Revision 9149
Added by rnahf almost 10 years ago
| src/edu/ucsb/nceas/metacat/replication/ReplicationService.java | ||
|---|---|---|
| 60 | 60 |
import javax.servlet.http.HttpServletResponse; |
| 61 | 61 |
|
| 62 | 62 |
import org.apache.commons.io.IOUtils; |
| 63 |
import org.apache.http.conn.scheme.Scheme; |
|
| 64 |
import org.apache.http.conn.ssl.SSLSocketFactory; |
|
| 63 |
import org.apache.http.client.HttpClient; |
|
| 64 |
import org.apache.http.impl.client.HttpClientBuilder; |
|
| 65 |
import org.apache.http.impl.client.HttpClients; |
|
| 66 |
import org.apache.http.client.config.RequestConfig; |
|
| 65 | 67 |
import org.apache.log4j.Logger; |
| 66 | 68 |
import org.dataone.client.auth.CertificateManager; |
| 67 |
import org.dataone.client.rest.HttpMultipartRestClient; |
|
| 69 |
import org.dataone.client.rest.RestClient; |
|
| 70 |
import org.dataone.client.utils.HttpUtils; |
|
| 68 | 71 |
import org.dataone.service.types.v1.Identifier; |
| 69 | 72 |
import org.dataone.service.types.v2.SystemMetadata; |
| 70 | 73 |
import org.dataone.service.util.DateTimeMarshaller; |
| ... | ... | |
| 126 | 129 |
private static final int TIMEINTERVALLIMIT = 7200000; |
| 127 | 130 |
public static final String REPLICATIONUSER = "replication"; |
| 128 | 131 |
|
| 132 |
private static RestClient sslClient = null; |
|
| 129 | 133 |
private static int CLIENTTIMEOUT = 30000; |
| 130 | 134 |
|
| 131 | 135 |
public static final String REPLICATION_LOG_FILE_NAME = "metacatreplication.log"; |
| ... | ... | |
| 2287 | 2291 |
logReplication.info("Getting url stream from " + u.toString());
|
| 2288 | 2292 |
logReplication.info("ReplicationService.getURLStream - Before sending request to: " + u.toString());
|
| 2289 | 2293 |
// use httpclient to set up SSL |
| 2290 |
HttpMultipartRestClient client = getSSLClient();
|
|
| 2294 |
RestClient client = getSSLClient(); |
|
| 2291 | 2295 |
// get the response content |
| 2292 |
InputStream input = client.doGetRequest(u.toString(), CLIENTTIMEOUT);
|
|
| 2296 |
InputStream input = client.doGetRequest(u.toString(), null);
|
|
| 2293 | 2297 |
logReplication.info("ReplicationService.getURLStream - After getting response from: " + u.toString());
|
| 2294 | 2298 |
|
| 2295 |
return input;
|
|
| 2299 |
return input; |
|
| 2296 | 2300 |
} |
| 2297 | 2301 |
|
| 2298 | 2302 |
/** |
| ... | ... | |
| 2304 | 2308 |
public static byte[] getURLBytes(URL u) throws Exception {
|
| 2305 | 2309 |
InputStream input = getURLStream(u); |
| 2306 | 2310 |
byte[] bytes = IOUtils.toByteArray(input); |
| 2307 |
return bytes;
|
|
| 2311 |
return bytes; |
|
| 2308 | 2312 |
} |
| 2309 | 2313 |
|
| 2310 | 2314 |
/** |
| ... | ... | |
| 2312 | 2316 |
* Sends client certificate to the server when doing the request. |
| 2313 | 2317 |
* @return |
| 2314 | 2318 |
*/ |
| 2315 |
private static HttpMultipartRestClient getSSLClient() {
|
|
| 2319 |
private static RestClient getSSLClient() {
|
|
| 2316 | 2320 |
|
| 2317 |
HttpMultipartRestClient client = null;
|
|
| 2321 |
if (sslClient == null) {
|
|
| 2318 | 2322 |
|
| 2319 |
// set up this server's client identity |
|
| 2320 |
String subject = null; |
|
| 2321 |
try {
|
|
| 2322 |
// TODO: should there be alternative ways to get the key and certificate? |
|
| 2323 |
String certificateFile = PropertyService.getProperty("replication.certificate.file");
|
|
| 2324 |
String keyFile = PropertyService.getProperty("replication.privatekey.file");
|
|
| 2325 |
String keyPassword = PropertyService.getProperty("replication.privatekey.password");
|
|
| 2326 |
X509Certificate certificate = CertificateManager.getInstance().loadCertificateFromFile(certificateFile); |
|
| 2327 |
PrivateKey privateKey = CertificateManager.getInstance().loadPrivateKeyFromFile(keyFile, keyPassword); |
|
| 2328 |
subject = CertificateManager.getInstance().getSubjectDN(certificate); |
|
| 2329 |
CertificateManager.getInstance().registerCertificate(subject, certificate, privateKey); |
|
| 2330 |
} catch (Exception e) {
