List of usage examples for io.vertx.core.http HttpClientOptions setSsl
@Override
public HttpClientOptions setSsl(boolean ssl)
From source file:io.apiman.gateway.platforms.vertx3.http.HttpClientOptionsFactory.java
License:Apache License
private static HttpClientOptions doParse(TLSOptions tlsOptions, URI apiEndpoint) { HttpClientOptions clientOptions = new HttpClientOptions(); if (apiEndpoint.getScheme().equals("http")) { //$NON-NLS-1$ return clientOptions.setSsl(false); } else {/*ww w . j ava 2s . c o m*/ clientOptions.setSsl(true); } clientOptions.setTrustAll(tlsOptions.isTrustSelfSigned() || tlsOptions.isDevMode()) .setVerifyHost(!tlsOptions.isAllowAnyHost() || tlsOptions.isDevMode()); if (tlsOptions.getTrustStore() != null) { clientOptions.setTrustStoreOptions(new JksOptions().setPath(tlsOptions.getTrustStore()) .setPassword(tlsOptions.getTrustStorePassword())); } if (tlsOptions.getKeyStore() != null) { clientOptions.setKeyStoreOptions(new JksOptions().setPath(tlsOptions.getKeyStore()) .setPassword(tlsOptions.getKeyStorePassword())); } if (tlsOptions.getAllowedCiphers() != null) { String[] ciphers = arrayDifference(tlsOptions.getAllowedCiphers(), tlsOptions.getDisallowedCiphers(), getDefaultCipherSuites()); for (String cipher : ciphers) { clientOptions.addEnabledCipherSuite(cipher); } } if (tlsOptions.getAllowedProtocols() != null) { log.info("Can't set allowed protocols on Vert.x gateway"); //$NON-NLS-1$ } return clientOptions; }
From source file:io.gravitee.gateway.services.healthcheck.http.HttpEndpointRuleHandler.java
License:Apache License
@Override public void handle(Long timer) { HttpEndpoint endpoint = (HttpEndpoint) rule.endpoint(); logger.debug("Running health-check for endpoint: {} [{}]", endpoint.getName(), endpoint.getTarget()); // Run request for each step for (io.gravitee.definition.model.services.healthcheck.Step step : rule.steps()) { try {/* w w w .j a va 2s. co m*/ URI hcRequestUri = create(endpoint.getTarget(), step.getRequest()); // Prepare HTTP client HttpClientOptions httpClientOptions = new HttpClientOptions().setMaxPoolSize(1).setKeepAlive(false) .setTcpKeepAlive(false); if (endpoint.getHttpClientOptions() != null) { httpClientOptions .setIdleTimeout((int) (endpoint.getHttpClientOptions().getIdleTimeout() / 1000)) .setConnectTimeout((int) endpoint.getHttpClientOptions().getConnectTimeout()) .setTryUseCompression(endpoint.getHttpClientOptions().isUseCompression()); } // Configure HTTP proxy HttpProxy proxy = endpoint.getHttpProxy(); if (proxy != null && proxy.isEnabled()) { ProxyOptions proxyOptions = new ProxyOptions().setHost(proxy.getHost()).setPort(proxy.getPort()) .setUsername(proxy.getUsername()).setPassword(proxy.getPassword()) .setType(ProxyType.valueOf(proxy.getType().name())); httpClientOptions.setProxyOptions(proxyOptions); } HttpClientSslOptions sslOptions = endpoint.getHttpClientSslOptions(); if (HTTPS_SCHEME.equalsIgnoreCase(hcRequestUri.getScheme())) { // Configure SSL httpClientOptions.setSsl(true); if (sslOptions != null) { httpClientOptions.setVerifyHost(sslOptions.isHostnameVerifier()) .setTrustAll(sslOptions.isTrustAll()); // Client trust configuration if (!sslOptions.isTrustAll() && sslOptions.getTrustStore() != null) { switch (sslOptions.getTrustStore().getType()) { case PEM: PEMTrustStore pemTrustStore = (PEMTrustStore) sslOptions.getTrustStore(); PemTrustOptions pemTrustOptions = new PemTrustOptions(); if (pemTrustStore.getPath() != null && !pemTrustStore.getPath().isEmpty()) { pemTrustOptions.addCertPath(pemTrustStore.getPath()); } else if (pemTrustStore.getContent() != null && !pemTrustStore.getContent().isEmpty()) { pemTrustOptions.addCertValue( io.vertx.core.buffer.Buffer.buffer(pemTrustStore.getContent())); } else { throw new EndpointException( "Missing PEM certificate value for endpoint " + endpoint.getName()); } httpClientOptions.setPemTrustOptions(pemTrustOptions); break; case PKCS12: PKCS12TrustStore pkcs12TrustStore = (PKCS12TrustStore) sslOptions.getTrustStore(); PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPassword(pkcs12TrustStore.getPassword()); if (pkcs12TrustStore.getPath() != null && !pkcs12TrustStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12TrustStore.getPath()); } else if (pkcs12TrustStore.getContent() != null && !pkcs12TrustStore.getContent().isEmpty()) { pfxOptions.setValue( io.vertx.core.buffer.Buffer.buffer(pkcs12TrustStore.getContent())); } else { throw new EndpointException( "Missing PKCS12 value for endpoint " + endpoint.getName()); } httpClientOptions.setPfxTrustOptions(pfxOptions); break; case JKS: JKSTrustStore jksTrustStore = (JKSTrustStore) sslOptions.getTrustStore(); JksOptions jksOptions = new JksOptions(); jksOptions.setPassword(jksTrustStore.getPassword()); if (jksTrustStore.getPath() != null && !jksTrustStore.getPath().isEmpty()) { jksOptions.setPath(jksTrustStore.getPath()); } else if (jksTrustStore.getContent() != null && !jksTrustStore.getContent().isEmpty()) { jksOptions.setValue( io.vertx.core.buffer.Buffer.buffer(jksTrustStore.getContent())); } else { throw new EndpointException( "Missing JKS value for endpoint " + endpoint.getName()); } httpClientOptions.setTrustStoreOptions(jksOptions); break; } } // Client authentication configuration if (sslOptions.getKeyStore() != null) { switch (sslOptions.getKeyStore().getType()) { case PEM: PEMKeyStore pemKeyStore = (PEMKeyStore) sslOptions.getKeyStore(); PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions(); if (pemKeyStore.getCertPath() != null && !pemKeyStore.getCertPath().isEmpty()) { pemKeyCertOptions.setCertPath(pemKeyStore.getCertPath()); } else if (pemKeyStore.getCertContent() != null && !pemKeyStore.getCertContent().isEmpty()) { pemKeyCertOptions.setCertValue( io.vertx.core.buffer.Buffer.buffer(pemKeyStore.getCertContent())); } if (pemKeyStore.getKeyPath() != null && !pemKeyStore.getKeyPath().isEmpty()) { pemKeyCertOptions.setKeyPath(pemKeyStore.getKeyPath()); } else if (pemKeyStore.getKeyContent() != null && !pemKeyStore.getKeyContent().isEmpty()) { pemKeyCertOptions.setKeyValue( io.vertx.core.buffer.Buffer.buffer(pemKeyStore.getKeyContent())); } httpClientOptions.setPemKeyCertOptions(pemKeyCertOptions); break; case PKCS12: PKCS12KeyStore pkcs12KeyStore = (PKCS12KeyStore) sslOptions.getKeyStore(); PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPassword(pkcs12KeyStore.getPassword()); if (pkcs12KeyStore.getPath() != null && !pkcs12KeyStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12KeyStore.getPath()); } else if (pkcs12KeyStore.getContent() != null && !pkcs12KeyStore.getContent().isEmpty()) { pfxOptions.setValue( io.vertx.core.buffer.Buffer.buffer(pkcs12KeyStore.getContent())); } httpClientOptions.setPfxKeyCertOptions(pfxOptions); break; case JKS: JKSKeyStore jksKeyStore = (JKSKeyStore) sslOptions.getKeyStore(); JksOptions jksOptions = new JksOptions(); jksOptions.setPassword(jksKeyStore.getPassword()); if (jksKeyStore.getPath() != null && !jksKeyStore.getPath().isEmpty()) { jksOptions.setPath(jksKeyStore.getPath()); } else if (jksKeyStore.getContent() != null && !jksKeyStore.getContent().isEmpty()) { jksOptions .setValue(io.vertx.core.buffer.Buffer.buffer(jksKeyStore.getContent())); } httpClientOptions.setKeyStoreOptions(jksOptions); break; } } } } HttpClient httpClient = vertx.createHttpClient(httpClientOptions); final int port = hcRequestUri.getPort() != -1 ? hcRequestUri.getPort() : (HTTPS_SCHEME.equals(hcRequestUri.getScheme()) ? 