diff --git a/eseal/src/main/java/gr/grnet/eseal/config/RemoteHttpEsealClientBean.java b/eseal/src/main/java/gr/grnet/eseal/config/RemoteHttpEsealClientBean.java index fbd7e2e..da417ab 100644 --- a/eseal/src/main/java/gr/grnet/eseal/config/RemoteHttpEsealClientBean.java +++ b/eseal/src/main/java/gr/grnet/eseal/config/RemoteHttpEsealClientBean.java @@ -29,9 +29,6 @@ public class RemoteHttpEsealClientBean { private final RemoteProviderProperties remoteProviderProperties; - private static final int SOCKET_TIMEOUT = 30000; - private static final int CONNECTION_TIMEOUT = 30000; - private static final int CONNECTION_REQUEST_TIMEOUT = 30000; @Autowired public RemoteHttpEsealClientBean(RemoteProviderProperties remoteProviderProperties) { @@ -43,12 +40,15 @@ public CloseableHttpClient httpClient() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, IOException, CertificateException { // socket config - SocketConfig socketCfg = SocketConfig.custom().setSoTimeout(SOCKET_TIMEOUT).build(); + SocketConfig socketCfg = + SocketConfig.custom() + .setSoTimeout(this.remoteProviderProperties.getSocketConnectTimeout()) + .build(); RequestConfig reqCfg = RequestConfig.custom() - .setConnectTimeout(CONNECTION_TIMEOUT) - .setConnectionRequestTimeout(CONNECTION_REQUEST_TIMEOUT) + .setConnectTimeout(this.remoteProviderProperties.getConnectTimeout()) + .setConnectionRequestTimeout(this.remoteProviderProperties.getRequestConnectTimeout()) .build(); // ssl context diff --git a/eseal/src/main/java/gr/grnet/eseal/config/RemoteProviderProperties.java b/eseal/src/main/java/gr/grnet/eseal/config/RemoteProviderProperties.java index c86d223..07e2403 100644 --- a/eseal/src/main/java/gr/grnet/eseal/config/RemoteProviderProperties.java +++ b/eseal/src/main/java/gr/grnet/eseal/config/RemoteProviderProperties.java @@ -33,6 +33,18 @@ public class RemoteProviderProperties { @Value("${eseal.remote.provider.retry.interval}") private int retryInterval; + /** Time in seconds for socket connect timeout */ + @Value("${eseal.remote.provider.socket.connect.timeout}") + private int socketConnectTimeout; + + /** Time in seconds for connect timeout */ + @Value("${eseal.remote.provider.connect.timeout}") + private int connectTimeout; + + /** Time in seconds for request connect timeout */ + @Value("${eseal.remote.provider.connect.timeout}") + private int requestConnectTimeout; + /** * Time in seconds that indicate for what time values should we wait for a new token to get * generated rather than using the already created one which near expiration diff --git a/eseal/src/main/java/gr/grnet/eseal/service/RemoteSignDocumentServicePKCS1.java b/eseal/src/main/java/gr/grnet/eseal/service/RemoteSignDocumentServicePKCS1.java index 3639df1..ffa275a 100644 --- a/eseal/src/main/java/gr/grnet/eseal/service/RemoteSignDocumentServicePKCS1.java +++ b/eseal/src/main/java/gr/grnet/eseal/service/RemoteSignDocumentServicePKCS1.java @@ -99,18 +99,22 @@ public String signDocument(SignDocumentDto signDocumentDto) { // CRLSource OnlineCRLSource onlineCRLSource = new OnlineCRLSource(); - CommonsDataLoader commonsHttpDataLoader = new CommonsDataLoader(); - onlineCRLSource.setDataLoader(commonsHttpDataLoader); + onlineCRLSource.setDataLoader(this.commonsDataLoaderWithCustomTimeouts()); commonCertificateVerifier.setCrlSource(onlineCRLSource); // OCSPSource OnlineOCSPSource onlineOCSPSource = new OnlineOCSPSource(); OCSPDataLoader ocspDataLoader = new OCSPDataLoader(); + ocspDataLoader.setTimeoutConnection(this.remoteProviderProperties.getConnectTimeout()); + ocspDataLoader.setTimeoutSocket(this.remoteProviderProperties.getSocketConnectTimeout()); + ocspDataLoader.setTimeoutConnectionRequest( + this.remoteProviderProperties.getRequestConnectTimeout()); onlineOCSPSource.setDataLoader(ocspDataLoader); commonCertificateVerifier.setOcspSource(onlineOCSPSource); // AIA Source - commonCertificateVerifier.setAIASource(new DefaultAIASource(new CommonsDataLoader())); + commonCertificateVerifier.setAIASource( + new DefaultAIASource(this.commonsDataLoaderWithCustomTimeouts())); commonCertificateVerifier.setAlertOnMissingRevocationData(new ExceptionOnStatusAlert()); commonCertificateVerifier.setAlertOnUncoveredPOE(new LogOnStatusAlert()); @@ -187,4 +191,13 @@ public String signDocument(SignDocumentDto signDocumentDto) { } return base64SignedDocument; } + + private CommonsDataLoader commonsDataLoaderWithCustomTimeouts() { + CommonsDataLoader