git commit: SLIDER-613 registry retriever can use ssl-client.xml for HTTPS configuration

Tue, 04 Nov 2014 10:53:38 -0800 

Repository: incubator-slider
Updated Branches:
  refs/heads/develop 2669800d7 -> 53bfeab4b


SLIDER-613 registry retriever can use ssl-client.xml for HTTPS configuration


Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/53bfeab4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/53bfeab4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/53bfeab4

Branch: refs/heads/develop
Commit: 53bfeab4be7902efd9bc88ced2c2b915c4d9aa49
Parents: 2669800
Author: Jon Maron <[email protected]>
Authored: Tue Nov 4 13:52:09 2014 -0500
Committer: Jon Maron <[email protected]>
Committed: Tue Nov 4 13:52:09 2014 -0500

----------------------------------------------------------------------
 .../registry/retrieve/RegistryRetriever.java    | 40 +++++++++++++++++---
 1 file changed, 35 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/53bfeab4/slider-core/src/main/java/org/apache/slider/core/registry/retrieve/RegistryRetriever.java
----------------------------------------------------------------------
diff --git 
a/slider-core/src/main/java/org/apache/slider/core/registry/retrieve/RegistryRetriever.java
 
b/slider-core/src/main/java/org/apache/slider/core/registry/retrieve/RegistryRetriever.java
index cdcf66e..1194270 100644
--- 
a/slider-core/src/main/java/org/apache/slider/core/registry/retrieve/RegistryRetriever.java
+++ 
b/slider-core/src/main/java/org/apache/slider/core/registry/retrieve/RegistryRetriever.java
@@ -27,10 +27,12 @@ import com.sun.jersey.api.client.config.DefaultClientConfig;
 import com.sun.jersey.api.json.JSONConfiguration;
 import com.sun.jersey.client.urlconnection.HttpURLConnectionFactory;
 import com.sun.jersey.client.urlconnection.URLConnectionClientHandler;
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.registry.client.binding.RegistryTypeUtils;
 import org.apache.hadoop.registry.client.exceptions.RegistryIOException;
 import org.apache.hadoop.registry.client.types.Endpoint;
 import org.apache.hadoop.registry.client.types.ServiceRecord;
+import org.apache.hadoop.security.ssl.SSLFactory;
 import org.apache.slider.common.tools.SliderUtils;
 import org.apache.slider.core.exceptions.ExceptionConverter;
 import org.apache.slider.core.registry.docstore.PublishedConfigSet;
@@ -41,6 +43,9 @@ import 
org.apache.slider.core.registry.info.CustomRegistryConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSocketFactory;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import java.io.FileNotFoundException;
@@ -48,6 +53,7 @@ import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URL;
+import java.security.GeneralSecurityException;
 import java.util.List;
 
 /**
@@ -71,8 +77,13 @@ public class RegistryRetriever {
         Boolean.TRUE);
     clientConfig.getProperties().put(
         
URLConnectionClientHandler.PROPERTY_HTTP_URL_CONNECTION_SET_METHOD_WORKAROUND, 
true);
-    URLConnectionClientHandler handler =
-        new URLConnectionClientHandler(new HttpURLConnectionFactory() {
+    URLConnectionClientHandler handler = getUrlConnectionClientHandler();
+    jerseyClient = new Client(handler, clientConfig);
+    jerseyClient.setFollowRedirects(true);
+  }
+
+  private static URLConnectionClientHandler getUrlConnectionClientHandler() {
+    return new URLConnectionClientHandler(new HttpURLConnectionFactory() {
       @Override
       public HttpURLConnection getHttpURLConnection(URL url)
           throws IOException {
@@ -90,13 +101,32 @@ public class RegistryRetriever {
             connection = (HttpURLConnection) redirectURL.openConnection();
           }
         }
+        if (connection instanceof HttpsURLConnection) {
+          log.debug("Attempting to configure HTTPS connection using client "
+                    + "configuration");
+          final SSLFactory factory;
+          final SSLSocketFactory sf;
+          final HostnameVerifier hv;
+
+          try {
+            HttpsURLConnection c = (HttpsURLConnection) connection;
+            factory = new SSLFactory(SSLFactory.Mode.CLIENT, new 
Configuration());
+            factory.init();
+            sf = factory.createSSLSocketFactory();
+            hv = factory.getHostnameVerifier();
+            c.setSSLSocketFactory(sf);
+            c.setHostnameVerifier(hv);
+          } catch (Exception e) {
+            log.info("Unable to configure HTTPS connection from "
+                     + "configuration.  Leveraging JDK properties.");
+          }
+
+        }
         return connection;
       }
     });
-    jerseyClient = new Client(handler, clientConfig);
-    jerseyClient.setFollowRedirects(true);
   }
-  
+
   public RegistryRetriever(String externalConfigurationURL, String 
internalConfigurationURL,
                            String externalExportsURL, String 
internalExportsURL) {
     this.externalConfigurationURL = externalConfigurationURL;

Reply via email to