|
|
| 2331 |
// this is pretty much required for replication communication |
|
| 2332 |
logReplication.warn("Could not find server's client certificate/private key: " + e.getMessage());
|
|
| 2333 |
} |
|
| 2334 |
|
|
| 2335 |
// set the configured timeout |
|
| 2336 |
//client.setTimeouts(CLIENTTIMEOUT); |
|
| 2323 |
// set up this server's client identity |
|
| 2324 |
String subject = null; |
|
| 2325 |
try {
|
|
| 2326 |
// TODO: should there be alternative ways to get the key and certificate? |
|
| 2327 |
String certificateFile = PropertyService.getProperty("replication.certificate.file");
|
|
| 2328 |
String keyFile = PropertyService.getProperty("replication.privatekey.file");
|
|
| 2329 |
String keyPassword = PropertyService.getProperty("replication.privatekey.password");
|
|
| 2330 |
X509Certificate certificate = CertificateManager.getInstance().loadCertificateFromFile(certificateFile); |
|
| 2331 |
PrivateKey privateKey = CertificateManager.getInstance().loadPrivateKeyFromFile(keyFile, keyPassword); |
|
| 2332 |
subject = CertificateManager.getInstance().getSubjectDN(certificate); |
|
| 2333 |
CertificateManager.getInstance().registerCertificate(subject, certificate, privateKey); |
|
| 2334 |
} catch (Exception e) {
|
|
| 2335 |
// this is pretty much required for replication communication |
|
| 2336 |
logReplication.warn("Could not find server's client certificate/private key: " + e.getMessage());
|
|
| 2337 |
} |
|
| 2337 | 2338 |
|
| 2338 |
SSLSocketFactory socketFactory = null; |
|
| 2339 |
try {
|
|
| 2339 |
try {
|
|
| 2340 |
RequestConfig rc = RequestConfig.custom() |
|
| 2341 |
.setConnectionRequestTimeout(CLIENTTIMEOUT) |
|
| 2342 |
.setConnectTimeout(CLIENTTIMEOUT) |
|
| 2343 |
.setSocketTimeout(CLIENTTIMEOUT).build(); |
|
| 2344 |
HttpClient hc = HttpUtils.getHttpClientBuilder(HttpUtils.selectSession(subject)) |
|
| 2345 |
.setDefaultRequestConfig(rc) |
|
| 2346 |
.build(); |
|
| 2347 |
|
|
| 2348 |
sslClient = new RestlClient(hc); |
|
| 2349 |
} |
|
| 2350 |
catch (FileNotFoundException e) {
|
|
| 2351 |
// these are somewhat expected for anonymous client use |
|
| 2352 |
logReplication.warn("Could not set up SSL connection for client - likely because the certificate could not be located: " + e.getMessage());
|
|
| 2353 |
} |
|
| 2354 |
catch (Exception e) {
|
|
| 2355 |
// this is likely more severe |
|
| 2356 |
logReplication.error("Failed to set up SSL connection for client. Continuing. " + e.getClass() + ":: " + e.getMessage(), e);
|
|
| 2357 |
} |
|
| 2358 |
} |
|
| 2359 |
return sslClient; |
|
| 2360 |
} |
|
| 2340 | 2361 |
|
| 2341 |
socketFactory = CertificateManager.getInstance().getSSLSocketFactory(subject); |
|
| 2342 |
} catch (FileNotFoundException e) {
|
|
| 2343 |
// these are somewhat expected for anonymous client use |
|
| 2344 |
logReplication.warn("Could not set up SSL connection for client - likely because the certificate could not be located: " + e.getMessage());
|
|
| 2345 |
} catch (Exception e) {
|
|
| 2346 |
// this is likely more severe |
|
| 2347 |
logReplication.warn("Funky SSL going on: " + e.getClass() + ":: " + e.getMessage());
|
|
| 2348 |
} |
|
| 2349 |
try {
|
|
| 2350 |
//443 is the default port, this value is overridden if explicitly set in the URL |
|
| 2351 |
Scheme sch = new Scheme("https", 443, socketFactory);
|
|
| 2352 |
client = new HttpMultipartRestClient(); |
|
| 2353 |
client.getHttpClient().getConnectionManager().getSchemeRegistry().register(sch); |
|
| 2354 |
} catch (Exception e) {
|
|
| 2355 |
// this is likely more severe |
|
| 2356 |
logReplication.error("Failed to set up SSL connection for client. Continuing. " + e.getClass() + ":: " + e.getMessage(), e);
|
|
| 2357 |
} |
|
| 2358 |
return client; |
|
| 2359 |
} |
|
| 2360 | 2362 |
|
| 2361 | 2363 |
|
| 2362 | 2364 |
// /** |
Also available in: Unified diff
fixed private getSSLClient method for HttpClient v4.3 compatibility. Now also caching the RestClient for reuse to save overhead.