add TLS1.2 override in httpclient classes

Author: diana-derose

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/interceptors/HTTPBatchClientConnectionInterceptor.java

@@ -17,6 +17,8 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
@@ -105,15 +107,14 @@ public void execute(List<IntuitMessage> intuitMessages) throws FMSException {
         HttpClientBuilder hcBuilder = HttpClients.custom()
                 .setRetryHandler(handler)
                 .setDefaultRequestConfig(setTimeout(intuitRequest.getContext()))
-                .setDefaultCredentialsProvider(setProxyAuthentication());
+                .setDefaultCredentialsProvider(setProxyAuthentication())
+                .setSSLSocketFactory(prepareClientSSL());
 
         entitiesManager.reset();
         HttpHost proxy = getProxy();
 
         if (proxy != null) {
-            hcBuilder.setDefaultCredentialsProvider(setProxyAuthentication())
-            .setProxy(proxy)
-            .setSSLSocketFactory(prepareClientSSL());
+            hcBuilder.setProxy(proxy);
         }
 
         CloseableHttpClient client = hcBuilder.build();
@@ -174,12 +175,22 @@ private IntuitMessage getFirst(List<IntuitMessage> intuitMessages) throws FMSExc
      */
     public SSLConnectionSocketFactory prepareClientSSL() {
         try {
-            KeyStore trustStore = null;
-            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
-            
-            SSLConnectionSocketFactory sslConnectionFactory = 
-                    new SSLConnectionSocketFactory(sslContext.getSocketFactory(), 
-                            new NoopHostnameVerifier());
+        	String path = Config.getProperty(Config.PROXY_KEYSTORE_PATH);
+			String pass = Config.getProperty(Config.PROXY_KEYSTORE_PASSWORD);
+			KeyStore trustStore = null;
+			if (path != null && pass != null) {
+
+				trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+				FileInputStream	instream = new FileInputStream(new File(path));
+				try {
+		            trustStore.load(instream, pass.toCharArray());
+		        } finally {
+		            instream.close();
+		        }
+			}
+			SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
+	        String tlsVersion = Config.getProperty(Config.TLS_VERSION);
+	        SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, new String[]{tlsVersion}, null, new NoopHostnameVerifier());
             return sslConnectionFactory;
         } catch (Exception ex) {
             LOG.error("couldn't create httpClient!! {}", ex.getMessage(), ex);

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/interceptors/HTTPClientConnectionInterceptor.java

@@ -17,6 +17,8 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
@@ -36,6 +38,7 @@
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.config.CookieSpecs;
 import org.apache.http.client.config.RequestConfig;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
@@ -51,7 +54,6 @@
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
-import org.apache.http.client.config.CookieSpecs;
 
 import com.intuit.ipp.core.Context;
 import com.intuit.ipp.exception.CompressionException;
@@ -95,15 +97,14 @@ public void execute(IntuitMessage intuitMessage) throws FMSException {
 		HttpClientBuilder hcBuilder = HttpClients.custom()
 				.setRetryHandler(handler)
 				.setDefaultRequestConfig(setTimeout(intuitRequest.getContext()))
-				.setDefaultCredentialsProvider(setProxyAuthentication());
+				.setDefaultCredentialsProvider(setProxyAuthentication())
+				.setSSLSocketFactory(prepareClientSSL());
 
 		// getting proxy from Config file.
 		HttpHost proxy = getProxy();
 
 		if (proxy != null) {
-			hcBuilder.setDefaultCredentialsProvider(setProxyAuthentication())
-			.setProxy(proxy)
-			.setSSLSocketFactory(prepareClientSSL());
+			hcBuilder.setProxy(proxy);
 		}
 		CloseableHttpClient client = hcBuilder.build();
 
@@ -267,12 +268,23 @@ private IntuitRetryPolicyHandler getRetryHandler() throws FMSException {
 
 	public SSLConnectionSocketFactory prepareClientSSL() {
 	    try {
-	    	KeyStore trustStore = null;
+	    	String path = Config.getProperty(Config.PROXY_KEYSTORE_PATH);
+			String pass = Config.getProperty(Config.PROXY_KEYSTORE_PASSWORD);
+			KeyStore trustStore = null;
+			if (path != null && pass != null) {
+
+				trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+				FileInputStream	instream = new FileInputStream(new File(path));
+				try {
+		            trustStore.load(instream, pass.toCharArray());
+		        } finally {
+		            instream.close();
+		        }
+			}
 	        SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
-	        
-	        SSLConnectionSocketFactory sslConnectionFactory = 
-	                new SSLConnectionSocketFactory(sslContext.getSocketFactory(), 
-	                        new NoopHostnameVerifier());
+	        String tlsVersion = Config.getProperty(Config.TLS_VERSION);
+	        SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, new String[]{tlsVersion}, null, new NoopHostnameVerifier());
+	       
 	        return sslConnectionFactory;
 	    } catch (Exception ex) {
 	        LOG.error("couldn't create httpClient!! {}", ex.getMessage(), ex);

