Examples with SSLIOSessionStrategy org.apache.http.nio.conn.ssl.SSLIOSessionStrategy used on opensource projects

Example 1 with SSLIOSessionStrategy

use of org.apache.http.nio.conn.ssl.SSLIOSessionStrategy in project elasticsearch by elastic.

the class ESRestTestCase method buildClient.

protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException {
    RestClientBuilder builder = RestClient.builder(hosts);
    String keystorePath = settings.get(TRUSTSTORE_PATH);
    if (keystorePath != null) {
        final String keystorePass = settings.get(TRUSTSTORE_PASSWORD);
        if (keystorePass == null) {
            throw new IllegalStateException(TRUSTSTORE_PATH + " is provided but not " + TRUSTSTORE_PASSWORD);
        }
        Path path = PathUtils.get(keystorePath);
        if (!Files.exists(path)) {
            throw new IllegalStateException(TRUSTSTORE_PATH + " is set but points to a non-existing file");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            try (InputStream is = Files.newInputStream(path)) {
                keyStore.load(is, keystorePass.toCharArray());
            }
            SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(keyStore, null).build();
            SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sslcontext);
            builder.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setSSLStrategy(sessionStrategy));
        } catch (KeyStoreException | NoSuchAlgorithmException | KeyManagementException | CertificateException e) {
            throw new RuntimeException("Error setting up ssl", e);
        }
    }
    try (ThreadContext threadContext = new ThreadContext(settings)) {
        Header[] defaultHeaders = new Header[threadContext.getHeaders().size()];
        int i = 0;
        for (Map.Entry<String, String> entry : threadContext.getHeaders().entrySet()) {
            defaultHeaders[i++] = new BasicHeader(entry.getKey(), entry.getValue());
        }
        builder.setDefaultHeaders(defaultHeaders);
    }
    return builder.build();
}

Example 2 with SSLIOSessionStrategy

use of org.apache.http.nio.conn.ssl.SSLIOSessionStrategy in project nutch by apache.

the class ElasticRestIndexWriter method open.

@Override
public void open(Configuration conf, String name) throws IOException {
    hosts = conf.getStrings(ElasticRestConstants.HOST);
    port = conf.getInt(ElasticRestConstants.PORT, 9200);
    user = conf.get(ElasticRestConstants.USER);
    password = conf.get(ElasticRestConstants.PASSWORD);
    https = conf.getBoolean(ElasticRestConstants.HTTPS, false);
    trustAllHostnames = conf.getBoolean(ElasticRestConstants.HOSTNAME_TRUST, false);
    languages = conf.getStrings(ElasticRestConstants.LANGUAGES);
    separator = conf.get(ElasticRestConstants.SEPARATOR, DEFAULT_SEPARATOR);
    sink = conf.get(ElasticRestConstants.SINK, DEFAULT_SINK);
    // trust ALL certificates
    SSLContext sslContext = null;
    try {
        sslContext = new SSLContextBuilder().loadTrustMaterial(new TrustStrategy() {

            public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
                return true;
            }
        }).build();
    } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
        LOG.error("Failed to instantiate sslcontext object: \n{}", ExceptionUtils.getStackTrace(e));
        throw new SecurityException();
    }
    // skip hostname checks
    HostnameVerifier hostnameVerifier = null;
    if (trustAllHostnames) {
        hostnameVerifier = NoopHostnameVerifier.INSTANCE;
    } else {
        hostnameVerifier = new DefaultHostnameVerifier();
    }
    SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
    SchemeIOSessionStrategy httpsIOSessionStrategy = new SSLIOSessionStrategy(sslContext, hostnameVerifier);
    JestClientFactory jestClientFactory = new JestClientFactory();
    if (hosts == null || hosts.length == 0 || port <= 1) {
        throw new IllegalStateException("No hosts or port specified. Please set the host and port in nutch-site.xml");
    }
    List<String> urlsOfElasticsearchNodes = new ArrayList<String>();
    for (String host : hosts) {
        urlsOfElasticsearchNodes.add(new URL(https ? "https" : "http", host, port, "").toString());
    }
    HttpClientConfig.Builder builder = new HttpClientConfig.Builder(urlsOfElasticsearchNodes).multiThreaded(true).connTimeout(300000).readTimeout(300000);
    if (https) {
        if (user != null && password != null) {
            builder.defaultCredentials(user, password);
        }
        builder.defaultSchemeForDiscoveredNodes("https").sslSocketFactory(// this only affects sync calls
        sslSocketFactory).httpsIOSessionStrategy(// this only affects async calls
        httpsIOSessionStrategy);
    }
    jestClientFactory.setHttpClientConfig(builder.build());
    client = jestClientFactory.getObject();
    defaultIndex = conf.get(ElasticRestConstants.INDEX, "nutch");
    defaultType = conf.get(ElasticRestConstants.TYPE, "doc");
    maxBulkDocs = conf.getInt(ElasticRestConstants.MAX_BULK_DOCS, DEFAULT_MAX_BULK_DOCS);
    maxBulkLength = conf.getInt(ElasticRestConstants.MAX_BULK_LENGTH, DEFAULT_MAX_BULK_LENGTH);
    bulkBuilder = new Bulk.Builder().defaultIndex(defaultIndex).defaultType(defaultType);
}

