Merge pull request Netflix#943 from weswalker125/master

Allow for independent SSL context for EurekaJerseyClient
cqwang · May 31, 2017 · 1ac04e1 · 1ac04e1
2 parents 7640ec6 + f29f639
commit 1ac04e1
Showing 1 changed file with 17 additions and 9 deletions.
diff --git a/...t/src/main/java/com/netflix/discovery/shared/transport/jersey/EurekaJerseyClientImpl.java b/...t/src/main/java/com/netflix/discovery/shared/transport/jersey/EurekaJerseyClientImpl.java
@@ -93,6 +93,7 @@ public static class EurekaJerseyClientBuilder {
         private int connectionIdleTimeout;
         private EncoderWrapper encoderWrapper;
         private DecoderWrapper decoderWrapper;
+        private SSLContext sslContext;
 
         public EurekaJerseyClientBuilder withClientName(String clientName) {
             this.clientName = clientName;
@@ -165,6 +166,11 @@ public EurekaJerseyClientBuilder withDecoderWrapper(DecoderWrapper decoderWrappe
             this.decoderWrapper = decoderWrapper;
             return this;
         }
+
+        public EurekaJerseyClientBuilder withCustomSSL(SSLContext sslContext) {
+            this.sslContext = sslContext;
+            return this;
+        }
 
         public EurekaJerseyClient build() {
             MyDefaultApacheHttpClient4Config config = new MyDefaultApacheHttpClient4Config();
@@ -181,7 +187,7 @@ class MyDefaultApacheHttpClient4Config extends DefaultApacheHttpClient4Config {
 
                 if (systemSSL) {
                     cm = createSystemSslCM();
-                } else if (trustStoreFileName != null) {
+                } else if (sslContext != null || trustStoreFileName != null) {
                     cm = createCustomSslCM();
                 } else {
                     cm = createDefaultSslCM();
@@ -234,18 +240,20 @@ private MonitoredConnectionManager createSystemSslCM() {
             private MonitoredConnectionManager createCustomSslCM() {
                 FileInputStream fin = null;
                 try {
-                    SSLContext sslContext = SSLContext.getInstance(PROTOCOL_SCHEME);
-                    KeyStore sslKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
+                    if (sslContext == null) {
+                        sslContext = SSLContext.getInstance(PROTOCOL_SCHEME);
+                        KeyStore sslKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
 
-                    fin = new FileInputStream(trustStoreFileName);
-                    sslKeyStore.load(fin, trustStorePassword.toCharArray());
+                        fin = new FileInputStream(trustStoreFileName);
+                        sslKeyStore.load(fin, trustStorePassword.toCharArray());
 
-                    TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                    factory.init(sslKeyStore);
+                        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                        factory.init(sslKeyStore);
 
-                    TrustManager[] trustManagers = factory.getTrustManagers();
+                        TrustManager[] trustManagers = factory.getTrustManagers();
 
-                    sslContext.init(null, trustManagers, null);
+                        sslContext.init(null, trustManagers, null);
+                    }
                     X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
                     SSLConnectionSocketFactory customSslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
                     SSLSocketFactory sslSocketFactory = new SSLSocketFactoryAdapter(customSslSocketFactory);