Search in sources :

Example 1 with ClientSslSocketFactoryException

use of com.netflix.client.ssl.ClientSslSocketFactoryException in project ribbon by Netflix.

the class RestClient method apacheHttpClientSpecificInitialization.

protected Client apacheHttpClientSpecificInitialization() {
    httpClient4 = NFHttpClientFactory.getNamedNFHttpClient(restClientName, this.ncc, true);
    if (httpClient4 instanceof AbstractHttpClient) {
        // DONT use our NFHttpClient's default Retry Handler since we have
        // retry handling (same server/next server) in RestClient itself
        ((AbstractHttpClient) httpClient4).setHttpRequestRetryHandler(new NFHttpMethodRetryHandler(restClientName, 0, false, 0));
    } else {
        logger.warn("Unexpected error: Unable to disable NFHttpClient " + "retry handler, this most likely will not cause an " + "issue but probably should be looked at");
    }
    HttpParams httpClientParams = httpClient4.getParams();
    // initialize Connection Manager cleanup facility
    NFHttpClient nfHttpClient = (NFHttpClient) httpClient4;
    // should we enable connection cleanup for idle connections?
    try {
        enableConnectionPoolCleanerTask = Boolean.parseBoolean(ncc.getProperty(CommonClientConfigKey.ConnectionPoolCleanerTaskEnabled, NFHttpClientConstants.DEFAULT_CONNECTIONIDLE_TIMETASK_ENABLED).toString());
        nfHttpClient.getConnPoolCleaner().setEnableConnectionPoolCleanerTask(enableConnectionPoolCleanerTask);
    } catch (Exception e1) {
        throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnectionPoolCleanerTaskEnabled, e1);
    }
    if (enableConnectionPoolCleanerTask) {
        try {
            connectionCleanerRepeatInterval = Integer.parseInt(String.valueOf(ncc.getProperty(CommonClientConfigKey.ConnectionCleanerRepeatInterval, NFHttpClientConstants.DEFAULT_CONNECTION_IDLE_TIMERTASK_REPEAT_IN_MSECS)));
            nfHttpClient.getConnPoolCleaner().setConnectionCleanerRepeatInterval(connectionCleanerRepeatInterval);
        } catch (Exception e1) {
            throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnectionCleanerRepeatInterval, e1);
        }
        try {
            int iConnIdleEvictTimeMilliSeconds = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ConnIdleEvictTimeMilliSeconds, NFHttpClientConstants.DEFAULT_CONNECTIONIDLE_TIME_IN_MSECS));
            connIdleEvictTimeMilliSeconds = DynamicPropertyFactory.getInstance().getIntProperty(restClientName + ".nfhttpclient.connIdleEvictTimeMilliSeconds", iConnIdleEvictTimeMilliSeconds);
            nfHttpClient.setConnIdleEvictTimeMilliSeconds(connIdleEvictTimeMilliSeconds);
        } catch (Exception e1) {
            throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnIdleEvictTimeMilliSeconds, e1);
        }
        nfHttpClient.initConnectionCleanerTask();
    }
    try {
        maxConnectionsperHost = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.MaxHttpConnectionsPerHost, maxConnectionsperHost));
        ClientConnectionManager connMgr = httpClient4.getConnectionManager();
        if (connMgr instanceof ThreadSafeClientConnManager) {
            ((ThreadSafeClientConnManager) connMgr).setDefaultMaxPerRoute(maxConnectionsperHost);
        }
    } catch (Exception e1) {
        throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.MaxHttpConnectionsPerHost, e1);
    }
    try {
        maxTotalConnections = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.MaxTotalHttpConnections, maxTotalConnections));
        ClientConnectionManager connMgr = httpClient4.getConnectionManager();
        if (connMgr instanceof ThreadSafeClientConnManager) {
            ((ThreadSafeClientConnManager) connMgr).setMaxTotal(maxTotalConnections);
        }
    } catch (Exception e1) {
        throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.MaxTotalHttpConnections, e1);
    }
    try {
        connectionTimeout = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ConnectTimeout, connectionTimeout));
        HttpConnectionParams.setConnectionTimeout(httpClientParams, connectionTimeout);
    } catch (Exception e1) {
        throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnectTimeout, e1);
    }
    try {
        readTimeout = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ReadTimeout, readTimeout));
        HttpConnectionParams.setSoTimeout(httpClientParams, readTimeout);
    } catch (Exception e1) {
        throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ReadTimeout, e1);
    }
    // httpclient 4 seems to only have one buffer size controlling both
    // send/receive - so let's take the bigger of the two values and use
    // it as buffer size
    int bufferSize = Integer.MIN_VALUE;
    if (ncc.getProperty(CommonClientConfigKey.ReceiveBufferSize) != null) {
        try {
            bufferSize = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ReceiveBufferSize));
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ReceiveBufferSize, e);
        }
        if (ncc.getProperty(CommonClientConfigKey.SendBufferSize) != null) {
            try {
                int sendBufferSize = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.SendBufferSize));
                if (sendBufferSize > bufferSize) {
                    bufferSize = sendBufferSize;
                }
            } catch (Exception e) {
                throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.SendBufferSize, e);
            }
        }
    }
    if (bufferSize != Integer.MIN_VALUE) {
        HttpConnectionParams.setSocketBufferSize(httpClientParams, bufferSize);
    }
    if (ncc.getProperty(CommonClientConfigKey.StaleCheckingEnabled) != null) {
        try {
            HttpConnectionParams.setStaleCheckingEnabled(httpClientParams, Boolean.parseBoolean(ncc.getProperty(CommonClientConfigKey.StaleCheckingEnabled, false).toString()));
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.StaleCheckingEnabled, e);
        }
    }
    if (ncc.getProperty(CommonClientConfigKey.Linger) != null) {
        try {
            HttpConnectionParams.setLinger(httpClientParams, Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.Linger)));
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.Linger, e);
        }
    }
    if (ncc.getProperty(CommonClientConfigKey.ProxyHost) != null) {
        try {
            proxyHost = (String) ncc.getProperty(CommonClientConfigKey.ProxyHost);
            proxyPort = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ProxyPort));
            HttpHost proxy = new HttpHost(proxyHost, proxyPort);
            httpClient4.getParams().setParameter(ConnRouteParams.DEFAULT_PROXY, proxy);
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ProxyHost, e);
        }
    }
    if (isSecure) {
        final URL trustStoreUrl = getResourceForOptionalProperty(CommonClientConfigKey.TrustStore);
        final URL keyStoreUrl = getResourceForOptionalProperty(CommonClientConfigKey.KeyStore);
        final ClientConnectionManager currentManager = httpClient4.getConnectionManager();
        AbstractSslContextFactory abstractFactory = null;
        if (// if client is not is not required, we only need a keystore OR a truststore to warrant configuring
        (isClientAuthRequired && (trustStoreUrl != null && keyStoreUrl != null)) || (!isClientAuthRequired && (trustStoreUrl != null || keyStoreUrl != null))) {
            try {
                abstractFactory = new URLSslContextFactory(trustStoreUrl, (String) ncc.getProperty(CommonClientConfigKey.TrustStorePassword), keyStoreUrl, (String) ncc.getProperty(CommonClientConfigKey.KeyStorePassword));
            } catch (ClientSslSocketFactoryException e) {
                throw new IllegalArgumentException("Unable to configure custom secure socket factory", e);
            }
        }
        KeyStoreAwareSocketFactory awareSocketFactory;
        try {
            awareSocketFactory = isHostnameValidationRequired ? new KeyStoreAwareSocketFactory(abstractFactory) : new KeyStoreAwareSocketFactory(abstractFactory, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            currentManager.getSchemeRegistry().register(new Scheme("https", 443, awareSocketFactory));
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to configure custom secure socket factory", e);
        }
    }
    // See http://hc.apache.org/httpcomponents-client-ga/tutorial/html/advanced.html
    if (ignoreUserToken) {
        ((DefaultHttpClient) httpClient4).setUserTokenHandler(new UserTokenHandler() {

