Merge pull request #127 from Sapbasu15/master

Sunny Raj Rathod · web-flow · commit 1ca59d17b292 · 2017-12-01T20:53:06.000+05:30
Force HttpClient to implement TLSv1.2 protocol
diff --git a/src/main/java/net/authorize/util/HttpCallTask.java b/src/main/java/net/authorize/util/HttpCallTask.java
@@ -63,11 +63,11 @@ public ANetApiResponse call() throws Exception {
 		ANetApiResponse response = null;
 		StringBuilder buffer = new StringBuilder();
 		
-		DefaultHttpClient httpCaller = null;
+		org.apache.http.client.HttpClient httpCaller = null;
 		
         try {
             HttpPost httppost = HttpUtility.createPostRequest(this.env, this.request);
-            httpCaller = new DefaultHttpClient();
+            httpCaller = HttpClient.getHttpsClient();
 			HttpClient.setProxyIfRequested(httpCaller);
             HttpResponse httpResponse = httpCaller.execute(httppost);
 
diff --git a/src/main/java/net/authorize/util/HttpClient.java b/src/main/java/net/authorize/util/HttpClient.java
@@ -7,19 +7,28 @@
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URLDecoder;
+import java.security.KeyStore;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;
+import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.conn.params.ConnRoutePNames;
+import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.client.LaxRedirectStrategy;
 import org.apache.http.params.CoreProtocolPNames;
 import org.apache.http.params.HttpConnectionParams;
 import org.apache.http.protocol.HTTP;
@@ -144,7 +153,7 @@ public static Map<ResponseField, String> execute(Environment environment, Transa
 
 		if(environment != null && transaction != null) {
 			try {
-				DefaultHttpClient httpClient = new DefaultHttpClient();
+				org.apache.http.client.HttpClient httpClient = getHttpsClient();
 
 				setProxyIfRequested(httpClient);
 
@@ -234,7 +243,7 @@ public static BasicXmlDocument executeXML(Environment environment, Transaction t
 
 		if(environment != null && transaction != null) {
 			try {
-				DefaultHttpClient httpClient = new DefaultHttpClient();
+				org.apache.http.client.HttpClient httpClient = getHttpsClient();
 
 				setProxyIfRequested(httpClient);
 				
@@ -302,7 +311,7 @@ public static BasicXmlDocument executeXML(Environment environment, Transaction t
 	 * if proxy use is requested, set http-client appropriately 
 	 * @param httpClient the client to add proxy values to 
 	 */
-	public static void setProxyIfRequested(DefaultHttpClient httpClient) {
+	public static void setProxyIfRequested(org.apache.http.client.HttpClient httpClient) {
 		if ( UseProxy)
 		{
 			if ( !proxySet) {
@@ -313,4 +322,41 @@ public static void setProxyIfRequested(DefaultHttpClient httpClient) {
 			httpClient.getParams().setParameter( ConnRoutePNames.DEFAULT_PROXY, proxyHttpHost);
 		}
 	}
+	
+	/**
+	 * @return returns an SSL context with TLSv1.2 protocol instance to be used in the call
+	 */
+	private static SSLContext getSSLContext() {
+		try {
+			final SSLContext sc = SSLContext.getInstance("TLSv1.2");
+			final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+			trustManagerFactory.init((KeyStore) null);
+			sc.init(null, trustManagerFactory.getTrustManagers(), new java.security.SecureRandom());
+			return sc;
+		}
+		catch (Exception e) {
+			e.printStackTrace();
+			return null;
+		}
+	}
+
+	/**
+	 * Returns a HTTPClient instance which enforce TLSv1.2 protocol for all the calls 
+	 * @return org.apache.http.client.HttpClient instance 
+	 * @throws Exception
+	 */
+	static org.apache.http.client.HttpClient getHttpsClient() throws Exception {
+		SSLContext sslcontext = getSSLContext();
+		try {
+			LayeredConnectionSocketFactory sslSocketFactory = new org.apache.http.conn.ssl.SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
+			RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(httpConnectionTimeout).build();
+			return HttpClients.custom()
+					.setSSLSocketFactory(sslSocketFactory)
+					.setDefaultRequestConfig(requestConfig)
+					.setRedirectStrategy(new LaxRedirectStrategy())
+					.build();
+		} catch (Exception e) {
+			return null;
+		}
+	}
 }
