Examples with HttpsEnabler - io.cdap.cdap.common.security.HttpsEnabler

Example 6 with HttpsEnabler

use of io.cdap.cdap.common.security.HttpsEnabler in project cdap by cdapio.

the class RuntimeServiceRoutingHandler method openConnection.

/**
 * Opens a {@link HttpURLConnection} to the given service for the given program run.
 *
 * @throws BadRequestException if the request for service routing is not valid
 */
private HttpURLConnection openConnection(HttpRequest request, String namespace, String app, String version, String programType, String program, String run, String service) throws BadRequestException {
    ApplicationId appId = new NamespaceId(namespace).app(app, version);
    ProgramRunId programRunId = new ProgramRunId(appId, ProgramType.valueOfCategoryName(programType, BadRequestException::new), program, run);
    requestValidator.getProgramRunStatus(programRunId, request);
    Discoverable discoverable = endpointStrategyLoadingCache.getUnchecked(service).pick(2, TimeUnit.SECONDS);
    if (discoverable == null) {
        throw new ServiceUnavailableException(service);
    }
    String prefix = String.format("%s/runtime/namespaces/%s/apps/%s/versions/%s/%s/%s/runs/%s/services/%s", Constants.Gateway.INTERNAL_API_VERSION_3, namespace, app, version, programType, program, run, service);
    URI uri = URIScheme.createURI(discoverable, request.uri().substring(prefix.length()));
    try {
        URL url = uri.toURL();
        HttpURLConnection urlConn;
        try {
            urlConn = (HttpURLConnection) url.openConnection();
        } catch (IOException e) {
            // If fail to open the connection, treat it as service unavailable so that the client can retry
            throw new ServiceUnavailableException(service);
        }
        if (urlConn instanceof HttpsURLConnection) {
            new HttpsEnabler().setTrustAll(true).enable((HttpsURLConnection) urlConn);
        }
        for (Map.Entry<String, String> header : request.headers().entries()) {
            urlConn.setRequestProperty(header.getKey(), header.getValue());
        }
        urlConn.setRequestMethod(request.method().name());
        urlConn.setDoInput(true);
        return urlConn;
    } catch (MalformedURLException | ProtocolException e) {
        // This can only happen if the incoming request is bad
        throw new BadRequestException("Invalid request due to " + e.getMessage(), e);
    }
}

Also used : ProtocolException(java.net.ProtocolException) Discoverable(org.apache.twill.discovery.Discoverable) MalformedURLException(java.net.MalformedURLException) ServiceUnavailableException(io.cdap.cdap.common.ServiceUnavailableException) IOException(java.io.IOException) URI(java.net.URI) URL(java.net.URL) HttpURLConnection(java.net.HttpURLConnection) BadRequestException(io.cdap.cdap.common.BadRequestException) HttpsEnabler(io.cdap.cdap.common.security.HttpsEnabler) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) ProgramRunId(io.cdap.cdap.proto.id.ProgramRunId) ApplicationId(io.cdap.cdap.proto.id.ApplicationId) Map(java.util.Map) HttpsURLConnection(javax.net.ssl.HttpsURLConnection)

Example 7 with HttpsEnabler

use of io.cdap.cdap.common.security.HttpsEnabler in project cdap by cdapio.

the class HealthCheckService method initiate.

public void initiate(String host, int port, String serviceName) {
    this.serviceName = serviceName;
    NettyHttpService.Builder builder = new CommonNettyHttpServiceBuilder(cConf, serviceName).setHttpHandlers(handlers).setHost(host).setPort(port);
    if (cConf.getBoolean(Constants.Security.SSL.INTERNAL_ENABLED)) {
        new HttpsEnabler().configureKeyStore(cConf, sConf).enable(builder);
    }
    httpService = builder.build();
}

Also used : CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) NettyHttpService(io.cdap.http.NettyHttpService) HttpsEnabler(io.cdap.cdap.common.security.HttpsEnabler)

Example 8 with HttpsEnabler

use of io.cdap.cdap.common.security.HttpsEnabler in project cdap by cdapio.

the class ExternalMTLSAuthenticationServerTest method openConnection.

private HttpsURLConnection openConnection(URL url, String keyStoreResource) throws Exception {
    HttpsURLConnection urlConn = (HttpsURLConnection) super.openConnection(url);
    URL clientKeystoreURL = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource(keyStoreResource);
    Assert.assertNotNull(clientKeystoreURL);
    KeyStore ks = KeyStore.getInstance("JKS");
    try (InputStream is = clientKeystoreURL.openConnection().getInputStream()) {
        ks.load(is, "secret".toCharArray());
    }
    return new HttpsEnabler().setKeyStore(ks, () -> configuration.get("security.auth.server.ssl.keystore.password", "secret").toCharArray()).setTrustAll(true).enable(urlConn);
}

Also used : InputStream(java.io.InputStream) HttpsEnabler(io.cdap.cdap.common.security.HttpsEnabler) KeyStore(java.security.KeyStore) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) URL(java.net.URL)

Example 9 with HttpsEnabler

use of io.cdap.cdap.common.security.HttpsEnabler in project cdap by cdapio.

the class AppFabricServer method startUp.

