Search in sources :

Example 1 with PlainConnectionSocketFactory

use of org.apache.http.conn.socket.PlainConnectionSocketFactory in project fabric-sdk-java by hyperledger.

the class HFCAClient method setUpSSL.

private void setUpSSL() throws InvalidArgumentException {
    if (cryptoPrimitives == null) {
        try {
            cryptoPrimitives = new CryptoPrimitives();
            cryptoPrimitives.init();
        } catch (Exception e) {
            throw new InvalidArgumentException(e);
        }
    }
    if (isSSL && null == registry) {
        if (properties.containsKey("pemBytes") && properties.containsKey("pemFile")) {
            throw new InvalidArgumentException("Properties can not have both \"pemBytes\" and \"pemFile\" specified. ");
        }
        try {
            if (properties.containsKey("pemBytes")) {
                byte[] pemBytes = (byte[]) properties.get("pemBytes");
                cryptoPrimitives.addCACertificateToTrustStore(pemBytes, pemBytes.toString());
            } else {
                String pemFile = properties.getProperty("pemFile");
                if (pemFile != null) {
                    cryptoPrimitives.addCACertificateToTrustStore(new File(pemFile), pemFile);
                }
            }
            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(cryptoPrimitives.getTrustStore(), null).build();
            ConnectionSocketFactory sf;
            if (null != properties && "true".equals(properties.getProperty("allowAllHostNames"))) {
                AllHostsSSLSocketFactory msf = new AllHostsSSLSocketFactory(cryptoPrimitives.getTrustStore());
                msf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                sf = msf;
            } else {
                sf = new SSLConnectionSocketFactory(sslContext);
            }
            registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sf).register("http", new PlainConnectionSocketFactory()).build();
        } catch (Exception e) {
            logger.error(e);
            throw new InvalidArgumentException(e);
        }
    }
}
Also used : SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) InvalidArgumentException(org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) SSLContext(javax.net.ssl.SSLContext) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) File(java.io.File) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) InvalidArgumentException(org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException) URISyntaxException(java.net.URISyntaxException) RegistrationException(org.hyperledger.fabric_ca.sdk.exception.RegistrationException) KeyStoreException(java.security.KeyStoreException) AffiliationException(org.hyperledger.fabric_ca.sdk.exception.AffiliationException) GenerateCRLException(org.hyperledger.fabric_ca.sdk.exception.GenerateCRLException) KeyManagementException(java.security.KeyManagementException) IdentityException(org.hyperledger.fabric_ca.sdk.exception.IdentityException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) EnrollmentException(org.hyperledger.fabric_ca.sdk.exception.EnrollmentException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RevocationException(org.hyperledger.fabric_ca.sdk.exception.RevocationException) ParseException(org.apache.http.ParseException) MalformedURLException(java.net.MalformedURLException) InfoException(org.hyperledger.fabric_ca.sdk.exception.InfoException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) HTTPException(org.hyperledger.fabric_ca.sdk.exception.HTTPException) CryptoPrimitives(org.hyperledger.fabric.sdk.security.CryptoPrimitives)

Example 2 with PlainConnectionSocketFactory

use of org.apache.http.conn.socket.PlainConnectionSocketFactory in project ovirt-engine by oVirt.

the class HttpClientBuilder method build.

public CloseableHttpClient build() throws IOException, GeneralSecurityException {
    // Prepare the default configuration for all requests:
    RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(connectTimeout != null ? connectTimeout : 0).setSocketTimeout(readTimeout != null ? readTimeout : 0).build();
    // Configure the trust manager:
    TrustManager[] trustManager = null;
    if (verifyChain) {
        if (trustStore != null) {
            try (InputStream is = new FileInputStream(trustStore)) {
                KeyStore ks = KeyStore.getInstance(trustStoreType);
                ks.load(is, StringUtils.isEmpty(trustStorePassword) ? null : trustStorePassword.toCharArray());
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm);
                tmf.init(ks);
                trustManager = tmf.getTrustManagers();
            }
        }
    } else {
        trustManager = new TrustManager[] { new X509TrustManager() {