cdl = new CommonsDataLoader(); + cdl.setTimeoutConnection(this.remoteProviderProperties.getConnectTimeout() * 1000); + cdl.setTimeoutSocket(this.remoteProviderProperties.getSocketConnectTimeout() * 10000); + cdl.setTimeoutConnectionRequest( + this.remoteProviderProperties.getRequestConnectTimeout() * 1000); + return cdl; + } } diff --git a/eseal/src/main/resources/application.properties b/eseal/src/main/resources/application.properties index b17bcef..99d0557 100644 --- a/eseal/src/main/resources/application.properties +++ b/eseal/src/main/resources/application.properties @@ -10,6 +10,11 @@ eseal.remote.provider.retry.enabled=true eseal.remote.provider.retry.counter=3 # remote provider how much time should the client wait before the next retry in seconds eseal.remote.provider.retry.interval=5 +# remote provider http client connection options(passed to underlying apache http client) +# used for both pkcs1 service data loaders and remote provider http client +eseal.remote.provider.socket.connect.timeout = 60 +eseal.remote.provider.connect.timeout = 60 +eseal.remote.provider.request.connect.timeout = 60 # remote provider time threshold that indicates that we should generate a new totp token # for time values lower than the threshold eseal.remote.provider.totp.refresh.seconds.wait=5 diff --git a/eseal/src/test/java/gr/grnet/eseal/DocumentValidationTests.java b/eseal/src/test/java/gr/grnet/eseal/DocumentValidationTests.java index 5df43f5..6cc8817 100644 --- a/eseal/src/test/java/gr/grnet/eseal/DocumentValidationTests.java +++ b/eseal/src/test/java/gr/grnet/eseal/DocumentValidationTests.java @@ -4,6 +4,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import com.fasterxml.jackson.databind.ObjectMapper; +import eu.europa.esig.dss.service.http.commons.CommonsDataLoader; import gr.grnet.eseal.dto.SignedDocument; import gr.grnet.eseal.dto.ValidateDocumentRequestDto; import gr.grnet.eseal.exception.APIError; @@ -219,13 +220,12 @@ void ValidateDocumentInvalidBASE64Bytes() throws Exception { void LOTLOnlineDataLoaderAccessSuccess() throws Exception { // Make sure the data loader can at least access all the following urls - this.documentValidatorLOTL .onlineLOTLDataLoader() .get("https://ec.europa.eu/tools/lotl/eu-lotl.xml"); - this.documentValidatorLOTL - .onlineLOTLDataLoader() - .get("https://www.ssi.gouv.fr/eidas/TL-FR.xml"); + CommonsDataLoader r = this.documentValidatorLOTL.onlineLOTLDataLoader(); + r.setSslProtocol("TLSv1.3"); + r.get("https://ssi.gouv.fr/uploads/tl-fr.xml"); // // NOT ACCESSIBLE ANYMORE // this.documentValidatorLOTL diff --git a/eseal/src/test/java/gr/grnet/eseal/EsealApplicationTests.java b/eseal/src/test/java/gr/grnet/eseal/EsealApplicationTests.java index e6fa619..3fec9eb 100644 --- a/eseal/src/test/java/gr/grnet/eseal/EsealApplicationTests.java +++ b/eseal/src/test/java/gr/grnet/eseal/EsealApplicationTests.java @@ -110,6 +110,9 @@ void testRemoteProviderPropertiesLoad() { .isEqualTo(this.remoteProviderProperties.getTruststoreFile()); assertThat("providerpass").isEqualTo(this.remoteProviderProperties.getTruststorePassword()); assertThat("JKS").isEqualTo(this.remoteProviderProperties.getTruststoreType()); + assertThat(60).isEqualTo(this.remoteProviderProperties.getSocketConnectTimeout()); + assertThat(60).isEqualTo(this.remoteProviderProperties.getConnectTimeout()); + assertThat(60).isEqualTo(this.remoteProviderProperties.getRequestConnectTimeout()); } @Test diff --git a/eseal/src/test/resources/application-test.properties b/eseal/src/test/resources/application-test.properties index a562008..091756c 100644 --- a/eseal/src/test/resources/application-test.properties +++ b/eseal/src/test/resources/application-test.properties @@ -7,6 +7,11 @@ eseal.remote.provider.retry.enabled=true eseal.remote.provider.retry.counter=3 # remote provider how much time should the client wait before the next retry in seconds eseal.remote.provider.retry.interval=5 +# remote provider http client connection options(passed to underlying apache http client) +# used for both pkcs1 service data loaders and remote provider http client +eseal.remote.provider.socket.connect.timeout = 60 +eseal.remote.provider.connect.timeout = 60 +eseal.remote.provider.request.connect.timeout = 60 # remote provider time threshold that indicates that we should generate a new totp token # for time values lower than the threshold eseal.remote.provider.totp.refresh.seconds.wait=5