Maybe we got started off with the wrong details here.
How or where can I set the MessageDigest to SHA-256 ...
MessageDigest safeDigester = MessageDigest.getInstance("SHA-256"); // Safe!
Whatever the default is, it seems to be insecure. I think the problem is a
simple matter on my side of missing an httpclient configuration setting.
Here is my httpclient 4.5.13 configuration code:
Any help is greatly appreciated.
Joe
-------------------------------------------------------------------------------------------------------------
@Configuration
public class HttpClientConfiguration {
private final Integer connectionTimeout;
private final Integer connectionRequestTimeout;
private final Integer socketTimeout;
private final Boolean sslVerifyHostname;
private final String sslKeyStorePassword;
private final String sslKeyPassword;
private final String sslTrustStorePassword;
private final String username;
private final String password;
private final String transunionSslKeyStoreBytes;
private final String transunionSslKeyStoreCertFileName;
private final String transunionSslTrustStoreBytes;
private final String transunionSslTrustStoreCertFileName;
private final boolean sslMutualAuth;
private final String sslKeyStore;
private final String sslTrustStore;
public HttpClientConfiguration(
@Value("${broker.operation.connection-timeout:${transunion.api.connection-timeout:60000}}")
Integer connectionTimeout,
@Value("${broker.operation.connection-request-timeout:${transunion.api.connection-request-timeout:60000}}")
Integer connectionRequestTimeout,
@Value("${broker.operation.socket-timeout:${transunion.api.socket-timeout:60000}}")
Integer socketTimeout,
@Value("${broker.operation.client.ssl.verify-hostname:${transunion.api.ssl.verify-hostname:false}}")
Boolean sslVerifyHostname,
@Value("${broker.operation.client.ssl.key-store-password:${transunion.api.ssl.key-store-password:}}")
String sslKeyStorePassword,
@Value("${broker.operation.client.ssl.key-password:${transunion.api.ssl.key-password:}}")
String sslKeyPassword,
@Value("${broker.operation.client.ssl.trust-store-password:${transunion.api.ssl.trust-store-password:}}")
String sslTrustStorePassword,
@Value("${transunion.api.username}")
String username,
@Value("${transunion.api.password}")
String password,
@Value("${broker.operation.client.ssl.key-store-bytes:${transunion.api.ssl.key-store:}}")
String transunionSslKeyStoreBytes,
@Value("${broker.operation.client.ssl.key-store-name:${transunion.api.ssl.key-store-name:}}")
String transunionSslKeyStoreCertFileName,
@Value("${broker.operation.client.ssl.trust-store-bytes:${transunion.api.ssl.trust-store:}}")
String transunionSslTrustStoreBytes,
@Value("${broker.operation.client.ssl.trust-store-name:${transunion.api.ssl.trust-store-name:}}")
String transunionSslTrustStoreCertFileName,
@Value("${broker.operation.client.ssl.mutual-auth:${transunion.api.ssl.mutual-auth:false}}")
boolean sslMutualAuth) {
this.connectionTimeout = connectionTimeout;
this.connectionRequestTimeout = connectionRequestTimeout;
this.socketTimeout = socketTimeout;
this.sslVerifyHostname = sslVerifyHostname;
this.sslKeyStorePassword = sslKeyStorePassword;
this.sslKeyPassword = sslKeyPassword;
this.sslTrustStorePassword = sslTrustStorePassword;
this.username = username;
this.password = password;
this.transunionSslKeyStoreBytes = transunionSslKeyStoreBytes;
this.transunionSslKeyStoreCertFileName =
transunionSslKeyStoreCertFileName;
this.transunionSslTrustStoreBytes = transunionSslTrustStoreBytes;
this.transunionSslTrustStoreCertFileName =
transunionSslTrustStoreCertFileName;
this.sslMutualAuth = sslMutualAuth;
this.sslKeyStore = transunionSslKeyStore();
this.sslTrustStore = transunionSslTrustStore();
}
public HttpComponentsMessageSender httpComponentsMessageSender() {
HttpComponentsMessageSender httpComponentsMessageSender = new
HttpComponentsMessageSender();
try {
httpComponentsMessageSender.setHttpClient(httpClient());
} catch (Exception exception) {
