HttpService: Unused flags & class are removed.

bparmar-splunk · bparmar-splunk · commit 69d854cc2515 · 2021-11-18T17:08:38.000+05:30
diff --git a/splunk/src/main/java/com/splunk/HttpService.java b/splunk/src/main/java/com/splunk/HttpService.java
@@ -36,7 +36,6 @@
 public class HttpService {
     // For debugging purposes
     private static final boolean VERBOSE_REQUESTS = false;
-    public static boolean useTLS = false;
     protected static SSLSecurityProtocol sslSecurityProtocol = null;
 
     /**
@@ -45,7 +44,7 @@ public class HttpService {
      * For PROD environment, TRUE is strongly recommended, whereas working in localhost OR development environment, FALSE is used.
      * Default Value: TRUE
      */
-    public static boolean validateCertificates = true;
+    protected static boolean validateCertificates = true;
 
     private static SSLSocketFactory sslSocketFactory = createSSLFactory();
     private static String HTTPS_SCHEME = "https";
@@ -220,7 +219,7 @@ public static void setSslSecurityProtocol(SSLSecurityProtocol securityProtocol)
         // Only update the SSL_SOCKET_FACTORY if changing protocols
         if (sslSecurityProtocol != securityProtocol) {
             sslSecurityProtocol = securityProtocol;
-            sslSocketFactory = new SplunkHttpsSocketFactory(createSSLFactory());
+            sslSocketFactory = createSSLFactory();
         }
     }
 
@@ -423,9 +422,7 @@ public ResponseMessage send(String path, RequestMessage request) {
             throw new RuntimeException(e.getMessage(), e);
         }
         if (cn instanceof HttpsURLConnection) {
-            if (!validateCertificates) {
-                ((HttpsURLConnection) cn).setSSLSocketFactory(sslSocketFactory);
-            }
+            ((HttpsURLConnection) cn).setSSLSocketFactory(sslSocketFactory);
             ((HttpsURLConnection) cn).setHostnameVerifier(HOSTNAME_VERIFIER);
         }
         cn.setUseCaches(false);
@@ -537,102 +534,42 @@ public static void setValidateCertificates(boolean validateCertificates) {
     public static SSLSocketFactory createSSLFactory() {
 
         try {
-            String contextStr = "";
+            SSLContext context;
             if (sslSecurityProtocol != null) {
-                contextStr = sslSecurityProtocol.toString().contains("SSL") ? "SSL" : "TLS";
-            } else if (useTLS || System.getProperty("java.version").compareTo("1.8") >= 0) {
-                contextStr = "TLS";
+                String contextStr = sslSecurityProtocol.toString().contains("SSL") ? "SSL" : "TLS";
+                context = SSLContext.getInstance(contextStr);
+            } else if (System.getProperty("java.version").compareTo("1.8") >= 0) {
+                context = SSLContext.getInstance("TLS");
             } else {
-                contextStr = "SSL";
+                context = SSLContext.getDefault();
             }
-            SSLContext context = SSLContext.getInstance(contextStr);
 
-            TrustManager[] trustAll = new TrustManager[]{
-                    new X509TrustManager() {
-                        public X509Certificate[] getAcceptedIssuers() {
-                            return null;
-                        }
+            if (validateCertificates) {
+                context.init(null, null, null);
+                // For now this check is set as null.
+                // TODO: Implementation logic for validating client certificate.
+            } else {
+                TrustManager[] trustAll = new TrustManager[]{
+                        new X509TrustManager() {
+                            public X509Certificate[] getAcceptedIssuers() {
+                                return null;
+                            }
 
-                        public void checkClientTrusted(X509Certificate[] certs, String authType) {
-                        }
+                            public void checkClientTrusted(X509Certificate[] certs, String authType) {
+                            }
 
-                        public void checkServerTrusted(X509Certificate[] certs, String authType) {
+                            public void checkServerTrusted(X509Certificate[] certs, String authType) {
+                            }
                         }
-                    }
-            };
-            context.init(null, trustAll, new java.security.SecureRandom());
-
+                };
+                context.init(null, trustAll, null);
+            }
 
-            return new SplunkHttpsSocketFactory(context.getSocketFactory());
+            return context.getSocketFactory();
         } catch (Exception e) {
             throw new RuntimeException("Error setting up SSL socket factory: " + e, e);
         }
     }
 
-    private static final class SplunkHttpsSocketFactory extends SSLSocketFactory {
-        private final SSLSocketFactory delegate;
-
-        public static String[] PROTOCOLS = {"SSLv3"};
-        public static String[] PROTOCOLS_TLS = {"TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"};
-
-        private SplunkHttpsSocketFactory(SSLSocketFactory delegate) {
-            this.delegate = delegate;
-        }
-
-        private Socket configure(Socket socket) {
-            if (socket instanceof SSLSocket) {
-                if (sslSecurityProtocol != null) {
-                    String[] protocols = {sslSecurityProtocol.toString()};
-                    ((SSLSocket) socket).setEnabledProtocols(protocols);
-                } else if (useTLS || System.getProperty("java.version").compareTo("1.8") >= 0) {
-                    ((SSLSocket) socket).setEnabledProtocols(PROTOCOLS_TLS);
-                } else {
-                    ((SSLSocket) socket).setEnabledProtocols(PROTOCOLS);
-                }
-            }
-            return socket;
-        }
-
-        @Override
-        public String[] getDefaultCipherSuites() {
-            return delegate.getDefaultCipherSuites();
-        }
-
-        @Override
-        public String[] getSupportedCipherSuites() {
-            return delegate.getSupportedCipherSuites();
-        }
-
-        @Override
-        public Socket createSocket(Socket socket, String s, int i, boolean b) throws IOException {
-            return configure(delegate.createSocket(socket, s, i, b));
-        }
-
-        @Override
-        public Socket createSocket() throws IOException {
-            return configure(delegate.createSocket());
-        }
-
-        @Override
-        public Socket createSocket(String s, int i) throws IOException, UnknownHostException {
-            return configure(delegate.createSocket(s, i));
-        }
-
-        @Override
-        public Socket createSocket(String s, int i, InetAddress inetAddress, int i1) throws IOException, UnknownHostException {
-            return configure(delegate.createSocket(s, i, inetAddress, i1));
-        }
-
-        @Override
-        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
-            return configure(delegate.createSocket(inetAddress, i));
-        }
-
-        @Override
-        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1) throws IOException {
-            return configure(delegate.createSocket(inetAddress, i, inetAddress1, i1));
-        }
-    }
-
 }
 