ipp-v3-java-devkit/src/main/java/com/intuit/ipp/util/Config.java

@@ -175,6 +175,8 @@ public final class Config {
 	 * Set to HTTP_URL_CONNECTION if required. Default is Apache HTTP Client if not set. In XML config you can set as <httpTransport>HTTP_URL_CONNECTION</httpTransport>
 	 */
 	public static final String HTTP_TRANSPORT = "httpTransport";
+	
+	public static final String TLS_VERSION = "tls.version";
 
 
     public static final String BIGDECIMAL_SCALE_SHIFT = "feature.bigDecimalScaleShift";

ipp-v3-java-devkit/src/main/resources/intuit-default-config.xml

@@ -6,6 +6,10 @@
 		<entitlementService>https://quickbooks.api.intuit.com/manage</entitlementService>
 	</baseURL>
 
+	<tls>
+		<version>TLSv1.2</version>
+	</tls>
+	
 	<retry>
 		<mode>fixed</mode>
 		<fixed>

oauth2-platform-api/src/main/java/com/intuit/oauth2/http/HttpRequestClient.java

@@ -98,15 +98,14 @@ public HttpRequestClient(ProxyConfig proxyConfig) {
             .setDefaultRequestConfig(config)
             .setDefaultHeaders(headers)
             .setMaxConnPerRoute(10)
-            .setDefaultCredentialsProvider(setProxyAuthentication(proxyConfig));
+            .setDefaultCredentialsProvider(setProxyAuthentication(proxyConfig))
+            .setSSLSocketFactory(prepareClientSSL());
 
         // getting proxy from Config file.
         HttpHost proxy = getProxy(proxyConfig);
 
         if (proxy != null) {
-            hcBuilder.setDefaultCredentialsProvider(setProxyAuthentication(proxyConfig))
-            .setProxy(proxy)
-            .setSSLSocketFactory(prepareClientSSL());
+            hcBuilder.setProxy(proxy);
         }
         client = hcBuilder.build();
     }
@@ -251,9 +250,8 @@ public SSLConnectionSocketFactory prepareClientSSL() {
             KeyStore trustStore = null;
             SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
 
-            SSLConnectionSocketFactory sslConnectionFactory = 
-                    new SSLConnectionSocketFactory(sslContext.getSocketFactory(), 
-                            new NoopHostnameVerifier());
+            String tlsVersion = PropertiesConfig.getInstance().getProperty("TLS_VERSION");
+            SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, new String[]{tlsVersion}, null, new NoopHostnameVerifier());
             return sslConnectionFactory;
         } catch (Exception ex) {
             logger.error("couldn't create httpClient!! {}", ex.getMessage(), ex);

oauth2-platform-api/src/main/resources/oauthclient.properties

@@ -30,7 +30,7 @@ ADDRESS=address
 EMAIL=email
 
 #Version
-version=4.0.7
+version=4.0.8
 
 #MIGRATION SERVICE URL
 OAUTH_MIGRATION_URL_PRODUCTION=https://developer.api.intuit.com/v2/oauth2/tokens/migrate
@@ -39,3 +39,5 @@ OAUTH_MIGRATION_URL_SANDBOX=https://developer-sandbox.api.intuit.com/v2/oauth2/t
 #REDIRECT URL
 REDIRECT_URL=https://developer.intuit.com/v2/OAuth2Playground/RedirectUrl
 
+#TLS Version
+TLS_VERSION=TLSv1.2

oauth2-platform-api/src/test/resources/oauthclient.properties

@@ -30,7 +30,7 @@ ADDRESS=address
 EMAIL=email
 
 #Version
-version=4.0.7
+version=4.0.8
 
 #MIGRATION SERVICE URL
 OAUTH_MIGRATION_URL_PRODUCTION=https://developer.api.intuit.com/v2/oauth2/tokens/migrate
@@ -39,3 +39,5 @@ OAUTH_MIGRATION_URL_SANDBOX=https://developer-sandbox.api.intuit.com/v2/oauth2/t
 #REDIRECT URL
 REDIRECT_URL=https://developer.intuit.com/v2/OAuth2Playground/RedirectUrl
 
+#TLS Version
+TLS_VERSION=TLSv1.2