Yair Zaslavsky has uploaded a new change for review. Change subject: uutils: Extract connectionBuilder class ......................................................................
uutils: Extract connectionBuilder class Change-Id: I85ea4e7301b3a018b0438fff25cefad80ebd7256 Signed-off-by: Yair Zaslavsky <[email protected]> --- A backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/net/HttpURLConnectionBuilder.java M backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/servlet/ProxyServletBase.java 2 files changed, 190 insertions(+), 74 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/31/35831/1 diff --git a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/net/HttpURLConnectionBuilder.java b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/net/HttpURLConnectionBuilder.java new file mode 100644 index 0000000..c2e68f2 --- /dev/null +++ b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/net/HttpURLConnectionBuilder.java @@ -0,0 +1,167 @@ +package org.ovirt.engine.core.uutils.net; + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLConnection; +import java.nio.file.Paths; +import java.security.GeneralSecurityException; +import java.security.KeyStore; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +public class HttpURLConnectionBuilder { + + private Boolean verifyHost = true; + private Boolean verifyChain = true; + private String httpsProtocol = "TLSv1"; + private String trustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); + private String trustStore; + private String trustStoreType = KeyStore.getDefaultType(); + private String trustStorePassword = "changeit"; + private Integer readTimeout; + private URL url; + + public HttpURLConnectionBuilder() { + } + + public HttpURLConnectionBuilder(URL url) { + setURL(url); + } + + public HttpURLConnectionBuilder(String url) { + setURL(url); + } + + public HttpURLConnectionBuilder setURL(URL url) { + if (url != null && !url.getProtocol().equalsIgnoreCase("http") && !url.getProtocol().equalsIgnoreCase("https")) { + throw new IllegalArgumentException(String.format("The URL %1$s does not denote to an HTTP or HTTPS URL", url)); + } + this.url = url; + return this; + } + + public HttpURLConnectionBuilder setURL(String url) { + try { + setURL(url != null ? new URL(url) : null); + } catch (MalformedURLException e) { + throw new IllegalArgumentException(String.format("%1$s is not a valid URL", url)); + } + return this; + } + + public HttpURLConnectionBuilder setVerifyHost(Boolean verifyHost) { + this.verifyHost = verifyHost; + return this; + } + + public HttpURLConnectionBuilder setVerifyChain(Boolean verifyChain) { + this.verifyChain = verifyChain; + return this; + } + + public HttpURLConnectionBuilder setHttpsProtocol(String httpsProtocol) { + this.httpsProtocol = httpsProtocol; + return this; + } + + public HttpURLConnectionBuilder setTrustManagerAlgorithm(String trustManagerAlgorithm) { + this.trustManagerAlgorithm = trustManagerAlgorithm; + return this; + } + + public HttpURLConnectionBuilder setTrustStore(String trustStore) { + this.trustStore = trustStore; + return this; + } + + public HttpURLConnectionBuilder setTrustStoreType(String trustStoreType) { + this.trustStoreType = trustStoreType; + return this; + } + + public HttpURLConnectionBuilder setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + return this; + } + + public HttpURLConnectionBuilder setReadTimeout(Integer readTimeout) { + this.readTimeout = readTimeout; + return this; + } + + public HttpURLConnectionBuilder appendRelativePath(URL url, String relativePath) throws MalformedURLException { + this.url = + new URL(url.getProtocol(), + url.getHost(), + url.getPort() == -1 ? url.getDefaultPort() : url.getPort(), + Paths.get(url.getPath(), relativePath).toString()); + return this; + } + + public HttpURLConnection create() throws IOException, GeneralSecurityException { + URLConnection connection = url.openConnection(); + connection.setAllowUserInteraction(false); + connection.setUseCaches(false); + if (readTimeout != null) { + connection.setReadTimeout(readTimeout); + } + if (connection instanceof HttpsURLConnection) { + HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; + TrustManager[] tm = null; + if (verifyChain) { + if (trustStore != null) { + try (InputStream is = new FileInputStream(trustStore)) { + KeyStore ks = KeyStore.getInstance(trustStoreType); + ks.load(is, trustStorePassword.toCharArray()); + TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm); + tmf.init(ks); + tm = tmf.getTrustManagers(); + } + } + } else { + tm = new TrustManager[] { + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[] {}; + } + + public void checkClientTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + + public void checkServerTrusted( + java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + } + + + SSLContext sslContext = SSLContext.getInstance(httpsProtocol); + sslContext.init(null, tm, null); + httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory()); + + if (!verifyHost) { + httpsConnection.setHostnameVerifier( + new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + } + ); + } + } + return (HttpURLConnection) connection; + } + +} diff --git a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/servlet/ProxyServletBase.java b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/servlet/ProxyServletBase.java index e2e48be..a3f3dd2 100644 --- a/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/servlet/ProxyServletBase.java +++ b/backend/manager/modules/uutils/src/main/java/org/ovirt/engine/core/uutils/servlet/ProxyServletBase.java @@ -1,29 +1,24 @@ package org.ovirt.engine.core.uutils.servlet; -import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; -import java.net.URLConnection; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.util.List; import java.util.Map; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; + import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + +import org.ovirt.engine.core.uutils.net.HttpURLConnectionBuilder; public class ProxyServletBase extends HttpServlet { @@ -86,60 +81,16 @@ this.url = url; } - protected URLConnection createConnection(URL url) throws IOException, GeneralSecurityException { - URLConnection connection = url.openConnection(); - connection.setDoInput(true); - connection.setDoOutput(false); - connection.setAllowUserInteraction(false); - connection.setUseCaches(false); - if (readTimeout != null) { - connection.setReadTimeout(readTimeout); - } - if (connection instanceof HttpsURLConnection) { - HttpsURLConnection httpsConnection = (HttpsURLConnection)connection; - TrustManager[] tm = null; - if (verifyChain) { - if (trustStore != null) { - try(InputStream is = new FileInputStream(trustStore)) { - KeyStore ks = KeyStore.getInstance(trustStoreType); - ks.load(is, trustStorePassword.toCharArray()); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(trustManagerAlgorithm); - tmf.init(ks); - tm = tmf.getTrustManagers(); - } - } else { - tm = new TrustManager[] { - new X509TrustManager() { - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return new java.security.cert.X509Certificate[] {}; - } - public void checkClientTrusted( - java.security.cert.X509Certificate[] certs, String authType) { - } - public void checkServerTrusted( - java.security.cert.X509Certificate[] certs, String authType) { - } - } - }; - } - } - - SSLContext sslContext = SSLContext.getInstance(httpsProtocol); - sslContext.init(null, tm, null); - httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory()); - - if (!verifyHost) { - httpsConnection.setHostnameVerifier( - new HostnameVerifier() { - public boolean verify(String hostname, SSLSession session) { - return true; - } - } - ); - } - } - - return connection; + protected HttpURLConnection create(URL url) throws IOException, GeneralSecurityException { + return new HttpURLConnectionBuilder(url).setHttpsProtocol(httpsProtocol) + .setReadTimeout(readTimeout) + .setTrustManagerAlgorithm(trustManagerAlgorithm) + .setTrustStore(trustStore) + .setTrustStorePassword(trustStorePassword) + .setTrustStoreType(trustStoreType) + .setURL(url) + .setVerifyChain(verifyChain) + .setVerifyHost(verifyHost).create(); } private String mergeQuery(String url, String queryString) throws MalformedURLException { @@ -187,17 +138,12 @@ if (url == null) { response.sendError(response.SC_NOT_FOUND, "Cannot proxy, no URL is configured."); } else { - URLConnection connection; + HttpURLConnection connection = null; try { - connection = createConnection(new URL(mergeQuery(url, request.getQueryString()))); - } catch(Exception e) { - throw new ServletException(e); - } - connection.connect(); - try { - if (connection instanceof HttpURLConnection) { - response.setStatus(((HttpURLConnection)connection).getResponseCode()); - } + connection = create(new URL(mergeQuery(url, request.getQueryString()))); + connection.setDoInput(true); + connection.setDoOutput(false); + response.setStatus(connection.getResponseCode()); for (Map.Entry<String, List<String>> entry : connection.getHeaderFields().entrySet()) { if (entry.getKey() != null) { boolean first = true; @@ -212,9 +158,12 @@ } } copy(connection.getInputStream(), response.getOutputStream()); + connection.connect(); + } catch (Exception e) { + throw new ServletException(e); } finally { - if (connection instanceof HttpURLConnection) { - ((HttpURLConnection)connection).disconnect(); + if (connection != null) { + connection.disconnect(); } } } -- To view, visit http://gerrit.ovirt.org/35831 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I85ea4e7301b3a018b0438fff25cefad80ebd7256 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
