下面列出了javax.ws.rs.client.ClientBuilder#hostnameVerifier ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private ClientBuilder createClient(final ExecutorService executor, final Optional<String> keystoreLocation,
final Optional<String> keystoreType, final String keystorePassword, final Optional<String> truststoreType,
final List<String> serverHostnames) {
final ClientBuilder builder = ClientBuilder.newBuilder();
builder.connectTimeout(connectTimeout, MILLISECONDS);
builder.readTimeout(readTimeout, MILLISECONDS);
builder.executorService(executor);
if (acceptAnyCertificate) {
builder.hostnameVerifier((host, session) -> true);
builder.sslContext(createUnsafeSSLContext());
} else if (keystoreLocation.isPresent()) {
builder.hostnameVerifier((host, session) -> serverHostnames.contains(host));
builder.sslContext(createSSLContext(keystoreLocation, keystoreType, keystorePassword, truststoreType));
}
providers.map(it -> Stream.of(it.split(",")).map(String::trim).filter(v -> !v.isEmpty()).map(fqn -> {
try {
return Thread.currentThread().getContextClassLoader().loadClass(fqn).getConstructor().newInstance();
} catch (final Exception e) {
log.warn("Can't add provider " + fqn + ": " + e.getMessage(), e);
return null;
}
}).filter(Objects::nonNull)).ifPresent(it -> it.forEach(builder::register));
return ClientTracingRegistrar.configure(builder);
}
private void setTrustStore(ClientBuilder clientBuilder, DACConfig dacConfig)
throws IOException, GeneralSecurityException {
Optional<KeyStore> trustStore = Optional.empty();
if (checkCertificates) {
trustStore = new SSLConfigurator(dacConfig.getConfig(), DremioConfig.WEB_SSL_PREFIX, "web").getTrustStore();
if (trustStore.isPresent()) {
clientBuilder.trustStore(trustStore.get());
}
} else {
SSLContext sslContext = SSLHelper.newAllTrustingSSLContext("SSL");
HostnameVerifier verifier = SSLHelper.newAllValidHostnameVerifier();
clientBuilder.hostnameVerifier(verifier);
clientBuilder.sslContext(sslContext);
}
}
private static Client createClientFromConfig(NiFiRegistryClientConfig registryClientConfig) {
final ClientConfig clientConfig = new ClientConfig();
clientConfig.register(jacksonJaxbJsonProvider());
final ClientBuilder clientBuilder = ClientBuilder.newBuilder().withConfig(clientConfig);
final SSLContext sslContext = registryClientConfig.getSslContext();
if (sslContext != null) {
clientBuilder.sslContext(sslContext);
}
final HostnameVerifier hostnameVerifier = registryClientConfig.getHostnameVerifier();
if (hostnameVerifier != null) {
clientBuilder.hostnameVerifier(hostnameVerifier);
}
return clientBuilder.build();
}
public JerseyJaxRsClientFactory(SSLContext sslContext, HostnameVerifier hostnameVerifier, String userAgent) {
/*
* Configure client with some workarounds for HTTP/JAX-RS/Jersey issues. See:
* https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/client/ClientProperties.html#SUPPRESS_HTTP_COMPLIANCE_VALIDATION
* https://jersey.java.net/apidocs/latest/jersey/org/glassfish/jersey/client/HttpUrlConnectorProvider.html#SET_METHOD_WORKAROUND
*/
ClientBuilder builder = ClientBuilder.newBuilder()
.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true) // Allow empty PUT. TODO: Fix API.
.property(HttpUrlConnectorProvider.SET_METHOD_WORKAROUND, true) // Allow e.g. PATCH method.
