Fix #692 by initializing the zitiSslSocketFactory on first use instead of on bean construction

ahazeltonNF · ahazeltonNF · commit 4ba3fca61fe2 · 2025-05-07T17:17:37.000-04:00
diff --git a/ziti-springboot-client/src/main/java/org/openziti/springboot/client/web/config/ZitiTlsSocketStrategy.java b/ziti-springboot-client/src/main/java/org/openziti/springboot/client/web/config/ZitiTlsSocketStrategy.java
@@ -37,26 +37,28 @@
 
 @Slf4j
 public class ZitiTlsSocketStrategy extends DefaultClientTlsStrategy {
-  private final SSLSocketFactory zitiSslSocketFactory;
+  private SSLSocketFactory zitiSslSocketFactory;
+
+  private final SSLContext sslContext;
   private final HostnameVerificationPolicy hostnameVerificationPolicy;
 
   public ZitiTlsSocketStrategy(final SSLContext sslContext,
       final HostnameVerificationPolicy hostnameVerificationPolicy,
       final HostnameVerifier hostnameVerifier) {
     super(sslContext, hostnameVerificationPolicy, hostnameVerifier);
-    this.zitiSslSocketFactory = Ziti.getSSLSocketFactory(sslContext);
+    this.sslContext = sslContext;
     this.hostnameVerificationPolicy = hostnameVerificationPolicy;
   }
 
   public ZitiTlsSocketStrategy(final SSLContext sslContext) {
     super(sslContext);
-    this.zitiSslSocketFactory = Ziti.getSSLSocketFactory(sslContext);
+    this.sslContext = sslContext;
     this.hostnameVerificationPolicy = HostnameVerificationPolicy.BOTH;
   }
 
   @Override
   public SSLSocket upgrade(Socket socket, String target, int port, Object attachment, HttpContext context) throws IOException {
-    final SSLSocket upgradedSocket = (SSLSocket) zitiSslSocketFactory.createSocket(socket, target, port, true);
+    final SSLSocket upgradedSocket = (SSLSocket) getZitiSslSocketFactory().createSocket(socket, target, port, true);
     try {
       executeHandshake(upgradedSocket, target, attachment);
       return upgradedSocket;
@@ -97,4 +99,15 @@ private void executeHandshake(
     verifySession(target, upgradedSocket.getSession());
   }
 
+  protected SSLSocketFactory getZitiSslSocketFactory() {
+    if (zitiSslSocketFactory == null) {
+      synchronized(this) {
+        if (zitiSslSocketFactory == null) {
+          zitiSslSocketFactory = Ziti.getSSLSocketFactory(sslContext);
+        }
+      }
+    }
+    return zitiSslSocketFactory;
+  }
+
 }
