use of io.hops.hopsworks.common.proxies.client.HttpRetryableAction in project hopsworks by logicalclocks.
the class CAProxy method revokeX509.
private void revokeX509(String parameterName, String parameterValue, String path) throws HopsSecurityException, GenericException {
if (Strings.isNullOrEmpty(parameterValue)) {
throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_NOT_FOUND, Level.SEVERE, null, "Certificate parameter value cannot be null or empty");
}
try {
URI revokeURI = new URIBuilder(path).addParameter(parameterName, parameterValue).build();
HttpDelete httpRequest = new HttpDelete(revokeURI);
client.setAuthorizationHeader(httpRequest);
HttpRetryableAction<Void> retryableAction = new HttpRetryableAction<Void>() {
@Override
public Void performAction() throws ClientProtocolException, IOException {
return client.execute(httpRequest, CA_REVOKE_RESPONSE_HANDLER);
}
};
retryableAction.tryAction();
} catch (URISyntaxException ex) {
throw new GenericException(RESTCodes.GenericErrorCode.UNKNOWN_ERROR, Level.SEVERE, null, null, ex);
} catch (ClientProtocolException ex) {
LOG.log(Level.WARNING, "Could not revoke X.509 " + parameterValue, ex);
if (ex.getCause() instanceof HopsSecurityException) {
throw (HopsSecurityException) ex.getCause();
}
throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_REVOKATION_ERROR, Level.WARNING, null, null, ex);
} catch (IOException ex) {
LOG.log(Level.SEVERE, "Could not revoke X.509 " + parameterValue, ex);
throw new GenericException(RESTCodes.GenericErrorCode.UNKNOWN_ERROR, Level.SEVERE, "Generic error while revoking X.509", null, ex);
}
}
use of io.hops.hopsworks.common.proxies.client.HttpRetryableAction in project hopsworks by logicalclocks.
the class CAProxy method signCSR.
private CSR signCSR(CSR csr, CA_PATH path) throws HopsSecurityException, GenericException {
try {
String csrJSON = objectMapper.writeValueAsString(csr);
HttpPost httpRequest = new HttpPost(path.path);
httpRequest.setHeader(HttpHeaders.CONTENT_TYPE, CONTENT_TYPE_JSON);
client.setAuthorizationHeader(httpRequest);
httpRequest.setEntity(new StringEntity(csrJSON));
HttpRetryableAction<CSR> retryableAction = new HttpRetryableAction<CSR>() {
@Override
public CSR performAction() throws ClientProtocolException, IOException {
return client.execute(httpRequest, CA_SIGN_RESPONSE_HANDLER);
}
};
return retryableAction.tryAction();
} catch (JsonProcessingException ex) {
throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CSR_ERROR, Level.SEVERE, null, null, ex);
} catch (ClientProtocolException ex) {
LOG.log(Level.SEVERE, "Could not sign CSR", ex);
throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CSR_ERROR, Level.SEVERE, null, null, ex.getCause());
} catch (IOException ex) {
LOG.log(Level.SEVERE, "Could not sign CSR", ex);
throw new GenericException(RESTCodes.GenericErrorCode.UNKNOWN_ERROR, Level.SEVERE, "Generic error while signing CSR", null, ex);
}
}
use of io.hops.hopsworks.common.proxies.client.HttpRetryableAction in project hopsworks by logicalclocks.
the class KibanaClient method execute.
private JSONObject execute(HttpMethod method, KibanaType type, String id, String data, Users user, Project project, boolean overwrite, boolean runAsDataOwner) throws ElasticException {
String url = settings.getKibanaUri() + "/api/saved_objects";
if (type != KibanaType.All) {
url += "/" + type.toString();
}
if (id != null) {
url += "/" + id;
}
if (overwrite) {
url += "?overwrite=true";
}
try {
final HttpUriRequest httpRequest = buildHttpRequest(method, url, data);
httpRequest.setHeader("kbn-xsrf", "required");
httpRequest.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
// authorization
if (settings.isElasticOpenDistroSecurityEnabled()) {
if (settings.isElasticJWTEnabled() && project != null && (user != null || runAsDataOwner)) {
String token = runAsDataOwner ? elasticJWTController.createTokenForELKAsDataOwner(project) : elasticJWTController.createTokenForELK(user, project);
httpRequest.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token);
} else {
String userPass = settings.getElasticAdminUser() + ":" + settings.getElasticAdminPassword();
httpRequest.setHeader(HttpHeaders.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString(userPass.getBytes()));
}
}
HttpRetryableAction<JSONObject> retryableAction = new HttpRetryableAction<JSONObject>(backOffPolicy) {
@Override
public JSONObject performAction() throws ClientProtocolException, IOException {
return client.execute(httpRequest, httpResponse -> {
int statusCode = httpResponse.getStatusLine().getStatusCode();
if (statusCode / 100 == 2) {
String response = EntityUtils.toString(httpResponse.getEntity());
return Strings.isNullOrEmpty(response) ? new JSONObject() : new JSONObject(response);
} else if (statusCode / 100 == 4) {
if (statusCode == 404) {
throw new NotFoundClientProtocolException(httpResponse.toString());
} else {
throw new NotRetryableClientProtocolException(httpResponse.toString());
}
} else {
// Retry
throw new ClientProtocolException();
}
});
}
};
return retryableAction.tryAction();
} catch (IOException e) {
throw new ElasticException(RESTCodes.ElasticErrorCode.KIBANA_REQ_ERROR, Level.INFO, "Failed to execute a Kibana request. Reason: " + e.getMessage(), "url:" + url, e);
}
}
Aggregations