diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-08-14 17:25:01 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-08-14 17:25:01 +0200 |
commit | e64783ac8cfb3143778fbfeaabdbc734ffc90383 (patch) | |
tree | c6872602dd1fd80a19029d5a4dd7f7f372b3e9e4 /vespa-athenz | |
parent | b5372449f984816354711268a0d2e9bd3b1fdaac (diff) |
Use ServiceIdentitySslSocketFactory in DefaultZtsClient
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java index 8d18d2f26f3..7d4901f163a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java @@ -22,7 +22,7 @@ import com.yahoo.vespa.athenz.client.zts.bindings.RoleTokenResponseEntity; import com.yahoo.vespa.athenz.client.zts.bindings.TenantDomainsResponseEntity; import com.yahoo.vespa.athenz.client.zts.utils.IdentityCsrGenerator; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; -import com.yahoo.vespa.athenz.identity.SiaBackedApacheHttpClient; +import com.yahoo.vespa.athenz.identity.ServiceIdentitySslSocketFactory; import com.yahoo.vespa.athenz.tls.Pkcs10Csr; import com.yahoo.vespa.athenz.tls.Pkcs10CsrBuilder; import org.apache.http.HttpResponse; @@ -30,6 +30,7 @@ import org.apache.http.client.ResponseHandler; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -37,6 +38,7 @@ import org.apache.http.impl.client.DefaultHttpRequestRetryHandler; import org.apache.http.impl.client.HttpClientBuilder; import org.eclipse.jetty.http.HttpStatus; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.security.auth.x500.X500Principal; import java.io.IOException; @@ -78,7 +80,7 @@ public class DefaultZtsClient implements ZtsClient { private DefaultZtsClient(URI ztsUrl, AthenzIdentity identity, Supplier<SSLContext> sslContextSupplier) { this.ztsUrl = addTrailingSlash(ztsUrl); this.identity = identity; - this.client = new SiaBackedApacheHttpClient(sslContextSupplier, DefaultZtsClient::createHttpClient); + this.client = createHttpClient(sslContextSupplier); } @Override @@ -241,11 +243,11 @@ public class DefaultZtsClient implements ZtsClient { } } - private static CloseableHttpClient createHttpClient(SSLContext sslContext) { + private static CloseableHttpClient createHttpClient(Supplier<SSLContext> sslContextSupplier) { return HttpClientBuilder.create() .setRetryHandler(new DefaultHttpRequestRetryHandler(3, /*requestSentRetryEnabled*/true)) .setUserAgent("vespa-zts-client") - .setSSLContext(sslContext) + .setSSLSocketFactory(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(sslContextSupplier), (HostnameVerifier)null)) .setDefaultRequestConfig(RequestConfig.custom() .setConnectTimeout((int)Duration.ofSeconds(10).toMillis()) .setConnectionRequestTimeout((int)Duration.ofSeconds(10).toMillis()) |