All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.plaid.client.PlaidClient Maven / Gradle / Ivy

package com.plaid.client;

import com.google.gson.FieldNamingPolicy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.plaid.client.internal.Util;
import com.plaid.client.internal.gson.CredentialInjectingTypeAdapterFactory;
import com.plaid.client.internal.gson.ImmutableListTypeAdapterFactory;
import com.plaid.client.internal.gson.OptionalTypeAdapterFactory;
import com.plaid.client.internal.gson.RequiredFieldTypeAdapterFactory;
import com.plaid.client.response.ErrorResponse;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.ResponseBody;
import okhttp3.TlsVersion;
import okhttp3.logging.HttpLoggingInterceptor;
import retrofit2.Converter;
import retrofit2.Response;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;

public final class PlaidClient {
  // a more restrictive connection spec based on the MODERN_TLS spec already present in OkHttp
  public static final ConnectionSpec CONNECTION_SPEC = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
    .tlsVersions(TlsVersion.TLS_1_2)
    .build();
  private final PlaidApiService plaidApiService;
  private final Retrofit retrofit;

  private PlaidClient(PlaidApiService plaidApiService, Retrofit retrofit) {
    this.plaidApiService = plaidApiService;
    this.retrofit = retrofit;
  }

  /**
   * Get the Retrofit {@link PlaidApiService} which backs this client.
   *
   * All Plaid API calls are called on this service object.
   *
   * @return the {@link PlaidApiService}
   */
  public PlaidApiService service() {
    return plaidApiService;
  }

  /**
   * A helper to assist with decoding unsuccessful responses.
   *
   * This is not done automatically, because an unsuccessful result may have many causes
   * such as network issues, intervening HTTP proxies, load balancers, partial responses, etc,
   * which means that a response can easily be incomplete, or not even the expected well-formed
   * JSON error.
   *
   * Therefore, even when using this helper, be prepared for it to throw an exception instead of
   * successfully decoding every error response!
   *
   * @param response the unsuccessful response object to deserialize.
   * @return the resulting {@link ErrorResponse}, assuming deserialization succeeded.
   * @throws RuntimeException if the response cannot be deserialized
   */
  public ErrorResponse parseError(Response response) {
    if (response.isSuccessful()) {
      throw new IllegalArgumentException("Response must be unsuccessful.");
    }

    Converter responseBodyObjectConverter = retrofit.responseBodyConverter(ErrorResponse.class, new Annotation[0]);

    try {
      return responseBodyObjectConverter.convert(response.errorBody());
    } catch (IOException e) {
      throw new RuntimeException("Could not parse error response", e);
    }
  }

  /**
   * Visible for testing.
   *
   * @return the underlying Retrofit client.
   */
  public Retrofit getRetrofit() {
    return retrofit;
  }

  /**
   * Start here! Creates a new {@link Builder} so you can make a {@link PlaidClient}
   *
   *
   * @return A brand new {@link Builder}
   */
  public static Builder newBuilder() {
    return new Builder();
  }

  public static class Builder {
    public static String DEFAULT_PRODUCTION_BASE_URL = "https://production.plaid.com";
    public static String DEFAULT_DEVELOPMENT_BASE_URL = "https://development.plaid.com";
    public static String DEFAULT_SANDBOX_BASE_URL = "https://sandbox.plaid.com";
    public static long DEFAULT_READ_TIMEOUT_SECONDS = 300;
    public static long DEFAULT_CONNECT_TIMEOUT_SECONDS = 5;

    private final OkHttpClient.Builder okHttpClientBuilder;
    private String baseUrl;
    private HttpLoggingInterceptor.Level httpLogLevel;
    private long readTimeoutSeconds;
    private long connectTimeoutSeconds;
    private String publicKey;
    private String clientId;
    private String secret;

    private Builder() {
      this.okHttpClientBuilder = new OkHttpClient.Builder();
      this.readTimeoutSeconds = DEFAULT_READ_TIMEOUT_SECONDS;
      this.connectTimeoutSeconds = DEFAULT_CONNECT_TIMEOUT_SECONDS;
    }

    /**
     * Validate builder parameters, create, and return a new {@link PlaidClient}
     *
     * @return A brand new {@link PlaidClient}
     */
    public PlaidClient build() {
      if (baseUrl == null) {
        throw new IllegalArgumentException("must set baseUrl. You probably want to call productionBaseUrl(), developmentBaseUrl(), or sandboxBaseUrl().");
      }

      if (publicKey == null && (clientId == null || secret == null)) {
        throw new IllegalArgumentException("must set a publicKey, clientIdAndSecret, or both!");
      }

