/** {@inheritDoc} */
public void configure(HttpsParameters params) {
// initialise the SSL context
SSLEngine engine = context.createSSLEngine();
// get the default parameters
SSLParameters defaultSSLParameters = context.getDefaultSSLParameters();
// Cert authentication is delayed later to the ClientCertAuthenticator
params.setWantClientAuth(serverConfig.useSslClientAuthentication());
defaultSSLParameters.setWantClientAuth(serverConfig.useSslClientAuthentication());
// Cipher Suites
params.setCipherSuites(serverConfig.getSSLCipherSuites());
defaultSSLParameters.setCipherSuites(serverConfig.getSSLCipherSuites());
// Protocols
params.setProtocols(serverConfig.getSSLProtocols());
defaultSSLParameters.setProtocols(serverConfig.getSSLProtocols());
params.setSSLParameters(defaultSSLParameters);
}
@Override
public void init() throws Exception {
super.init();
if (client == null) {
client = new HttpClient(new SslContextFactory());
client.setExecutor(new ExecutorThreadPool(threadPool));
// configure timeout if set
if (connectTimeout != -1) {
client.setConnectTimeout(connectTimeout);
}
if (idleTimeout != -1) {
client.setIdleTimeout(idleTimeout);
}
client.setMaxConnectionsPerDestination(maxConnectionsPerDestination);
client.setMaxRequestsQueuedPerDestination(maxRequestsQueuedPerDestination);
// Configure SSL - if relevant
if (transportSSLEnabled) {
KeyStoreManagement keyStore =
KeyStoreManagement.getKeyStoreManagement(
httpsKeystoreType, httpsKeystore, httpsKeyPassword);
if (jmxControl != null && keyStore != null) {
jmxControl.registerMBean(
"CoUGAR:name=AsyncHttpClientKeyStore,beanName=" + beanName, keyStore);
}
KeyStoreManagement trustStore =
KeyStoreManagement.getKeyStoreManagement(
httpsTruststoreType, httpsTruststore, httpsTrustPassword);
if (jmxControl != null) {
jmxControl.registerMBean(
"CoUGAR:name=AsyncHttpClientTrustStore,beanName=" + beanName, trustStore);
}
if (trustStore == null) {
throw new IllegalStateException(
"This configuration ostensibly supports TLS, yet doesn't provide valid truststore configuration");
}
final SslContextFactory sslContextFactory = client.getSslContextFactory();
com.betfair.cougar.netutil.SslContextFactory factory =
new com.betfair.cougar.netutil.SslContextFactory();
factory.setTrustManagerFactoryKeyStore(trustStore.getKeyStore());
if (keyStore != null) {
factory.setKeyManagerFactoryKeyStore(keyStore.getKeyStore());
factory.setKeyManagerFactoryKeyStorePassword(httpsKeyPassword);
}
SSLContext context = factory.newInstance();
if (hostnameVerificationDisabled) {
context.getDefaultSSLParameters().setEndpointIdentificationAlgorithm(null);
LOGGER.warn(
"CRITICAL SECURITY CHECKS ARE DISABLED: server SSL certificate hostname "
+ "verification is turned off.");
} else {
context.getDefaultSSLParameters().setEndpointIdentificationAlgorithm("https");
}
sslContextFactory.setSslContext(context);
}
client.start();
clientCreated = true;
}
metrics = new JettyTransportMetrics();
if (jmxControl != null) {
jmxControl.registerMBean("CoUGAR:name=AsyncHttpClientExecutable,beanName=" + beanName, this);
}
}