Secure Socket
Purpose¶
Build and create secure socket configurations of the Apache Http Client http://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/index.html
Methods¶
Binding name: securesocket
Method: SecureContextBuilder contextBuilder()
Creates a new SecureContextBuilder that can be used to build a SecureContext that is used to obtain a CloseableHttpClient or an HttpClientBuilder
SecureContextBuilder
- setType( SecureContext.BundleType type )
- See below.
- setStrict( boolean strict )
- true to enable strict hostname validation (otherwise no hostname verification will be performed)
- setTrustSelfSigned( boolean trustSelfSigned )
- true to accept self signed server certificates
- setIdentityPrivateKeyPath( String identityPrivateKeyPath )
- The path or URI to PEM formatted private key to read and build into a client identity store
- setIdentityCertsPaths( List identityCertsPaths )
- A List of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
- setIdentityCertsPaths( String csvIdentityCertsPaths )
- A comma separated list of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
- setTrustCertsPaths( List trustCertsPaths )
- A List of paths or URIs to PEM formatted certificate bundles to read and build into a trust store
SecureContext.BundleType
- ONE_WAY
- Only the client validates the server to ensure that it receives data from the intended server
- TWO_WAY
- Both client and server authenticate each other to ensure that both parties involved in the communication are trusted
- ONE_WAY_TRUST_ANY (default)
- As ONE_WAY except that ANY server connection is trusted
- TWO_WAY_TRUST_ANY
- As TWO_WAY except that ANY server connection is trusted
Method: CloseableHttpClient clientBuild( SecureContext secureContext )
Given a context built by the SecureContextBuilder
an Apache HttpClient is created with a correctly defined https connection factory.
Method: HttpClientBuilder clientBuilder( SecureContext secureContext )
Given a context built by the SecureContextBuilder
an Apache HttpClientBuilder is created with a correctly defined https connection factory.
Access to the ‘builder’ allows the user to further enhance the behaviour of the HttpClient built
Examples¶
import org.apache.http.client.methods.HttpGet
def httpClient = securesocket.clientBuild( securesocket.contextBuilder().build() )
def getMethod = new HttpGet( "https://www.amalto.com" )
def response = httpClient.execute( getMethod )
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.config.RequestConfig
def ctx = securesocket.contextBuilder().setType( SecureContext.BundleType.ONE_WAY ).build();
def cb = securesocket.clientBuilder( ctx );
def timeout = 60
def config = RequestConfig.custom()
.setConnectTimeout( timeout * 1000 )
.setConnectionRequestTimeout( timeout * 1000 )
.setSocketTimeout( timeout * 1000 )
.build()
def httpClient = cb
.disableAuthCaching()
.disableAutomaticRetries()
.disableCookieManagement()
.setDefaultRequestConfig( config )
.build()
def getMethod = new HttpGet( "https://www.amalto.com" )
def response = httpClient.execute( getMethod )
import org.apache.http.client.methods.HttpPost
import org.apache.http.client.config.RequestConfig
def ctx = securesocket.contextBuilder()
.setType( SecureContext.BundleType.TWO_WAY_TRUST_ANY )
.setIdentityPrivateKeyPath( "file://${B2BOX_DATA}/resources/certificates/privatekey.pem" )
.setIdentityCertsPaths( "file://${B2BOX_DATA}/resources/certificates/publickey.pem" )
.build();
securesocket.clientBuild( ctx ).withCloseable { client ->
def response = client.execute( new HttpPost( "https://httpbin.org/post" ) )
}