      Retrofit retrofit = new Retrofit.Builder()
        .baseUrl(baseUrl)
        .validateEagerly(true)
        .addConverterFactory(GsonConverterFactory.create(buildGson()))
        .client(buildOkHttpClient())
        .build();

      return new PlaidClient(retrofit.create(PlaidApiService.class), retrofit);
    }

    private Gson buildGson() {
      return new GsonBuilder()
        .setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES)
        .registerTypeAdapterFactory(new CredentialInjectingTypeAdapterFactory(publicKey, clientId, secret))
        .registerTypeAdapterFactory(new RequiredFieldTypeAdapterFactory())
        .registerTypeAdapterFactory(new OptionalTypeAdapterFactory())
        .registerTypeAdapterFactory(new ImmutableListTypeAdapterFactory())
        .create();
    }

    private OkHttpClient buildOkHttpClient() {
      okHttpClientBuilder
        .readTimeout(readTimeoutSeconds, TimeUnit.SECONDS)
        .connectTimeout(connectTimeoutSeconds, TimeUnit.SECONDS)
        .followSslRedirects(false)
        .connectionSpecs(Arrays.asList(CONNECTION_SPEC));

      if (httpLogLevel != null) {
        okHttpClientBuilder.addInterceptor(new HttpLoggingInterceptor().setLevel(httpLogLevel));
      }

      checkRuntimeSupportsTls12(okHttpClientBuilder);

      return okHttpClientBuilder.build();
    }

    /**
     * Plaid's API requires TLSv1.2, which is well-supported
     * on JDK 8, but spotty on JDK 7 and below.
     *
     * This attempts to detect whether TLSv1.2 is already enabled by default,
     * and if not, enable it, or failing that throw an error early.
     *
     * @param okHttpClientBuilder
     */
    private void checkRuntimeSupportsTls12(OkHttpClient.Builder okHttpClientBuilder) {
      SSLSocket testSslSocket = null;

      try {
        // create a temporary client and test socket to check for desired cipher and protocol support
        OkHttpClient testOkHttpClient = okHttpClientBuilder.build();
        testSslSocket = (SSLSocket)testOkHttpClient.sslSocketFactory().createSocket();

        // does the test socket work with our connection spec's cipher suite and tls version as-is?
        if (CONNECTION_SPEC.isCompatible(testSslSocket)) {
          return; // no further questions!
        }

        // perhaps TLSv1.2 is supported, just not enabled by default (some versions of Java 7)
        if (!Arrays.asList(testSslSocket.getSupportedProtocols()).contains(TlsVersion.TLS_1_2.javaName())) {
          throw new RuntimeException("This JRE's SSL implementation does not support TLSv1.2. Bailing out.");
        }

        // supported but not enabled by default. In this case, we'll have our OkHTTP
        // client use an SSLSocketFactory which does enable it.

        // The following SSLSocketFactory setup code is from
        // OkHttpClient.Builder#sslSocketFactory()'s javadocs
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
          TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
          throw new IllegalStateException("Unexpected default trust managers:"
            + Arrays.toString(trustManagers));
        }
        X509TrustManager trustManager = (X509TrustManager) trustManagers[0];

        SSLContext sslContext = SSLContext.getInstance(TlsVersion.TLS_1_2.javaName());
        sslContext.init(null, new TrustManager[]{trustManager}, null);
        SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        okHttpClientBuilder.sslSocketFactory(sslSocketFactory, trustManager);
      } catch (Exception e) {
        throw new RuntimeException(e);
      } finally {
        if (testSslSocket != null) {
          try {
            testSslSocket.close();
          } catch (IOException e) {
            // oh well
          }
        }
      }
    }

    /**
     * Generally, you should not need this!
     * 

* Direct access to the underlying OkHTTP client builder for advanced settings * like SSL, proxy, logging, and timeout options if needed. * * @return this. To satisfy the builder pattern. */ public OkHttpClient.Builder okHttpClientBuilder() { return okHttpClientBuilder; } /** * Convenience method to set the HTTP client's logging level. * * @param level Desired logging level. * @return this. To satisfy the builder pattern. */ public Builder logLevel(HttpLoggingInterceptor.Level level) { this.httpLogLevel = level; return this; } /** * Set a custom base API url, if {@link #productionBaseUrl()} or {@link #sandboxBaseUrl()} aren't sufficient. * * @param baseUrl The base URL you wish to use. * @return this. To satisfy the builder pattern. */ public Builder baseUrl(String baseUrl) { this.baseUrl = baseUrl; return this; } /** * Configure the client to use the default {@link #DEFAULT_PRODUCTION_BASE_URL production URL}. * * @return this. To satisfy the builder pattern. */ public Builder productionBaseUrl() { return baseUrl(DEFAULT_PRODUCTION_BASE_URL); } /** * Configure the client to use the default {@link #DEFAULT_SANDBOX_BASE_URL sandbox URL}. * * @return this. To satisfy the builder pattern. */ public Builder sandboxBaseUrl() { return baseUrl(DEFAULT_SANDBOX_BASE_URL); } /** * Configure the client to use the default {@link #DEFAULT_DEVELOPMENT_BASE_URL sandbox URL}. * * @return this. To satisfy the builder pattern. */ public Builder developmentBaseUrl() { return baseUrl(DEFAULT_DEVELOPMENT_BASE_URL); } /** * Set the public key credential. * * Only required if this client will be used to call API endpoints * that need a public key. * * Can be found in your Account Dashboard. See documentation for details. * * @param publicKey Your Plaid API Public key. * * @return This {@link Builder} to satisfy the builder pattern. */ public Builder publicKey(String publicKey) { Util.notNull(publicKey, "publicKey"); this.publicKey = publicKey; return this; } /** * Set the client ID and secret credentials. * * Most API calls require these, you'll almost always want to set them. * * Can be found in your Account Dashboard. * * @param clientId Your Plaid API Client ID * @param secret Your Plaid API Secret * * @return This {@link Builder} to satisfy the builder pattern. */ public Builder clientIdAndSecret(String clientId, String secret) { Util.notNull(clientId, "clientId"); Util.notNull(secret, "secret"); this.clientId = clientId; this.secret = secret; return this; } } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy