Example 91 with SSLConnectionSocketFactory
use of org.apache.http.conn.ssl.SSLConnectionSocketFactory in project ArachneCentralAPI by OHDSI.
the class IntegrationConfig method getHttpClient.
private CloseableHttpClient getHttpClient() {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
} };
CloseableHttpClient closeableHttpClient = null;
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sc);
HttpClientBuilder httpClientBuilder = HttpClients.custom();
closeableHttpClient = httpClientBuilder.setSSLSocketFactory(csf).build();
} catch (KeyManagementException | NoSuchAlgorithmException ex) {
log.error(ex.getMessage(), ex);
}
return closeableHttpClient;
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
SSLContext(javax.net.ssl.SSLContext)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Example 92 with SSLConnectionSocketFactory
use of org.apache.http.conn.ssl.SSLConnectionSocketFactory in project nifi by apache.
the class PostHTTP method getConfig.
private Config getConfig(final String url, final ProcessContext context) {
final String baseUrl = getBaseUrl(url);
Config config = configMap.get(baseUrl);
if (config != null) {
return config;
}
final PoolingHttpClientConnectionManager conMan;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService == null) {
conMan = new PoolingHttpClientConnectionManager();
} else {
final SSLContext sslContext;
try {
sslContext = createSSLContext(sslContextService);
getLogger().info("PostHTTP supports protocol: " + sslContext.getProtocol());
} catch (final Exception e) {
throw new ProcessException(e);
}
final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
// Also use a plain socket factory for regular http connections (especially proxies)
final Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslsf).register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
conMan = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
}
conMan.setDefaultMaxPerRoute(context.getMaxConcurrentTasks());
conMan.setMaxTotal(context.getMaxConcurrentTasks());
config = new Config(conMan);
final Config existingConfig = configMap.putIfAbsent(baseUrl, config);
return existingConfig == null ? config : existingConfig;
}
Also used :
ProcessException(org.apache.nifi.processor.exception.ProcessException)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
RequestConfig(org.apache.http.client.config.RequestConfig)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
HttpException(org.apache.http.HttpException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
ProcessException(org.apache.nifi.processor.exception.ProcessException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
MalformedURLException(java.net.MalformedURLException)
CertificateException(java.security.cert.CertificateException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
Example 93 with SSLConnectionSocketFactory
use of org.apache.http.conn.ssl.SSLConnectionSocketFactory in project nifi by apache.
the class GetHTTP method onTrigger.
@Override
public void onTrigger(final ProcessContext context, final ProcessSessionFactory sessionFactory) throws ProcessException {
final ComponentLog logger = getLogger();
final ProcessSession session = sessionFactory.createSession();
final FlowFile incomingFlowFile = session.get();
if (incomingFlowFile != null) {
session.transfer(incomingFlowFile, REL_SUCCESS);
logger.warn("found FlowFile {} in input queue; transferring to success", new Object[] { incomingFlowFile });
}
// get the URL
final String url = context.getProperty(URL).evaluateAttributeExpressions().getValue();
final URI uri;
String source = url;
try {
uri = new URI(url);
source = uri.getHost();
} catch (final URISyntaxException swallow) {
// this won't happen as the url has already been validated
}
// get the ssl context service
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
// create the connection manager
final HttpClientConnectionManager conMan;
if (sslContextService == null) {
conMan = new BasicHttpClientConnectionManager();
} else {
final SSLContext sslContext;
try {
sslContext = createSSLContext(sslContextService);
} catch (final Exception e) {
