Secure Socket
Purpose¶
Build and create secure socket configurations of the Apache Http Client http://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/index.html
Methods¶
Binding name: p6.securesocket
Method: SecureContextBuilder contextBuilder()
Creates a new SecureContextBuilder that can be used to build a SecureContext that is used to obtain a CloseableHttpClient or an HttpClientBuilder
SecureContextBuilder
- setType( SecureContext.BundleType type )
- See below.
- setStrict( boolean strict )
- true to enable strict hostname validation (otherwise no hostname verification will be performed)
- setTrustSelfSigned( boolean trustSelfSigned )
- true to accept self signed server certificates
- setIdentityPrivateKeyPath( String identityPrivateKeyPath )
- The path or URI to PEM formatted private key to read and build into a client identity store
- setIdentityCertsPaths( List identityCertsPaths )
- A List of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
- setIdentityCertsPaths( String csvIdentityCertsPaths )
- A comma separated list of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
- setTrustCertsPaths( List trustCertsPaths )
- A List of paths or URIs to PEM formatted certificate bundles to read and build into a trust store
SecureContext.BundleType
- ONE_WAY
- Only the client validates the server to ensure that it receives data from the intended server
- TWO_WAY
- Both client and server authenticate each other to ensure that both parties involved in the communication are trusted
- ONE_WAY_TRUST_ANY (default)
- As ONE_WAY except that ANY server connection is trusted
- TWO_WAY_TRUST_ANY
- As TWO_WAY except that ANY server connection is trusted
Method: CloseableHttpClient clientBuild( SecureContext secureContext )
Given a context built by the SecureContextBuilder an Apache HttpClient is created with a correctly defined https connection factory.
Method: HttpClientBuilder clientBuilder( SecureContext secureContext )
Given a context built by the SecureContextBuilder an Apache HttpClientBuilder is created with a correctly defined https connection factory.
Access to the ‘builder’ allows the user to further enhance the behaviour of the HttpClient built
Examples¶
import org.apache.http.client.methods.HttpGet def httpClient = securesocket.clientBuild( p6.securesocket.contextBuilder().build() ) def getMethod = new HttpGet( "https://www.amalto.com" ) def response = httpClient.execute( getMethod )
import org.apache.http.client.methods.HttpGet import org.apache.http.client.config.RequestConfig def ctx = p6.securesocket.contextBuilder().setType( SecureContext.BundleType.ONE_WAY ).build(); def cb = p6.securesocket.clientBuilder( ctx ); def timeout = 60 def config = RequestConfig.custom() .setConnectTimeout( timeout * 1000 ) .setConnectionRequestTimeout( timeout * 1000 ) .setSocketTimeout( timeout * 1000 ) .build() def httpClient = cb .disableAuthCaching() .disableAutomaticRetries() .disableCookieManagement() .setDefaultRequestConfig( config ) .build() def getMethod = new HttpGet( "https://www.amalto.com" ) def response = httpClient.execute( getMethod )
import org.apache.http.client.methods.HttpPost import org.apache.http.client.config.RequestConfig def ctx = p6.securesocket.contextBuilder() .setType( SecureContext.BundleType.TWO_WAY_TRUST_ANY ) .setIdentityPrivateKeyPath( "file://${P6_DATA}/resources/certificates/privatekey.pem" ) .setIdentityCertsPaths( "file://${P6_DATA}/resources/certificates/publickey.pem" ) .build(); p6.securesocket.clientBuild( ctx ).withCloseable { client -> def response = client.execute( new HttpPost( "https://httpbin.org/post" ) ) }