diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java index 9cc0661b..7aa0089d 100644 --- a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java +++ b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java @@ -74,6 +74,7 @@ public OAuth2Token newToken() throws IOException { @Override public synchronized OAuth2Token refreshToken() throws IOException { OAuth2Token token = new RefreshTokenRequestBuilder() + .withSSlSocketFactory(sslSocketFactory) .withRefreshToken(oauth2Token.getRefreshToken()) .withUrl(url) .withClientId(clientId) diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java index 76833886..78c911c5 100644 --- a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java +++ b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java @@ -1,8 +1,12 @@ package hec.army.usace.hec.cwbi.auth.http.client; +import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager; +import java.util.Optional; +import javax.net.ssl.SSLSocketFactory; import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder; import mil.army.usace.hec.cwms.http.client.HttpRequestBuilderImpl; import mil.army.usace.hec.cwms.http.client.HttpRequestResponse; +import mil.army.usace.hec.cwms.http.client.SslSocketData; import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token; import mil.army.usace.hec.cwms.http.client.request.HttpRequestExecutor; @@ -12,24 +16,45 @@ public final class RefreshTokenRequestBuilder implements RefreshTokenRequestFluentBuilder { private String refreshToken; + private SSLSocketFactory sslSocketFactory; /** * Retrieved token via a refresh token. * @param refreshToken - token used to fetch new token * @return Builder for http request */ + @Override public TokenRequestFluentBuilder withRefreshToken(String refreshToken) { this.refreshToken = Objects.requireNonNull(refreshToken, "Missing required refresh token"); return new RefreshTokenRequestExecutor(); } + /** + * Set the SSLSocketFactory for the refresh request should it be needed. + * @param sslSocketFactory - SSLSocketFactory to use + * @return Builder for http request + */ + @Override + public RefreshTokenRequestBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory) { + this.sslSocketFactory = sslSocketFactory; + return this; + } + + //package scoped for testing + Optional getSslSocketFactory() { + return Optional.ofNullable(sslSocketFactory); + } + private class RefreshTokenRequestExecutor extends TokenRequestBuilder { @Override OAuth2Token retrieveToken() throws IOException { OAuth2Token retVal = null; + SslSocketData sslSocketData = getSslSocketFactory().map(sf -> new SslSocketData(sf, CwbiAuthTrustManager.getTrustManager())) + .orElse(null); HttpRequestExecutor executor = - new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl()).build()) + new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl()) + .withSslSocketData(sslSocketData).build()) .post() .withBody(new UrlEncodedFormData() .addRefreshToken(refreshToken) diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java index 18976a64..a86afea2 100644 --- a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java +++ b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java @@ -1,5 +1,8 @@ package hec.army.usace.hec.cwbi.auth.http.client; +import javax.net.ssl.SSLSocketFactory; + public interface RefreshTokenRequestFluentBuilder { TokenRequestFluentBuilder withRefreshToken(String refreshToken); + RefreshTokenRequestBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory); } diff --git a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java index 6fb8dd17..fc340b1e 100644 --- a/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java +++ b/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java @@ -58,7 +58,7 @@ private CwbiAuthTrustManager(TrustManagerFactory trustManagerFactory) { private static X509TrustManager buildTrustManager() { X509TrustManager retVal = null; try { - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX"); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); retVal = new CwbiAuthTrustManager(trustManagerFactory); } catch (NoSuchAlgorithmException | KeyStoreException e) { diff --git a/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java b/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java index d61c6fb7..9130e6ef 100644 --- a/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java +++ b/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java @@ -96,7 +96,7 @@ void testDirectGrantX509TokenRequestBuilder() throws IOException { } } - private SSLSocketFactory getTestSslSocketFactory() { + static SSLSocketFactory getTestSslSocketFactory() { return new SSLSocketFactory() { @Override public String[] getDefaultCipherSuites() { diff --git a/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestRefreshTokenRequestBuilder.java b/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestRefreshTokenRequestBuilder.java index 4d2ed008..ca9a74d3 100644 --- a/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestRefreshTokenRequestBuilder.java +++ b/cwbi-auth-http-client/src/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestRefreshTokenRequestBuilder.java @@ -23,9 +23,12 @@ */ package hec.army.usace.hec.cwbi.auth.http.client; +import static hec.army.usace.hec.cwbi.auth.http.client.TestDirectGrantX509TokenRequestBuilder.getTestSslSocketFactory; +import javax.net.ssl.SSLSocketFactory; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.File; @@ -41,18 +44,23 @@ class TestRefreshTokenRequestBuilder { @Test - void testDirectGrantX509TokenRequestBuilder() throws IOException { + void testRefreshTokenRequestBuilder() throws IOException { MockWebServer mockWebServer = new MockWebServer(); try { String body = readJsonFile(); mockWebServer.enqueue(new MockResponse().setBody(body).setResponseCode(200)); mockWebServer.start(); String baseUrl = String.format("http://localhost:%s", mockWebServer.getPort()); + SSLSocketFactory sslSocketFactory = getTestSslSocketFactory(); + RefreshTokenRequestBuilder builder = new RefreshTokenRequestBuilder() + .withSSlSocketFactory(sslSocketFactory); + assertSame(sslSocketFactory, builder.getSslSocketFactory().orElse(null)); OAuth2Token token = new RefreshTokenRequestBuilder() - .withRefreshToken("abcdefghijklmnopqrstuvwxyz0123456789") - .withUrl(baseUrl) - .withClientId("cumulus") - .fetchToken(); + .withSSlSocketFactory(sslSocketFactory) + .withRefreshToken("abcdefghijklmnopqrstuvwxyz0123456789") + .withUrl(baseUrl) + .withClientId("cumulus") + .fetchToken(); assertNotNull(token); assertEquals("MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3", token.getAccessToken()); assertEquals("Bearer", token.getTokenType());