org.glassfish.jersey.SslConfigurator Java Examples
The following examples show how to use
org.glassfish.jersey.SslConfigurator.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AbstractRestClient.java From hugegraph-common with Apache License 2.0 | 7 votes |
|
private static Client wrapTrustConfig(String url, ClientConfig config) {
SslConfigurator sslConfig = SslConfigurator.newInstance();
String trustStoreFile = config.getProperty("trustStoreFile").toString();
String trustStorePassword = config.getProperty("trustStorePassword")
.toString();
sslConfig.trustStoreFile(trustStoreFile)
.trustStorePassword(trustStorePassword);
sslConfig.securityProtocol("SSL");
SSLContext context = sslConfig.createSSLContext();
TrustManager[] trustAllManager = NoCheckTrustManager.create();
try {
context.init(null, trustAllManager, new SecureRandom());
} catch (KeyManagementException e) {
throw new ClientException("Failed to init security management", e);
}
return ClientBuilder.newBuilder()
.hostnameVerifier(new HostNameVerifier(url))
.sslContext(context)
.build();
}
Example #2
| Source File: SchemaRegistryClient.java From registry with Apache License 2.0 | 6 votes |
|
protected SSLContext createSSLContext(Map<String, String> sslConfigurations) {
SslConfigurator sslConfigurator = SslConfigurator.newInstance();
if (sslConfigurations.containsKey(SSL_KEY_STORE_PATH)) {
sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType"))
.keyStoreFile(sslConfigurations.get(SSL_KEY_STORE_PATH))
.keyStorePassword(sslConfigurations.get("keyStorePassword"))
.keyStoreProvider(sslConfigurations.get("keyStoreProvider"))
.keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm"))
.keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider"));
if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) {
sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD));
}
}
sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType"))
.trustStoreFile(sslConfigurations.get("trustStorePath"))
.trustStorePassword(sslConfigurations.get("trustStorePassword"))
.trustStoreProvider(sslConfigurations.get("trustStoreProvider"))
.trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm"))
.trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider"));
sslConfigurator.securityProtocol(sslConfigurations.get("protocol"));
return sslConfigurator.createSSLContext();
}
Example #3
| Source File: ParaClient.java From para with Apache License 2.0 | 6 votes |
|
/**
* Default constructor.
* @param accessKey app access key
* @param secretKey app secret key
*/
public ParaClient(String accessKey, String secretKey) {
this.accessKey = accessKey;
this.secretKey = secretKey;
if (StringUtils.length(secretKey) < 6) {
logger.warn("Secret key appears to be invalid. Make sure you call 'signIn()' first.");
}
this.throwExceptionOnHTTPError = false;
ObjectMapper mapper = ParaObjectUtils.getJsonMapper();
mapper.setSerializationInclusion(JsonInclude.Include.USE_DEFAULTS);
ClientConfig clientConfig = new ClientConfig();
clientConfig.register(GenericExceptionMapper.class);
clientConfig.register(new JacksonJsonProvider(mapper));
clientConfig.connectorProvider(new HttpUrlConnectorProvider().useSetMethodWorkaround());
SSLContext sslContext = SslConfigurator.newInstance().createSSLContext();
apiClient = ClientBuilder.newBuilder().
sslContext(sslContext).
withConfig(clientConfig).build();
}
Example #4
| Source File: TlsSetupService.java From cloudbreak with Apache License 2.0 | 6 votes |
|
public void setupTls(Stack stack, InstanceMetaData gwInstance) throws CloudbreakException {
try {
SavingX509TrustManager x509TrustManager = new SavingX509TrustManager();
TrustManager[] trustManagers = {x509TrustManager};
SSLContext sslContext = SslConfigurator.newInstance().createSSLContext();
sslContext.init(null, trustManagers, new SecureRandom());
Client client = RestClientUtil.createClient(sslContext, false);
Integer gatewayPort = stack.getGatewayPort();
String ip = gatewayConfigService.getGatewayIp(stack, gwInstance);
LOGGER.debug("Trying to fetch the server's certificate: {}:{}", ip, gatewayPort);
nginxPollerService.pollWithAbsoluteTimeout(
nginxCertListenerTask, new NginxPollerObject(client, ip, gatewayPort, x509TrustManager),
POLLING_INTERVAL, TEN_MIN, MAX_FAILURE);
WebTarget nginxTarget = client.target(String.format("https://%s:%d", ip, gatewayPort));
nginxTarget.path("/").request().get().close();
X509Certificate[] chain = x509TrustManager.getChain();
String serverCert = PkiUtil.convert(chain[0]);
InstanceMetaData metaData = getInstanceMetaData(gwInstance);
metaData.setServerCert(BaseEncoding.base64().encode(serverCert.getBytes()));
instanceMetaDataService.save(metaData);
} catch (Exception e) {
throw new CloudbreakException("Failed to retrieve the server's certificate from Nginx."
