org.glassfish.jersey.SslConfigurator Java Examples

The following examples show how to use org.glassfish.jersey.SslConfigurator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractRestClient.java    From hugegraph-common with Apache License 2.0 7 votes vote down vote up
private static Client wrapTrustConfig(String url, ClientConfig config) {
    SslConfigurator sslConfig = SslConfigurator.newInstance();
    String trustStoreFile = config.getProperty("trustStoreFile").toString();
    String trustStorePassword = config.getProperty("trustStorePassword")
                                      .toString();
    sslConfig.trustStoreFile(trustStoreFile)
             .trustStorePassword(trustStorePassword);
    sslConfig.securityProtocol("SSL");
    SSLContext context = sslConfig.createSSLContext();
    TrustManager[] trustAllManager = NoCheckTrustManager.create();
    try {
        context.init(null, trustAllManager, new SecureRandom());
    } catch (KeyManagementException e) {
        throw new ClientException("Failed to init security management", e);
    }
    return ClientBuilder.newBuilder()
                        .hostnameVerifier(new HostNameVerifier(url))
                        .sslContext(context)
                        .build();
}
 
Example #2
Source File: SchemaRegistryClient.java    From registry with Apache License 2.0 6 votes vote down vote up
protected SSLContext createSSLContext(Map<String, String> sslConfigurations) {
    SslConfigurator sslConfigurator = SslConfigurator.newInstance();
    if (sslConfigurations.containsKey(SSL_KEY_STORE_PATH)) {
        sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType"))
                       .keyStoreFile(sslConfigurations.get(SSL_KEY_STORE_PATH))
                       .keyStorePassword(sslConfigurations.get("keyStorePassword"))
                       .keyStoreProvider(sslConfigurations.get("keyStoreProvider"))
                       .keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm"))
                       .keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider"));
        if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) {
            sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD));
        }
    }


    sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType"))
                   .trustStoreFile(sslConfigurations.get("trustStorePath"))
                   .trustStorePassword(sslConfigurations.get("trustStorePassword"))
                   .trustStoreProvider(sslConfigurations.get("trustStoreProvider"))
                   .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm"))
                   .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider"));

    sslConfigurator.securityProtocol(sslConfigurations.get("protocol"));

    return sslConfigurator.createSSLContext();
}
 
Example #3
Source File: ParaClient.java    From para with Apache License 2.0 6 votes vote down vote up
/**
 * Default constructor.
 * @param accessKey app access key
 * @param secretKey app secret key
 */
public ParaClient(String accessKey, String secretKey) {
	this.accessKey = accessKey;
	this.secretKey = secretKey;
	if (StringUtils.length(secretKey) < 6) {
		logger.warn("Secret key appears to be invalid. Make sure you call 'signIn()' first.");
	}
	this.throwExceptionOnHTTPError = false;
	ObjectMapper mapper = ParaObjectUtils.getJsonMapper();
	mapper.setSerializationInclusion(JsonInclude.Include.USE_DEFAULTS);
	ClientConfig clientConfig = new ClientConfig();
	clientConfig.register(GenericExceptionMapper.class);
	clientConfig.register(new JacksonJsonProvider(mapper));
	clientConfig.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
	SSLContext sslContext = SslConfigurator.newInstance().createSSLContext();
	apiClient = ClientBuilder.newBuilder().
			sslContext(sslContext).
			withConfig(clientConfig).build();
}
 
Example #4
Source File: TlsSetupService.java    From cloudbreak with Apache License 2.0 6 votes vote down vote up
public void setupTls(Stack stack, InstanceMetaData gwInstance) throws CloudbreakException {
    try {
        SavingX509TrustManager x509TrustManager = new SavingX509TrustManager();
        TrustManager[] trustManagers = {x509TrustManager};
        SSLContext sslContext = SslConfigurator.newInstance().createSSLContext();
        sslContext.init(null, trustManagers, new SecureRandom());
        Client client = RestClientUtil.createClient(sslContext, false);
        Integer gatewayPort = stack.getGatewayPort();
        String ip = gatewayConfigService.getGatewayIp(stack, gwInstance);
        LOGGER.debug("Trying to fetch the server's certificate: {}:{}", ip, gatewayPort);
        nginxPollerService.pollWithAbsoluteTimeout(
                nginxCertListenerTask, new NginxPollerObject(client, ip, gatewayPort, x509TrustManager),
                POLLING_INTERVAL, TEN_MIN, MAX_FAILURE);
        WebTarget nginxTarget = client.target(String.format("https://%s:%d", ip, gatewayPort));
        nginxTarget.path("/").request().get().close();
        X509Certificate[] chain = x509TrustManager.getChain();
        String serverCert = PkiUtil.convert(chain[0]);
        InstanceMetaData metaData = getInstanceMetaData(gwInstance);
        metaData.setServerCert(BaseEncoding.base64().encode(serverCert.getBytes()));
        instanceMetaDataService.save(metaData);
    } catch (Exception e) {
        throw new CloudbreakException("Failed to retrieve the server's certificate from Nginx."
                + " Please check your security group is open enough and the Management Console can access your VPC and subnet."
                + " Please also Make sure your Subnets can route to the internet and you have public DNS and IP options enabled", e);
    }
}
 
