Пример #1
0
    /** {@inheritDoc} */
    public void configure(HttpsParameters params) {
      // initialise the SSL context
      SSLEngine engine = context.createSSLEngine();
      // get the default parameters
      SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();

      // Cert authentication is delayed later to the ClientCertAuthenticator
      params.setWantClientAuth(serverConfig.useSslClientAuthentication());
      defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());

      // Cipher Suites
      params.setCipherSuites(serverConfig.getSSLCipherSuites());
      defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());

      // Protocols
      params.setProtocols(serverConfig.getSSLProtocols());
      defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());

      params.setSSLParameters(defaultSSLParameters);
    }
Пример #2
0
  @Override
  public void init() throws Exception {
    super.init();

    if (client == null) {
      client = new HttpClient(new SslContextFactory());
      client.setExecutor(new ExecutorThreadPool(threadPool));
      // configure timeout if set
      if (connectTimeout != -1) {
        client.setConnectTimeout(connectTimeout);
      }
      if (idleTimeout != -1) {
        client.setIdleTimeout(idleTimeout);
      }
      client.setMaxConnectionsPerDestination(maxConnectionsPerDestination);
      client.setMaxRequestsQueuedPerDestination(maxRequestsQueuedPerDestination);

      // Configure SSL - if relevant
      if (transportSSLEnabled) {
        KeyStoreManagement keyStore =
            KeyStoreManagement.getKeyStoreManagement(
                httpsKeystoreType, httpsKeystore, httpsKeyPassword);
        if (jmxControl != null && keyStore != null) {
          jmxControl.registerMBean(
              "CoUGAR:name=AsyncHttpClientKeyStore,beanName=" + beanName, keyStore);
        }
        KeyStoreManagement trustStore =
            KeyStoreManagement.getKeyStoreManagement(
                httpsTruststoreType, httpsTruststore, httpsTrustPassword);
        if (jmxControl != null) {
          jmxControl.registerMBean(
              "CoUGAR:name=AsyncHttpClientTrustStore,beanName=" + beanName, trustStore);
        }
        if (trustStore == null) {
          throw new IllegalStateException(
              "This configuration ostensibly supports TLS, yet doesn't provide valid truststore configuration");
        }

        final SslContextFactory sslContextFactory = client.getSslContextFactory();

        com.betfair.cougar.netutil.SslContextFactory factory =
            new com.betfair.cougar.netutil.SslContextFactory();
        factory.setTrustManagerFactoryKeyStore(trustStore.getKeyStore());
        if (keyStore != null) {
          factory.setKeyManagerFactoryKeyStore(keyStore.getKeyStore());
          factory.setKeyManagerFactoryKeyStorePassword(httpsKeyPassword);
        }
        SSLContext context = factory.newInstance();

        if (hostnameVerificationDisabled) {
          context.getDefaultSSLParameters().setEndpointIdentificationAlgorithm(null);
          LOGGER.warn(
              "CRITICAL SECURITY CHECKS ARE DISABLED: server SSL certificate hostname "
                  + "verification is turned off.");
        } else {
          context.getDefaultSSLParameters().setEndpointIdentificationAlgorithm("https");
        }

        sslContextFactory.setSslContext(context);
      }
      client.start();
      clientCreated = true;
    }

    metrics = new JettyTransportMetrics();

    if (jmxControl != null) {
      jmxControl.registerMBean("CoUGAR:name=AsyncHttpClientExecutable,beanName=" + beanName, this);
    }
  }