Allow configuration of hostname verifier

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-02-02 11:02:33 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-02-02 11:17:51 +0100
commit: 97cd37f86460cf309c5cf7258cef745b6d196cca (patch)
tree: d94923947f75b4373c6a8ec3e12a9b5e5f603b47 /vespa-http-client
parent: 711bf1a14c15796e7be2fa96f30d0ad816465288 (diff)
2 files changed, 27 insertions, 2 deletions
diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java
index 3fe42b21e93..8d848c8cbf1 100644
--- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java
+++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/config/ConnectionParams.java
@@ -5,7 +5,9 @@ import com.google.common.annotations.Beta;
 import com.google.common.collect.ArrayListMultimap;
 import com.google.common.collect.Multimap;
 import net.jcip.annotations.Immutable;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 import java.util.Collection;
 import java.util.Collections;
@@ -32,6 +34,7 @@ public final class ConnectionParams {
      */
     public static final class Builder {
         private SSLContext sslContext = null;
+        private HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
         private long connectionTimeout = TimeUnit.SECONDS.toMillis(60);
         private final Multimap<String, String> headers = ArrayListMultimap.create();
         private final Map<String, HeaderProvider> headerProviders = new HashMap<>();
@@ -60,6 +63,18 @@ public final class ConnectionParams {
         }
 
         /**
+         * Sets the {@link HostnameVerifier} for the connection to the gateway when SSL is enabled for Endpoint.
+         * Defaults to instance returned by {@link SSLConnectionSocketFactory#getDefaultHostnameVerifier()}.
+         *
+         * @param hostnameVerifier hostname verifier for connection to gateway.
+         * @return pointer to builder.
+         */
+        public Builder setHostnameVerifier(HostnameVerifier hostnameVerifier) {
+            this.hostnameVerifier = hostnameVerifier;
+            return this;
+        }
+
+        /**
          * Set custom headers to be used
          *
          * @param key header name
@@ -218,6 +233,7 @@ public final class ConnectionParams {
         public ConnectionParams build() {
             return new ConnectionParams(
                     sslContext,
+                    hostnameVerifier,
                     connectionTimeout,
                     headers,
                     headerProviders,
@@ -268,8 +284,12 @@ public final class ConnectionParams {
             return sslContext;
         }
 
+        public HostnameVerifier getHostnameVerifier() {
+            return hostnameVerifier;
+        }
     }
     private final SSLContext sslContext;
+    private final HostnameVerifier hostnameVerifier;
     private final long connectionTimeout;
     private final Multimap<String, String> headers = ArrayListMultimap.create();
     private final Map<String, HeaderProvider> headerProviders = new HashMap<>();
@@ -287,6 +307,7 @@ public final class ConnectionParams {
 
     private ConnectionParams(
             SSLContext sslContext,
+            HostnameVerifier hostnameVerifier,
             long connectionTimeout,
             Multimap<String, String> headers,
             Map<String, HeaderProvider> headerProviders,
@@ -302,6 +323,7 @@ public final class ConnectionParams {
             int traceEveryXOperation,
             boolean printTraceToStdErr) {
         this.sslContext = sslContext;
+        this.hostnameVerifier = hostnameVerifier;
         this.connectionTimeout = connectionTimeout;
         this.headers.putAll(headers);
         this.headerProviders.putAll(headerProviders);
@@ -322,6 +344,10 @@ public final class ConnectionParams {
         return sslContext;
     }
 
+    public HostnameVerifier getHostnameVerifier() {
+        return hostnameVerifier;
+    }
+
     public Collection<Map.Entry<String, String>> getHeaders() {
         return Collections.unmodifiableCollection(headers.entries());
     }
diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java
index 6c1d068236d..6aa03427ece 100644
--- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java
+++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/core/communication/ApacheGatewayConnection.java
@@ -391,8 +391,7 @@ class ApacheGatewayConnection implements GatewayConnection {
             if (useSsl && connectionParams.getSslContext() != null) {
                 Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                         .register("https", new SSLConnectionSocketFactory(
-                                // Alternative: SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
-                                connectionParams.getSslContext(), SSLConnectionSocketFactory.getDefaultHostnameVerifier()))
+                                connectionParams.getSslContext(), connectionParams.getHostnameVerifier()))
                         .register("http", PlainConnectionSocketFactory.INSTANCE)
                         .build();
                 PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-02-02 11:02:33 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-02-02 11:17:51 +0100
commit	97cd37f86460cf309c5cf7258cef745b6d196cca (patch)
tree	d94923947f75b4373c6a8ec3e12a9b5e5f603b47 /vespa-http-client
parent	711bf1a14c15796e7be2fa96f30d0ad816465288 (diff)