/**
 * Configures the AppFabricService pre-start.
 */
@Override
protected void startUp() throws Exception {
    LoggingContextAccessor.setLoggingContext(new ServiceLoggingContext(NamespaceId.SYSTEM.getNamespace(), Constants.Logging.COMPONENT_NAME, Constants.Service.APP_FABRIC_HTTP));
    Futures.allAsList(ImmutableList.of(provisioningService.start(), applicationLifecycleService.start(), bootstrapService.start(), programRuntimeService.start(), programNotificationSubscriberService.start(), runRecordCorrectorService.start(), coreSchedulerService.start(), eventPublishManager.start(), runRecordCounterService.start())).get();
    // Create handler hooks
    List<MetricsReporterHook> handlerHooks = handlerHookNames.stream().map(name -> new MetricsReporterHook(metricsCollectionService, name)).collect(Collectors.toList());
    // Run http service on random port
    NettyHttpService.Builder httpServiceBuilder = new CommonNettyHttpServiceBuilder(cConf, Constants.Service.APP_FABRIC_HTTP).setHost(hostname.getCanonicalHostName()).setHandlerHooks(handlerHooks).setHttpHandlers(handlers).setConnectionBacklog(cConf.getInt(Constants.AppFabric.BACKLOG_CONNECTIONS, Constants.AppFabric.DEFAULT_BACKLOG)).setExecThreadPoolSize(cConf.getInt(Constants.AppFabric.EXEC_THREADS, Constants.AppFabric.DEFAULT_EXEC_THREADS)).setBossThreadPoolSize(cConf.getInt(Constants.AppFabric.BOSS_THREADS, Constants.AppFabric.DEFAULT_BOSS_THREADS)).setWorkerThreadPoolSize(cConf.getInt(Constants.AppFabric.WORKER_THREADS, Constants.AppFabric.DEFAULT_WORKER_THREADS)).setPort(cConf.getInt(Constants.AppFabric.SERVER_PORT));
    if (sslEnabled) {
        new HttpsEnabler().configureKeyStore(cConf, sConf).enable(httpServiceBuilder);
    }
    cancelHttpService = startHttpService(httpServiceBuilder.build());
    long applicationCount = TransactionRunners.run(transactionRunner, (TxCallable<Long>) context -> AppMetadataStore.create(context).getApplicationCount());
    long namespaceCount = new DefaultNamespaceStore(transactionRunner).getNamespaceCount();
    metricsCollectionService.getContext(Collections.emptyMap()).gauge(Constants.Metrics.Program.APPLICATION_COUNT, applicationCount);
    metricsCollectionService.getContext(Collections.emptyMap()).gauge(Constants.Metrics.Program.NAMESPACE_COUNT, namespaceCount);
}

Also used : HttpsEnabler(io.cdap.cdap.common.security.HttpsEnabler) ResolvingDiscoverable(io.cdap.cdap.common.discovery.ResolvingDiscoverable) TransactionRunners(io.cdap.cdap.spi.data.transaction.TransactionRunners) NamespaceId(io.cdap.cdap.proto.id.NamespaceId) Inject(com.google.inject.Inject) MetricsReporterHook(io.cdap.cdap.common.metrics.MetricsReporterHook) LoggerFactory(org.slf4j.LoggerFactory) TxCallable(io.cdap.cdap.spi.data.transaction.TxCallable) ArrayList(java.util.ArrayList) InetAddress(java.net.InetAddress) ProvisioningService(io.cdap.cdap.internal.provision.ProvisioningService) ImmutableList(com.google.common.collect.ImmutableList) AbstractIdleService(com.google.common.util.concurrent.AbstractIdleService) NettyHttpService(io.cdap.http.NettyHttpService) Cancellable(org.apache.twill.common.Cancellable) Nullable(javax.annotation.Nullable) DiscoveryService(org.apache.twill.discovery.DiscoveryService) AppMetadataStore(io.cdap.cdap.internal.app.store.AppMetadataStore) DefaultNamespaceStore(io.cdap.cdap.store.DefaultNamespaceStore) Logger(org.slf4j.Logger) URIScheme(io.cdap.cdap.common.discovery.URIScheme) Set(java.util.Set) LoggingContextAccessor(io.cdap.cdap.common.logging.LoggingContextAccessor) InetSocketAddress(java.net.InetSocketAddress) Collectors(java.util.stream.Collectors) ProgramRuntimeService(io.cdap.cdap.app.runtime.ProgramRuntimeService) CoreSchedulerService(io.cdap.cdap.scheduler.CoreSchedulerService) MetricsCollectionService(io.cdap.cdap.api.metrics.MetricsCollectionService) SystemAppManagementService(io.cdap.cdap.internal.sysapp.SystemAppManagementService) HttpHandler(io.cdap.http.HttpHandler) Futures(com.google.common.util.concurrent.Futures) CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) List(java.util.List) CConfiguration(io.cdap.cdap.common.conf.CConfiguration) TransactionRunner(io.cdap.cdap.spi.data.transaction.TransactionRunner) Named(com.google.inject.name.Named) Constants(io.cdap.cdap.common.conf.Constants) BootstrapService(io.cdap.cdap.internal.bootstrap.BootstrapService) EventPublishManager(io.cdap.cdap.internal.events.EventPublishManager) Collections(java.util.Collections) ServiceLoggingContext(io.cdap.cdap.common.logging.ServiceLoggingContext) SConfiguration(io.cdap.cdap.common.conf.SConfiguration) MetricsReporterHook(io.cdap.cdap.common.metrics.MetricsReporterHook) CommonNettyHttpServiceBuilder(io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder) NettyHttpService(io.cdap.http.NettyHttpService) DefaultNamespaceStore(io.cdap.cdap.store.DefaultNamespaceStore) HttpsEnabler(io.cdap.cdap.common.security.HttpsEnabler) ServiceLoggingContext(io.cdap.cdap.common.logging.ServiceLoggingContext)