Example #5
Source File: SchemaRegistryClient.java    From nifi with Apache License 2.0 6 votes vote down vote up
protected SSLContext createSSLContext(Map<String, String> sslConfigurations) {
    SslConfigurator sslConfigurator = SslConfigurator.newInstance();
    if (sslConfigurations.containsKey(SSL_KEY_STORE_PATH)) {
        sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType"))
                .keyStoreFile(sslConfigurations.get(SSL_KEY_STORE_PATH))
                .keyStorePassword(sslConfigurations.get("keyStorePassword"))
                .keyStoreProvider(sslConfigurations.get("keyStoreProvider"))
                .keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm"))
                .keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider"));
        if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) {
            sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD));
        }
    }


    sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType"))
            .trustStoreFile(sslConfigurations.get("trustStorePath"))
            .trustStorePassword(sslConfigurations.get("trustStorePassword"))
            .trustStoreProvider(sslConfigurations.get("trustStoreProvider"))
            .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm"))
            .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider"));

    sslConfigurator.securityProtocol(sslConfigurations.get("protocol"));

    return sslConfigurator.createSSLContext();
}
 
Example #6
Source File: JerseyHttpClient.java    From karate with MIT License 5 votes vote down vote up
@Override
public void configure(Config config, ScenarioContext context) {
    ClientConfig cc = new ClientConfig();
    // support request body for DELETE (non-standard)
    cc.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
    charset = config.getCharset();
    if (!config.isFollowRedirects()) {
        cc.property(ClientProperties.FOLLOW_REDIRECTS, false);
    }
    ClientBuilder clientBuilder = ClientBuilder.newBuilder()
            .withConfig(cc)
            .register(new LoggingInterceptor(context)) // must be first
            .register(MultiPartFeature.class);
    if (config.isSslEnabled()) {
        String algorithm = config.getSslAlgorithm(); // could be null
        KeyStore trustStore = HttpUtils.getKeyStore(context,
                config.getSslTrustStore(), config.getSslTrustStorePassword(), config.getSslTrustStoreType());
        KeyStore keyStore = HttpUtils.getKeyStore(context,
                config.getSslKeyStore(), config.getSslKeyStorePassword(), config.getSslKeyStoreType());
        SSLContext sslContext = SslConfigurator.newInstance()
                .securityProtocol(algorithm) // will default to TLS if null
                .trustStore(trustStore)
                .keyStore(keyStore)
                .createSSLContext();
        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
        clientBuilder.sslContext(sslContext);
        clientBuilder.hostnameVerifier((host, session) -> true);
    }
    client = clientBuilder.build();
    client.property(ClientProperties.CONNECT_TIMEOUT, config.getConnectTimeout());
    client.property(ClientProperties.READ_TIMEOUT, config.getReadTimeout());
    if (config.getProxyUri() != null) {
        client.property(ClientProperties.PROXY_URI, config.getProxyUri());
        if (config.getProxyUsername() != null && config.getProxyPassword() != null) {
            client.property(ClientProperties.PROXY_USERNAME, config.getProxyUsername());
            client.property(ClientProperties.PROXY_PASSWORD, config.getProxyPassword());
        }
    }
}
 
Example #7
Source File: PingTest.java    From pravega with Apache License 2.0 5 votes vote down vote up
@Override
protected Client createJerseyClient() throws Exception {
    SslConfigurator sslConfig = SslConfigurator.newInstance().trustStoreFile(
            getResourcePath(SecurityConfigDefaults.TLS_CLIENT_TRUSTSTORE_NAME));

    SSLContext sslContext = sslConfig.createSSLContext();
    return ClientBuilder.newBuilder().sslContext(sslContext)
                        .hostnameVerifier((s1, s2) -> true)
                        .build();
}
 