throw new ProcessException(e);
}
final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
// Also include a plain socket factory for regular http connections (especially proxies)
final Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslsf).register("http", PlainConnectionSocketFactory.getSocketFactory()).build();
conMan = new BasicHttpClientConnectionManager(socketFactoryRegistry);
}
try {
// build the request configuration
final RequestConfig.Builder requestConfigBuilder = RequestConfig.custom();
requestConfigBuilder.setConnectionRequestTimeout(context.getProperty(DATA_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue());
requestConfigBuilder.setConnectTimeout(context.getProperty(CONNECTION_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue());
requestConfigBuilder.setSocketTimeout(context.getProperty(DATA_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue());
requestConfigBuilder.setRedirectsEnabled(context.getProperty(FOLLOW_REDIRECTS).asBoolean());
switch(context.getProperty(REDIRECT_COOKIE_POLICY).getValue()) {
case STANDARD_COOKIE_POLICY_STR:
requestConfigBuilder.setCookieSpec(CookieSpecs.STANDARD);
break;
case STRICT_COOKIE_POLICY_STR:
requestConfigBuilder.setCookieSpec(CookieSpecs.STANDARD_STRICT);
break;
case NETSCAPE_COOKIE_POLICY_STR:
requestConfigBuilder.setCookieSpec(CookieSpecs.NETSCAPE);
break;
case IGNORE_COOKIE_POLICY_STR:
requestConfigBuilder.setCookieSpec(CookieSpecs.IGNORE_COOKIES);
break;
case DEFAULT_COOKIE_POLICY_STR:
default:
requestConfigBuilder.setCookieSpec(CookieSpecs.DEFAULT);
}
// build the http client
final HttpClientBuilder clientBuilder = HttpClientBuilder.create();
clientBuilder.setConnectionManager(conMan);
// include the user agent
final String userAgent = context.getProperty(USER_AGENT).getValue();
if (userAgent != null) {
clientBuilder.setUserAgent(userAgent);
}
// set the ssl context if necessary
if (sslContextService != null) {
clientBuilder.setSslcontext(sslContextService.createSSLContext(ClientAuth.REQUIRED));
}
final String username = context.getProperty(USERNAME).getValue();
final String password = context.getProperty(PASSWORD).getValue();
// set the credentials if appropriate
if (username != null) {
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
if (password == null) {
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username));
} else {
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
}
clientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
// Set the proxy if specified
if (context.getProperty(PROXY_HOST).isSet() && context.getProperty(PROXY_PORT).isSet()) {
final String host = context.getProperty(PROXY_HOST).getValue();
final int port = context.getProperty(PROXY_PORT).asInteger();
clientBuilder.setProxy(new HttpHost(host, port));
}
// create request
final HttpGet get = new HttpGet(url);
get.setConfig(requestConfigBuilder.build());
final StateMap beforeStateMap;
try {
beforeStateMap = context.getStateManager().getState(Scope.LOCAL);
final String lastModified = beforeStateMap.get(LAST_MODIFIED + ":" + url);
if (lastModified != null) {
get.addHeader(HEADER_IF_MODIFIED_SINCE, parseStateValue(lastModified).getValue());
}
final String etag = beforeStateMap.get(ETAG + ":" + url);
if (etag != null) {
get.addHeader(HEADER_IF_NONE_MATCH, parseStateValue(etag).getValue());
}
} catch (final IOException ioe) {
throw new ProcessException(ioe);
}
final String accept = context.getProperty(ACCEPT_CONTENT_TYPE).getValue();
if (accept != null) {
get.addHeader(HEADER_ACCEPT, accept);
}
// Add dynamic headers
PropertyValue customHeaderValue;
for (PropertyDescriptor customProperty : customHeaders) {
customHeaderValue = context.getProperty(customProperty).evaluateAttributeExpressions();
if (StringUtils.isNotBlank(customHeaderValue.getValue())) {
get.addHeader(customProperty.getName(), customHeaderValue.getValue());
}
}
// create the http client
try (final CloseableHttpClient client = clientBuilder.build()) {
// NOTE: including this inner try in order to swallow exceptions on close
try {
final StopWatch stopWatch = new StopWatch(true);
final HttpResponse response = client.execute(get);