Example 10 with HttpsEnabler

use of io.cdap.cdap.common.security.HttpsEnabler in project cdap by caskdata.

the class AppFabricServer method startUp.

/**
 * Configures the AppFabricService pre-start.
 */
@Override
protected void startUp() throws Exception {
    LoggingContextAccessor.setLoggingContext(new ServiceLoggingContext(NamespaceId.SYSTEM.getNamespace(), Constants.Logging.COMPONENT_NAME, Constants.Service.APP_FABRIC_HTTP));
    Futures.allAsList(ImmutableList.of(provisioningService.start(), applicationLifecycleService.start(), bootstrapService.start(), programRuntimeService.start(), programNotificationSubscriberService.start(), runRecordCorrectorService.start(), coreSchedulerService.start(), eventPublishManager.start(), runRecordCounterService.start())).get();
    // Create handler hooks
    List<MetricsReporterHook> handlerHooks = handlerHookNames.stream().map(name -> new MetricsReporterHook(metricsCollectionService, name)).collect(Collectors.toList());
    // Run http service on random port
    NettyHttpService.Builder httpServiceBuilder = new CommonNettyHttpServiceBuilder(cConf, Constants.Service.APP_FABRIC_HTTP).setHost(hostname.getCanonicalHostName()).setHandlerHooks(handlerHooks).setHttpHandlers(handlers).setConnectionBacklog(cConf.getInt(Constants.AppFabric.BACKLOG_CONNECTIONS, Constants.AppFabric.DEFAULT_BACKLOG)).setExecThreadPoolSize(cConf.getInt(Constants.AppFabric.EXEC_THREADS, Constants.AppFabric.DEFAULT_EXEC_THREADS)).setBossThreadPoolSize(cConf.getInt(Constants.AppFabric.BOSS_THREADS, Constants.AppFabric.DEFAULT_BOSS_THREADS)).setWorkerThreadPoolSize(cConf.getInt(Constants.AppFabric.WORKER_THREADS, Constants.AppFabric.DEFAULT_WORKER_THREADS)).setPort(cConf.getInt(Constants.AppFabric.SERVER_PORT));
    if (sslEnabled) {
        new HttpsEnabler().configureKeyStore(cConf, sConf).enable(httpServiceBuilder);
    }
    cancelHttpService = startHttpService(httpServiceBuilder.build());
    long applicationCount = TransactionRunners.run(transactionRunner, (TxCallable<Long>) context -> AppMetadataStore.create(context).getApplicationCount());
    long namespaceCount = new DefaultNamespaceStore(transactionRunner).getNamespaceCount();
    metricsCollectionService.getContext(Collections.emptyMap()).gauge(Constants.Metrics.Program.APPLICATION_COUNT, applicationCount);
    metricsCollectionService.getContext(Collections.emptyMap()).gauge(Constants.Metrics.Program.NAMESPACE_COUNT, namespaceCount);
}

Aggregations

HttpsEnabler (io.cdap.cdap.common.security.HttpsEnabler)18 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)8 CommonNettyHttpServiceBuilder (io.cdap.cdap.common.http.CommonNettyHttpServiceBuilder)6 NettyHttpService (io.cdap.http.NettyHttpService)6 HttpURLConnection (java.net.HttpURLConnection)6 URL (java.net.URL)6 HttpExceptionHandler (io.cdap.cdap.common.HttpExceptionHandler)4 KeyStore (java.security.KeyStore)4 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)3 SConfiguration (io.cdap.cdap.common.conf.SConfiguration)3 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)3 ImmutableList (com.google.common.collect.ImmutableList)2 AbstractIdleService (com.google.common.util.concurrent.AbstractIdleService)2 Futures (com.google.common.util.concurrent.Futures)2 Inject (com.google.inject.Inject)2 Named (com.google.inject.name.Named)2 BadRequestException (io.cdap.cdap.common.BadRequestException)2 ServiceUnavailableException (io.cdap.cdap.common.ServiceUnavailableException)2 DefaultInternalAuthenticator (io.cdap.cdap.common.internal.remote.DefaultInternalAuthenticator)2 RemoteClientFactory (io.cdap.cdap.common.internal.remote.RemoteClientFactory)2