private TLSClientParameters getOrCreateAndSetTLSClientParameters(final HTTPConduit httpConduit) {
TLSClientParameters tlsClientParameters = httpConduit.getTlsClientParameters();
if (tlsClientParameters == null) {
tlsClientParameters = new TLSClientParameters();
httpConduit.setTlsClientParameters(tlsClientParameters);
}
return tlsClientParameters;
}
public void configureService(
String address,
String pksFilename,
String pksPassword,
String trustPksFilename,
String trustPksPassword)
throws Exception {
if (pksFilename != null
&& pksPassword != null
&& trustPksFilename != null
&& trustPksPassword != null) {
System.setProperty("javax.net.ssl.keyStore", pksFilename);
System.setProperty("javax.net.ssl.keyStorePassword", pksPassword);
System.setProperty("javax.net.ssl.trustStore", trustPksFilename);
System.setProperty("javax.net.ssl.trustStorePassword", trustPksPassword);
}
URL wsdlUrl = new URL(address + "?wsdl");
IoTaService service = new IoTaService(wsdlUrl);
port = service.getPort(IoTaServicePortType.class);
// turn off chunked transfer encoding
Client client = ClientProxy.getClient(port);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setAllowChunking(false);
httpConduit.setClient(httpClientPolicy);
if (pksFilename != null) {
log.debug("Authenticating with certificate in file: " + pksFilename);
if (!wsdlUrl.getProtocol().equalsIgnoreCase("https")) {
throw new Exception("Authentication method requires the use of HTTPS");
}
KeyStore keyStore = KeyStore.getInstance(pksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
keyStore.load(new FileInputStream(new File(pksFilename)), pksPassword.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, pksPassword.toCharArray());
KeyStore trustStore =
KeyStore.getInstance(trustPksFilename.endsWith(".p12") ? "PKCS12" : "JKS");
trustStore.load(
new FileInputStream(new File(trustPksFilename)), trustPksPassword.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(trustStore);
TLSClientParameters tlscp = new TLSClientParameters();
tlscp.setSecureRandom(new SecureRandom());
tlscp.setKeyManagers(keyManagerFactory.getKeyManagers());
tlscp.setTrustManagers(trustManagerFactory.getTrustManagers());
httpConduit.setTlsClientParameters(tlscp);
}
}
/**
* Build a client proxy, for a specific proxy type.
*
* @param proxyType proxy type class
* @return client proxy stub
*/
protected <T> T build(Class<T> proxyType) {
String address = generateAddress();
T rootResource;
// Synchronized on the class to correlate with the scope of clientStaticResources
// We want to ensure that the shared bean isn't set concurrently in multiple callers
synchronized (ClouderaManagerClientBuilder.class) {
JAXRSClientFactoryBean bean = cleanFactory(clientStaticResources.getUnchecked(proxyType));
bean.setAddress(address);
if (username != null) {
bean.setUsername(username);
bean.setPassword(password);
}
if (enableLogging) {
bean.setFeatures(Arrays.<AbstractFeature>asList(new LoggingFeature()));
}
rootResource = bean.create(proxyType);
}
boolean isTlsEnabled = address.startsWith("https://");
ClientConfiguration config = WebClient.getConfig(rootResource);
HTTPConduit conduit = (HTTPConduit) config.getConduit();
if (isTlsEnabled) {
TLSClientParameters tlsParams = new TLSClientParameters();
if (!validateCerts) {
tlsParams.setTrustManagers(new TrustManager[] {new AcceptAllTrustManager()});
} else if (trustManagers != null) {
tlsParams.setTrustManagers(trustManagers);
}
tlsParams.setDisableCNCheck(!validateCn);
conduit.setTlsClientParameters(tlsParams);
}
HTTPClientPolicy policy = conduit.getClient();
policy.setConnectionTimeout(connectionTimeoutUnits.toMillis(connectionTimeout));
policy.setReceiveTimeout(receiveTimeoutUnits.toMillis(receiveTimeout));
return rootResource;
}
protected void setupHttpConduit(HTTPConduit httpConduit) {
TLSClientParameters tlsClientParameters = tryToGetTLSClientParametersFromConduit(httpConduit);
tlsClientParameters.setSSLSocketFactory(tryToGetSSLSocketFactory());
httpConduit.setTlsClientParameters(tlsClientParameters);
}
