| 42 |
42 |
import java.io.Writer;
|
| 43 |
43 |
import java.net.MalformedURLException;
|
| 44 |
44 |
import java.net.URL;
|
|
45 |
import java.security.PrivateKey;
|
|
46 |
import java.security.cert.X509Certificate;
|
| 45 |
47 |
import java.sql.PreparedStatement;
|
| 46 |
48 |
import java.sql.ResultSet;
|
| 47 |
49 |
import java.sql.SQLException;
|
| ... | ... | |
| 55 |
57 |
import javax.servlet.http.HttpServletRequest;
|
| 56 |
58 |
import javax.servlet.http.HttpServletResponse;
|
| 57 |
59 |
|
|
60 |
import org.apache.http.HttpResponse;
|
|
61 |
import org.apache.http.conn.scheme.Scheme;
|
|
62 |
import org.apache.http.conn.ssl.SSLSocketFactory;
|
| 58 |
63 |
import org.apache.log4j.Logger;
|
|
64 |
import org.dataone.client.RestClient;
|
|
65 |
import org.dataone.client.auth.CertificateManager;
|
|
66 |
import org.dataone.service.types.v1.Session;
|
| 59 |
67 |
import org.dataone.service.types.v1.SystemMetadata;
|
| 60 |
68 |
import org.dataone.service.util.TypeMarshaller;
|
| 61 |
69 |
import org.xml.sax.InputSource;
|
| ... | ... | |
| 2014 |
2022 |
logReplication.info("Getting url content from " + u.toString());
|
| 2015 |
2023 |
char istreamChar;
|
| 2016 |
2024 |
int istreamInt;
|
| 2017 |
|
logReplication.info("ReplicationService.getURLContent - Before open the stream" + u.toString());
|
| 2018 |
|
InputStream input = u.openStream();
|
| 2019 |
|
logReplication.info("ReplicationService.getURLContent - After open the stream" + u.toString());
|
|
2025 |
logReplication.info("ReplicationService.getURLContent - Before sending request to: " + u.toString());
|
|
2026 |
// use httpclient to set up SSL
|
|
2027 |
RestClient client = getSSLClient();
|
|
2028 |
HttpResponse response = client.doGetRequest(u.toString());
|
|
2029 |
// get the response content
|
|
2030 |
InputStream input = response.getEntity().getContent();
|
|
2031 |
logReplication.info("ReplicationService.getURLContent - After getting response from: " + u.toString());
|
| 2020 |
2032 |
InputStreamReader istream = new InputStreamReader(input);
|
| 2021 |
2033 |
StringBuffer serverResponse = new StringBuffer();
|
| 2022 |
2034 |
while ((istreamInt = istream.read()) != -1) {
|
| ... | ... | |
| 2028 |
2040 |
|
| 2029 |
2041 |
return serverResponse.toString();
|
| 2030 |
2042 |
}
|
|
2043 |
|
|
2044 |
/**
|
|
2045 |
* Sets up an HttpClient with SSL connection.
|
|
2046 |
* Sends client certificate to the server when doing the request.
|
|
2047 |
* @return
|
|
2048 |
*/
|
|
2049 |
private static RestClient getSSLClient() {
|
|
2050 |
RestClient client = new RestClient();
|
|
2051 |
|
|
2052 |
// set up this server's client identity
|
|
2053 |
String subject = null;
|
|
2054 |
try {
|
|
2055 |
X509Certificate certificate = CertificateManager.getInstance().loadCertificateFromFile(PropertyService.getProperty("replication.certificate.file"));
|
|
2056 |
PrivateKey key = CertificateManager.getInstance().loadPrivateKeyFromFile(PropertyService.getProperty("replication.privatekey.file"));
|
|
2057 |
subject = CertificateManager.getInstance().getSubjectDN(certificate);
|
|
2058 |
CertificateManager.getInstance().registerCertificate(subject, certificate, key);
|
|
2059 |
} catch (Exception e) {
|
|
2060 |
// this is pretty much required for replication communication
|
|
2061 |
logReplication.warn("Could find server's client certificate/private key: " + e.getMessage());
|
|
2062 |
}
|
|
2063 |
SSLSocketFactory socketFactory = null;
|
|
2064 |
try {
|
|
2065 |
socketFactory = CertificateManager.getInstance().getSSLSocketFactory(subject);
|
|
2066 |
} catch (FileNotFoundException e) {
|
|
2067 |
// these are somewhat expected for anonymous client use
|
|
2068 |
logReplication.warn("Could not set up SSL connection for client - likely because the certificate could not be located: " + e.getMessage());
|
|
2069 |
} catch (Exception e) {
|
|
2070 |
// this is likely more severe
|
|
2071 |
logReplication.warn("Funky SSL going on: " + e.getClass() + ":: " + e.getMessage());
|
|
2072 |
}
|
|
2073 |
try {
|
|
2074 |
//443 is the default port, this value is overridden if explicitly set in the URL
|
|
2075 |
Scheme sch = new Scheme("https", 443, socketFactory);
|
|
2076 |
client.getHttpClient().getConnectionManager().getSchemeRegistry().register(sch);
|
|
2077 |
} catch (Exception e) {
|
|
2078 |
// this is likely more severe
|
|
2079 |
logReplication.error("Failed to set up SSL connection for client. Continuing. " + e.getClass() + ":: " + e.getMessage(), e);
|
|
2080 |
}
|
|
2081 |
return client;
|
|
2082 |
}
|
|
2083 |
|
| 2031 |
2084 |
|
| 2032 |
2085 |
// /**
|
| 2033 |
2086 |
// * Method for writing replication messages to a log file specified in
|
use HttpClient to set up SSL connection when doing replication calls -- this will use the server's configured certificate as the client certificate on the request. The server it is calling can then inspect that certificate and decide whether or not it trusts the caller.