443 : 80); String relativeUri = (hcRequestUri.getRawQuery() == null) ? hcRequestUri.getRawPath() : hcRequestUri.getRawPath() + '?' + hcRequestUri.getRawQuery(); // Run health-check HttpClientRequest healthRequest = httpClient.request( HttpMethod.valueOf(step.getRequest().getMethod().name().toUpperCase()), port, hcRequestUri.getHost(), relativeUri); // Set timeout on request if (endpoint.getHttpClientOptions() != null) { healthRequest.setTimeout(endpoint.getHttpClientOptions().getReadTimeout()); } // Prepare request if (step.getRequest().getHeaders() != null) { step.getRequest().getHeaders().forEach( httpHeader -> healthRequest.headers().set(httpHeader.getName(), httpHeader.getValue())); } final EndpointStatus.Builder healthBuilder = EndpointStatus .forEndpoint(rule.api(), endpoint.getName()).on(currentTimeMillis()); long startTime = currentTimeMillis(); Request request = new Request(); request.setMethod(step.getRequest().getMethod()); request.setUri(hcRequestUri.toString()); healthRequest.handler(response -> response.bodyHandler(buffer -> { long endTime = currentTimeMillis(); logger.debug("Health-check endpoint returns a response with a {} status code", response.statusCode()); String body = buffer.toString(); EndpointStatus.StepBuilder stepBuilder = validateAssertions(step, new EvaluableHttpResponse(response, body)); stepBuilder.request(request); stepBuilder.responseTime(endTime - startTime); Response healthResponse = new Response(); healthResponse.setStatus(response.statusCode()); // If validation fail, store request and response data if (!stepBuilder.isSuccess()) { request.setBody(step.getRequest().getBody()); if (step.getRequest().getHeaders() != null) { HttpHeaders reqHeaders = new HttpHeaders(); step.getRequest().getHeaders().forEach(httpHeader -> reqHeaders .put(httpHeader.getName(), Collections.singletonList(httpHeader.getValue()))); request.setHeaders(reqHeaders); } // Extract headers HttpHeaders headers = new HttpHeaders(); response.headers().names().forEach( headerName -> headers.put(headerName, response.headers().getAll(headerName))); healthResponse.setHeaders(headers); // Store body healthResponse.setBody(body); } stepBuilder.response(healthResponse); // Append step stepBuilder healthBuilder.step(stepBuilder.build()); report(healthBuilder.build()); // Close client httpClient.close(); })); healthRequest.exceptionHandler(event -> { long endTime = currentTimeMillis(); EndpointStatus.StepBuilder stepBuilder = EndpointStatus.forStep(step.getName()); stepBuilder.fail(event.getMessage()); Response healthResponse = new Response(); // Extract request information request.setBody(step.getRequest().getBody()); if (step.getRequest().getHeaders() != null) { HttpHeaders reqHeaders = new HttpHeaders(); step.getRequest().getHeaders().forEach(httpHeader -> reqHeaders.put(httpHeader.getName(), Collections.singletonList(httpHeader.getValue()))); request.setHeaders(reqHeaders); } if (event instanceof