Example #8
Source File: GeoServerRestClient.java    From geowave with Apache License 2.0 5 votes vote down vote up
private WebTarget getWebTarget() {
  if (webTarget == null) {
    String url = getConfig().getUrl();
    if (url != null) {
      url = url.trim().toLowerCase(Locale.ROOT);
      Client client = null;
      if (url.startsWith("http://")) {
        client = ClientBuilder.newClient();
      } else if (url.startsWith("https://")) {
        final SslConfigurator sslConfig = SslConfigurator.newInstance();
        if (getConfig().getGsConfigProperties() != null) {
          loadSSLConfigurations(sslConfig, getConfig().getGsConfigProperties());
        }
        final SSLContext sslContext = sslConfig.createSSLContext();

        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
        client = ClientBuilder.newBuilder().sslContext(sslContext).build();
      }
      if (client != null) {
        client.register(
            HttpAuthenticationFeature.basic(getConfig().getUser(), getConfig().getPass()));
        try {
          webTarget = client.target(new URI(url));
        } catch (final URISyntaxException e) {
          LOGGER.error("Unable to parse geoserver URL: " + url, e);
        }
      }
    }
  }

  return webTarget;
}
 
Example #9
Source File: TlsSetupService.java    From cloudbreak with Apache License 2.0 5 votes vote down vote up
public void setupTls(Long stackId, InstanceMetaData gwInstance) throws CloudbreakException {
    try {
        SavingX509TrustManager x509TrustManager = new SavingX509TrustManager();
        TrustManager[] trustManagers = {x509TrustManager};
        SSLContext sslContext = SslConfigurator.newInstance().createSSLContext();
        sslContext.init(null, trustManagers, new SecureRandom());
        Client client = RestClientUtil.createClient(sslContext, false);
        String ip = gwInstance.getPublicIpWrapper();
        Stack stack = stackRepository.findById(stackId).get();
        Integer gatewayPort = stack.getGatewayport();
        LOGGER.debug("Trying to fetch the server's certificate: {}:{}", ip, gatewayPort);
        nginxPollerService.pollWithAbsoluteTimeout(
            nginxCertListenerTask, new NginxPollerObject(client, ip, gatewayPort, x509TrustManager),
            POLLING_INTERVAL, FIVE_MIN, MAX_FAILURE);
        WebTarget nginxTarget = client.target(String.format("https://%s:%d", ip, gatewayPort));
        nginxTarget.path("/").request().get().close();
        X509Certificate[] chain = x509TrustManager.getChain();
        String serverCert = PkiUtil.convert(chain[0]);
        InstanceMetaData metaData = getInstanceMetaData(gwInstance);
        metaData.setServerCert(BaseEncoding.base64().encode(serverCert.getBytes()));
        instanceMetaDataRepository.save(metaData);
    } catch (Exception e) {
        throw new CloudbreakException("Failed to retrieve the server's certificate from Nginx."
                + " Please check your security group is open enough and Management Console can access your VPC and subnet"
                + " Please also Make sure your Subnets can route to the internet and you have public DNS and IP options enabled", e);
    }
}
 
Example #10
Source File: CertificateTrustManager.java    From cloudbreak with Apache License 2.0 5 votes vote down vote up
public static SSLContext sslContext() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = {trustEverythingTrustManager()};
    try {
        // Install the all-trusting trust manager
        SSLContext sc = SslConfigurator.newInstance().createSSLContext();
        sc.init(null, trustAllCerts, new SecureRandom());
        LOGGER.debug("Trust all SSL certificates has been installed");
        return sc;
    } catch (KeyManagementException e) {
        LOGGER.error(e.getMessage(), e);
        throw new RuntimeException("F", e);
    }
}
 
Example #11
Source File: RestClient.java    From product-private-paas with Apache License 2.0 5 votes vote down vote up
/**
 * Constructor to verify the certificate and connect to the rest endpoint
 */
public RestClient(String username, String password) {
    SslConfigurator sslConfig = SslConfigurator.newInstance().trustStoreFile(Constants.CERTIFICATE_PATH)
            .trustStorePassword(Constants.CERTIFICATE_PASSWORD).keyStoreFile(Constants.CERTIFICATE_PATH)
            .keyPassword(Constants.CERTIFICATE_PASSWORD);
    SSLContext sslContext = sslConfig.createSSLContext();
    client = ClientBuilder.newBuilder().sslContext(sslContext).build();
    HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic(username, password);
    client.register(feature);
}