Example 3 with SSLIOSessionStrategy

use of org.apache.http.nio.conn.ssl.SSLIOSessionStrategy in project portal by ixinportal.

the class HttpAsyncClientUtil method createAsyncClient.

public CloseableHttpAsyncClient createAsyncClient(boolean proxy) throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, MalformedChallengeException, IOReactorException {
    RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(connectTimeout).setSocketTimeout(socketTimeout).build();
    SSLContext sslcontext = SSLContexts.createDefault();
    UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(username, password);
    CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
    credentialsProvider.setCredentials(AuthScope.ANY, credentials);
    // 设置协议http和https对应的处理socket链接工厂的对象
    Registry<SchemeIOSessionStrategy> sessionStrategyRegistry = RegistryBuilder.<SchemeIOSessionStrategy>create().register("http", NoopIOSessionStrategy.INSTANCE).register("https", new SSLIOSessionStrategy(sslcontext)).build();
    // 配置io线程
    IOReactorConfig ioReactorConfig = IOReactorConfig.custom().setIoThreadCount(Runtime.getRuntime().availableProcessors()).build();
    // 设置连接池大小
    ConnectingIOReactor ioReactor = new DefaultConnectingIOReactor(ioReactorConfig);
    PoolingNHttpClientConnectionManager conMgr = new PoolingNHttpClientConnectionManager(ioReactor, null, sessionStrategyRegistry, null);
    if (poolSize > 0) {
        conMgr.setMaxTotal(poolSize);
    }
    if (maxPerRoute > 0) {
        conMgr.setDefaultMaxPerRoute(maxPerRoute);
    } else {
        conMgr.setDefaultMaxPerRoute(10);
    }
    ConnectionConfig connectionConfig = ConnectionConfig.custom().setMalformedInputAction(CodingErrorAction.IGNORE).setUnmappableInputAction(CodingErrorAction.IGNORE).setCharset(Consts.UTF_8).build();
    Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.BASIC, new BasicSchemeFactory()).register(AuthSchemes.DIGEST, new DigestSchemeFactory()).register(AuthSchemes.NTLM, new NTLMSchemeFactory()).register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()).register(AuthSchemes.KERBEROS, new KerberosSchemeFactory()).build();
    conMgr.setDefaultConnectionConfig(connectionConfig);
    if (proxy) {
        return HttpAsyncClients.custom().setConnectionManager(conMgr).setDefaultCredentialsProvider(credentialsProvider).setDefaultAuthSchemeRegistry(authSchemeRegistry).setProxy(new HttpHost(host, port)).setDefaultCookieStore(new BasicCookieStore()).setDefaultRequestConfig(requestConfig).build();
    } else {
        return HttpAsyncClients.custom().setConnectionManager(conMgr).setDefaultCredentialsProvider(credentialsProvider).setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCookieStore(new BasicCookieStore()).build();
    }
}

Example 4 with SSLIOSessionStrategy

use of org.apache.http.nio.conn.ssl.SSLIOSessionStrategy in project gateway-dubbox by zhuzhong.

the class OpenApiHttpAsynClientServiceImpl method initHttpAsynClient.

private void initHttpAsynClient() throws IOReactorException {
    // Use custom message parser / writer to customize the way HTTP
    // messages are parsed from and written out to the data stream.
    NHttpMessageParserFactory<HttpResponse> responseParserFactory = new DefaultHttpResponseParserFactory() {

        @Override
        public NHttpMessageParser<HttpResponse> create(final SessionInputBuffer buffer, final MessageConstraints constraints) {
            LineParser lineParser = new BasicLineParser() {

                @Override
                public Header parseHeader(final CharArrayBuffer buffer) {
                    try {
                        return super.parseHeader(buffer);
                    } catch (ParseException ex) {
                        return new BasicHeader(buffer.toString(), null);
                    }
                }
            };
            return new DefaultHttpResponseParser(buffer, lineParser, DefaultHttpResponseFactory.INSTANCE, constraints);
        }
    };
    NHttpMessageWriterFactory<HttpRequest> requestWriterFactory = new DefaultHttpRequestWriterFactory();
    // Use a custom connection factory to customize the process of
    // initialization of outgoing HTTP connections. Beside standard
    // connection
    // configuration parameters HTTP connection factory can define message
    // parser / writer routines to be employed by individual connections.
    NHttpConnectionFactory<ManagedNHttpClientConnection> connFactory = new ManagedNHttpClientConnectionFactory(requestWriterFactory, responseParserFactory, HeapByteBufferAllocator.INSTANCE);
    // Client HTTP connection objects when fully initialized can be bound to
    // an arbitrary network socket. The process of network socket
    // initialization,
    // its connection to a remote address and binding to a local one is
    // controlled
    // by a connection socket factory.
    // SSL context for secure connections can be created either based on
    // system or application specific properties.
    // SSLContext sslcontext = org.apache.http.ssl.SSLContexts.createSystemDefault();
    // SSLContext sslcontext = org.apache.http.ssl.SSLContexts.createDefault();
    SSLContext sslcontext = null;
    try {
        sslcontext = this.createIgnoreVerifySSL();
    } catch (KeyManagementException | NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    // Use custom hostname verifier to customize SSL hostname verification.
    HostnameVerifier hostnameVerifier = new DefaultHostnameVerifier();
    // Create a registry of custom connection session strategies for
    // supported
    // protocol schemes.
    Registry<SchemeIOSessionStrategy> sessionStrategyRegistry = RegistryBuilder.<SchemeIOSessionStrategy>create().register("http", NoopIOSessionStrategy.INSTANCE).register("https", new SSLIOSessionStrategy(sslcontext)).build();
    // .register("https", SSLConnectionSocketFactory.getSystemSocketFactory()).build();
    // Use custom DNS resolver to override the system DNS resolution.
    DnsResolver dnsResolver = new SystemDefaultDnsResolver() {