ConnectTimeoutException) { stepBuilder.fail(event.getMessage()); healthResponse.setStatus(HttpStatusCode.REQUEST_TIMEOUT_408); } else { healthResponse.setStatus(HttpStatusCode.SERVICE_UNAVAILABLE_503); } Step result = stepBuilder.build(); result.setResponse(healthResponse); result.setRequest(request); result.setResponseTime(endTime - startTime); // Append step result healthBuilder.step(result); report(healthBuilder.build()); try { // Close client httpClient.close(); } catch (IllegalStateException ise) { // Do not take care about exception when closing client } }); // Send request logger.debug("Execute health-check request: {}", healthRequest); if (step.getRequest().getBody() != null && !step.getRequest().getBody().isEmpty()) { healthRequest.end(step.getRequest().getBody()); } else { healthRequest.end(); } } catch (EndpointException ee) { logger.error("An error occurs while configuring the endpoint " + endpoint.getName() + ". Healthcheck is skipped for this endpoint.", ee); } catch (Exception ex) { logger.error("An unexpected error occurs", ex); } } }
From source file:io.nitor.api.backend.NitorBackend.java
License:Apache License
@Override public void start() { vertx.exceptionHandler(e -> logger.error("Fallback exception handler got", e)); HttpServerOptions httpServerOptions = SetupHttpServerOptions.createHttpServerOptions(config()); Router router = Router.router(vertx); HttpClientOptions clientOptions = new HttpClientOptions(); clientOptions.setConnectTimeout((int) SECONDS.toMillis(5)); clientOptions.setIdleTimeout((int) SECONDS.toMillis(15)); clientOptions.setSsl(true); HttpClient httpClient = vertx.createHttpClient(clientOptions); Map<String, String> injectedResponseHeaders = new HashMap<>(); for (Entry<String, Object> defaultHeader : config().getJsonObject("defaultHeaders")) { injectedResponseHeaders.put(defaultHeader.getKey().toLowerCase(), defaultHeader.getValue().toString()); }// w w w.ja va2 s .co m String publicURI = config().getString("publicURI", "http" + (httpServerOptions.isSsl() ? "s" : "") + "://localhost:" + listenPort); if (publicURI.endsWith("/")) { publicURI = publicURI.substring(0, publicURI.length() - 1); } publicURI = publicURI.toLowerCase(ROOT); boolean isOrigReqHttps = httpServerOptions.isSsl() || publicURI.startsWith("https:"); boolean trustPreviousProxy = config().getBoolean("trustPreviousProxy", publicURI.startsWith("https:") && !httpServerOptions.isSsl()); router.route().handler(new AccessLogHandler()::handle); router.route().handler(routingContext -> { HttpServerResponse resp = routingContext.response(); if (isOrigReqHttps) { resp.putHeader("strict-transport-security", "max-age=31536000; includeSubDomains"); } if (trustPreviousProxy) { String origHost = parseForwardedHeaders(routingContext.request().headers()); if (origHost != null) { routingContext.put(REMOTE_ADDRESS, origHost); } } if (!injectedResponseHeaders.isEmpty()) { routingContext.addHeadersEndHandler(v -> { for (Entry<String, String> header : injectedResponseHeaders.entrySet()) { if (!resp.headers().contains(header.getKey())) { resp.putHeader(header.getKey(), header.getValue()); } } }); } routingContext.next(); }); router.get("/healthCheck").handler(routingContext -> routingContext.response().setStatusCode(200).end()); router.get("/certCheck").handler(routingContext -> { String resp; try { resp = "Certs: " + Arrays.toString(routingContext.request().peerCertificateChain()); } catch (SSLPeerUnverifiedException e) { resp = "No client certs