            @Override
            public Object getUserToken(HttpContext context) {
                return null;
            }
        });
    }
    // custom SSL Factory handler
    String customSSLFactoryClassName = (String) ncc.getProperty(CommonClientConfigKey.CustomSSLSocketFactoryClassName);
    if (customSSLFactoryClassName != null) {
        try {
            SSLSocketFactory customSocketFactory = (SSLSocketFactory) ClientFactory.instantiateInstanceWithClientConfig(customSSLFactoryClassName, ncc);
            httpClient4.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, customSocketFactory));
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid value associated with property:" + CommonClientConfigKey.CustomSSLSocketFactoryClassName, e);
        }
    }
    ApacheHttpClient4Handler handler = new ApacheHttpClient4Handler(httpClient4, new BasicCookieStore(), false);
    return new ApacheHttpClient4(handler, config);
}
Also used : ApacheHttpClient4Handler(com.sun.jersey.client.apache4.ApacheHttpClient4Handler) Scheme(org.apache.http.conn.scheme.Scheme) AbstractSslContextFactory(com.netflix.client.ssl.AbstractSslContextFactory) NFHttpClient(com.netflix.http4.NFHttpClient) URL(java.net.URL) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) HttpHost(org.apache.http.HttpHost) KeyStoreAwareSocketFactory(com.netflix.http4.ssl.KeyStoreAwareSocketFactory) SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory) ApacheHttpClient4(com.sun.jersey.client.apache4.ApacheHttpClient4) UserTokenHandler(org.apache.http.client.UserTokenHandler) NFHttpMethodRetryHandler(com.netflix.http4.NFHttpMethodRetryHandler) ClientSslSocketFactoryException(com.netflix.client.ssl.ClientSslSocketFactoryException) HttpContext(org.apache.http.protocol.HttpContext) URLSslContextFactory(com.netflix.client.ssl.URLSslContextFactory) ClientConnectionManager(org.apache.http.conn.ClientConnectionManager) URISyntaxException(java.net.URISyntaxException) ClientException(com.netflix.client.ClientException) SocketException(java.net.SocketException) SocketTimeoutException(java.net.SocketTimeoutException) ClientSslSocketFactoryException(com.netflix.client.ssl.ClientSslSocketFactoryException) AbstractHttpClient(org.apache.http.impl.client.AbstractHttpClient) HttpParams(org.apache.http.params.HttpParams) BasicCookieStore(org.apache.http.impl.client.BasicCookieStore) ThreadSafeClientConnManager(org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager)

