use of com.netflix.http4.ssl.KeyStoreAwareSocketFactory in project ribbon by Netflix.
the class RestClient method apacheHttpClientSpecificInitialization.
protected Client apacheHttpClientSpecificInitialization() {
httpClient4 = NFHttpClientFactory.getNamedNFHttpClient(restClientName, this.ncc, true);
if (httpClient4 instanceof AbstractHttpClient) {
// DONT use our NFHttpClient's default Retry Handler since we have
// retry handling (same server/next server) in RestClient itself
((AbstractHttpClient) httpClient4).setHttpRequestRetryHandler(new NFHttpMethodRetryHandler(restClientName, 0, false, 0));
} else {
logger.warn("Unexpected error: Unable to disable NFHttpClient " + "retry handler, this most likely will not cause an " + "issue but probably should be looked at");
}
HttpParams httpClientParams = httpClient4.getParams();
// initialize Connection Manager cleanup facility
NFHttpClient nfHttpClient = (NFHttpClient) httpClient4;
// should we enable connection cleanup for idle connections?
try {
enableConnectionPoolCleanerTask = Boolean.parseBoolean(ncc.getProperty(CommonClientConfigKey.ConnectionPoolCleanerTaskEnabled, NFHttpClientConstants.DEFAULT_CONNECTIONIDLE_TIMETASK_ENABLED).toString());
nfHttpClient.getConnPoolCleaner().setEnableConnectionPoolCleanerTask(enableConnectionPoolCleanerTask);
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnectionPoolCleanerTaskEnabled, e1);
}
if (enableConnectionPoolCleanerTask) {
try {
connectionCleanerRepeatInterval = Integer.parseInt(String.valueOf(ncc.getProperty(CommonClientConfigKey.ConnectionCleanerRepeatInterval, NFHttpClientConstants.DEFAULT_CONNECTION_IDLE_TIMERTASK_REPEAT_IN_MSECS)));
nfHttpClient.getConnPoolCleaner().setConnectionCleanerRepeatInterval(connectionCleanerRepeatInterval);
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnectionCleanerRepeatInterval, e1);
}
try {
int iConnIdleEvictTimeMilliSeconds = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ConnIdleEvictTimeMilliSeconds, NFHttpClientConstants.DEFAULT_CONNECTIONIDLE_TIME_IN_MSECS));
connIdleEvictTimeMilliSeconds = DynamicPropertyFactory.getInstance().getIntProperty(restClientName + ".nfhttpclient.connIdleEvictTimeMilliSeconds", iConnIdleEvictTimeMilliSeconds);
nfHttpClient.setConnIdleEvictTimeMilliSeconds(connIdleEvictTimeMilliSeconds);
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnIdleEvictTimeMilliSeconds, e1);
}
nfHttpClient.initConnectionCleanerTask();
}
try {
maxConnectionsperHost = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.MaxHttpConnectionsPerHost, maxConnectionsperHost));
ClientConnectionManager connMgr = httpClient4.getConnectionManager();
if (connMgr instanceof ThreadSafeClientConnManager) {
((ThreadSafeClientConnManager) connMgr).setDefaultMaxPerRoute(maxConnectionsperHost);
}
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.MaxHttpConnectionsPerHost, e1);
}
try {
maxTotalConnections = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.MaxTotalHttpConnections, maxTotalConnections));
ClientConnectionManager connMgr = httpClient4.getConnectionManager();
if (connMgr instanceof ThreadSafeClientConnManager) {
((ThreadSafeClientConnManager) connMgr).setMaxTotal(maxTotalConnections);
}
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.MaxTotalHttpConnections, e1);
}
try {
connectionTimeout = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ConnectTimeout, connectionTimeout));
HttpConnectionParams.setConnectionTimeout(httpClientParams, connectionTimeout);
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ConnectTimeout, e1);
}
try {
readTimeout = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ReadTimeout, readTimeout));
HttpConnectionParams.setSoTimeout(httpClientParams, readTimeout);
} catch (Exception e1) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ReadTimeout, e1);
}
// httpclient 4 seems to only have one buffer size controlling both
// send/receive - so let's take the bigger of the two values and use
// it as buffer size
int bufferSize = Integer.MIN_VALUE;
if (ncc.getProperty(CommonClientConfigKey.ReceiveBufferSize) != null) {
try {
bufferSize = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ReceiveBufferSize));
} catch (Exception e) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ReceiveBufferSize, e);
}
if (ncc.getProperty(CommonClientConfigKey.SendBufferSize) != null) {
try {
int sendBufferSize = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.SendBufferSize));
if (sendBufferSize > bufferSize) {
bufferSize = sendBufferSize;
}
} catch (Exception e) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.SendBufferSize, e);
}
}
}
if (bufferSize != Integer.MIN_VALUE) {
HttpConnectionParams.setSocketBufferSize(httpClientParams, bufferSize);
}
if (ncc.getProperty(CommonClientConfigKey.StaleCheckingEnabled) != null) {
try {
