SSLSocketFactoryBuilderImpl.java

/**
 * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
 *
 * This library is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Lesser General Public License as published by the Free
 * Software Foundation; either version 2.1 of the License, or (at your option)
 * any later version.
 *
 * This library is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
 * details.
 */

package com.liferay.portal.search.solr.internal.http;

import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.search.solr.configuration.SolrSSLSocketFactoryConfiguration;
import com.liferay.portal.search.solr.http.KeyStoreLoader;
import com.liferay.portal.search.solr.http.SSLSocketFactoryBuilder;

import java.security.KeyStore;

import java.util.Map;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;

import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;

import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;

/**
 * @author László Csontos
 * @author André de Oliveira
 */
@Component(
	configurationPid = "com.liferay.portal.search.solr.configuration.SolrSSLSocketFactoryConfiguration",
	immediate = true, service = SSLSocketFactoryBuilder.class
)
public class SSLSocketFactoryBuilderImpl implements SSLSocketFactoryBuilder {

	@Override
	public SSLConnectionSocketFactory build() throws Exception {
		KeyStore keyStore = _keyStoreLoader.load(
			_keyStoreType, _keyStorePath, _keyStorePassword);

		if (keyStore == null) {
			if (_log.isDebugEnabled()) {
				_log.debug(
					"Use system defaults because there is no custom key store");
			}

			return SSLConnectionSocketFactory.getSystemSocketFactory();
		}

		KeyStore trustKeyStore = null;

		TrustStrategy trustStrategy = null;

		if (_verifyServerCertificate) {
			trustKeyStore = _keyStoreLoader.load(
				_trustStoreType, _trustStorePath, _trustStorePassword);

			if (trustKeyStore == null) {
				if (_log.isDebugEnabled()) {
					_log.debug(
						"Use system defaults because there is no custom " +
							"trust store");
				}

				return SSLConnectionSocketFactory.getSystemSocketFactory();
			}
		}
		else {
			trustStrategy = new TrustSelfSignedStrategy();
		}

		HostnameVerifier hostnameVerifier = null;

		if (_verifyServerHostname) {
			hostnameVerifier =
				SSLConnectionSocketFactory.getDefaultHostnameVerifier();
		}

		SSLContextBuilder sslContextBuilder = SSLContexts.custom();

		sslContextBuilder.loadKeyMaterial(keyStore, _keyStorePassword);
		sslContextBuilder.loadTrustMaterial(trustStrategy);

		SSLContext sslContext = sslContextBuilder.build();

		try {
			return new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
		}
		catch (Exception e) {
			if (_log.isWarnEnabled()) {
				_log.warn(
					"Use system defaults because the custom SSL socket " +
						"factory was not able to initialize",
					e);
			}

			return SSLConnectionSocketFactory.getSystemSocketFactory();
		}
	}

	@Activate
	@Modified
	protected void activate(Map<String, Object> properties) {
		_solrSSLSocketFactoryConfiguration =
			ConfigurableUtil.createConfigurable(
				SolrSSLSocketFactoryConfiguration.class, properties);

		String keyStorePassword =
			_solrSSLSocketFactoryConfiguration.keyStorePassword();

		_keyStorePassword = keyStorePassword.toCharArray();

		_keyStorePath = _solrSSLSocketFactoryConfiguration.keyStorePath();
		_keyStoreType = _solrSSLSocketFactoryConfiguration.keyStoreType();

		String trustStorePassword =
			_solrSSLSocketFactoryConfiguration.trustStorePassword();

		_trustStorePassword = trustStorePassword.toCharArray();

		_trustStorePath = _solrSSLSocketFactoryConfiguration.trustStorePath();
		_trustStoreType = _solrSSLSocketFactoryConfiguration.trustStoreType();
		_verifyServerCertificate =
			_solrSSLSocketFactoryConfiguration.verifyServerCertificate();
		_verifyServerHostname =
			_solrSSLSocketFactoryConfiguration.verifyServerName();
	}

	@Reference(unbind = "-")
	protected void setKeyStoreLoader(KeyStoreLoader keyStoreLoader) {
		_keyStoreLoader = keyStoreLoader;
	}

	private static final Log _log = LogFactoryUtil.getLog(
		SSLSocketFactoryBuilderImpl.class);

	private KeyStoreLoader _keyStoreLoader;
	private char[] _keyStorePassword;
	private String _keyStorePath;
	private String _keyStoreType = KeyStore.getDefaultType();
	private volatile SolrSSLSocketFactoryConfiguration
		_solrSSLSocketFactoryConfiguration;
	private char[] _trustStorePassword;
	private String _trustStorePath;
	private String _trustStoreType = KeyStore.getDefaultType();
	private boolean _verifyServerCertificate = true;
	private boolean _verifyServerHostname = true;

}