Exemple #1
0
  public void configureService(
      String address,
      String pksFilename,
      String pksPassword,
      String trustPksFilename,
      String trustPksPassword)
      throws Exception {
    if (pksFilename != null
        && pksPassword != null
        && trustPksFilename != null
        && trustPksPassword != null) {
      System.setProperty("javax.net.ssl.keyStore", pksFilename);
      System.setProperty("javax.net.ssl.keyStorePassword", pksPassword);
      System.setProperty("javax.net.ssl.trustStore", trustPksFilename);
      System.setProperty("javax.net.ssl.trustStorePassword", trustPksPassword);
    }
    URL wsdlUrl = new URL(address + "?wsdl");
    IoTaService service = new IoTaService(wsdlUrl);
    port = service.getPort(IoTaServicePortType.class);

    // turn off chunked transfer encoding
    Client client = ClientProxy.getClient(port);
    HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
    HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
    httpClientPolicy.setAllowChunking(false);
    httpConduit.setClient(httpClientPolicy);

    if (pksFilename != null) {
      log.debug("Authenticating with certificate in file: " + pksFilename);

      if (!wsdlUrl.getProtocol().equalsIgnoreCase("https")) {
        throw new Exception("Authentication method requires the use of HTTPS");
      }

      KeyStore keyStore = KeyStore.getInstance(pksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
      keyStore.load(new FileInputStream(new File(pksFilename)), pksPassword.toCharArray());
      KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
      keyManagerFactory.init(keyStore, pksPassword.toCharArray());

      KeyStore trustStore =
          KeyStore.getInstance(trustPksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
      trustStore.load(
          new FileInputStream(new File(trustPksFilename)), trustPksPassword.toCharArray());
      TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
      trustManagerFactory.init(trustStore);

      TLSClientParameters tlscp = new TLSClientParameters();
      tlscp.setSecureRandom(new SecureRandom());
      tlscp.setKeyManagers(keyManagerFactory.getKeyManagers());
      tlscp.setTrustManagers(trustManagerFactory.getTrustManagers());

      httpConduit.setTlsClientParameters(tlscp);
    }
  }
  public void handleMessage(final Message message) throws Fault {

    if (!locator.isEnabled()) {
      return;
    }

    final Conduit conduit = message.getExchange().getConduit(message);

    if (!(conduit instanceof HTTPConduit)) {
      // SSL config only applies to HTTPConduit, early-out.
      return;
    }

    final HTTPConduit httpConduit = (HTTPConduit) conduit;

    final String endpoint = (String) message.get(Message.ENDPOINT_ADDRESS);

    if (endpoint == null) {
      if (LOGGER.isWarnEnabled()) {
        LOGGER.warn("Null endpoint address encountered, unable to appy SSL configuration");
      }
      return;
    }

    try {

      final URL endpointUrl = new URL(endpoint);

      if (supports(endpointUrl)) {
        final TLSClientParameters tlsClientParameters =
            getOrCreateAndSetTLSClientParameters(httpConduit);
        tlsClientParameters.setSSLSocketFactory(locator.getSSLFactory(sslAlias, endpointUrl));
      }

    } catch (final Exception exception) {
      if (LOGGER.isErrorEnabled()) {
        LOGGER.error(
            "Got an exception getting the Websphere SSL Socket Factory: '{}'.",
            exception.getMessage());
      }
      throw new Fault(exception);
    }
  }
Exemple #3
0
    @Override
    public Builder request() {
      checkClosed();

      initTargetClientIfNeeded();

      ClientProviderFactory pf =
          ClientProviderFactory.getInstance(WebClient.getConfig(targetClient).getEndpoint());
      List<Object> providers = new LinkedList<Object>();
      Configuration cfg = configImpl.getConfiguration();
      for (Object p : cfg.getInstances()) {
        if (!(p instanceof Feature)) {
          Map<Class<?>, Integer> contracts = cfg.getContracts(p.getClass());
          if (contracts == null || contracts.isEmpty()) {
            providers.add(p);
          } else {
            providers.add(new FilterProviderInfo<Object>(p, pf.getBus(), contracts));
          }
        }
      }

      pf.setUserProviders(providers);
      WebClient.getConfig(targetClient)
          .getRequestContext()
          .putAll(getConfiguration().getProperties());
      WebClient.getConfig(targetClient)
          .getRequestContext()
          .put(Client.class.getName(), ClientImpl.this);
      WebClient.getConfig(targetClient)
          .getRequestContext()
          .put(Configuration.class.getName(), getConfiguration());
      // TLS
      TLSClientParameters tlsParams = secConfig.getTlsClientParams();
      if (tlsParams.getSSLSocketFactory() != null || tlsParams.getTrustManagers() != null) {
        WebClient.getConfig(targetClient).getHttpConduit().setTlsClientParameters(tlsParams);
      }

      // start building the invocation
      return new InvocationBuilderImpl(WebClient.fromClient(targetClient));
    }
  /**
   * Build a client proxy, for a specific proxy type.
   *
   * @param proxyType proxy type class
   * @return client proxy stub
   */
  protected <T> T build(Class<T> proxyType) {
    String address = generateAddress();
    T rootResource;
    // Synchronized on the class to correlate with the scope of clientStaticResources
    // We want to ensure that the shared bean isn't set concurrently in multiple callers
    synchronized (ClouderaManagerClientBuilder.class) {
      JAXRSClientFactoryBean bean = cleanFactory(clientStaticResources.getUnchecked(proxyType));
      bean.setAddress(address);
      if (username != null) {
        bean.setUsername(username);
        bean.setPassword(password);
      }

      if (enableLogging) {
        bean.setFeatures(Arrays.<AbstractFeature>asList(new LoggingFeature()));
      }
      rootResource = bean.create(proxyType);
    }

    boolean isTlsEnabled = address.startsWith("https://");
    ClientConfiguration config = WebClient.getConfig(rootResource);
    HTTPConduit conduit = (HTTPConduit) config.getConduit();
    if (isTlsEnabled) {
      TLSClientParameters tlsParams = new TLSClientParameters();
      if (!validateCerts) {
        tlsParams.setTrustManagers(new TrustManager[] {new AcceptAllTrustManager()});
      } else if (trustManagers != null) {
        tlsParams.setTrustManagers(trustManagers);
      }
      tlsParams.setDisableCNCheck(!validateCn);
      conduit.setTlsClientParameters(tlsParams);
    }

    HTTPClientPolicy policy = conduit.getClient();
    policy.setConnectionTimeout(connectionTimeoutUnits.toMillis(connectionTimeout));
    policy.setReceiveTimeout(receiveTimeoutUnits.toMillis(receiveTimeout));
    return rootResource;
  }
 protected void setupHttpConduit(HTTPConduit httpConduit) {
   TLSClientParameters tlsClientParameters = tryToGetTLSClientParametersFromConduit(httpConduit);
   tlsClientParameters.setSSLSocketFactory(tryToGetSSLSocketFactory());
   httpConduit.setTlsClientParameters(tlsClientParameters);
 }