+ " Please check your security group is open enough and the Management Console can access your VPC and subnet."
+ " Please also Make sure your Subnets can route to the internet and you have public DNS and IP options enabled", e);
}
}
Example #5
| Source File: SchemaRegistryClient.java From nifi with Apache License 2.0 | 6 votes |
|
protected SSLContext createSSLContext(Map<String, String> sslConfigurations) {
SslConfigurator sslConfigurator = SslConfigurator.newInstance();
if (sslConfigurations.containsKey(SSL_KEY_STORE_PATH)) {
sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType"))
.keyStoreFile(sslConfigurations.get(SSL_KEY_STORE_PATH))
.keyStorePassword(sslConfigurations.get("keyStorePassword"))
.keyStoreProvider(sslConfigurations.get("keyStoreProvider"))
.keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm"))
.keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider"));
if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) {
sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD));
}
}
sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType"))
.trustStoreFile(sslConfigurations.get("trustStorePath"))
.trustStorePassword(sslConfigurations.get("trustStorePassword"))
.trustStoreProvider(sslConfigurations.get("trustStoreProvider"))
.trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm"))
.trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider"));
sslConfigurator.securityProtocol(sslConfigurations.get("protocol"));
return sslConfigurator.createSSLContext();
}
Example #6
| Source File: JerseyHttpClient.java From karate with MIT License | 5 votes |
|
@Override
public void configure(Config config, ScenarioContext context) {
ClientConfig cc = new ClientConfig();
// support request body for DELETE (non-standard)
cc.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
charset = config.getCharset();
if (!config.isFollowRedirects()) {
cc.property(ClientProperties.FOLLOW_REDIRECTS, false);
}
ClientBuilder clientBuilder = ClientBuilder.newBuilder()
.withConfig(cc)
.register(new LoggingInterceptor(context)) // must be first
.register(MultiPartFeature.class);
if (config.isSslEnabled()) {
String algorithm = config.getSslAlgorithm(); // could be null
KeyStore trustStore = HttpUtils.getKeyStore(context,
config.getSslTrustStore(), config.getSslTrustStorePassword(), config.getSslTrustStoreType());
KeyStore keyStore = HttpUtils.getKeyStore(context,
config.getSslKeyStore(), config.getSslKeyStorePassword(), config.getSslKeyStoreType());
SSLContext sslContext = SslConfigurator.newInstance()
.securityProtocol(algorithm) // will default to TLS if null
.trustStore(trustStore)
.keyStore(keyStore)
.createSSLContext();
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
clientBuilder.sslContext(sslContext);
clientBuilder.hostnameVerifier((host, session) -> true);
}
client = clientBuilder.build();
client.property(ClientProperties.CONNECT_TIMEOUT, config.getConnectTimeout());
client.property(ClientProperties.READ_TIMEOUT, config.getReadTimeout());
if (config.getProxyUri() != null) {
client.property(ClientProperties.PROXY_URI, config.getProxyUri());
if (config.getProxyUsername() != null && config.getProxyPassword() != null) {
client.property(ClientProperties.PROXY_USERNAME, config.getProxyUsername());
client.property(ClientProperties.PROXY_PASSWORD, config.getProxyPassword());
}
}
}
Example #7
| Source File: PingTest.java From pravega with Apache License 2.0 | 5 votes |
|
@Override
protected Client createJerseyClient() throws Exception {
SslConfigurator sslConfig = SslConfigurator.newInstance().trustStoreFile(
getResourcePath(SecurityConfigDefaults.TLS_CLIENT_TRUSTSTORE_NAME));
SSLContext sslContext = sslConfig.createSSLContext();
return ClientBuilder.newBuilder().sslContext(sslContext)
.hostnameVerifier((s1, s2) -> true)
.build();
}
Example #8
| Source File: GeoServerRestClient.java From geowave with Apache License 2.0 | 5 votes |
|