        @Override
        public InetAddress[] resolve(final String host) throws UnknownHostException {
            if (host.equalsIgnoreCase("myhost")) {
                return new InetAddress[] { InetAddress.getByAddress(new byte[] { 127, 0, 0, 1 }) };
            } else {
                return super.resolve(host);
            }
        }
    };
    // Create I/O reactor configuration
    IOReactorConfig ioReactorConfig = IOReactorConfig.custom().setIoThreadCount(Runtime.getRuntime().availableProcessors()).setConnectTimeout(30000).setSoTimeout(30000).build();
    // Create a custom I/O reactort
    ConnectingIOReactor ioReactor = new DefaultConnectingIOReactor(ioReactorConfig);
    // Create a connection manager with custom configuration.
    PoolingNHttpClientConnectionManager connManager = new PoolingNHttpClientConnectionManager(ioReactor, connFactory, sessionStrategyRegistry, dnsResolver);
    // Create message constraints
    MessageConstraints messageConstraints = MessageConstraints.custom().setMaxHeaderCount(200).setMaxLineLength(2000).build();
    // Create connection configuration
    ConnectionConfig connectionConfig = ConnectionConfig.custom().setMalformedInputAction(CodingErrorAction.IGNORE).setUnmappableInputAction(CodingErrorAction.IGNORE).setCharset(Consts.UTF_8).setMessageConstraints(messageConstraints).build();
    // Configure the connection manager to use connection configuration
    // either
    // by default or for a specific host.
    connManager.setDefaultConnectionConfig(connectionConfig);
    // connManager.setConnectionConfig(new HttpHost("somehost", 80),
    // ConnectionConfig.DEFAULT);
    // Configure total max or per route limits for persistent connections
    // that can be kept in the pool or leased by the connection manager.
    connManager.setMaxTotal(100);
    connManager.setDefaultMaxPerRoute(10);
    // connManager.setMaxPerRoute(new HttpRoute(new HttpHost("somehost",
    // 80)), 20);
    // Use custom cookie store if necessary.
    CookieStore cookieStore = new BasicCookieStore();
    // Use custom credentials provider if necessary.
    // CredentialsProvider credentialsProvider = new
    // BasicCredentialsProvider();
    // credentialsProvider.setCredentials(new AuthScope("localhost", 8889),
    // new UsernamePasswordCredentials("squid", "nopassword"));
    // Create global request configuration
    RequestConfig defaultRequestConfig = RequestConfig.custom().setCookieSpec(CookieSpecs.DEFAULT).setExpectContinueEnabled(true).setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.NTLM, AuthSchemes.DIGEST)).setProxyPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC)).build();
    // Create an HttpClient with the given custom dependencies and
    // configuration.
    // CloseableHttpAsyncClient
    httpAsyncClient = HttpAsyncClients.custom().setConnectionManager(connManager).build();
}

Example 5 with SSLIOSessionStrategy

use of org.apache.http.nio.conn.ssl.SSLIOSessionStrategy in project SSM by Intel-bigdata.

the class HttpProxyClient method getAsyncConnectionManager.

private PoolingNHttpClientConnectionManager getAsyncConnectionManager() {
    ConnectingIOReactor ioReactor = null;
    PoolingNHttpClientConnectionManager cm = null;
    try {
        ioReactor = new DefaultConnectingIOReactor();
        // ssl setup
        SSLContext sslcontext = SSLContexts.createSystemDefault();
        X509HostnameVerifier hostnameVerifier = new BrowserCompatHostnameVerifier();
        @SuppressWarnings("deprecation") Registry<SchemeIOSessionStrategy> sessionStrategyRegistry = RegistryBuilder.<SchemeIOSessionStrategy>create().register("http", NoopIOSessionStrategy.INSTANCE).register("https", new SSLIOSessionStrategy(sslcontext, hostnameVerifier)).build();
        cm = new PoolingNHttpClientConnectionManager(ioReactor, sessionStrategyRegistry);
    } catch (IOReactorException e) {
        LOG.error("Couldn't initialize multi-threaded async client ", e);
        return null;
    }
    return cm;
}