/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.tribes.membership.cloud;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.catalina.tribes.util.StringManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
public abstract class AbstractStreamProvider implements StreamProvider {
private static final Log log = LogFactory.getLog(AbstractStreamProvider.class);
protected static final StringManager sm = StringManager.getManager(AbstractStreamProvider.class);
protected static final TrustManager[] INSECURE_TRUST_MANAGERS = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
} };
/**
* @return the socket factory, or null if not needed
*/
protected abstract SSLSocketFactory getSocketFactory();
/**
* Open URL connection to the specified URL.
*
* @param url the url
* @param headers the headers map
* @param connectTimeout connection timeout in ms
* @param readTimeout read timeout in ms
*
* @return the URL connection
*
* @throws IOException when an error occurs
*/
public URLConnection openConnection(String url, Map<String,String> headers, int connectTimeout, int readTimeout)
throws IOException {
if (log.isDebugEnabled()) {
log.debug(sm.getString("abstractStream.connection", getClass().getSimpleName(), url, headers,
Integer.toString(connectTimeout), Integer.toString(readTimeout)));
}
URLConnection connection;
try {
connection = new URI(url).toURL().openConnection();
} catch (URISyntaxException | IllegalArgumentException e) {
// Not ideal but consistent with API
throw new IOException(e);
}
if (headers != null) {
for (Map.Entry<String,String> entry : headers.entrySet()) {
connection.addRequestProperty(entry.getKey(), entry.getValue());
}
}
if (connectTimeout < 0 || readTimeout < 0) {
throw new IllegalArgumentException(sm.getString("abstractStream.invalidTimeout",
Integer.toString(connectTimeout), Integer.toString(readTimeout)));
}
connection.setConnectTimeout(connectTimeout);
connection.setReadTimeout(readTimeout);
return connection;
}
@Override
public InputStream openStream(String url, Map<String,String> headers, int connectTimeout, int readTimeout)
throws IOException {
URLConnection connection = openConnection(url, headers, connectTimeout, readTimeout);
if (connection instanceof HttpsURLConnection) {
((HttpsURLConnection) connection).setSSLSocketFactory(getSocketFactory());
if (log.isTraceEnabled()) {
log.trace(String.format("Using HttpsURLConnection with SSLSocketFactory [%s] for url [%s].",
getSocketFactory(), url));
}
} else {
if (log.isTraceEnabled()) {
log.trace(String.format("Using URLConnection for url [%s].", url));
}
}
return connection.getInputStream();
}
protected static TrustManager[] configureCaCert(String caCertFile) throws Exception {
if (caCertFile != null) {
try (InputStream pemInputStream = new BufferedInputStream(new FileInputStream(caCertFile))) {
CertificateFactory certFactory = CertificateFactory.getInstance("X509");
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null);
Collection<? extends Certificate> c = certFactory.generateCertificates(pemInputStream);
for (Certificate certificate : c) {
X509Certificate cert = (X509Certificate) certificate;
String alias = cert.getSubjectX500Principal().getName();
trustStore.setCertificateEntry(alias, cert);
}
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return trustManagerFactory.getTrustManagers();
} catch (FileNotFoundException fnfe) {
log.error(sm.getString("abstractStream.fileNotFound", caCertFile));
throw fnfe;
} catch (Exception e) {
log.error(sm.getString("abstractStream.trustManagerError", caCertFile));
throw e;
}
} else {
log.warn(sm.getString("abstractStream.CACertUndefined"));
return INSECURE_TRUST_MANAGERS;
}
}
}