.property(ClientProperties.FOLLOW_REDIRECTS, true);
if (sslContext != null) {
builder.sslContext(sslContext);
}
if (hostnameVerifier != null) {
builder.hostnameVerifier(hostnameVerifier);
}
if (userAgent != null) {
builder.register((ClientRequestFilter) context -> context.getHeaders().put(HttpHeaders.USER_AGENT, Collections.singletonList(userAgent)));
}
this.client = builder.build();
}
private Client createClient(final Routes.Route route) {
final ClientBuilder clientBuilder = ClientBuilder.newBuilder();
clientBuilder.executorService(route.executor);
clientBuilder.readTimeout(route.clientConfiguration.timeouts.read, MILLISECONDS);
clientBuilder.connectTimeout(route.clientConfiguration.timeouts.connect, MILLISECONDS);
// clientBuilder.scheduledExecutorService(); // not used by cxf for instance so no need to overkill the conf
if (route.clientConfiguration.sslConfiguration.acceptAnyCertificate) {
clientBuilder.hostnameVerifier((host, session) -> true);
clientBuilder.sslContext(createUnsafeSSLContext());
} else if (route.clientConfiguration.sslConfiguration.keystoreLocation != null) {
if (route.clientConfiguration.sslConfiguration.verifiedHostnames != null) {
clientBuilder.hostnameVerifier((host, session) -> route.clientConfiguration.sslConfiguration.verifiedHostnames.contains(host));
}
clientBuilder.sslContext(createSSLContext(
route.clientConfiguration.sslConfiguration.keystoreLocation,
route.clientConfiguration.sslConfiguration.keystoreType,
route.clientConfiguration.sslConfiguration.keystorePassword,
route.clientConfiguration.sslConfiguration.truststoreType));
}
return clientBuilder.build();
}
@Test
public void testGetBook() throws Exception {
ClientBuilder builder = ClientBuilder.newBuilder();
try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", this.getClass())) {
KeyStore trustStore = loadStore(keystore, "password");
builder.trustStore(trustStore);
}
builder.hostnameVerifier(new AllowAllHostnameVerifier());
try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Morpit.jks", this.getClass())) {
KeyStore keyStore = loadStore(keystore, "password");
builder.keyStore(keyStore, "password");
}
Client client = builder.build();
client.register(new LoggingFeature());
WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123");
Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class);
assertEquals(123, b.getId());
}
public static Client createClient(SSLContext sslContext, boolean debug) {
ClientConfig config = new ClientConfig();
config.property(ClientProperties.FOLLOW_REDIRECTS, "false");
config.property(ClientProperties.CONNECT_TIMEOUT, CONNECT_TIMEOUT_MS);
config.register(MultiPartFeature.class);
ClientBuilder builder = ClientBuilder.newBuilder().withConfig(config);
builder.sslContext(sslContext);
builder.hostnameVerifier(CertificateTrustManager.hostnameVerifier());
if (debug) {
builder = enableRestDebug(builder);
}
Client client = builder.build();
LOGGER.debug("Jax rs client has been constructed: {}, sslContext: {}", client, sslContext);
return client;
}
private HttpClient(HttpContext context) {
ClientBuilder builder = ClientBuilder.newBuilder()
.property(SET_METHOD_WORKAROUND, true)
.property(SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true)
.register(MultiPartFeature.class)
.register(logAny())
.sslContext(context.isHttpSslVerify() ? getDefaultContext() : emptyContext());
if (!context.isHttpSslVerify()) {
builder.hostnameVerifier(trustAll());
}
this.client = builder.build();
this.context = context;
}
@Override
public void configure(Config config, ScenarioContext context) {
ClientConfig cc = new ClientConfig();
// support request body for DELETE (non-standard)
cc.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
charset = config.getCharset();
if (!config.isFollowRedirects()) {
cc.property(ClientProperties.FOLLOW_REDIRECTS, false);
}
ClientBuilder clientBuilder = ClientBuilder.newBuilder()
.withConfig(cc)
.register(new LoggingInterceptor(context)) // must be first
.register(MultiPartFeature.class);
if (config.isSslEnabled()) {
String algorithm = config.getSslAlgorithm(); // could be null
KeyStore trustStore = HttpUtils.getKeyStore(context,
config.getSslTrustStore(), config.getSslTrustStorePassword(), config.getSslTrustStoreType());
KeyStore keyStore = HttpUtils.getKeyStore(context,