LogHelper.logError(exception, "DIP issued an Error! HTTP Client
Handshake failed.",
HttpClientConfiguration.class);
throw new RuntimeException(exception);
}
return httpComponentsMessageSender;
}
public HttpClient httpClient() throws Exception {
RequestConfig requestConfig = RequestConfig.custom()
.setConnectTimeout(connectionTimeout)
.setConnectionRequestTimeout(connectionRequestTimeout)
.setSocketTimeout(socketTimeout).build();
if (sslMutualAuth) {
return HttpClientBuilder.create()
.setSSLSocketFactory(sslConnectionSocketFactory())
.setDefaultRequestConfig(requestConfig)
.setDefaultCredentialsProvider(credentialsProvider())
.addInterceptorFirst(new HttpRequestInterceptor() {
@Override
public void process(HttpRequest request, HttpContext
context) throws HttpException, IOException {
request.removeHeaders(HttpHeaders.CONTENT_LENGTH);
request.removeHeaders(HttpHeaders.TRANSFER_ENCODING);
LogHelper.logDebug("Http Request Headers= " +
Arrays.toString(request.getAllHeaders()),
HttpClientConfiguration.class);
}
})
.build();
}
return HttpClientBuilder.create()
.setDefaultRequestConfig(requestConfig)
.setDefaultCredentialsProvider(credentialsProvider())
.addInterceptorFirst(new HttpRequestInterceptor() {
@Override
public void process(HttpRequest request, HttpContext context)
throws HttpException, IOException {
request.removeHeaders(HttpHeaders.CONTENT_LENGTH);
request.removeHeaders(HttpHeaders.TRANSFER_ENCODING);
LogHelper.logDebug("Http Request Headers= " +
Arrays.toString(request.getAllHeaders()),
HttpClientConfiguration.class);
}
})
.build();
}
@ConditionalOnExpression("
'${broker.operation.client.ssl.mutual-auth:${transunion.api.ssl.mutual-auth:false}}'.equals('true')
")
public SSLConnectionSocketFactory sslConnectionSocketFactory() throws
Exception {
if (sslVerifyHostname) {
return new SSLConnectionSocketFactory(sslContext());
} else {
// Turn off host-name verification
return new SSLConnectionSocketFactory(sslContext(),
NoopHostnameVerifier.INSTANCE);
}
}
@ConditionalOnExpression("
'${broker.operation.client.ssl.mutual-auth:${transunion.api.ssl.mutual-auth:false}}'.equals('true')
")
public SSLContext sslContext() throws Exception {
return SSLContextBuilder.create()
.loadKeyMaterial(ResourceUtils.getFile(sslKeyStore),
sslKeyStorePassword.toCharArray(), sslKeyPassword.toCharArray())
.loadTrustMaterial(ResourceUtils.getFile(sslTrustStore),
sslTrustStorePassword.toCharArray()).build();
}
public CredentialsProvider credentialsProvider() {
BasicCredentialsProvider basicCredentialsProvider = new
BasicCredentialsProvider();
basicCredentialsProvider.setCredentials(AuthScope.ANY,
usernamePasswordCredentials());
return basicCredentialsProvider;
}
public UsernamePasswordCredentials usernamePasswordCredentials() {
return new UsernamePasswordCredentials(username, password);
}
public String transunionSslKeyStore() {
return createCertAndGetPath(transunionSslKeyStoreBytes,
transunionSslKeyStoreCertFileName);
}
public String transunionSslTrustStore() {
return createCertAndGetPath(transunionSslTrustStoreBytes,
transunionSslTrustStoreCertFileName);
}
private String createCertAndGetPath(String trustStoreCert, String certName)
{
if (!sslMutualAuth) {
return "";
}
String path = null;
if (trustStoreCert != null && !"".equals(trustStoreCert.trim())) {
try {
File certFile = File.createTempFile(certName, ".jks");
FileOutputStream writer = new FileOutputStream(certFile);
writer.write(Base64.getDecoder().decode(trustStoreCert.replaceAll(System.lineSeparator(),
"")));
writer.close();
path = certFile.getAbsolutePath();
LogHelper.logInfo("Path created successfully: " + path,
HttpClientConfiguration.class);
} catch (IOException e) {
LogHelper.logError("Method: trustStoreCertFile path. Error: " +
Arrays.toString(e.getStackTrace()),
HttpClientConfiguration.class);
throw new RuntimeException();
}
}
LogHelper.logInfo("Method: trustStoreCertFile path. Path: " + path,
HttpClientConfiguration.class);
return path;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