final int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == NOT_MODIFIED) {
logger.info("content not retrieved because server returned HTTP Status Code {}: Not Modified", new Object[] { NOT_MODIFIED });
context.yield();
// doing a commit in case there were flow files in the input queue
session.commit();
return;
}
final String statusExplanation = response.getStatusLine().getReasonPhrase();
if ((statusCode >= 300) || (statusCode == 204)) {
logger.error("received status code {}:{} from {}", new Object[] { statusCode, statusExplanation, url });
// doing a commit in case there were flow files in the input queue
session.commit();
return;
}
FlowFile flowFile = session.create();
flowFile = session.putAttribute(flowFile, CoreAttributes.FILENAME.key(), context.getProperty(FILENAME).evaluateAttributeExpressions().getValue());
flowFile = session.putAttribute(flowFile, this.getClass().getSimpleName().toLowerCase() + ".remote.source", source);
flowFile = session.importFrom(response.getEntity().getContent(), flowFile);
final Header contentTypeHeader = response.getFirstHeader("Content-Type");
if (contentTypeHeader != null) {
final String contentType = contentTypeHeader.getValue();
if (!contentType.trim().isEmpty()) {
flowFile = session.putAttribute(flowFile, CoreAttributes.MIME_TYPE.key(), contentType.trim());
}
}
final long flowFileSize = flowFile.getSize();
stopWatch.stop();
final String dataRate = stopWatch.calculateDataRate(flowFileSize);
session.getProvenanceReporter().receive(flowFile, url, stopWatch.getDuration(TimeUnit.MILLISECONDS));
session.transfer(flowFile, REL_SUCCESS);
logger.info("Successfully received {} from {} at a rate of {}; transferred to success", new Object[] { flowFile, url, dataRate });
session.commit();
updateStateMap(context, response, beforeStateMap, url);
} catch (final IOException e) {
context.yield();
session.rollback();
logger.error("Failed to retrieve file from {} due to {}; rolling back session", new Object[] { url, e.getMessage() }, e);
throw new ProcessException(e);
} catch (final Throwable t) {
context.yield();
session.rollback();
logger.error("Failed to process due to {}; rolling back session", new Object[] { t.getMessage() }, t);
throw t;
}
} catch (final IOException e) {
logger.debug("Error closing client due to {}, continuing.", new Object[] { e.getMessage() });
}
} finally {
conMan.shutdown();
}
}
Also used :
ProcessSession(org.apache.nifi.processor.ProcessSession)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
HttpGet(org.apache.http.client.methods.HttpGet)
StateMap(org.apache.nifi.components.state.StateMap)
URISyntaxException(java.net.URISyntaxException)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
URI(java.net.URI)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
HttpHost(org.apache.http.HttpHost)
HttpClientConnectionManager(org.apache.http.conn.HttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
FlowFile(org.apache.nifi.flowfile.FlowFile)
RequestConfig(org.apache.http.client.config.RequestConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
PropertyValue(org.apache.nifi.components.PropertyValue)
HttpResponse(org.apache.http.HttpResponse)
SSLContext(javax.net.ssl.SSLContext)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
CredentialsProvider(org.apache.http.client.CredentialsProvider)
IOException(java.io.IOException)
ComponentLog(org.apache.nifi.logging.ComponentLog)
URISyntaxException(java.net.URISyntaxException)
KeyStoreException(java.security.KeyStoreException)
KeyManagementException(java.security.KeyManagementException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ProcessException(org.apache.nifi.processor.exception.ProcessException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)
StopWatch(org.apache.nifi.util.StopWatch)
ProcessException(org.apache.nifi.processor.exception.ProcessException)
Header(org.apache.http.Header)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Example 94 with SSLConnectionSocketFactory
use of org.apache.http.conn.ssl.SSLConnectionSocketFactory in project Lucee by lucee.
the class HttpGetWithBody method ssl.