Example 2 with ClientSslSocketFactoryException

use of com.netflix.client.ssl.ClientSslSocketFactoryException in project ribbon by Netflix.

the class LoadBalancingHttpClient method createRxClient.

@Override
protected HttpClient<I, O> createRxClient(Server server) {
    HttpClientBuilder<I, O> clientBuilder;
    if (requestIdProvider != null) {
        clientBuilder = RxContexts.<I, O>newHttpClientBuilder(server.getHost(), server.getPort(), requestIdProvider, RxContexts.DEFAULT_CORRELATOR, pipelineConfigurator);
    } else {
        clientBuilder = RxContexts.<I, O>newHttpClientBuilder(server.getHost(), server.getPort(), RxContexts.DEFAULT_CORRELATOR, pipelineConfigurator);
    }
    Integer connectTimeout = getProperty(IClientConfigKey.Keys.ConnectTimeout, null, DefaultClientConfigImpl.DEFAULT_CONNECT_TIMEOUT);
    Integer readTimeout = getProperty(IClientConfigKey.Keys.ReadTimeout, null, DefaultClientConfigImpl.DEFAULT_READ_TIMEOUT);
    Boolean followRedirect = getProperty(IClientConfigKey.Keys.FollowRedirects, null, null);
    HttpClientConfig.Builder builder = new HttpClientConfig.Builder().readTimeout(readTimeout, TimeUnit.MILLISECONDS);
    if (followRedirect != null) {
        builder.setFollowRedirect(followRedirect);
    }
    clientBuilder.channelOption(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectTimeout).config(builder.build());
    if (isPoolEnabled()) {
        clientBuilder.withConnectionPoolLimitStrategy(poolStrategy).withIdleConnectionsTimeoutMillis(idleConnectionEvictionMills).withPoolIdleCleanupScheduler(poolCleanerScheduler);
    } else {
        clientBuilder.withNoConnectionPooling();
    }
    if (sslContextFactory != null) {
        try {
            SSLEngineFactory myFactory = new DefaultFactories.SSLContextBasedFactory(sslContextFactory.getSSLContext()) {

                @Override
                public SSLEngine createSSLEngine(ByteBufAllocator allocator) {
                    SSLEngine myEngine = super.createSSLEngine(allocator);
                    myEngine.setUseClientMode(true);
                    return myEngine;
                }
            };
            clientBuilder.withSslEngineFactory(myFactory);
        } catch (ClientSslSocketFactoryException e) {
            throw new RuntimeException(e);
        }
    }
    return clientBuilder.build();
}
Also used : ByteBufAllocator(io.netty.buffer.ByteBufAllocator) ClientSslSocketFactoryException(com.netflix.client.ssl.ClientSslSocketFactoryException) SSLEngine(javax.net.ssl.SSLEngine) URI(java.net.URI) SSLEngineFactory(io.reactivex.netty.pipeline.ssl.SSLEngineFactory) AtomicInteger(java.util.concurrent.atomic.AtomicInteger)

Aggregations

ClientSslSocketFactoryException (com.netflix.client.ssl.ClientSslSocketFactoryException)2 ClientException (com.netflix.client.ClientException)1 AbstractSslContextFactory (com.netflix.client.ssl.AbstractSslContextFactory)1 URLSslContextFactory (com.netflix.client.ssl.URLSslContextFactory)1 NFHttpClient (com.netflix.http4.NFHttpClient)1 NFHttpMethodRetryHandler (com.netflix.http4.NFHttpMethodRetryHandler)1 KeyStoreAwareSocketFactory (com.netflix.http4.ssl.KeyStoreAwareSocketFactory)1 ApacheHttpClient4 (com.sun.jersey.client.apache4.ApacheHttpClient4)1 ApacheHttpClient4Handler (com.sun.jersey.client.apache4.ApacheHttpClient4Handler)1 ByteBufAllocator (io.netty.buffer.ByteBufAllocator)1 SSLEngineFactory (io.reactivex.netty.pipeline.ssl.SSLEngineFactory)1 SocketException (java.net.SocketException)1 SocketTimeoutException (java.net.SocketTimeoutException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 URL (java.net.URL)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 SSLEngine (javax.net.ssl.SSLEngine)1 HttpHost (org.apache.http.HttpHost)1 UserTokenHandler (org.apache.http.client.UserTokenHandler)1