config.getSslKeyStore(), config.getSslKeyStorePassword(), config.getSslKeyStoreType());
SSLContext sslContext = SslConfigurator.newInstance()
.securityProtocol(algorithm) // will default to TLS if null
.trustStore(trustStore)
.keyStore(keyStore)
.createSSLContext();
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
clientBuilder.sslContext(sslContext);
clientBuilder.hostnameVerifier((host, session) -> true);
}
client = clientBuilder.build();
client.property(ClientProperties.CONNECT_TIMEOUT, config.getConnectTimeout());
client.property(ClientProperties.READ_TIMEOUT, config.getReadTimeout());
if (config.getProxyUri() != null) {
client.property(ClientProperties.PROXY_URI, config.getProxyUri());
if (config.getProxyUsername() != null && config.getProxyPassword() != null) {
client.property(ClientProperties.PROXY_USERNAME, config.getProxyUsername());
client.property(ClientProperties.PROXY_PASSWORD, config.getProxyPassword());
}
}
}
private void setSslConfiguration(ClientBuilder builder) {
if (tlsContext != null) {
builder.sslContext(tlsContext.context());
builder.hostnameVerifier((hostname, sslSession) -> true); // disable hostname verification
if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
builder.register(new UriRewritingRequestFilter());
}
}
}
public BatchEEJAXRS2Client(final ClientConfiguration configuration) {
final String url;
if (configuration.getBaseUrl().endsWith("/")) {
url = configuration.getBaseUrl() + BATCHEE_PATH;
} else {
url = configuration.getBaseUrl() + "/" + BATCHEE_PATH;
}
ClientBuilder builder = ClientBuilder.newBuilder();
final ClientSslConfiguration ssl = configuration.getSsl();
if (ssl != null) {
if (ssl.getHostnameVerifier() != null) {
builder = builder.hostnameVerifier(ssl.getHostnameVerifier());
}
if (ssl.getSslContext() != null) {
builder = builder.sslContext(ssl.getSslContext());
}
if (ssl.getKeystore() != null) {
builder.keyStore(ssl.getKeystore(), ssl.getKeystorePassword());
}
}
WebTarget target = builder.build().target(url);
if (configuration.getJsonProvider() != null) {
target = target.register(configuration.getJsonProvider());
}
final ClientSecurity security = configuration.getSecurity();
if (security != null) {
if ("Basic".equalsIgnoreCase(security.getType())) {
target = target.register(new Base64Filter(security.getUsername(), security.getPassword()));
} else {
throw new IllegalArgumentException("Security not supported: " + security.getType());
}
}
this.target = target;
}
/**
* Retrieves a jax-rs Client from the ClientBuilder object. The Client instance is created if necessary.
*/
protected synchronized Client getClient() throws Exception {
if (client == null) {
ClientBuilder cb = ClientBuilder.newBuilder()
.register(new FHIRProvider(RuntimeType.CLIENT))
.register(new FHIRJsonProvider(RuntimeType.CLIENT))
.register(new FHIRJsonPatchProvider(RuntimeType.CLIENT));
// Add support for basic auth if enabled.
if (isBasicAuthEnabled()) {
cb = cb.register(new FHIRBasicAuthenticator(getBasicAuthUsername(), getBasicAuthPassword()));
}
// Add support for OAuth 2.0 if enabled.
if (isOAuth2Enabled()) {
cb = cb.register(new FHIROAuth2Authenticator(getOAuth2AccessToken()));
}
// If using oAuth 2.0 or clientauth, then we need to attach our Keystore.
if (isOAuth2Enabled() || isClientAuthEnabled()) {
cb = cb.keyStore(getKeyStore(), getKeyStoreKeyPassword());
}
// If using oAuth 2.0 or clientauth or an https endpoint, then we need to attach our Truststore.
KeyStore ks = getTrustStore();
if (ks != null) {
cb = cb.trustStore(ks);
}
// Add a hostname verifier if we're using an ssl transport.
if (usingSSLTransport() && !isHostnameVerificationEnabled()) {
cb = cb.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
}
// Set the http client's receive timeout setting
cb.property("http.receive.timeout", getHttpTimeout()); // defaults to 60s
// true: If need, tell Apache CXF to use the Async HTTP conduit for PATCH operation as the
// default HTTP conduit does not support PATCH
// false(default): To avoid the http async client time out issue (http://mail-archives.apache.org
// /mod_mbox/hc-dev/201909.mbox/%[email protected]%3E),
// please set this to false.
cb.property("use.async.http.conduit", false);
// Add request/response logging if enabled.
if (isLoggingEnabled()) {
cb.register(LoggingFeature.class);
}
// Save off our cached Client instance.
