private HttpConnector createHttpConnector(final boolean sslHostnameVerification) {
final EndpointIterator endpointIterator = EndpointIterator.of(endpointSupplier.get());
final DefaultHttpConnector connector =
new DefaultHttpConnector(endpointIterator, 10000, sslHostnameVerification);
Optional<AgentProxy> agentProxyOpt = Optional.absent();
try {
agentProxyOpt = Optional.of(AgentProxies.newInstance());
} catch (RuntimeException e) {
// the user likely doesn't have ssh-agent setup. This may not matter at all if the masters
// do not require authentication, so we delay reporting any sort of error to the user until
// the servers return 401 Unauthorized.
log.debug("{}", e);
}
// set up the ClientCertificatePath, giving precedence to any values set
// with setClientCertificatePath()
if (clientCertificatePath == null) {
final String heliosCertPath = System.getenv(HELIOS_CERT_PATH);
if (!isNullOrEmpty(heliosCertPath)) {
final Path certPath = Paths.get(heliosCertPath, "cert.pem");
final Path keyPath = Paths.get(heliosCertPath, "key.pem");
if (certPath.toFile().canRead() && keyPath.toFile().canRead()) {
this.clientCertificatePath = new ClientCertificatePath(certPath, keyPath);
} else {
log.warn(
"{} is set to {}, but {} and/or {} do not exist or cannot be read. "
+ "Will not send client certificate in HeliosClient requests.",
HELIOS_CERT_PATH,
heliosCertPath,
certPath,
keyPath);
}
}
}
return new AuthenticatingHttpConnector(
user,
agentProxyOpt,
Optional.fromNullable(clientCertificatePath),
endpointIterator,
connector);
}
@Override
public HttpURLConnection connect(
final URI uri,
final String method,
final byte[] entity,
final Map<String, List<String>> headers)
throws HeliosException {
final Endpoint endpoint = endpointIterator.next();
// convert the URI whose hostname portion is a domain name into a URI where the host is an IP
// as we expect there to be several different IP addresses besides a common domain name
final URI ipUri;
try {
ipUri = toIpUri(endpoint, uri);
} catch (URISyntaxException e) {
throw new HeliosException(e);
}
try {
log.debug("connecting to {}", ipUri);
if (clientCertificatePath.isPresent()) {
// prioritize using the certificate file if set
return connectWithCertificateFile(ipUri, method, entity, headers);
} else if (agentProxy.isPresent() && !identities.isEmpty()) {
// ssh-agent based authentication
return connectWithIdentities(identities, ipUri, method, entity, headers);
} else {
// no authentication
return doConnect(ipUri, method, entity, headers);
}
} catch (ConnectException | SocketTimeoutException | UnknownHostException e) {
// UnknownHostException happens if we can't resolve hostname into IP address.
// UnknownHostException's getMessage method returns just the hostname which is a
// useless message, so log the exception class name to provide more info.
log.debug(e.toString());
throw new HeliosException("Unable to connect to master", e);
} catch (IOException e) {
throw new HeliosException(e);
}
}
