Merge pull request #89 from agelostsal/feature/extra-timeout-options

ET-132 Custom timeouts for eseal http clients
ARGOeu · Jan 30, 2023 · 824ab56 · 824ab56
2 parents 294c799 + b5365cd
commit 824ab56
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 13 deletions.
diff --git a/eseal/src/main/java/gr/grnet/eseal/config/RemoteHttpEsealClientBean.java b/eseal/src/main/java/gr/grnet/eseal/config/RemoteHttpEsealClientBean.java
@@ -29,9 +29,6 @@
 public class RemoteHttpEsealClientBean {
 
   private final RemoteProviderProperties remoteProviderProperties;
-  private static final int SOCKET_TIMEOUT = 30000;
-  private static final int CONNECTION_TIMEOUT = 30000;
-  private static final int CONNECTION_REQUEST_TIMEOUT = 30000;
 
   @Autowired
   public RemoteHttpEsealClientBean(RemoteProviderProperties remoteProviderProperties) {
@@ -43,12 +40,15 @@ public CloseableHttpClient httpClient()
       throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException,
           CertificateException {
     // socket config
-    SocketConfig socketCfg = SocketConfig.custom().setSoTimeout(SOCKET_TIMEOUT).build();
+    SocketConfig socketCfg =
+        SocketConfig.custom()
+            .setSoTimeout(this.remoteProviderProperties.getSocketConnectTimeout())
+            .build();
 
     RequestConfig reqCfg =
         RequestConfig.custom()
-            .setConnectTimeout(CONNECTION_TIMEOUT)
-            .setConnectionRequestTimeout(CONNECTION_REQUEST_TIMEOUT)
+            .setConnectTimeout(this.remoteProviderProperties.getConnectTimeout())
+            .setConnectionRequestTimeout(this.remoteProviderProperties.getRequestConnectTimeout())
             .build();
 
     // ssl context

diff --git a/eseal/src/main/java/gr/grnet/eseal/config/RemoteProviderProperties.java b/eseal/src/main/java/gr/grnet/eseal/config/RemoteProviderProperties.java
@@ -33,6 +33,18 @@ public class RemoteProviderProperties {
   @Value("${eseal.remote.provider.retry.interval}")
   private int retryInterval;
 
+  /** Time in seconds for socket connect timeout */
+  @Value("${eseal.remote.provider.socket.connect.timeout}")
+  private int socketConnectTimeout;
+
+  /** Time in seconds for connect timeout */
+  @Value("${eseal.remote.provider.connect.timeout}")
+  private int connectTimeout;
+
+  /** Time in seconds for request connect timeout */
+  @Value("${eseal.remote.provider.connect.timeout}")
+  private int requestConnectTimeout;
+
   /**
    * Time in seconds that indicate for what time values should we wait for a new token to get
    * generated rather than using the already created one which near expiration

diff --git a/eseal/src/main/java/gr/grnet/eseal/service/RemoteSignDocumentServicePKCS1.java b/eseal/src/main/java/gr/grnet/eseal/service/RemoteSignDocumentServicePKCS1.java
@@ -99,18 +99,22 @@ public String signDocument(SignDocumentDto signDocumentDto) {
 
         // CRLSource
         OnlineCRLSource onlineCRLSource = new OnlineCRLSource();
-        CommonsDataLoader commonsHttpDataLoader = new CommonsDataLoader();
-        onlineCRLSource.setDataLoader(commonsHttpDataLoader);
+        onlineCRLSource.setDataLoader(this.commonsDataLoaderWithCustomTimeouts());
         commonCertificateVerifier.setCrlSource(onlineCRLSource);
 
         // OCSPSource
         OnlineOCSPSource onlineOCSPSource = new OnlineOCSPSource();
         OCSPDataLoader ocspDataLoader = new OCSPDataLoader();
+        ocspDataLoader.setTimeoutConnection(this.remoteProviderProperties.getConnectTimeout());
+        ocspDataLoader.setTimeoutSocket(this.remoteProviderProperties.getSocketConnectTimeout());
+        ocspDataLoader.setTimeoutConnectionRequest(
+            this.remoteProviderProperties.getRequestConnectTimeout());
         onlineOCSPSource.setDataLoader(ocspDataLoader);
         commonCertificateVerifier.setOcspSource(onlineOCSPSource);
 
