HydrologicEngineeringCenter · rma-bryson · Feb 24, 2025 · Feb 21, 2025
diff --git a/...-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java b/...-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/CwbiAuthTokenProvider.java
@@ -74,6 +74,7 @@ public OAuth2Token newToken() throws IOException {
     @Override
     public synchronized OAuth2Token refreshToken() throws IOException {
         OAuth2Token token = new RefreshTokenRequestBuilder()
+            .withSSlSocketFactory(sslSocketFactory)
             .withRefreshToken(oauth2Token.getRefreshToken())
             .withUrl(url)
             .withClientId(clientId)

diff --git a/...nt/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java b/...nt/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestBuilder.java
@@ -1,8 +1,12 @@
 package hec.army.usace.hec.cwbi.auth.http.client;
 
+import hec.army.usace.hec.cwbi.auth.http.client.trustmanagers.CwbiAuthTrustManager;
+import java.util.Optional;
+import javax.net.ssl.SSLSocketFactory;
 import mil.army.usace.hec.cwms.http.client.ApiConnectionInfoBuilder;
 import mil.army.usace.hec.cwms.http.client.HttpRequestBuilderImpl;
 import mil.army.usace.hec.cwms.http.client.HttpRequestResponse;
+import mil.army.usace.hec.cwms.http.client.SslSocketData;
 import mil.army.usace.hec.cwms.http.client.auth.OAuth2Token;
 import mil.army.usace.hec.cwms.http.client.request.HttpRequestExecutor;
 
@@ -12,24 +16,45 @@
 public final class RefreshTokenRequestBuilder implements RefreshTokenRequestFluentBuilder {
 
     private String refreshToken;
+    private SSLSocketFactory sslSocketFactory;
 
     /**
      * Retrieved token via a refresh token.
      * @param refreshToken - token used to fetch new token
      * @return Builder for http request
      */
+    @Override
     public TokenRequestFluentBuilder withRefreshToken(String refreshToken) {
         this.refreshToken = Objects.requireNonNull(refreshToken, "Missing required refresh token");
         return new RefreshTokenRequestExecutor();
     }
 
+    /**
+     * Set the SSLSocketFactory for the refresh request should it be needed.
+     * @param sslSocketFactory - SSLSocketFactory to use
+     * @return Builder for http request
+     */
+    @Override
+    public RefreshTokenRequestBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory) {
+        this.sslSocketFactory = sslSocketFactory;
+        return this;
+    }
+
+    //package scoped for testing
+    Optional<SSLSocketFactory> getSslSocketFactory() {
+        return Optional.ofNullable(sslSocketFactory);
+    }
+
     private class RefreshTokenRequestExecutor extends TokenRequestBuilder {
 
         @Override
         OAuth2Token retrieveToken() throws IOException {
             OAuth2Token retVal = null;
+            SslSocketData sslSocketData = getSslSocketFactory().map(sf -> new SslSocketData(sf, CwbiAuthTrustManager.getTrustManager()))
+                    .orElse(null);
             HttpRequestExecutor executor =
-                new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl()).build())
+                new HttpRequestBuilderImpl(new ApiConnectionInfoBuilder(getUrl())
+                        .withSslSocketData(sslSocketData).build())
                     .post()
                     .withBody(new UrlEncodedFormData()
                         .addRefreshToken(refreshToken)

diff --git a/.../main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java b/.../main/java/hec/army/usace/hec/cwbi/auth/http/client/RefreshTokenRequestFluentBuilder.java
@@ -1,5 +1,8 @@
 package hec.army.usace.hec.cwbi.auth.http.client;
 
+import javax.net.ssl.SSLSocketFactory;
+
 public interface RefreshTokenRequestFluentBuilder {
     TokenRequestFluentBuilder withRefreshToken(String refreshToken);
+    RefreshTokenRequestBuilder withSSlSocketFactory(SSLSocketFactory sslSocketFactory);
 }
diff --git a/...ain/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java b/...ain/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java
@@ -58,7 +58,7 @@ private CwbiAuthTrustManager(TrustManagerFactory trustManagerFactory) {
     private static X509TrustManager buildTrustManager() {
         X509TrustManager retVal = null;
         try {
-            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             trustManagerFactory.init((KeyStore) null);
             retVal = new CwbiAuthTrustManager(trustManagerFactory);
         } catch (NoSuchAlgorithmException | KeyStoreException e) {

diff --git a/...java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java b/...java/hec/army/usace/hec/cwbi/auth/http/client/TestDirectGrantX509TokenRequestBuilder.java
@@ -96,7 +96,7 @@ void testDirectGrantX509TokenRequestBuilder() throws IOException {
         }
     }
 
-    private SSLSocketFactory getTestSslSocketFactory() {
+    static SSLSocketFactory getTestSslSocketFactory() {
         return new SSLSocketFactory() {
             @Override
             public String[] getDefaultCipherSuites() {

diff --git a/...rc/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestRefreshTokenRequestBuilder.java b/...rc/test/java/hec/army/usace/hec/cwbi/auth/http/client/TestRefreshTokenRequestBuilder.java
@@ -23,9 +23,12 @@
  */
 package hec.army.usace.hec.cwbi.auth.http.client;
 
+import static hec.army.usace.hec.cwbi.auth.http.client.TestDirectGrantX509TokenRequestBuilder.getTestSslSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertSame;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.File;
@@ -41,18 +44,23 @@
 class TestRefreshTokenRequestBuilder {
 
     @Test
-    void testDirectGrantX509TokenRequestBuilder() throws IOException {
+    void testRefreshTokenRequestBuilder() throws IOException {
         MockWebServer mockWebServer = new MockWebServer();
         try {
             String body = readJsonFile();
             mockWebServer.enqueue(new MockResponse().setBody(body).setResponseCode(200));
             mockWebServer.start();
             String baseUrl = String.format("http://localhost:%s", mockWebServer.getPort());
+            SSLSocketFactory sslSocketFactory = getTestSslSocketFactory();
+            RefreshTokenRequestBuilder builder = new RefreshTokenRequestBuilder()
+                    .withSSlSocketFactory(sslSocketFactory);
+            assertSame(sslSocketFactory, builder.getSslSocketFactory().orElse(null));
             OAuth2Token token = new RefreshTokenRequestBuilder()
-                .withRefreshToken("abcdefghijklmnopqrstuvwxyz0123456789")
-                .withUrl(baseUrl)
-                .withClientId("cumulus")
-                .fetchToken();
+                    .withSSlSocketFactory(sslSocketFactory)
+                    .withRefreshToken("abcdefghijklmnopqrstuvwxyz0123456789")
+                    .withUrl(baseUrl)
+                    .withClientId("cumulus")
+                    .fetchToken();
             assertNotNull(token);
             assertEquals("MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3", token.getAccessToken());
             assertEquals("Bearer", token.getTokenType());