private void ssl(HttpClientBuilder builder) throws PageException {
try {
// SSLContext sslcontext = SSLContexts.createSystemDefault();
SSLContext sslcontext = SSLContext.getInstance("TLSv1.2");
if (!StringUtil.isEmpty(this.clientCert)) {
if (this.clientCertPassword == null)
this.clientCertPassword = "";
File ksFile = new File(this.clientCert);
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream(ksFile), this.clientCertPassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, this.clientCertPassword.toCharArray());
sslcontext.init(kmf.getKeyManagers(), null, new java.security.SecureRandom());
} else {
sslcontext.init(null, null, new java.security.SecureRandom());
}
final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactoryImpl(sslcontext, new DefaultHostnameVerifierImpl());
builder.setSSLSocketFactory(sslsf);
Registry<ConnectionSocketFactory> reg = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslsf).build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(new DefaultHttpClientConnectionOperatorImpl(reg), null, -1, // TODO review -1 setting
TimeUnit.MILLISECONDS);
builder.setConnectionManager(cm);
} catch (Exception e) {
throw Caster.toPageException(e);
}
}
Also used :
SSLConnectionSocketFactoryImpl(lucee.runtime.net.http.sni.SSLConnectionSocketFactoryImpl)
DefaultHostnameVerifierImpl(lucee.runtime.net.http.sni.DefaultHostnameVerifierImpl)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
FileInputStream(java.io.FileInputStream)
PageException(lucee.runtime.exp.PageException)
NativeException(lucee.runtime.exp.NativeException)
SocketTimeoutException(java.net.SocketTimeoutException)
IOException(java.io.IOException)
EOFException(java.io.EOFException)
FileNotFoundException(java.io.FileNotFoundException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
RequestTimeoutException(lucee.runtime.exp.RequestTimeoutException)
ExpressionException(lucee.runtime.exp.ExpressionException)
ApplicationException(lucee.runtime.exp.ApplicationException)
HTTPException(lucee.runtime.exp.HTTPException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
File(java.io.File)
DefaultHttpClientConnectionOperatorImpl(lucee.runtime.net.http.sni.DefaultHttpClientConnectionOperatorImpl)
Example 95 with SSLConnectionSocketFactory
use of org.apache.http.conn.ssl.SSLConnectionSocketFactory in project dal by ctripcorp.
the class WebUtil method initWeakSSLClient.
private static HttpClient initWeakSSLClient() {
HttpClientBuilder b = HttpClientBuilder.create();
// setup a Trust Strategy that allows all certificates.
//
SSLContext sslContext = null;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] arg0, String arg1) {
return true;
}
}).build();
} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
// do nothing, has been handled outside
}
b.setSslcontext(sslContext);
// don't check Hostnames, either.
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if you don't want to weaken
X509HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
// here's the special part:
// -- need to create an SSL Socket Factory, to use our weakened "trust strategy";
// -- and create a Registry, to register it.
//
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory).build();
// now, we create connection-manager using our Registry.
// -- allows multi-threaded use
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
b.setConnectionManager(connMgr);
/**
* Set timeout option
*/
RequestConfig.Builder configBuilder = RequestConfig.custom();
configBuilder.setConnectTimeout(TIMEOUT);
configBuilder.setSocketTimeout(TIMEOUT);
b.setDefaultRequestConfig(configBuilder.build());
// finally, build the HttpClient;
// -- done!
HttpClient sslClient = b.build();
return sslClient;
}
Also used :
RequestConfig(org.apache.http.client.config.RequestConfig)
TrustStrategy(org.apache.http.conn.ssl.TrustStrategy)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
X509Certificate(java.security.cert.X509Certificate)
KeyManagementException(java.security.KeyManagementException)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory)
X509HostnameVerifier(org.apache.http.conn.ssl.X509HostnameVerifier)
HttpClient(org.apache.http.client.HttpClient)
SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder)
Aggregations
SSLConnectionSocketFactory (org.apache.http.conn.ssl.SSLConnectionSocketFactory)157
SSLContext (javax.net.ssl.SSLContext)99
ConnectionSocketFactory (org.apache.http.conn.socket.ConnectionSocketFactory)63
PlainConnectionSocketFactory (org.apache.http.conn.socket.PlainConnectionSocketFactory)54
SSLContextBuilder (org.apache.http.ssl.SSLContextBuilder)52
PoolingHttpClientConnectionManager (org.apache.http.impl.conn.PoolingHttpClientConnectionManager)49
IOException (java.io.IOException)42
TrustSelfSignedStrategy (org.apache.http.conn.ssl.TrustSelfSignedStrategy)42
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)42
HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)36
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)31
KeyManagementException (java.security.KeyManagementException)30
RequestConfig (org.apache.http.client.config.RequestConfig)25
NoopHostnameVerifier (org.apache.http.conn.ssl.NoopHostnameVerifier)25
KeyStoreException (java.security.KeyStoreException)24
HttpClient (org.apache.http.client.HttpClient)24
HttpComponentsClientHttpRequestFactory (org.springframework.http.client.HttpComponentsClientHttpRequestFactory)24
KeyStore (java.security.KeyStore)22
CertificateException (java.security.cert.CertificateException)21
Test (org.junit.Test)21
