slash.navigation.rest.ssl.SSLConnectionManagerFactory.java Source code

Java tutorial

Introduction

Here is the source code for slash.navigation.rest.ssl.SSLConnectionManagerFactory.java

Source

/*
This file is part of RouteConverter.
    
RouteConverter is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
    
RouteConverter is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
    
You should have received a copy of the GNU General Public License
along with RouteConverter; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    
Copyright (C) 2007 Christian Pesch. All Rights Reserved.
*/
package slash.navigation.rest.ssl;

import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;

import static org.apache.commons.io.IOUtils.closeQuietly;

/**
 * A factory to create a {@link HttpClientConnectionManager} that supports the letsencrypt root certificate.
 * <p>
 * Based on http://blog.novoj.net/2016/02/29/how-to-make-apache-httpclient-trust-lets-encrypt-certificate-authority/
 *
 * @author Christian Pesch
 */

public class SSLConnectionManagerFactory {
    public HttpClientConnectionManager createConnectionManager() throws CertificateException,
            NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        SSLContext sslContext = createSSLContext();
        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
        return new PoolingHttpClientConnectionManager(RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", PlainConnectionSocketFactory.getSocketFactory())
                .register("https", sslSocketFactory).build());
    }

    private final SecureRandom secureRandom = new SecureRandom();

    private SSLContext createSSLContext() throws KeyStoreException, CertificateException, NoSuchAlgorithmException,
            KeyManagementException, IOException {
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory javaDefaultTrustManager = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        javaDefaultTrustManager.init((KeyStore) null);
        TrustManagerFactory customCaTrustManager = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        customCaTrustManager.init(getKeyStore());

        sslContext.init(null,
                new TrustManager[] {
                        new TrustManagerDelegate((X509TrustManager) customCaTrustManager.getTrustManagers()[0],
                                (X509TrustManager) javaDefaultTrustManager.getTrustManagers()[0]) },
                secureRandom);
        return sslContext;
    }

    private KeyStore getKeyStore()
            throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        InputStream inputStream = getClass().getResourceAsStream("letsencrypt.truststore");
        try {
            keyStore.load(inputStream, "letsencrypt".toCharArray());
        } finally {
            closeQuietly(inputStream);
        }
        return keyStore;
    }
}