HttpConnectionParams.setStaleCheckingEnabled(httpClientParams, Boolean.parseBoolean(ncc.getProperty(CommonClientConfigKey.StaleCheckingEnabled, false).toString()));
} catch (Exception e) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.StaleCheckingEnabled, e);
}
}
if (ncc.getProperty(CommonClientConfigKey.Linger) != null) {
try {
HttpConnectionParams.setLinger(httpClientParams, Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.Linger)));
} catch (Exception e) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.Linger, e);
}
}
if (ncc.getProperty(CommonClientConfigKey.ProxyHost) != null) {
try {
proxyHost = (String) ncc.getProperty(CommonClientConfigKey.ProxyHost);
proxyPort = Integer.parseInt("" + ncc.getProperty(CommonClientConfigKey.ProxyPort));
HttpHost proxy = new HttpHost(proxyHost, proxyPort);
httpClient4.getParams().setParameter(ConnRouteParams.DEFAULT_PROXY, proxy);
} catch (Exception e) {
throw new IllegalArgumentException("Invalid value for property:" + CommonClientConfigKey.ProxyHost, e);
}
}
if (isSecure) {
final URL trustStoreUrl = getResourceForOptionalProperty(CommonClientConfigKey.TrustStore);
final URL keyStoreUrl = getResourceForOptionalProperty(CommonClientConfigKey.KeyStore);
final ClientConnectionManager currentManager = httpClient4.getConnectionManager();
AbstractSslContextFactory abstractFactory = null;
if (// if client is not is not required, we only need a keystore OR a truststore to warrant configuring
(isClientAuthRequired && (trustStoreUrl != null && keyStoreUrl != null)) || (!isClientAuthRequired && (trustStoreUrl != null || keyStoreUrl != null))) {
try {
abstractFactory = new URLSslContextFactory(trustStoreUrl, (String) ncc.getProperty(CommonClientConfigKey.TrustStorePassword), keyStoreUrl, (String) ncc.getProperty(CommonClientConfigKey.KeyStorePassword));
} catch (ClientSslSocketFactoryException e) {
throw new IllegalArgumentException("Unable to configure custom secure socket factory", e);
}
}
KeyStoreAwareSocketFactory awareSocketFactory;
try {
awareSocketFactory = isHostnameValidationRequired ? new KeyStoreAwareSocketFactory(abstractFactory) : new KeyStoreAwareSocketFactory(abstractFactory, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
currentManager.getSchemeRegistry().register(new Scheme("https", 443, awareSocketFactory));
} catch (Exception e) {
throw new IllegalArgumentException("Unable to configure custom secure socket factory", e);
}
}
// See http://hc.apache.org/httpcomponents-client-ga/tutorial/html/advanced.html
if (ignoreUserToken) {
((DefaultHttpClient) httpClient4).setUserTokenHandler(new UserTokenHandler() {
@Override
public Object getUserToken(HttpContext context) {
return null;
}
});
}
// custom SSL Factory handler
String customSSLFactoryClassName = (String) ncc.getProperty(CommonClientConfigKey.CustomSSLSocketFactoryClassName);
if (customSSLFactoryClassName != null) {
try {
SSLSocketFactory customSocketFactory = (SSLSocketFactory) ClientFactory.instantiateInstanceWithClientConfig(customSSLFactoryClassName, ncc);
httpClient4.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, customSocketFactory));
} catch (Exception e) {
throw new IllegalArgumentException("Invalid value associated with property:" + CommonClientConfigKey.CustomSSLSocketFactoryClassName, e);
}
}
ApacheHttpClient4Handler handler = new ApacheHttpClient4Handler(httpClient4, new BasicCookieStore(), false);
return new ApacheHttpClient4(handler, config);
}
use of com.netflix.http4.ssl.KeyStoreAwareSocketFactory in project ribbon by Netflix.
the class RestClient method resetSSLSocketFactory.
public void resetSSLSocketFactory(AbstractSslContextFactory abstractContextFactory) {
try {
KeyStoreAwareSocketFactory awareSocketFactory = isHostnameValidationRequired ? new KeyStoreAwareSocketFactory(abstractContextFactory) : new KeyStoreAwareSocketFactory(abstractContextFactory, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
httpClient4.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, awareSocketFactory));
} catch (Exception e) {
throw new IllegalArgumentException("Unable to configure custom secure socket factory", e);
}
}
use of com.netflix.http4.ssl.KeyStoreAwareSocketFactory in project ribbon by Netflix.
the class RestClient method getKeyStore.
public KeyStore getKeyStore() {
SchemeRegistry registry = httpClient4.getConnectionManager().getSchemeRegistry();
if (!registry.getSchemeNames().contains("https")) {
throw new IllegalStateException("Registry does not include an 'https' entry.");
}
SchemeSocketFactory awareSocketFactory = httpClient4.getConnectionManager().getSchemeRegistry().getScheme("https").getSchemeSocketFactory();
if (awareSocketFactory instanceof KeyStoreAwareSocketFactory) {
return ((KeyStoreAwareSocketFactory) awareSocketFactory).getKeyStore();
} else {
throw new IllegalStateException("Cannot extract keystore from scheme socket factory of type: " + awareSocketFactory.getClass().getName());
}
}
Aggregations