private TLSClientParameters getOrCreateAndSetTLSClientParameters(final HTTPConduit httpConduit) {

    TLSClientParameters tlsClientParameters = httpConduit.getTlsClientParameters();

    if (tlsClientParameters == null) {
      tlsClientParameters = new TLSClientParameters();
      httpConduit.setTlsClientParameters(tlsClientParameters);
    }

    return tlsClientParameters;
  }
Ejemplo n.º 2
0
  public void configureService(
      String address,
      String pksFilename,
      String pksPassword,
      String trustPksFilename,
      String trustPksPassword)
      throws Exception {
    if (pksFilename != null
        && pksPassword != null
        && trustPksFilename != null
        && trustPksPassword != null) {
      System.setProperty("javax.net.ssl.keyStore", pksFilename);
      System.setProperty("javax.net.ssl.keyStorePassword", pksPassword);
      System.setProperty("javax.net.ssl.trustStore", trustPksFilename);
      System.setProperty("javax.net.ssl.trustStorePassword", trustPksPassword);
    }
    URL wsdlUrl = new URL(address + "?wsdl");
    IoTaService service = new IoTaService(wsdlUrl);
    port = service.getPort(IoTaServicePortType.class);

    // turn off chunked transfer encoding
    Client client = ClientProxy.getClient(port);
    HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setAllowChunking(false);
    httpConduit.setClient(httpClientPolicy);

    if (pksFilename != null) {
      log.debug("Authenticating with certificate in file: " + pksFilename);

      if (!wsdlUrl.getProtocol().equalsIgnoreCase("https")) {
        throw new Exception("Authentication method requires the use of HTTPS");
      }

      KeyStore keyStore = KeyStore.getInstance(pksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
      keyStore.load(new FileInputStream(new File(pksFilename)), pksPassword.toCharArray());
      KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
      keyManagerFactory.init(keyStore, pksPassword.toCharArray());

      KeyStore trustStore =
          KeyStore.getInstance(trustPksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
      trustStore.load(
          new FileInputStream(new File(trustPksFilename)), trustPksPassword.toCharArray());
      TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
      trustManagerFactory.init(trustStore);

      TLSClientParameters tlscp = new TLSClientParameters();
      tlscp.setSecureRandom(new SecureRandom());
      tlscp.setKeyManagers(keyManagerFactory.getKeyManagers());
      tlscp.setTrustManagers(trustManagerFactory.getTrustManagers());

      httpConduit.setTlsClientParameters(tlscp);
    }
  }
  /**
   * Build a client proxy, for a specific proxy type.
   *
   * @param proxyType proxy type class
   * @return client proxy stub
   */
  protected <T> T build(Class<T> proxyType) {
    String address = generateAddress();
    T rootResource;
    // Synchronized on the class to correlate with the scope of clientStaticResources
    // We want to ensure that the shared bean isn't set concurrently in multiple callers
    synchronized (ClouderaManagerClientBuilder.class) {
      JAXRSClientFactoryBean bean = cleanFactory(clientStaticResources.getUnchecked(proxyType));
      bean.setAddress(address);
      if (username != null) {
        bean.setUsername(username);
        bean.setPassword(password);
      }

      if (enableLogging) {
        bean.setFeatures(Arrays.<AbstractFeature>asList(new LoggingFeature()));
      }
      rootResource = bean.create(proxyType);
    }

    boolean isTlsEnabled = address.startsWith("https://");
    ClientConfiguration config = WebClient.getConfig(rootResource);
    HTTPConduit conduit = (HTTPConduit) config.getConduit();
    if (isTlsEnabled) {
      TLSClientParameters tlsParams = new TLSClientParameters();
      if (!validateCerts) {
        tlsParams.setTrustManagers(new TrustManager[] {new AcceptAllTrustManager()});
      } else if (trustManagers != null) {
        tlsParams.setTrustManagers(trustManagers);
      }
      tlsParams.setDisableCNCheck(!validateCn);
      conduit.setTlsClientParameters(tlsParams);
    }

    HTTPClientPolicy policy = conduit.getClient();
    policy.setConnectionTimeout(connectionTimeoutUnits.toMillis(connectionTimeout));
    policy.setReceiveTimeout(receiveTimeoutUnits.toMillis(receiveTimeout));
    return rootResource;
  }
 protected void setupHttpConduit(HTTPConduit httpConduit) {
   TLSClientParameters tlsClientParameters = tryToGetTLSClientParametersFromConduit(httpConduit);
   tlsClientParameters.setSSLSocketFactory(tryToGetSSLSocketFactory());
   httpConduit.setTlsClientParameters(tlsClientParameters);
 }