.load(stream, keyStorePassword);
105 private String getKeyStoreType(String keyStore) {
106 if(!StringUtils.isEmpty(keyStore)) {
107 if(keyStore.endsWith(P12_KEYSTORE_EXTENTION) || keyStore.endsWith(PFX_KEYSTORE_EXTENTION)) {
108 return P12_KEYSTORE_TYPE;
110 else if(keyStore.endsWith(JKS_KEYSTORE_EXTENTION)) {
111 return JKS_KEYSTORE_TYPE;
114 return KeyStore.getDefaultType();