diff options
Diffstat (limited to 'container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/ServiceProviderApi.java')
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/ServiceProviderApi.java | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/ServiceProviderApi.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/ServiceProviderApi.java index 8d51e8b940b..388fc63d086 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/ServiceProviderApi.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/ServiceProviderApi.java @@ -3,6 +3,9 @@ package com.yahoo.container.jdisc.athenz.impl; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.RequestBuilder; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLContextBuilder; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; @@ -10,6 +13,9 @@ import org.eclipse.jetty.http.HttpStatus; import java.io.IOException; import java.net.URI; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; /** * @author mortent @@ -26,10 +32,7 @@ public class ServiceProviderApi { * Get signed identity document from config server */ public String getSignedIdentityDocument() { - - // TODO Use client side auth to establish trusted secure channel - try (CloseableHttpClient httpClient = HttpClientBuilder.create().build()) { - + try (CloseableHttpClient httpClient = createHttpClient()) { CloseableHttpResponse idDocResponse = httpClient.execute(RequestBuilder.get().setUri(providerUri + "/identity-document").build()); if (HttpStatus.isSuccess(idDocResponse.getStatusLine().getStatusCode())) { return EntityUtils.toString(idDocResponse.getEntity()); @@ -42,4 +45,19 @@ public class ServiceProviderApi { } } + // TODO Use client side auth to establish trusted secure channel + // TODO Validate TLS certifcate of config server + private static CloseableHttpClient createHttpClient() { + try { + SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); + sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); + SSLConnectionSocketFactory sslSocketFactory = + new SSLConnectionSocketFactory(sslContextBuilder.build(), + SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + return HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build(); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { + throw new RuntimeException(e); + } + } + } |