         // AIA Source
-        commonCertificateVerifier.setAIASource(new DefaultAIASource(new CommonsDataLoader()));
+        commonCertificateVerifier.setAIASource(
+            new DefaultAIASource(this.commonsDataLoaderWithCustomTimeouts()));
 
         commonCertificateVerifier.setAlertOnMissingRevocationData(new ExceptionOnStatusAlert());
         commonCertificateVerifier.setAlertOnUncoveredPOE(new LogOnStatusAlert());
@@ -187,4 +191,13 @@ public String signDocument(SignDocumentDto signDocumentDto) {
     }
     return base64SignedDocument;
   }
+
+  private CommonsDataLoader commonsDataLoaderWithCustomTimeouts() {
+    CommonsDataLoader cdl = new CommonsDataLoader();
+    cdl.setTimeoutConnection(this.remoteProviderProperties.getConnectTimeout() * 1000);
+    cdl.setTimeoutSocket(this.remoteProviderProperties.getSocketConnectTimeout() * 10000);
+    cdl.setTimeoutConnectionRequest(
+        this.remoteProviderProperties.getRequestConnectTimeout() * 1000);
+    return cdl;
+  }
 }
diff --git a/eseal/src/main/resources/application.properties b/eseal/src/main/resources/application.properties
@@ -10,6 +10,11 @@ eseal.remote.provider.retry.enabled=true
 eseal.remote.provider.retry.counter=3
 # remote provider how much time should the client wait before the next retry in seconds
 eseal.remote.provider.retry.interval=5
+# remote provider http client connection options(passed to underlying apache http client)
+# used for both pkcs1 service data loaders and remote provider http client
+eseal.remote.provider.socket.connect.timeout = 60
+eseal.remote.provider.connect.timeout = 60
+eseal.remote.provider.request.connect.timeout = 60
 # remote provider time threshold that indicates that we should generate a new totp token
 # for time values lower than the threshold
 eseal.remote.provider.totp.refresh.seconds.wait=5

diff --git a/eseal/src/test/java/gr/grnet/eseal/DocumentValidationTests.java b/eseal/src/test/java/gr/grnet/eseal/DocumentValidationTests.java
@@ -4,6 +4,7 @@
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
 import gr.grnet.eseal.dto.SignedDocument;
 import gr.grnet.eseal.dto.ValidateDocumentRequestDto;
 import gr.grnet.eseal.exception.APIError;
@@ -219,13 +220,12 @@ void ValidateDocumentInvalidBASE64Bytes() throws Exception {
   void LOTLOnlineDataLoaderAccessSuccess() throws Exception {
 
     // Make sure the data loader can at least access all the following urls
-
     this.documentValidatorLOTL
         .onlineLOTLDataLoader()
         .get("https://ec.europa.eu/tools/lotl/eu-lotl.xml");
-    this.documentValidatorLOTL
-        .onlineLOTLDataLoader()
-        .get("https://www.ssi.gouv.fr/eidas/TL-FR.xml");
+    CommonsDataLoader r = this.documentValidatorLOTL.onlineLOTLDataLoader();
+    r.setSslProtocol("TLSv1.3");
+    r.get("https://ssi.gouv.fr/uploads/tl-fr.xml");
     //
     // NOT ACCESSIBLE ANYMORE
     //    this.documentValidatorLOTL

diff --git a/eseal/src/test/java/gr/grnet/eseal/EsealApplicationTests.java b/eseal/src/test/java/gr/grnet/eseal/EsealApplicationTests.java
@@ -110,6 +110,9 @@ void testRemoteProviderPropertiesLoad() {
         .isEqualTo(this.remoteProviderProperties.getTruststoreFile());
     assertThat("providerpass").isEqualTo(this.remoteProviderProperties.getTruststorePassword());
     assertThat("JKS").isEqualTo(this.remoteProviderProperties.getTruststoreType());
+    assertThat(60).isEqualTo(this.remoteProviderProperties.getSocketConnectTimeout());
+    assertThat(60).isEqualTo(this.remoteProviderProperties.getConnectTimeout());
+    assertThat(60).isEqualTo(this.remoteProviderProperties.getRequestConnectTimeout());
   }
 
   @Test

diff --git a/eseal/src/test/resources/application-test.properties b/eseal/src/test/resources/application-test.properties
@@ -7,6 +7,11 @@ eseal.remote.provider.retry.enabled=true
 eseal.remote.provider.retry.counter=3
 # remote provider how much time should the client wait before the next retry in seconds
 eseal.remote.provider.retry.interval=5
+# remote provider http client connection options(passed to underlying apache http client)
+# used for both pkcs1 service data loaders and remote provider http client
+eseal.remote.provider.socket.connect.timeout = 60
+eseal.remote.provider.connect.timeout = 60
+eseal.remote.provider.request.connect.timeout = 60
 # remote provider time threshold that indicates that we should generate a new totp token
 # for time values lower than the threshold
 eseal.remote.provider.totp.refresh.seconds.wait=5