private WebTarget getWebTarget() {
if (webTarget == null) {
String url = getConfig().getUrl();
if (url != null) {
url = url.trim().toLowerCase(Locale.ROOT);
Client client = null;
if (url.startsWith("http://")) {
client = ClientBuilder.newClient();
} else if (url.startsWith("https://")) {
final SslConfigurator sslConfig = SslConfigurator.newInstance();
if (getConfig().getGsConfigProperties() != null) {
loadSSLConfigurations(sslConfig, getConfig().getGsConfigProperties());
}
final SSLContext sslContext = sslConfig.createSSLContext();
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
client = ClientBuilder.newBuilder().sslContext(sslContext).build();
}
if (client != null) {
client.register(
HttpAuthenticationFeature.basic(getConfig().getUser(), getConfig().getPass()));
try {
webTarget = client.target(new URI(url));
} catch (final URISyntaxException e) {
LOGGER.error("Unable to parse geoserver URL: " + url, e);
}
}
}
}
return webTarget;
}
Example #9
| Source File: TlsSetupService.java From cloudbreak with Apache License 2.0 | 5 votes |
|
public void setupTls(Long stackId, InstanceMetaData gwInstance) throws CloudbreakException {
try {
SavingX509TrustManager x509TrustManager = new SavingX509TrustManager();
TrustManager[] trustManagers = {x509TrustManager};
SSLContext sslContext = SslConfigurator.newInstance().createSSLContext();
sslContext.init(null, trustManagers, new SecureRandom());
Client client = RestClientUtil.createClient(sslContext, false);
String ip = gwInstance.getPublicIpWrapper();
Stack stack = stackRepository.findById(stackId).get();
Integer gatewayPort = stack.getGatewayport();
LOGGER.debug("Trying to fetch the server's certificate: {}:{}", ip, gatewayPort);
nginxPollerService.pollWithAbsoluteTimeout(
nginxCertListenerTask, new NginxPollerObject(client, ip, gatewayPort, x509TrustManager),
POLLING_INTERVAL, FIVE_MIN, MAX_FAILURE);
WebTarget nginxTarget = client.target(String.format("https://%s:%d", ip, gatewayPort));
nginxTarget.path("/").request().get().close();
X509Certificate[] chain = x509TrustManager.getChain();
String serverCert = PkiUtil.convert(chain[0]);
InstanceMetaData metaData = getInstanceMetaData(gwInstance);
metaData.setServerCert(BaseEncoding.base64().encode(serverCert.getBytes()));
instanceMetaDataRepository.save(metaData);
} catch (Exception e) {
throw new CloudbreakException("Failed to retrieve the server's certificate from Nginx."
+ " Please check your security group is open enough and Management Console can access your VPC and subnet"
+ " Please also Make sure your Subnets can route to the internet and you have public DNS and IP options enabled", e);
}
}
Example #10
| Source File: CertificateTrustManager.java From cloudbreak with Apache License 2.0 | 5 votes |
|
public static SSLContext sslContext() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = {trustEverythingTrustManager()};
try {
// Install the all-trusting trust manager
SSLContext sc = SslConfigurator.newInstance().createSSLContext();
sc.init(null, trustAllCerts, new SecureRandom());
LOGGER.debug("Trust all SSL certificates has been installed");
return sc;
} catch (KeyManagementException e) {
LOGGER.error(e.getMessage(), e);
throw new RuntimeException("F", e);
}
}
Example #11
| Source File: RestClient.java From product-private-paas with Apache License 2.0 | 5 votes |
|
/**
* Constructor to verify the certificate and connect to the rest endpoint
*/
public RestClient(String username, String password) {
SslConfigurator sslConfig = SslConfigurator.newInstance().trustStoreFile(Constants.CERTIFICATE_PATH)
.trustStorePassword(Constants.CERTIFICATE_PASSWORD).keyStoreFile(Constants.CERTIFICATE_PATH)
.keyPassword(Constants.CERTIFICATE_PASSWORD);
SSLContext sslContext = sslConfig.createSSLContext();
client = ClientBuilder.newBuilder().sslContext(sslContext).build();
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic(username, password);
client.register(feature);
}
