List of usage examples for io.vertx.core.net PemTrustOptions addCertValue
public PemTrustOptions addCertValue(Buffer certValue) throws NullPointerException
From source file:io.gravitee.gateway.http.connector.VertxHttpClient.java
License:Apache License
@Override protected void doStart() throws Exception { httpClientOptions = new HttpClientOptions(); httpClientOptions.setPipelining(endpoint.getHttpClientOptions().isPipelining()); httpClientOptions.setKeepAlive(endpoint.getHttpClientOptions().isKeepAlive()); httpClientOptions.setIdleTimeout((int) (endpoint.getHttpClientOptions().getIdleTimeout() / 1000)); httpClientOptions.setConnectTimeout((int) endpoint.getHttpClientOptions().getConnectTimeout()); httpClientOptions.setUsePooledBuffers(true); httpClientOptions.setMaxPoolSize(endpoint.getHttpClientOptions().getMaxConcurrentConnections()); httpClientOptions.setTryUseCompression(endpoint.getHttpClientOptions().isUseCompression()); httpClientOptions.setLogActivity(true); // Configure proxy HttpProxy proxy = endpoint.getHttpProxy(); if (proxy != null && proxy.isEnabled()) { ProxyOptions proxyOptions = new ProxyOptions(); proxyOptions.setHost(proxy.getHost()); proxyOptions.setPort(proxy.getPort()); proxyOptions.setUsername(proxy.getUsername()); proxyOptions.setPassword(proxy.getPassword()); proxyOptions.setType(ProxyType.valueOf(proxy.getType().name())); httpClientOptions.setProxyOptions(proxyOptions); }/*from ww w . ja v a 2 s . c o m*/ URI target = URI.create(endpoint.getTarget()); HttpClientSslOptions sslOptions = endpoint.getHttpClientSslOptions(); if (HTTPS_SCHEME.equalsIgnoreCase(target.getScheme())) { // Configure SSL httpClientOptions.setSsl(true); if (sslOptions != null) { httpClientOptions.setVerifyHost(sslOptions.isHostnameVerifier()) .setTrustAll(sslOptions.isTrustAll()); // Client trust configuration if (!sslOptions.isTrustAll() && sslOptions.getTrustStore() != null) { switch (sslOptions.getTrustStore().getType()) { case PEM: PEMTrustStore pemTrustStore = (PEMTrustStore) sslOptions.getTrustStore(); PemTrustOptions pemTrustOptions = new PemTrustOptions(); if (pemTrustStore.getPath() != null && !pemTrustStore.getPath().isEmpty()) { pemTrustOptions.addCertPath(pemTrustStore.getPath()); } else if (pemTrustStore.getContent() != null && !pemTrustStore.getContent().isEmpty()) { pemTrustOptions .addCertValue(io.vertx.core.buffer.Buffer.buffer(pemTrustStore.getContent())); } else { throw new EndpointException( "Missing PEM certificate value for endpoint " + endpoint.getName()); } this.httpClientOptions.setPemTrustOptions(pemTrustOptions); break; case PKCS12: PKCS12TrustStore pkcs12TrustStore = (PKCS12TrustStore) sslOptions.getTrustStore(); PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPassword(pkcs12TrustStore.getPassword()); if (pkcs12TrustStore.getPath() != null && !pkcs12TrustStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12TrustStore.getPath()); } else if (pkcs12TrustStore.getContent() != null && !pkcs12TrustStore.getContent().isEmpty()) { pfxOptions.setValue(io.vertx.core.buffer.Buffer.buffer(pkcs12TrustStore.getContent())); } else { throw new EndpointException("Missing PKCS12 value for endpoint " + endpoint.getName()); } this.httpClientOptions.setPfxTrustOptions(pfxOptions); break; case JKS: JKSTrustStore jksTrustStore = (JKSTrustStore) sslOptions.getTrustStore(); JksOptions jksOptions = new JksOptions(); jksOptions.setPassword(jksTrustStore.getPassword()); if (jksTrustStore.getPath() != null && !jksTrustStore.getPath().isEmpty()) { jksOptions.setPath(jksTrustStore.getPath()); } else if (jksTrustStore.getContent() != null && !jksTrustStore.getContent().isEmpty()) { jksOptions.setValue(io.vertx.core.buffer.Buffer.buffer(jksTrustStore.getContent())); } else { throw new EndpointException("Missing JKS value for endpoint " + endpoint.getName()); } this.httpClientOptions.setTrustStoreOptions(jksOptions); break; } } // Client authentication configuration if (sslOptions.getKeyStore() != null) { switch (sslOptions.getKeyStore().getType()) { case