From 555273de41893073c64d665630ce53aac6077849 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 2 Oct 2024 10:51:04 +0200
Subject: Tighter connection timeouts, fix version range in pom.xml

---
 pom.xml                                               |  2 +-
 .../edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index dc150a7..59ac020 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
 		<dependency>
 			<groupId>org.apache.httpcomponents.client5</groupId>
 			<artifactId>httpclient5</artifactId>
-			<version>[5.0,6.0)</version>
+			<version>[5.0,5.9999.9999]</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
diff --git a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
index 454886f..9c549ea 100644
--- a/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
+++ b/src/main/java/edu/kit/scc/dei/ecplean/ECPAuthenticatorBase.java
@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 import java.util.Observable;
+import java.util.concurrent.TimeUnit;
 
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
@@ -23,10 +24,12 @@ import javax.xml.xpath.XPathFactory;
 import org.apache.hc.client5.http.auth.AuthenticationException;
 import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
 import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.config.ConnectionConfig;
 import org.apache.hc.client5.http.impl.auth.BasicScheme;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
-import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager;
 import org.apache.hc.client5.http.protocol.HttpClientContext;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.HttpHost;
@@ -55,7 +58,7 @@ public abstract class ECPAuthenticatorBase extends Observable {
 	protected boolean retryWithoutAt;
 
 	public ECPAuthenticatorBase(CloseableHttpClient client) {
-		this.client = client == null ? HttpClients.createSystem() : client;
+		this.client = client == null ? defaultClient() : client;
 
 		documentBuilderFactory = DocumentBuilderFactory.newInstance();
 		documentBuilderFactory.setNamespaceAware(true);
@@ -72,6 +75,18 @@ public abstract class ECPAuthenticatorBase extends Observable {
 	public ECPAuthenticatorBase() {
 		this(null);
 	}
+	
+	private static CloseableHttpClient defaultClient() {
+		ConnectionConfig connConfig = ConnectionConfig.custom()
+			    .setConnectTimeout(4000, TimeUnit.MILLISECONDS)
+			    .setSocketTimeout(10000, TimeUnit.MILLISECONDS)
+			    .build();
+		BasicHttpClientConnectionManager cm = new BasicHttpClientConnectionManager();
+		cm.setConnectionConfig(connConfig);
+		return HttpClientBuilder.create()
+			    .setConnectionManager(cm)
+			    .build();
+	}
 
 	private CloseableHttpResponse exec(Document idpRequest, String user, String pass)
 			throws ECPAuthenticationException {
-- 
cgit v1.2.3-55-g7522

