IhcConnectionPool.java

/**
 * Copyright (c) 2010-2016 by the respective copyright holders.
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 */
package org.openhab.binding.ihc.ws;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Custom HTTP connection pool, which install all-trusting trust manager.
 *
 * @author Pauli Anttila
 * @since 1.7.0
 */
public class IhcConnectionPool {

    private static final Logger logger = LoggerFactory.getLogger(IhcConnectionPool.class);

    private static IhcConnectionPool instance = null;

    /**
     * Controller TLS certificate is self signed, which means that certificate
     * need to be manually added to java key store as a trusted certificate.
     * This is special SSL context which will be configured to trust all
     * certificates and manual work is not required.
     */
    private SSLContext sslContext = null;

    /** Holds and share cookie information (session id) from authentication procedure */
    private CookieStore cookieStore = null;

    private HttpClientBuilder httpClientBuilder = null;
    private HttpClientContext localContext = null;

    protected IhcConnectionPool() {
        init();
    }

    public static IhcConnectionPool getInstance() {
        if (instance == null) {
            synchronized (IhcConnectionPool.class) {
                if (instance == null) {
                    instance = new IhcConnectionPool();
                }
            }
        }
        return instance;
    }

    private void init() {

        // Create a local instance of cookie store
        cookieStore = new BasicCookieStore();

        // Create local HTTP context
        localContext = HttpClientContext.create();

        // Bind custom cookie store to the local context
        localContext.setCookieStore(cookieStore);

        httpClientBuilder = HttpClientBuilder.create();

        // Setup a Trust Strategy that allows all certificates.

        logger.debug("Initialize SSL context");

        // Create a trust manager that does not validate certificate chains,
        // but accept all.
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                logger.trace("Trusting server cert: " + certs[0].getIssuerDN());
            }
        } };

        // Install the all-trusting trust manager

        try {
            // Controller supports only SSLv3 and TLSv1
            sslContext = SSLContext.getInstance("TLSv1");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

        } catch (NoSuchAlgorithmException e) {
            logger.warn("Exception", e);
        } catch (KeyManagementException e) {
            logger.warn("Exception", e);
        }

        httpClientBuilder.setSslcontext(sslContext);

        // Controller accepts only HTTPS connections and because normally IP
        // address are used on home network rather than DNS names, create custom
        // host name verifier.
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {

            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                logger.trace("HostnameVerifier: arg0 = " + arg0);
                logger.trace("HostnameVerifier: arg1 = " + arg1);
                return true;
            }
        };

        // Create an SSL Socket Factory, to use our weakened "trust strategy"
        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext,
                new String[] { "TLSv1" }, null, hostnameVerifier);

        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create()
                .register("https", sslSocketFactory).build();

        // Create connection-manager using our Registry. Allows multi-threaded
        // use
        PoolingHttpClientConnectionManager connMngr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);

        // Increase max connection counts
        connMngr.setMaxTotal(20);
        connMngr.setDefaultMaxPerRoute(6);

        httpClientBuilder.setConnectionManager(connMngr);
    }

    public HttpClient getHttpClient() {
        return httpClientBuilder.build();
    }

    public HttpClientContext getHttpContext() {
        return localContext;
    }
}