diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-02 11:02:33 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-02 11:17:51 +0100 |
commit | 97cd37f86460cf309c5cf7258cef745b6d196cca (patch) | |
tree | d94923947f75b4373c6a8ec3e12a9b5e5f603b47 /vespa-http-client | |
parent | 711bf1a14c15796e7be2fa96f30d0ad816465288 (diff) |
Allow configuration of hostname verifier
Diffstat (limited to 'vespa-http-client')
2 files changed, 27 insertions, 2 deletions
diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java index 3fe42b21e93..8d848c8cbf1 100644 --- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java +++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java @@ -5,7 +5,9 @@ import com.google.common.annotations.Beta; import com.google.common.collect.ArrayListMultimap; import com.google.common.collect.Multimap; import net.jcip.annotations.Immutable; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import java.util.Collection; import java.util.Collections; @@ -32,6 +34,7 @@ public final class ConnectionParams { */ public static final class Builder { private SSLContext sslContext = null; + private HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier(); private long connectionTimeout = TimeUnit.SECONDS.toMillis(60); private final Multimap<String, String> headers = ArrayListMultimap.create(); private final Map<String, HeaderProvider> headerProviders = new HashMap<>(); @@ -60,6 +63,18 @@ public final class ConnectionParams { } /** + * Sets the {@link HostnameVerifier} for the connection to the gateway when SSL is enabled for Endpoint. + * Defaults to instance returned by {@link SSLConnectionSocketFactory#getDefaultHostnameVerifier()}. + * + * @param hostnameVerifier hostname verifier for connection to gateway. + * @return pointer to builder. + */ + public Builder setHostnameVerifier(HostnameVerifier hostnameVerifier) { + this.hostnameVerifier = hostnameVerifier; + return this; + } + + /** * Set custom headers to be used * * @param key header name @@ -218,6 +233,7 @@ public final class ConnectionParams { public ConnectionParams build() { return new ConnectionParams( sslContext, + hostnameVerifier, connectionTimeout, headers, headerProviders, @@ -268,8 +284,12 @@ public final class ConnectionParams { return sslContext; } + public HostnameVerifier getHostnameVerifier() { + return hostnameVerifier; + } } private final SSLContext sslContext; + private final HostnameVerifier hostnameVerifier; private final long connectionTimeout; private final Multimap<String, String> headers = ArrayListMultimap.create(); private final Map<String, HeaderProvider> headerProviders = new HashMap<>(); @@ -287,6 +307,7 @@ public final class ConnectionParams { private ConnectionParams( SSLContext sslContext, + HostnameVerifier hostnameVerifier, long connectionTimeout, Multimap<String, String> headers, Map<String, HeaderProvider> headerProviders, @@ -302,6 +323,7 @@ public final class ConnectionParams { int traceEveryXOperation, boolean printTraceToStdErr) { this.sslContext = sslContext; + this.hostnameVerifier = hostnameVerifier; this.connectionTimeout = connectionTimeout; this.headers.putAll(headers); this.headerProviders.putAll(headerProviders); @@ -322,6 +344,10 @@ public final class ConnectionParams { return sslContext; } + public HostnameVerifier getHostnameVerifier() { + return hostnameVerifier; + } + public Collection<Map.Entry<String, String>> getHeaders() { return Collections.unmodifiableCollection(headers.entries()); } diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java index 6c1d068236d..6aa03427ece 100644 --- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java +++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java @@ -391,8 +391,7 @@ class ApacheGatewayConnection implements GatewayConnection { if (useSsl && connectionParams.getSslContext() != null) { Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("https", new SSLConnectionSocketFactory( - // Alternative: SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER - connectionParams.getSslContext(), SSLConnectionSocketFactory.getDefaultHostnameVerifier())) + connectionParams.getSslContext(), connectionParams.getHostnameVerifier())) .register("http", PlainConnectionSocketFactory.INSTANCE) .build(); PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry); |