co.cask.cdap.gateway.router.NettyRouterHttpsTest.java Source code

Java tutorial

Introduction

Here is the source code for co.cask.cdap.gateway.router.NettyRouterHttpsTest.java

Source

/*
 * Copyright  2014-2015 Cask Data, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

package co.cask.cdap.gateway.router;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.Constants;
import co.cask.cdap.common.conf.SConfiguration;
import co.cask.cdap.common.guice.ConfigModule;
import co.cask.cdap.common.guice.DiscoveryRuntimeModule;
import co.cask.cdap.common.guice.IOModule;
import co.cask.cdap.security.auth.AccessTokenTransformer;
import co.cask.cdap.security.guice.SecurityModules;
import co.cask.common.http.HttpRequests;
import com.google.common.collect.Maps;
import com.google.common.net.InetAddresses;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.apache.twill.discovery.DiscoveryService;
import org.apache.twill.discovery.DiscoveryServiceClient;
import org.junit.Assert;

import java.net.HttpURLConnection;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.SocketFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * Tests Netty Router running on HTTPS.
 */
public class NettyRouterHttpsTest extends NettyRouterTestBase {

    @Override
    protected RouterService createRouterService() {
        return new HttpsRouterService(HOSTNAME, DISCOVERY_SERVICE);
    }

    @Override
    protected String getProtocol() {
        return "https";
    }

    @Override
    protected HttpURLConnection openURL(URL url) throws Exception {
        HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
        HttpRequests.disableCertCheck(urlConn);
        return urlConn;
    }

    @Override
    protected DefaultHttpClient getHTTPClient() throws Exception {
        SSLContext sslContext = SSLContext.getInstance("SSL");

        // set up a TrustManager that trusts everything
        sslContext.init(null, new TrustManager[] { new X509TrustManager() {
            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s)
                    throws CertificateException {
                //
            }

            @Override
            public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s)
                    throws CertificateException {
                //
            }

        } }, new SecureRandom());

        SSLSocketFactory sf = new SSLSocketFactory(sslContext);
        Scheme httpsScheme = new Scheme("https", 10101, sf);
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        schemeRegistry.register(httpsScheme);

        // apache HttpClient version >4.2 should use BasicClientConnectionManager
        ClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
        return new DefaultHttpClient(cm);
    }

    @Override
    protected SocketFactory getSocketFactory() throws Exception {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
                    throws CertificateException {

            }

            @Override
            public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
                    throws CertificateException {

            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        } }, new java.security.SecureRandom());
        return sc.getSocketFactory();
    }

    private static class HttpsRouterService extends RouterService {
        private final String hostname;
        private final DiscoveryService discoveryService;
        private final Map<String, Integer> serviceMap = Maps.newHashMap();

        private NettyRouter router;

        private HttpsRouterService(String hostname, DiscoveryService discoveryService) {
            this.hostname = hostname;
            this.discoveryService = discoveryService;
        }

        @Override
        protected void startUp() {
            CConfiguration cConf = CConfiguration.create();
            SConfiguration sConf = SConfiguration.create();
            cConf.setBoolean(Constants.Security.SSL_ENABLED, true);

            URL certUrl = getClass().getClassLoader().getResource("cert.jks");
            Assert.assertNotNull(certUrl);

            Injector injector = Guice.createInjector(new ConfigModule(cConf), new IOModule(),
                    new SecurityModules().getInMemoryModules(), new DiscoveryRuntimeModule().getInMemoryModules());
            DiscoveryServiceClient discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
            AccessTokenTransformer accessTokenTransformer = injector.getInstance(AccessTokenTransformer.class);
            cConf.set(Constants.Router.ADDRESS, hostname);
            cConf.setInt(Constants.Router.ROUTER_PORT, 0);
            cConf.setBoolean(Constants.Router.WEBAPP_ENABLED, true);
            cConf.setInt(Constants.Router.WEBAPP_PORT, 0);
            cConf.setInt(Constants.Router.CONNECTION_TIMEOUT_SECS, CONNECTION_IDLE_TIMEOUT_SECS);

            sConf.set(Constants.Security.Router.SSL_KEYSTORE_PATH, certUrl.getPath());

            router = new NettyRouter(cConf, sConf, InetAddresses.forString(hostname),
                    new RouterServiceLookup((DiscoveryServiceClient) discoveryService, new RouterPathLookup()),
                    new SuccessTokenValidator(), accessTokenTransformer, discoveryServiceClient);
            router.startAndWait();

            for (Map.Entry<Integer, String> entry : router.getServiceLookup().getServiceMap().entrySet()) {
                serviceMap.put(entry.getValue(), entry.getKey());
            }
        }

        @Override
        protected void shutDown() {
            router.stopAndWait();
        }

        @Override
        public int lookupService(String serviceName) {
            return serviceMap.get(serviceName);
        }
    }

}