            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[] {};
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        } };
    }
    // Create the SSL context:
    SSLContext sslContext = SSLContext.getInstance(tlsProtocol);
    sslContext.init(null, trustManager, null);
    // Create the SSL host name verifier:
    HostnameVerifier sslHostnameVerifier = null;
    if (!verifyHost) {
        sslHostnameVerifier = (hostname, session) -> true;
    }
    // Create the socket factory for HTTP:
    ConnectionSocketFactory httpSocketFactory = new PlainConnectionSocketFactory();
    // Create the socket factory for HTTPS:
    ConnectionSocketFactory httpsSocketFactory = new SSLConnectionSocketFactory(sslContext, sslHostnameVerifier);
    // Create the socket factory registry:
    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", httpSocketFactory).register("https", httpsSocketFactory).build();
    // Create the connection manager:
    HttpClientConnectionManager connectionManager;
    if (poolSize != null) {
        PoolingHttpClientConnectionManager poolManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
        poolManager.setDefaultMaxPerRoute(poolSize);
        poolManager.setMaxTotal(poolSize);
        poolManager.setValidateAfterInactivity(validateAfterInactivity == null ? 100 : validateAfterInactivity);
        connectionManager = poolManager;
    } else {
        connectionManager = new BasicHttpClientConnectionManager(socketFactoryRegistry);
    }
    // Create the client:
    return org.apache.http.impl.client.HttpClientBuilder.create().setDefaultRequestConfig(requestConfig).setSSLHostnameVerifier(sslHostnameVerifier).setConnectionManager(connectionManager).setRetryHandler(new StandardHttpRequestRetryHandler(retryCount == null ? 1 : retryCount, true)).build();
}
Also used : RequestConfig(org.apache.http.client.config.RequestConfig) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) SSLContext(javax.net.ssl.SSLContext) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) KeyStore(java.security.KeyStore) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) HostnameVerifier(javax.net.ssl.HostnameVerifier) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) StandardHttpRequestRetryHandler(org.apache.http.impl.client.StandardHttpRequestRetryHandler) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) HttpClientConnectionManager(org.apache.http.conn.HttpClientConnectionManager) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)

Example 3 with PlainConnectionSocketFactory

use of org.apache.http.conn.socket.PlainConnectionSocketFactory in project oxTrust by GluuFederation.

the class ShibbolethReloadService method create.

@PostConstruct
public void create() {
    try {
        log.info(">>>>> Initializing ShibbolethReloadService");
        SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build();
        HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
        SSLConnectionSocketFactory sslConnSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslConnSocketFactory).register("http", new PlainConnectionSocketFactory()).build();
        PoolingHttpClientConnectionManager poolingHttpConnMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
        poolingHttpConnMgr.setMaxTotal(HTTP_DEFAULT_MAX_TOTAL_CONNECTIONS);
        poolingHttpConnMgr.setDefaultMaxPerRoute(HTTP_DEFAULT_MAX_CONN_PER_ROUTE);
        this.connectionManager = poolingHttpConnMgr;
        log.info(">>>> ShibbolethReloadService Initialization complete");
    } catch (Exception e) {
        this.connectionManager = null;
        log.info("Could not initialize ShibbolethReloadService", e);
    }
}
Also used : PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) SSLContext(javax.net.ssl.SSLContext) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy) IOException(java.io.IOException) NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier) HostnameVerifier(javax.net.ssl.HostnameVerifier) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) PostConstruct(javax.annotation.PostConstruct)

Example 4 with PlainConnectionSocketFactory

use of org.apache.http.conn.socket.PlainConnectionSocketFactory in project metron by apache.

the class TaxiiHandler method buildClient.