PEM: PEMKeyStore pemKeyStore = (PEMKeyStore) sslOptions.getKeyStore(); PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions(); if (pemKeyStore.getCertPath() != null && !pemKeyStore.getCertPath().isEmpty()) { pemKeyCertOptions.setCertPath(pemKeyStore.getCertPath()); } else if (pemKeyStore.getCertContent() != null && !pemKeyStore.getCertContent().isEmpty()) { pemKeyCertOptions .setCertValue(io.vertx.core.buffer.Buffer.buffer(pemKeyStore.getCertContent())); } if (pemKeyStore.getKeyPath() != null && !pemKeyStore.getKeyPath().isEmpty()) { pemKeyCertOptions.setKeyPath(pemKeyStore.getKeyPath()); } else if (pemKeyStore.getKeyContent() != null && !pemKeyStore.getKeyContent().isEmpty()) { pemKeyCertOptions .setKeyValue(io.vertx.core.buffer.Buffer.buffer(pemKeyStore.getKeyContent())); } this.httpClientOptions.setPemKeyCertOptions(pemKeyCertOptions); break; case PKCS12: PKCS12KeyStore pkcs12KeyStore = (PKCS12KeyStore) sslOptions.getKeyStore(); PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPassword(pkcs12KeyStore.getPassword()); if (pkcs12KeyStore.getPath() != null && !pkcs12KeyStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12KeyStore.getPath()); } else if (pkcs12KeyStore.getContent() != null && !pkcs12KeyStore.getContent().isEmpty()) { pfxOptions.setValue(io.vertx.core.buffer.Buffer.buffer(pkcs12KeyStore.getContent())); } this.httpClientOptions.setPfxKeyCertOptions(pfxOptions); break; case JKS: JKSKeyStore jksKeyStore = (JKSKeyStore) sslOptions.getKeyStore(); JksOptions jksOptions = new JksOptions(); jksOptions.setPassword(jksKeyStore.getPassword()); if (jksKeyStore.getPath() != null && !jksKeyStore.getPath().isEmpty()) { jksOptions.setPath(jksKeyStore.getPath()); } else if (jksKeyStore.getContent() != null && !jksKeyStore.getContent().isEmpty()) { jksOptions.setValue(io.vertx.core.buffer.Buffer.buffer(jksKeyStore.getContent())); } this.httpClientOptions.setKeyStoreOptions(jksOptions); break; } } } } printHttpClientConfiguration(httpClientOptions); }
From source file:io.gravitee.gateway.services.healthcheck.http.HttpEndpointRuleHandler.java
License:Apache License
@Override public void handle(Long timer) { HttpEndpoint endpoint = (HttpEndpoint) rule.endpoint(); logger.debug("Running health-check for endpoint: {} [{}]", endpoint.getName(), endpoint.getTarget()); // Run request for each step for (io.gravitee.definition.model.services.healthcheck.Step step : rule.steps()) { try {/*from ww w . j a va 2s. co m*/ URI hcRequestUri = create(endpoint.getTarget(), step.getRequest()); // Prepare HTTP client HttpClientOptions httpClientOptions = new HttpClientOptions().setMaxPoolSize(1).setKeepAlive(false) .setTcpKeepAlive(false); if (endpoint.getHttpClientOptions() != null) { httpClientOptions .setIdleTimeout((int) (endpoint.getHttpClientOptions().getIdleTimeout() / 1000)) .setConnectTimeout((int) endpoint.getHttpClientOptions().getConnectTimeout()) .setTryUseCompression(endpoint.getHttpClientOptions().isUseCompression()); } // Configure HTTP proxy HttpProxy proxy = endpoint.getHttpProxy(); if (proxy != null && proxy.isEnabled()) { ProxyOptions proxyOptions = new ProxyOptions().setHost(proxy.getHost()).setPort(proxy.getPort()) .setUsername(proxy.getUsername()).setPassword(proxy.getPassword()) .setType(ProxyType.valueOf(proxy.getType().name())); httpClientOptions.setProxyOptions(proxyOptions); } HttpClientSslOptions sslOptions = endpoint.getHttpClientSslOptions(); if (HTTPS_SCHEME.equalsIgnoreCase(hcRequestUri.getScheme())) { // Configure SSL httpClientOptions.setSsl(true); if (sslOptions != null) { httpClientOptions.setVerifyHost(sslOptions.isHostnameVerifier()) .setTrustAll(sslOptions.isTrustAll()); // Client trust configuration if (!sslOptions.isTrustAll() && sslOptions.getTrustStore() != null) { switch (sslOptions.getTrustStore().getType()) { case PEM: PEMTrustStore pemTrustStore = (PEMTrustStore) sslOptions.getTrustStore(); PemTrustOptions pemTrustOptions = new PemTrustOptions(); if (pemTrustStore.getPath() != null && !pemTrustStore.getPath().isEmpty()) { pemTrustOptions.addCertPath(pemTrustStore.getPath()); } else if (pemTrustStore.getContent() != null && !pemTrustStore.getContent().isEmpty()) { pemTrustOptions.addCertValue( io.vertx.core.buffer.Buffer.buffer(pemTrustStore.getContent())); } else { throw new EndpointException( "Missing PEM certificate value for endpoint " + endpoint.getName()); } httpClientOptions.setPemTrustOptions(pemTrustOptions); break; case PKCS12: PKCS12TrustStore pkcs12TrustStore = (PKCS12TrustStore) sslOptions.getTrustStore(); PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPassword(pkcs12TrustStore.getPassword()); if (pkcs12TrustStore.getPath() != null && !pkcs12TrustStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12TrustStore.getPath()); } else if (pkcs12TrustStore.getContent() != null && !pkcs12TrustStore.getContent().isEmpty()) { pfxOptions.setValue( io.vertx.core.buffer.Buffer.buffer(pkcs12TrustStore.getContent())); } else { throw new EndpointException( "Missing PKCS12 value for endpoint " + endpoint.getName()); } httpClientOptions.setPfxTrustOptions(pfxOptions); break; case JKS: JKSTrustStore jksTrustStore = (JKSTrustStore) sslOptions.getTrustStore(); JksOptions jksOptions = new JksOptions(); jksOptions.setPassword(jksTrustStore.getPassword()); if (jksTrustStore.getPath() != null && !jksTrustStore.getPath().isEmpty()) { jksOptions.setPath(jksTrustStore.getPath()); } else if (jksTrustStore.getContent() != null && !jksTrustStore.getContent().isEmpty()) { jksOptions.setValue( io.vertx.core.buffer.Buffer.buffer(jksTrustStore.getContent())); } else { throw new EndpointException( "Missing JKS value for endpoint " + endpoint.getName()); } httpClientOptions.setTrustStoreOptions(jksOptions); break; } } // Client authentication configuration if (sslOptions.getKeyStore() != null) { switch (sslOptions.getKeyStore().getType()) { case PEM: PEMKeyStore pemKeyStore = (PEMKeyStore) sslOptions.getKeyStore(); PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions(); if (pemKeyStore.getCertPath() != null && !pemKeyStore.getCertPath().isEmpty()) { pemKeyCertOptions.setCertPath(pemKeyStore.getCertPath()); } else if (pemKeyStore.getCertContent() != null && !pemKeyStore.getCertContent().isEmpty()) { pemKeyCertOptions.setCertValue( io.vertx.core.buffer.Buffer.buffer(pemKeyStore.getCertContent())); } if (pemKeyStore.getKeyPath() != null && !pemKeyStore.getKeyPath().isEmpty()) { pemKeyCertOptions.setKeyPath(pemKeyStore.getKeyPath()); } else if (pemKeyStore.getKeyContent() != null && !pemKeyStore.getKeyContent().isEmpty()) { pemKeyCertOptions.setKeyValue( io.vertx.core.buffer.Buffer.buffer(pemKeyStore.getKeyContent())); } httpClientOptions.setPemKeyCertOptions(pemKeyCertOptions); break; case PKCS12: PKCS12KeyStore pkcs12KeyStore = (PKCS12KeyStore) sslOptions.getKeyStore(); PfxOptions pfxOptions = new PfxOptions(); pfxOptions.setPassword(pkcs12KeyStore.getPassword()); if (pkcs12KeyStore.getPath() != null && !pkcs12KeyStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12KeyStore.getPath()); } else if (pkcs12KeyStore.getContent() != null && !pkcs12KeyStore.getContent().isEmpty()) { pfxOptions.setValue( io.vertx.core.buffer.Buffer.buffer(pkcs12KeyStore.getContent())); } httpClientOptions.setPfxKeyCertOptions(pfxOptions); break; case JKS: JKSKeyStore jksKeyStore = (JKSKeyStore) sslOptions.getKeyStore(); JksOptions jksOptions = new JksOptions(); jksOptions.setPassword(jksKeyStore.getPassword()); if (jksKeyStore.getPath() != null && !jksKeyStore.getPath().isEmpty()) { jksOptions.setPath(jksKeyStore.getPath()); } else if (jksKeyStore.getContent() != null && !jksKeyStore.getContent().isEmpty()) { jksOptions .setValue(io.vertx.core.buffer.Buffer.buffer(jksKeyStore.getContent())); } httpClientOptions.setKeyStoreOptions(jksOptions); break; } } } } HttpClient httpClient = vertx.createHttpClient(httpClientOptions); final int port = hcRequestUri.getPort() != -1 ? hcRequestUri.getPort() : (HTTPS_SCHEME.equals(hcRequestUri.getScheme()) ? 