SchemeFactory.java

package com.cloudhopper.httpclient.util;

/*
 * #%L
 * ch-httpclient-util
 * %%
 * Copyright (C) 2012 - 2013 Cloudhopper by Twitter
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * #L%
 */

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;

/**
 * Utility class for creating schemes to be used with the Apacha Jakarta
 * HttpClient.
 *
 * @author joelauer
 */
public class SchemeFactory {

    private SchemeFactory() {
        // only static methods
    }

    static public Scheme createHttpScheme() {
        return new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
    }

    static public Scheme createHttpsScheme() throws NoSuchAlgorithmException {
        SSLSocketFactory socketFactory = new SSLSocketFactory(SSLContext.getDefault());
        return new Scheme("https", socketFactory, 443);
    }

    /* 
     * Creates a SSL scheme with possibly a truststore and/or a keystore. 
     *
     * Truststore is primarily used to validate a server's SSL certificate.
     * And the keystore holds client certicates for SSL client authentication.
     *
     * Properly handles null keystore/truststores, and keystore/truststores without passwords.
     *
     * Added to support SSL mutual authentication in CA-Telus.
     */
    static public Scheme createHttpsScheme( File keystoreFile, 
					    String keystorePassword, 
					    File truststoreFile, 
					    String truststorePassword ) 
	throws NoSuchAlgorithmException, KeyStoreException, FileNotFoundException,
	       IOException, KeyManagementException, CertificateException, 
	       UnrecoverableKeyException
    {
	
	if( keystoreFile == null && truststoreFile == null ){
	    // To insure we don't break anything, if keystore and trust store is not specified, 
	    // call the legacy createHttpsScheme.
	    return createHttpsScheme();
	} else {
	    // Configure https scheme with a keystore to authenticate ourselves to the server
	    // and/or a truststore to verify the server's certificate.
	    KeyStore keystore = null;
	    if( keystoreFile != null ){
		keystore  = KeyStore.getInstance( KeyStore.getDefaultType() );        
		FileInputStream instream = new FileInputStream( keystoreFile ); 
		try {
		    // A null password is valid when the keystore does not have a password.
		    if( keystorePassword != null ){
			keystore.load(instream, keystorePassword.toCharArray());
		    } else {
			keystore.load(instream, null );
		    }
		} finally {
		    instream.close();
		}
		
	    }
	    KeyStore truststore = null;
	    if( truststoreFile != null ){
	        truststore = KeyStore.getInstance( KeyStore.getDefaultType() );        
		FileInputStream instream = new FileInputStream( truststoreFile ); 
		try {
		    // A null password is valid when the keystore does not have a password.
		    if( truststorePassword != null ){
			truststore.load(instream, truststorePassword.toCharArray());
		    } else {
			truststore.load(instream, null);
		    }
		} finally {
		    instream.close();
		}
	    }
	    // Not sure if identifing which params were passed in as null and calling the 
	    // appropriate constructor is necessary, because the Apache Docs don't describe
	    // what happens when we pass in null. Play it conservative rather than test the
	    // behavior. 
	    SSLSocketFactory socketFactory;
	    if( keystore != null && truststore != null ){
		socketFactory = new SSLSocketFactory( keystore, keystorePassword, truststore );
	    } else if( keystore != null ){
		socketFactory = new SSLSocketFactory( keystore, keystorePassword );
	    } else {
		socketFactory = new SSLSocketFactory( truststore );
	    }
	    return new Scheme("https", socketFactory, 443);
	} 
    }
 

    static public Scheme createDoNotVerifyHttpsScheme() throws NoSuchAlgorithmException, KeyManagementException {
        TrustManager sslTrustManager = new DoNotVerifySSLCertificateTrustManager();
        SSLContext sslcontext = SSLContext.getInstance("TLS");
        sslcontext.init(null, new TrustManager[] { sslTrustManager }, null);
        SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
        sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        return new Scheme("https", sf, 443);
    }

   
    
}