/**
* * Connect to an EC2 instance.
*
* @return {@link AmazonEC2} client
*/
public static synchronized AmazonEC2 connect(
AWSCredentialsProvider credentialsProvider, URL endpoint) {
awsCredentialsProvider = credentialsProvider;
ClientConfiguration config = new ClientConfiguration();
config.setMaxErrorRetry(16); // Default retry limit (3) is low and often
// cause problems. Raise it a bit.
// See: https://issues.jenkins-ci.org/browse/JENKINS-26800
config.setSignerOverride("QueryStringSignerType");
ProxyConfiguration proxyConfig = Jenkins.getInstance().proxy;
Proxy proxy =
proxyConfig == null ? Proxy.NO_PROXY : proxyConfig.createProxy(endpoint.getHost());
if (!proxy.equals(Proxy.NO_PROXY) && proxy.address() instanceof InetSocketAddress) {
InetSocketAddress address = (InetSocketAddress) proxy.address();
config.setProxyHost(address.getHostName());
config.setProxyPort(address.getPort());
if (null != proxyConfig.getUserName()) {
config.setProxyUsername(proxyConfig.getUserName());
config.setProxyPassword(proxyConfig.getPassword());
}
}
AmazonEC2 client = new AmazonEC2Client(credentialsProvider, config);
client.setEndpoint(endpoint.toString());
return client;
}
/**
* Returns the HttpClient through which the REST call is made. Uses an unsafe TrustStrategy in
* case the user specified a HTTPS URL and set the ignoreUnverifiedSSLPeer flag.
*
* @param logger the logger to log messages to
* @return the HttpClient
*/
private HttpClient getHttpClient(PrintStream logger) throws Exception {
boolean ignoreUnverifiedSSL = ignoreUnverifiedSSLPeer;
String stashServer = stashServerBaseUrl;
DescriptorImpl descriptor = getDescriptor();
if ("".equals(stashServer) || stashServer == null) {
stashServer = descriptor.getStashRootUrl();
}
if (!ignoreUnverifiedSSL) {
ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl();
}
URL url = new URL(stashServer);
HttpClientBuilder builder = HttpClientBuilder.create();
if (url.getProtocol().equals("https") && ignoreUnverifiedSSL) {
// add unsafe trust manager to avoid thrown
// SSLPeerUnverifiedException
try {
TrustStrategy easyStrategy =
new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
return true;
}
};
SSLContext sslContext =
SSLContexts.custom().loadTrustMaterial(null, easyStrategy).useTLS().build();
SSLConnectionSocketFactory sslConnSocketFactory =
new SSLConnectionSocketFactory(
sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
builder.setSSLSocketFactory(sslConnSocketFactory);
Registry<ConnectionSocketFactory> registry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslConnSocketFactory)
.build();
HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
builder.setConnectionManager(ccm);
} catch (NoSuchAlgorithmException nsae) {
logger.println("Couldn't establish SSL context:");
nsae.printStackTrace(logger);
} catch (KeyManagementException kme) {
logger.println("Couldn't initialize SSL context:");
kme.printStackTrace(logger);
} catch (KeyStoreException kse) {
logger.println("Couldn't initialize SSL context:");
kse.printStackTrace(logger);
}
}
// Configure the proxy, if needed
// Using the Jenkins methods handles the noProxyHost settings
ProxyConfiguration proxyConfig = Jenkins.getInstance().proxy;
if (proxyConfig != null) {
Proxy proxy = proxyConfig.createProxy(url.getHost());
if (proxy != null && proxy.type() == Proxy.Type.HTTP) {
SocketAddress addr = proxy.address();
if (addr != null && addr instanceof InetSocketAddress) {
InetSocketAddress proxyAddr = (InetSocketAddress) addr;
HttpHost proxyHost =
new HttpHost(proxyAddr.getAddress().getHostAddress(), proxyAddr.getPort());
builder = builder.setProxy(proxyHost);
String proxyUser = proxyConfig.getUserName();
if (proxyUser != null) {
String proxyPass = proxyConfig.getPassword();
CredentialsProvider cred = new BasicCredentialsProvider();
cred.setCredentials(
new AuthScope(proxyHost), new UsernamePasswordCredentials(proxyUser, proxyPass));
builder =
builder
.setDefaultCredentialsProvider(cred)
.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
}
}
}
}
return builder.build();
}