Secure Socket

Purpose

Build and create secure socket configurations of the Apache Http Client http://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/index.html

Methods

Binding name: p6.securesocket


Method: SecureContextBuilder contextBuilder()

Creates a new SecureContextBuilder that can be used to build a SecureContext that is used to obtain a CloseableHttpClient or an HttpClientBuilder

SecureContextBuilder

  • setType( SecureContext.BundleType type )
    • See below.
  • setStrict( boolean strict )
    • true to enable strict hostname validation (otherwise no hostname verification will be performed)
  • setTrustSelfSigned( boolean trustSelfSigned )
    • true to accept self signed server certificates
  • setIdentityPrivateKeyPath( String identityPrivateKeyPath )
    • The path or URI to PEM formatted private key to read and build into a client identity store
  • setIdentityCertsPaths( List identityCertsPaths )
    • A List of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
  • setIdentityCertsPaths( String csvIdentityCertsPaths )
    • A comma separated list of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
  • setTrustCertsPaths( List trustCertsPaths )
    • A List of paths or URIs to PEM formatted certificate bundles to read and build into a trust store

SecureContext.BundleType

  • ONE_WAY
    • Only the client validates the server to ensure that it receives data from the intended server
  • TWO_WAY
    • Both client and server authenticate each other to ensure that both parties involved in the communication are trusted
  • ONE_WAY_TRUST_ANY (default)
    • As ONE_WAY except that ANY server connection is trusted
  • TWO_WAY_TRUST_ANY
    • As TWO_WAY except that ANY server connection is trusted

Method: CloseableHttpClient clientBuild( SecureContext secureContext )

Given a context built by the SecureContextBuilder an Apache HttpClient is created with a correctly defined https connection factory.


Method: HttpClientBuilder clientBuilder( SecureContext secureContext )

Given a context built by the SecureContextBuilder an Apache HttpClientBuilder is created with a correctly defined https connection factory. Access to the ‘builder’ allows the user to further enhance the behaviour of the HttpClient built


Examples

import org.apache.http.client.methods.HttpGet

def httpClient = securesocket.clientBuild( p6.securesocket.contextBuilder().build() )

def getMethod = new HttpGet( "https://www.amalto.com" )
def response = httpClient.execute( getMethod )
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.config.RequestConfig

def ctx = p6.securesocket.contextBuilder().setType( SecureContext.BundleType.ONE_WAY ).build();
def cb = p6.securesocket.clientBuilder( ctx );

def timeout = 60

def config = RequestConfig.custom()
    .setConnectTimeout( timeout * 1000 )
    .setConnectionRequestTimeout( timeout * 1000 )
    .setSocketTimeout( timeout * 1000 )
    .build()

def httpClient = cb
    .disableAuthCaching()
    .disableAutomaticRetries()
    .disableCookieManagement()
    .setDefaultRequestConfig( config )
    .build()

def getMethod = new HttpGet( "https://www.amalto.com" )

def response = httpClient.execute( getMethod )
import org.apache.http.client.methods.HttpPost
import org.apache.http.client.config.RequestConfig

def ctx = p6.securesocket.contextBuilder()
    .setType( SecureContext.BundleType.TWO_WAY_TRUST_ANY )
    .setIdentityPrivateKeyPath( "file://${P6_DATA}/resources/certificates/privatekey.pem" )
    .setIdentityCertsPaths( "file://${P6_DATA}/resources/certificates/publickey.pem" )
    .build();

p6.securesocket.clientBuild( ctx ).withCloseable { client ->

    def response = client.execute( new HttpPost( "https://httpbin.org/post" ) )
}