Skip to content

Secure Socket

Purpose

Build and create secure socket configurations of the Apache Http Client http://hc.apache.org/httpcomponents-client-4.5.x/tutorial/html/index.html

Methods

Binding name: p6.securesocket

contextBuilder

Creates a new SecureContextBuilder that can be used to build a SecureContext that is used to obtain a CloseableHttpClient or an HttpClientBuilder

Syntax

SecureContextBuilder p6.securesocket.contextBuilder()
SecureContextBuilder definition

  • setType( SecureContext.BundleType type )

    SecureContext.BundleType
    • ONE_WAY
      • Only the client validates the server to ensure that it receives data from the intended server
    • TWO_WAY
      • Both client and server authenticate each other to ensure that both parties involved in the communication are trusted
    • ONE_WAY_TRUST_ANY (default)
      • As ONE_WAY except that ANY server connection is trusted
    • TWO_WAY_TRUST_ANY
      • As TWO_WAY except that ANY server connection is trusted
    • NONE
      • A pass-thru type that allows plain http client connections (all other setters are ignored)

  • setStrict( boolean strict )

    • true to enable strict hostname validation (otherwise no hostname verification will be performed)
  • setTrustSelfSigned( boolean trustSelfSigned )
    • true to accept self signed server certificates
  • setIdentityPrivateKeyPath( String identityPrivateKeyPath )
    • The path or URI to PEM formatted private key to read and build into a client identity store
  • setIdentityCertsPaths( List identityCertsPaths )
    • A List of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
  • setIdentityCertsPaths( String csvIdentityCertsPaths )
    • A comma separated list of paths or URIs to PEM formatted certificate bundles to read and build into a client identity store
  • setTrustCertsPaths( List trustCertsPaths )
    • A List of paths or URIs to PEM formatted certificate bundles to read and build into a trust store
  • setSNIServerNames( String sniServerNames )
    • A comma separated list of desired SNIServerNames. Server names of type host_name are used in a Server Name Indication (SNI) extension. As described in section 3, “Server Name Indication”, of TLS Extensions (RFC 6066), “HostName” contains the fully qualified DNS hostname of the server, as understood by the client
Example 
import org.apache.http.client.methods.HttpGet

def httpClient = securesocket.clientBuild( p6.securesocket.contextBuilder().build() )

def getMethod = new HttpGet( "https://www.amalto.com" )
def response = httpClient.execute( getMethod )

clientBuild

Given a context built by the SecureContextBuilder an Apache HttpClient is created with a correctly defined https connection factory.

Syntax

CloseableHttpClient p6.securesocket.clientBuild( SecureContext secureContext )
Examples 
import org.apache.http.client.methods.HttpPost
import org.apache.http.client.config.RequestConfig

def ctx = p6.securesocket.contextBuilder()
    .setType( SecureContext.BundleType.TWO_WAY_TRUST_ANY )
    .setIdentityPrivateKeyPath( "p6file://${P6_DATA}/resources/certificates/privatekey.pem" )
    .setIdentityCertsPaths( "p6file://${P6_DATA}/resources/certificates/publickey.pem" )
    .build();

p6.securesocket.clientBuild( ctx ).withCloseable { client ->

    def response = client.execute( new HttpPost( "https://httpbin.org/post" ) )
}

import org.apache.http.client.methods.HttpPost
import org.apache.http.client.config.RequestConfig

def ctx = p6.securesocket.contextBuilder()
    .setType( SecureContext.BundleType.NONE )
    .build();

p6.securesocket.clientBuild( ctx ).withCloseable { client ->

    def response = client.execute( new HttpGet( "http://localhost:8091/metrics" ) )
}

clientBuilder

Given a context built by the SecureContextBuilder an Apache HttpClientBuilder is created with a correctly defined https connection factory. Access to the ‘builder’ allows the user to further enhance the behaviour of the HttpClient built

Syntax

HttpClientBuilder p6.securesocket.clientBuilder( SecureContext secureContext )
Examples 
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.config.RequestConfig

def ctx = p6.securesocket.contextBuilder().setType( SecureContext.BundleType.ONE_WAY ).build();
def cb = p6.securesocket.clientBuilder( ctx );

def timeout = 60

def config = RequestConfig.custom()
    .setConnectTimeout( timeout * 1000 )
    .setConnectionRequestTimeout( timeout * 1000 )
    .setSocketTimeout( timeout * 1000 )
    .build()

def httpClient = cb
    .disableAuthCaching()
    .disableAutomaticRetries()
    .disableCookieManagement()
    .setDefaultRequestConfig( config )
    .build()

def getMethod = new HttpGet( "https://www.amalto.com" )

def response = httpClient.execute( getMethod )
With SNI
import org.apache.http.client.methods.HttpGet
import org.apache.http.client.config.RequestConfig

def ctx = p6.securesocket.contextBuilder()
    .setType( SecureContext.BundleType.ONE_WAY )
    .setSNIServerNames( 'tls-v1-2.badssl.com' )
    .build();

def cb = p6.securesocket.clientBuilder( ctx );

def timeout = 60

def config = RequestConfig.custom()
    .setConnectTimeout( timeout * 1000 )
    .setConnectionRequestTimeout( timeout * 1000 )
    .setSocketTimeout( timeout * 1000 )
    .build()

def httpClient = cb
    .disableAuthCaching()
    .disableAutomaticRetries()
    .disableCookieManagement()
    .setDefaultRequestConfig( config )
    .build()

def getMethod = new HttpGet( 'https://tls-v1-2.badssl.com:1012/' )

def response = httpClient.execute( getMethod )