443 : 80); String relativeUri = (hcRequestUri.getRawQuery() == null) ? hcRequestUri.getRawPath() : hcRequestUri.getRawPath() + '?' + hcRequestUri.getRawQuery(); // Run health-check HttpClientRequest healthRequest = httpClient.request( HttpMethod.valueOf(step.getRequest().getMethod().name().toUpperCase()), port, hcRequestUri.getHost(), relativeUri); // Set timeout on request if (endpoint.getHttpClientOptions() != null) { healthRequest.setTimeout(endpoint.getHttpClientOptions().getReadTimeout()); } // Prepare request if (step.getRequest().getHeaders() != null) { step.getRequest().getHeaders().forEach( httpHeader -> healthRequest.headers().set(httpHeader.getName(), httpHeader.getValue())); } final EndpointStatus.Builder healthBuilder = EndpointStatus .forEndpoint(rule.api(), endpoint.getName()).on(currentTimeMillis()); long startTime = currentTimeMillis(); Request request = new Request(); request.setMethod(step.getRequest().getMethod()); request.setUri(hcRequestUri.toString()); healthRequest.handler(response -> response.bodyHandler(buffer -> { long endTime = currentTimeMillis(); logger.debug("Health-check endpoint returns a response with a {} status code", response.statusCode()); String body = buffer.toString(); EndpointStatus.StepBuilder stepBuilder = validateAssertions(step, new EvaluableHttpResponse(response, body)); stepBuilder.request(request); stepBuilder.responseTime(endTime - startTime); Response healthResponse = new Response(); healthResponse.setStatus(response.statusCode()); // If validation fail, store request and response data if (!stepBuilder.isSuccess()) { request.setBody(step.getRequest().getBody()); if (step.getRequest().getHeaders() != null) { HttpHeaders reqHeaders = new HttpHeaders(); step.getRequest().getHeaders().forEach(httpHeader -> reqHeaders .put(httpHeader.getName(), Collections.singletonList(httpHeader.getValue()))); request.setHeaders(reqHeaders); } // Extract headers HttpHeaders headers = new HttpHeaders(); response.headers().names().forEach( headerName -> headers.put(headerName, response.headers().getAll(headerName))); healthResponse.setHeaders(headers); // Store body healthResponse.setBody(body); } stepBuilder.response(healthResponse); // Append step stepBuilder healthBuilder.step(stepBuilder.build()); report(healthBuilder.build()); // Close client httpClient.close(); })); healthRequest.exceptionHandler(event -> { long endTime = currentTimeMillis(); EndpointStatus.StepBuilder stepBuilder = EndpointStatus.forStep(step.getName()); stepBuilder.fail(event.getMessage()); Response healthResponse = new Response(); // Extract request information request.setBody(step.getRequest().getBody()); if (step.getRequest().getHeaders() != null) { HttpHeaders reqHeaders = new HttpHeaders(); step.getRequest().getHeaders().forEach(httpHeader -> reqHeaders.put(httpHeader.getName(), Collections.singletonList(httpHeader.getValue()))); request.setHeaders(reqHeaders); } if (event instanceof ConnectTimeoutException) { stepBuilder.fail(event.getMessage()); healthResponse.setStatus(HttpStatusCode.REQUEST_TIMEOUT_408); } else { healthResponse.setStatus(HttpStatusCode.SERVICE_UNAVAILABLE_503); } Step result = stepBuilder.build(); result.setResponse(healthResponse); result.setRequest(request); result.setResponseTime(endTime - startTime); // Append step result healthBuilder.step(result); report(healthBuilder.build()); try { // Close client httpClient.close(); } catch (IllegalStateException ise) { // Do not take care about exception when closing client } }); // Send request logger.debug("Execute health-check request: {}", healthRequest); if (step.getRequest().getBody() != null && !step.getRequest().getBody().isEmpty()) { healthRequest.end(step.getRequest().getBody()); } else { healthRequest.end(); } } catch (EndpointException ee) { logger.error("An error occurs while configuring the endpoint " + endpoint.getName() + ". Healthcheck is skipped for this endpoint.", ee); } catch (Exception ex) { logger.error("An unexpected error occurs", ex); } } }