client = cb.build();
}
return client;
}
public void connect() throws IOException {
final ClientConfig configuration = new ClientConfig();
configuration.property(ClientProperties.READ_TIMEOUT, readTimeoutMillis);
final AWSCredentialsProvider awsCredentialsProvider = elasticsearchAuthentication.getAwsCredentialsProvider();
if (awsCredentialsProvider != null) {
configuration.property(REGION_NAME, elasticsearchAuthentication.getRegionName());
configuration.register(ElasticsearchRequestClientFilter.class);
configuration.register(new InjectableAWSCredentialsProvider(awsCredentialsProvider), InjectableAWSCredentialsProvider.class);
}
final ClientBuilder builder = ClientBuilder.newBuilder()
.withConfig(configuration);
switch(sslMode) {
case UNSECURE:
builder.sslContext(SSLHelper.newAllTrustingSSLContext("SSL"));
// fall-through
case VERIFY_CA:
builder.hostnameVerifier(SSLHelper.newAllValidHostnameVerifier());
// fall-through
case STRICT:
break;
case OFF:
// no TLS/SSL configuration
}
client = builder.build();
client.register(GZipEncoder.class);
client.register(DeflateEncoder.class);
client.register(EncodingFilter.class);
if (REQUEST_LOGGER.isDebugEnabled()) {
java.util.logging.Logger julLogger = java.util.logging.Logger.getLogger(REQUEST_LOGGER_NAME);
client.register(new LoggingFeature(
julLogger,
Level.FINE,
REQUEST_LOGGER.isTraceEnabled() ? LoggingFeature.Verbosity.PAYLOAD_TEXT : LoggingFeature.Verbosity.HEADERS_ONLY,
65536));
}
final JacksonJaxbJsonProvider provider = new JacksonJaxbJsonProvider();
provider.setMapper(ElasticMappingSet.MAPPER);
// Disable other JSON providers.
client.property(
PropertiesHelper.getPropertyNameForRuntime(InternalProperties.JSON_FEATURE, client.getConfiguration().getRuntimeType()),
JacksonJaxbJsonProvider.class.getSimpleName());
client.register(provider);
HttpAuthenticationFeature httpAuthenticationFeature = elasticsearchAuthentication.getHttpAuthenticationFeature();
if (httpAuthenticationFeature != null) {
client.register(httpAuthenticationFeature);
}
updateClients();
}
private JerseyNiFiRegistryClient(final NiFiRegistryClient.Builder builder) {
final NiFiRegistryClientConfig registryClientConfig = builder.getConfig();
if (registryClientConfig == null) {
throw new IllegalArgumentException("NiFiRegistryClientConfig cannot be null");
}
String baseUrl = registryClientConfig.getBaseUrl();
if (StringUtils.isBlank(baseUrl)) {
throw new IllegalArgumentException("Base URL cannot be blank");
}
if (baseUrl.endsWith("/")) {
baseUrl = baseUrl.substring(0, baseUrl.length() - 1);
}
if (!baseUrl.endsWith(NIFI_REGISTRY_CONTEXT)) {
baseUrl = baseUrl + "/" + NIFI_REGISTRY_CONTEXT;
}
try {
new URI(baseUrl);
} catch (final Exception e) {
throw new IllegalArgumentException("Invalid base URL: " + e.getMessage(), e);
}
final SSLContext sslContext = registryClientConfig.getSslContext();
final HostnameVerifier hostnameVerifier = registryClientConfig.getHostnameVerifier();
final ClientBuilder clientBuilder = ClientBuilder.newBuilder();
if (sslContext != null) {
clientBuilder.sslContext(sslContext);
}
if (hostnameVerifier != null) {
clientBuilder.hostnameVerifier(hostnameVerifier);
}
final int connectTimeout = registryClientConfig.getConnectTimeout() == null ? DEFAULT_CONNECT_TIMEOUT : registryClientConfig.getConnectTimeout();
final int readTimeout = registryClientConfig.getReadTimeout() == null ? DEFAULT_READ_TIMEOUT : registryClientConfig.getReadTimeout();
final ClientConfig clientConfig = new ClientConfig();
clientConfig.property(ClientProperties.CONNECT_TIMEOUT, connectTimeout);
clientConfig.property(ClientProperties.READ_TIMEOUT, readTimeout);
clientConfig.property(ClientProperties.REQUEST_ENTITY_PROCESSING, RequestEntityProcessing.CHUNKED);
clientConfig.register(jacksonJaxbJsonProvider());
clientBuilder.withConfig(clientConfig);
this.client = clientBuilder
.register(MultiPartFeature.class)
.build();
this.baseTarget = client.target(baseUrl);
this.bucketClient = new JerseyBucketClient(baseTarget);
this.flowClient = new JerseyFlowClient(baseTarget);
this.flowSnapshotClient = new JerseyFlowSnapshotClient(baseTarget);
this.itemsClient = new JerseyItemsClient(baseTarget);