available:" + e.getMessage(); } routingContext.response().setChunked(true).putHeader(CONTENT_TYPE, "text/plain; charset=utf-8") .write(resp).end(); }); JsonObject clientAuth = config().getJsonObject("clientAuth"); if (clientAuth != null) { if (null != clientAuth.getString("clientChain")) { router.route(clientAuth.getString("route", "/*")).handler(routingContext -> { try { routingContext.request().peerCertificateChain(); routingContext.next(); } catch (SSLPeerUnverifiedException e) { routingContext.response().setStatusCode(FORBIDDEN.code()); routingContext.response().end(); logger.info("Rejected request that was missing valid client certificate from ip {}: {}", routingContext.request().remoteAddress(), e.getMessage()); } }); } } boolean virtualHost = config().getBoolean("virtualHost", false); if (virtualHost) { router.route().handler(ctx -> { ctx.put("host", getUriHostName(ctx.request().host())); ctx.next(); }); } JsonObject sessionConf = config().getJsonObject("session"); CookieSessionHandler sessionHandler = sessionConf != null ? new CookieSessionHandler(sessionConf) : null; if (sessionHandler != null) { router.route().handler(CookieHandler.create()); router.get("/proxyLogout").handler(routingContext -> { routingContext.cookies() .forEach(cookie -> secureCookie(cookie, (int) DAYS.toSeconds(30)).setValue("")); routingContext.response().putHeader(CACHE_CONTROL, "no-cache, no-store, must-revalidate") .putHeader(EXPIRES, "0").putHeader(CONTENT_TYPE, "text/plain; charset=utf-8") .end("Logged out", "UTF-8"); }); } JsonObject adAuth = config().getJsonObject("adAuth"); if (adAuth != null) { JsonObject openIdConfig = adAuth.getJsonObject("openIdConfig"); if (openIdConfig == null || !openIdConfig.containsKey("authorization_endpoint") || !openIdConfig.containsKey("token_endpoint")) { String configURI = adAuth.getString("configurationURI"); try { logger.info("Fetching configuration from " + configURI); URL url = URI.create(configURI).toURL(); openIdConfig = new JsonObject(buffer(toBytes(url.openStream()))); } catch (Exception e) { RuntimeException ex = new RuntimeException("Failed to fetch open id config from " + configURI, e); logger.fatal("adAuth config failure", ex); throw ex; } logger.info( "To speed up startup please define \"adAuth\": {\"openIdConfig\": {\"authorization_endpoint\": \"" + openIdConfig.getString("authorization_endpoint") + "\", \"token_endpoint\": \"" + openIdConfig.getString("token_endpoint") + "\" } }"); } adAuth.put("openIdConfig", openIdConfig); SetupAzureAdConnectAuth.setupAzureAd(adAuth, router, publicURI, virtualHost, sessionHandler, httpClient); } JsonObject basicAuth = config().getJsonObject("basicAuth"); if (basicAuth != null) { AuthHandler basicAuthHandler = BasicAuthHandler.create( new SimpleConfigAuthProvider(basicAuth.getJsonObject("users")), basicAuth.getString("realm", "nitor")); router.route(basicAuth.getString("route", "/*")).handler(basicAuthHandler); } if (sessionHandler != null) { router.get("/cookieCheck").handler(routingContext -> { Map<String, String> headers = sessionHandler.getSessionData(routingContext); StringBuilder sb = new StringBuilder(2048); if (headers == null) { sb.append("No valid session"); } else { headers.forEach((key, value) -> { sb.append(key).append('='); if (key.startsWith(SECRET_DATA_PREFIX)) sb.append("<secret>"); else sb.append(value); sb.append('\n'); }); } routingContext.response().putHeader(CONTENT_TYPE, "text/plain; charset=utf-8").end(sb.toString()); }); } JsonArray customizeConf = config().getJsonArray("customize"); if (customizeConf != null) { customizeConf.forEach(c -> { JsonObject conf = (JsonObject) c; InlineJS inlineJs = new InlineJS(vertx, conf.getString("jsFile", "custom.js")); router.route(conf.getString("route")).handler(ctx -> { inlineJs.call("handleRequest", ctx.request(), ctx); ctx.addHeadersEndHandler((v) -> inlineJs.call("handleResponse", ctx.response(), ctx)); ctx.next(); }); }); } setupServices(config(), httpServerOptions, router, new ServiceRouterBuilder(), httpClient, sessionHandler, adAuth, isOrigReqHttps); router.route().failureHandler(routingContext -> { String error = "ERROR"; int statusCode = routingContext.statusCode(); Throwable t = routingContext.failure(); logger.info("Handling failure statusCode=" + statusCode, t); HttpServerResponse resp = routingContext.response(); if (resp.ended()) { return; } if (resp.headWritten()) { resp.end(); routingContext.request().connection().close(); return; } if (t != null) { if (t instanceof ProxyException) { statusCode = ((ProxyException) t).statusCode; } error = "ERROR: " + t.toString(); } resp.setStatusCode(statusCode != -1 ? statusCode : INTERNAL_SERVER_ERROR.code()); resp.headers().set("Content-Type", "text/plain; charset=UTF-8"); resp.headers().set("Content-Length", Integer.toString(error.length())); resp.end(error); }); vertx.createHttpServer(httpServerOptions).requestHandler(router).listen(listenPort, listenHost); }
From source file:org.entcore.cursus.controllers.CursusController.java
License:Open Source License
@Override public void init(Vertx vertx, JsonObject config, RouteMatcher rm, Map<String, fr.wseduc.webutils.security.SecuredAction> securedActions) { super.init(vertx, config, rm, securedActions); HttpClientOptions cursusClientOptions = new HttpClientOptions().setDefaultHost(wsEndpoint.getHost()); if ("https".equals(wsEndpoint.getProtocol())) { cursusClientOptions.setSsl(true).setTrustAll(true).setDefaultPort(443); } else {//from www. ja v a2s . co m cursusClientOptions.setDefaultPort(wsEndpoint.getPort() == -1 ? 80 : wsEndpoint.getPort()); } cursusClient = vertx.createHttpClient(cursusClientOptions); cursusMap = MapFactory.getSyncClusterMap("cursusMap", vertx, false); /* service.refreshToken(new Handler<Boolean>() { public void handle(Boolean res) { if(!res) log.error("[Cursus][refreshToken] Error while retrieving the Token."); else log.info("[Cursus][refreshToken] Token refreshed."); } }); */ if (cursusMap.containsKey("wallets")) return; service.refreshWallets(new Handler<Boolean>() { public void handle(Boolean res) { if (!res) log.error("[Cursus][refreshWallets] Error while retrieving the wallets list."); else log.info("[Cursus][refreshWallets] Wallets list refreshed."); } }); }
From source file:santo.vertx.reproducer.WebService.java
@Override public void start() { System.out.println("Starting WebService"); Router router = Router.router(vertx); // Add body handler router.route().handler(BodyHandler.create().setBodyLimit(10 * 1024 * 1024)); HttpClientOptions options = new HttpClientOptions(); options.setConnectTimeout(7000);/*w ww . jav a 2 s . c om*/ options.setDefaultHost("internal.objectstore.eu"); options.setDefaultPort(443); options.setSsl(true); options.setTrustAll(true); HttpClient http = vertx.createHttpClient(options); TestHandler handler = TestHandler.create(this, http); router.route("/api/test").handler(handler); vertx.createHttpServer().requestHandler(router::accept).listen(7000); System.out.println("WebService listening on port 7000"); }