public void configureService(
String address,
String pksFilename,
String pksPassword,
String trustPksFilename,
String trustPksPassword)
throws Exception {
if (pksFilename != null
&& pksPassword != null
&& trustPksFilename != null
&& trustPksPassword != null) {
System.setProperty("javax.net.ssl.keyStore", pksFilename);
System.setProperty("javax.net.ssl.keyStorePassword", pksPassword);
System.setProperty("javax.net.ssl.trustStore", trustPksFilename);
System.setProperty("javax.net.ssl.trustStorePassword", trustPksPassword);
}
URL wsdlUrl = new URL(address + "?wsdl");
IoTaService service = new IoTaService(wsdlUrl);
port = service.getPort(IoTaServicePortType.class);
// turn off chunked transfer encoding
Client client = ClientProxy.getClient(port);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setAllowChunking(false);
httpConduit.setClient(httpClientPolicy);
if (pksFilename != null) {
log.debug("Authenticating with certificate in file: " + pksFilename);
if (!wsdlUrl.getProtocol().equalsIgnoreCase("https")) {
throw new Exception("Authentication method requires the use of HTTPS");
}
KeyStore keyStore = KeyStore.getInstance(pksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
keyStore.load(new FileInputStream(new File(pksFilename)), pksPassword.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, pksPassword.toCharArray());
KeyStore trustStore =
KeyStore.getInstance(trustPksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
trustStore.load(
new FileInputStream(new File(trustPksFilename)), trustPksPassword.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(trustStore);
TLSClientParameters tlscp = new TLSClientParameters();
tlscp.setSecureRandom(new SecureRandom());
tlscp.setKeyManagers(keyManagerFactory.getKeyManagers());
tlscp.setTrustManagers(trustManagerFactory.getTrustManagers());
httpConduit.setTlsClientParameters(tlscp);
}
}
public void handleMessage(final Message message) throws Fault {
if (!locator.isEnabled()) {
return;
}
final Conduit conduit = message.getExchange().getConduit(message);
if (!(conduit instanceof HTTPConduit)) {
// SSL config only applies to HTTPConduit, early-out.
return;
}
final HTTPConduit httpConduit = (HTTPConduit) conduit;
final String endpoint = (String) message.get(Message.ENDPOINT_ADDRESS);
if (endpoint == null) {
if (LOGGER.isWarnEnabled()) {
LOGGER.warn("Null endpoint address encountered, unable to appy SSL configuration");
}
return;
}
try {
final URL endpointUrl = new URL(endpoint);
if (supports(endpointUrl)) {
final TLSClientParameters tlsClientParameters =
getOrCreateAndSetTLSClientParameters(httpConduit);
tlsClientParameters.setSSLSocketFactory(locator.getSSLFactory(sslAlias, endpointUrl));
}
} catch (final Exception exception) {
if (LOGGER.isErrorEnabled()) {
LOGGER.error(
"Got an exception getting the Websphere SSL Socket Factory: '{}'.",
exception.getMessage());
}
throw new Fault(exception);
}
}
@Override
public Builder request() {
checkClosed();
initTargetClientIfNeeded();
ClientProviderFactory pf =
ClientProviderFactory.getInstance(WebClient.getConfig(targetClient).getEndpoint());
List<Object> providers = new LinkedList<Object>();
Configuration cfg = configImpl.getConfiguration();
for (Object p : cfg.getInstances()) {
if (!(p instanceof Feature)) {
Map<Class<?>, Integer> contracts = cfg.getContracts(p.getClass());
if (contracts == null || contracts.isEmpty()) {
providers.add(p);
} else {
providers.add(new FilterProviderInfo<Object>(p, pf.getBus(), contracts));
}
}
}
pf.setUserProviders(providers);
WebClient.getConfig(targetClient)
.getRequestContext()
.putAll(getConfiguration().getProperties());
WebClient.getConfig(targetClient)
.getRequestContext()
.put(Client.class.getName(), ClientImpl.this);
WebClient.getConfig(targetClient)
.getRequestContext()
.put(Configuration.class.getName(), getConfiguration());
// TLS
TLSClientParameters tlsParams = secConfig.getTlsClientParams();
if (tlsParams.getSSLSocketFactory() != null || tlsParams.getTrustManagers() != null) {
WebClient.getConfig(targetClient).getHttpConduit().setTlsClientParameters(tlsParams);
}
// start building the invocation
return new InvocationBuilderImpl(WebClient.fromClient(targetClient));
}
/**
* Build a client proxy, for a specific proxy type.
*
* @param proxyType proxy type class
* @return client proxy stub
*/
protected <T> T build(Class<T> proxyType) {
String address = generateAddress();
T rootResource;
// Synchronized on the class to correlate with the scope of clientStaticResources
// We want to ensure that the shared bean isn't set concurrently in multiple callers
synchronized (ClouderaManagerClientBuilder.class) {
JAXRSClientFactoryBean bean = cleanFactory(clientStaticResources.getUnchecked(proxyType));
bean.setAddress(address);
if (username != null) {
bean.setUsername(username);
bean.setPassword(password);
}
if (enableLogging) {
bean.setFeatures(Arrays.<AbstractFeature>asList(new LoggingFeature()));
}
rootResource = bean.create(proxyType);
}
boolean isTlsEnabled = address.startsWith("https://");
ClientConfiguration config = WebClient.getConfig(rootResource);
HTTPConduit conduit = (HTTPConduit) config.getConduit();
if (isTlsEnabled) {
TLSClientParameters tlsParams = new TLSClientParameters();
if (!validateCerts) {
tlsParams.setTrustManagers(new TrustManager[] {new AcceptAllTrustManager()});
} else if (trustManagers != null) {
tlsParams.setTrustManagers(trustManagers);
}
tlsParams.setDisableCNCheck(!validateCn);
conduit.setTlsClientParameters(tlsParams);
}
HTTPClientPolicy policy = conduit.getClient();
policy.setConnectionTimeout(connectionTimeoutUnits.toMillis(connectionTimeout));
policy.setReceiveTimeout(receiveTimeoutUnits.toMillis(receiveTimeout));
return rootResource;
}
protected void setupHttpConduit(HTTPConduit httpConduit) {
TLSClientParameters tlsClientParameters = tryToGetTLSClientParametersFromConduit(httpConduit);
tlsClientParameters.setSSLSocketFactory(tryToGetSSLSocketFactory());
httpConduit.setTlsClientParameters(tlsClientParameters);
}