}
@Test
public void testGetBookSslContext() throws Exception {
ClientBuilder builder = ClientBuilder.newBuilder();
SSLContext sslContext = createSSLContext();
builder.sslContext(sslContext);
builder.hostnameVerifier(new AllowAllHostnameVerifier());
Client client = builder.build();
WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123");
Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class);
assertEquals(123, b.getId());
}
private JerseyNiFiClient(final Builder builder) {
final NiFiClientConfig clientConfig = builder.getConfig();
if (clientConfig == null) {
throw new IllegalArgumentException("NiFiClientConfig cannot be null");
}
String baseUrl = clientConfig.getBaseUrl();
if (StringUtils.isBlank(baseUrl)) {
throw new IllegalArgumentException("Base URL cannot be blank");
}
if (baseUrl.endsWith("/")) {
baseUrl = baseUrl.substring(0, baseUrl.length() - 1);
}
if (!baseUrl.endsWith(NIFI_CONTEXT)) {
baseUrl = baseUrl + "/" + NIFI_CONTEXT;
}
try {
new URI(baseUrl);
} catch (final Exception e) {
throw new IllegalArgumentException("Invalid base URL: " + e.getMessage(), e);
}
final SSLContext sslContext = clientConfig.getSslContext();
final HostnameVerifier hostnameVerifier = clientConfig.getHostnameVerifier();
final ClientBuilder clientBuilder = ClientBuilder.newBuilder();
if (sslContext != null) {
clientBuilder.sslContext(sslContext);
}
if (hostnameVerifier != null) {
clientBuilder.hostnameVerifier(hostnameVerifier);
}
final int connectTimeout = clientConfig.getConnectTimeout() == null ? DEFAULT_CONNECT_TIMEOUT : clientConfig.getConnectTimeout();
final int readTimeout = clientConfig.getReadTimeout() == null ? DEFAULT_READ_TIMEOUT : clientConfig.getReadTimeout();
final ClientConfig jerseyClientConfig = new ClientConfig();
jerseyClientConfig.property(ClientProperties.CONNECT_TIMEOUT, connectTimeout);
jerseyClientConfig.property(ClientProperties.READ_TIMEOUT, readTimeout);
jerseyClientConfig.register(jacksonJaxbJsonProvider());
clientBuilder.withConfig(jerseyClientConfig);
this.client = clientBuilder.build();
this.baseTarget = client.target(baseUrl);
}
public JerseyExtendedNiFiRegistryClient(final NiFiRegistryClient delegate, final NiFiRegistryClientConfig registryClientConfig) {
this.delegate = delegate;
// Copied from JerseyNiFiRegistryClient!
if (registryClientConfig == null) {
throw new IllegalArgumentException("NiFiRegistryClientConfig cannot be null");
}
String baseUrl = registryClientConfig.getBaseUrl();
if (StringUtils.isBlank(baseUrl)) {
throw new IllegalArgumentException("Base URL cannot be blank");
}
if (baseUrl.endsWith("/")) {
baseUrl = baseUrl.substring(0, baseUrl.length() - 1);
}
if (!baseUrl.endsWith(NIFI_REGISTRY_CONTEXT)) {
baseUrl = baseUrl + "/" + NIFI_REGISTRY_CONTEXT;
}
try {
new URI(baseUrl);
} catch (final Exception e) {
throw new IllegalArgumentException("Invalid base URL: " + e.getMessage(), e);
}
final SSLContext sslContext = registryClientConfig.getSslContext();
final HostnameVerifier hostnameVerifier = registryClientConfig.getHostnameVerifier();
final ClientBuilder clientBuilder = ClientBuilder.newBuilder();
if (sslContext != null) {
clientBuilder.sslContext(sslContext);
}
if (hostnameVerifier != null) {
clientBuilder.hostnameVerifier(hostnameVerifier);
}
final int connectTimeout = registryClientConfig.getConnectTimeout() == null ? DEFAULT_CONNECT_TIMEOUT : registryClientConfig.getConnectTimeout();
final int readTimeout = registryClientConfig.getReadTimeout() == null ? DEFAULT_READ_TIMEOUT : registryClientConfig.getReadTimeout();
final ClientConfig clientConfig = new ClientConfig();
clientConfig.property(ClientProperties.CONNECT_TIMEOUT, connectTimeout);
clientConfig.property(ClientProperties.READ_TIMEOUT, readTimeout);
clientConfig.property(ClientProperties.REQUEST_ENTITY_PROCESSING, RequestEntityProcessing.CHUNKED);
clientConfig.register(jacksonJaxbJsonProvider());
clientBuilder.withConfig(clientConfig);
this.client = clientBuilder
.register(MultiPartFeature.class)
.build();
this.baseTarget = client.target(baseUrl);
this.tenantsClient = new JerseyTenantsClient(baseTarget);
this.policiesClient = new JerseyPoliciesClient(baseTarget);
}