private HttpConnector createHttpConnector(final boolean sslHostnameVerification) { final EndpointIterator endpointIterator = EndpointIterator.of(endpointSupplier.get()); final DefaultHttpConnector connector = new DefaultHttpConnector(endpointIterator, 10000, sslHostnameVerification); Optional<AgentProxy> agentProxyOpt = Optional.absent(); try { agentProxyOpt = Optional.of(AgentProxies.newInstance()); } catch (RuntimeException e) { // the user likely doesn't have ssh-agent setup. This may not matter at all if the masters // do not require authentication, so we delay reporting any sort of error to the user until // the servers return 401 Unauthorized. log.debug("{}", e); } // set up the ClientCertificatePath, giving precedence to any values set // with setClientCertificatePath() if (clientCertificatePath == null) { final String heliosCertPath = System.getenv(HELIOS_CERT_PATH); if (!isNullOrEmpty(heliosCertPath)) { final Path certPath = Paths.get(heliosCertPath, "cert.pem"); final Path keyPath = Paths.get(heliosCertPath, "key.pem"); if (certPath.toFile().canRead() && keyPath.toFile().canRead()) { this.clientCertificatePath = new ClientCertificatePath(certPath, keyPath); } else { log.warn( "{} is set to {}, but {} and/or {} do not exist or cannot be read. " + "Will not send client certificate in HeliosClient requests.", HELIOS_CERT_PATH, heliosCertPath, certPath, keyPath); } } } return new AuthenticatingHttpConnector( user, agentProxyOpt, Optional.fromNullable(clientCertificatePath), endpointIterator, connector); }
@Override public HttpURLConnection connect( final URI uri, final String method, final byte[] entity, final Map<String, List<String>> headers) throws HeliosException { final Endpoint endpoint = endpointIterator.next(); // convert the URI whose hostname portion is a domain name into a URI where the host is an IP // as we expect there to be several different IP addresses besides a common domain name final URI ipUri; try { ipUri = toIpUri(endpoint, uri); } catch (URISyntaxException e) { throw new HeliosException(e); } try { log.debug("connecting to {}", ipUri); if (clientCertificatePath.isPresent()) { // prioritize using the certificate file if set return connectWithCertificateFile(ipUri, method, entity, headers); } else if (agentProxy.isPresent() && !identities.isEmpty()) { // ssh-agent based authentication return connectWithIdentities(identities, ipUri, method, entity, headers); } else { // no authentication return doConnect(ipUri, method, entity, headers); } } catch (ConnectException | SocketTimeoutException | UnknownHostException e) { // UnknownHostException happens if we can't resolve hostname into IP address. // UnknownHostException's getMessage method returns just the hostname which is a // useless message, so log the exception class name to provide more info. log.debug(e.toString()); throw new HeliosException("Unable to connect to master", e); } catch (IOException e) { throw new HeliosException(e); } }