private static HttpClient buildClient(URL proxy, String username, String password) throws Exception {
    // Start with a default TAXII HTTP client.
    HttpClient client = new HttpClient();
    // Create an Apache HttpClientBuilder to be customized by the command line arguments.
    HttpClientBuilder builder = HttpClientBuilder.create().useSystemProperties();
    // Proxy
    if (proxy != null) {
        HttpHost proxyHost = new HttpHost(proxy.getHost(), proxy.getPort(), proxy.getProtocol());
        builder.setProxy(proxyHost);
    }
    // Basic authentication. User & Password
    if (username != null ^ password != null) {
        throw new Exception("'username' and 'password' arguments are required to appear together.");
    }
    // from:  http://stackoverflow.com/questions/19517538/ignoring-ssl-certificate-in-apache-httpclient-4-3
    SSLContextBuilder ssbldr = new SSLContextBuilder();
    ssbldr.loadTrustMaterial(null, new TrustSelfSignedStrategy());
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(ssbldr.build(), SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
    Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", new PlainConnectionSocketFactory()).register("https", sslsf).build();
    PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
    // max connection
    cm.setMaxTotal(20);
    // ""
    System.setProperty("jsse.enableSNIExtension", "false");
    CloseableHttpClient httpClient = builder.setSSLSocketFactory(sslsf).setConnectionManager(cm).build();
    client.setHttpclient(httpClient);
    return client;
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) HttpHost(org.apache.http.HttpHost) HttpClient(org.mitre.taxii.client.HttpClient) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLContextBuilder(org.apache.http.conn.ssl.SSLContextBuilder) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) DatatypeConfigurationException(javax.xml.datatype.DatatypeConfigurationException) JAXBException(javax.xml.bind.JAXBException) TransformerException(javax.xml.transform.TransformerException) IOException(java.io.IOException) TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)

Example 5 with PlainConnectionSocketFactory

use of org.apache.http.conn.socket.PlainConnectionSocketFactory in project athenz by yahoo.

the class ZTSClient method createConnectionManager.

PoolingHttpClientConnectionManager createConnectionManager(SSLContext sslContext, HostnameVerifier hostnameVerifier) {
    if (sslContext == null) {
        return null;
    }
    SSLConnectionSocketFactory sslSocketFactory;
    if (hostnameVerifier == null) {
        sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
    } else {
        sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
    }
    Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslSocketFactory).register("http", new PlainConnectionSocketFactory()).build();
    PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager(registry);
    // we'll use the default values from apache http connector - max 20 and per route 2
    int maxPerRoute = Integer.parseInt(System.getProperty(ZTS_CLIENT_PROP_POOL_MAX_PER_ROUTE, "2"));
    int maxTotal = Integer.parseInt(System.getProperty(ZTS_CLIENT_PROP_POOL_MAX_TOTAL, "20"));
    poolingHttpClientConnectionManager.setDefaultMaxPerRoute(maxPerRoute);
    poolingHttpClientConnectionManager.setMaxTotal(maxTotal);
    return poolingHttpClientConnectionManager;
}
Also used : SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)

Aggregations

ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)10 PlainConnectionSocketFactory (org.apache.http.conn.socket.PlainConnectionSocketFactory)10 SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)10 PoolingHttpClientConnectionManager (org.apache.http.impl.conn.PoolingHttpClientConnectionManager)9 SSLContext (javax.net.ssl.SSLContext)5 IOException (java.io.IOException)4 TrustSelfSignedStrategy (org.apache.http.conn.ssl.TrustSelfSignedStrategy)4 KeyManagementException (java.security.KeyManagementException)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 HostnameVerifier (javax.net.ssl.HostnameVerifier)2 SSLContextBuilder (org.apache.http.conn.ssl.SSLContextBuilder)2 SSLContextBuilder (org.apache.http.ssl.SSLContextBuilder)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 ServiceError (com.kixeye.chassis.transport.dto.ServiceError)1 SerDeHttpMessageConverter (com.kixeye.chassis.transport.http.SerDeHttpMessageConverter)1 MessageSerDe (com.kixeye.chassis.transport.serde.MessageSerDe)1 JsonJacksonMessageSerDe (com.kixeye.chassis.transport.serde.converter.JsonJacksonMessageSerDe)1