io.fabric8.maven.docker.access.hc.http.HttpClientBuilder.java Source code

Java tutorial

  1. HOME
  2. Java
  3. io.fabric8.maven.docker.access.hc.http.HttpClientBuilder.java

Introduction

Here is the source code for io.fabric8.maven.docker.access.hc.http.HttpClientBuilder.java

Source

package io.fabric8.maven.docker.access.hc.http;/*
                                               *
                                               * Copyright 2014 Roland Huss
                                               *
                                               * Licensed under the Apache License, Version 2.0 (the "License");
                                               * you may not use this file except in compliance with the License.
                                               * You may obtain a copy of the License at
                                               *
                                               *       http://www.apache.org/licenses/LICENSE-2.0
                                               *
                                               * Unless required by applicable law or agreed to in writing, software
                                               * distributed under the License is distributed on an "AS IS" BASIS,
                                               * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
                                               * See the License for the specific language governing permissions and
                                               * limitations under the License.
                                               */

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;

import javax.net.ssl.SSLContext;

import io.fabric8.maven.docker.access.hc.util.ClientBuilder;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.*;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import io.fabric8.maven.docker.access.KeyStoreUtil;
import org.apache.http.ssl.SSLContexts;

/**
 * @author roland
 * @since 05/06/15
 */
public class HttpClientBuilder implements ClientBuilder {

    private final String certPath;
    private final int maxConnections;

    public HttpClientBuilder(String certPath, int maxConnections) {
        this.certPath = certPath;
        this.maxConnections = maxConnections;
    }

    public CloseableHttpClient buildPooledClient() throws IOException {
        org.apache.http.impl.client.HttpClientBuilder builder = HttpClients.custom();
        HttpClientConnectionManager manager = getPooledConnectionFactory(certPath, maxConnections);
        builder.setConnectionManager(manager);
        // TODO: For push-redirects working for 301, the redirect strategy should be relaxed (see #351)
        // However not sure whether we should do it right now and whether this is correct, since normally
        // a 301 should only occur when the image name is invalid (e.g. containing "//" in which case a redirect
        // happens to the URL with a single "/")
        // builder.setRedirectStrategy(new LaxRedirectStrategy());

        // TODO: Tune client if needed (e.g. add pooling factoring .....
        // But I think, that's not really required.

        return builder.build();
    }

    public CloseableHttpClient buildBasicClient() throws IOException {
        return HttpClients.custom().setConnectionManager(getBasicConnectionFactory(certPath)).build();
    }

    private static HttpClientConnectionManager getPooledConnectionFactory(String certPath, int maxConnections)
            throws IOException {
        PoolingHttpClientConnectionManager ret = certPath != null
                ? new PoolingHttpClientConnectionManager(getSslFactoryRegistry(certPath))
                : new PoolingHttpClientConnectionManager();
        ret.setDefaultMaxPerRoute(maxConnections);
        ret.setMaxTotal(maxConnections);
        return ret;
    }

    private static HttpClientConnectionManager getBasicConnectionFactory(String certPath) throws IOException {
        return certPath != null ? new BasicHttpClientConnectionManager(getSslFactoryRegistry(certPath))
                : new BasicHttpClientConnectionManager();
    }

    private static Registry<ConnectionSocketFactory> getSslFactoryRegistry(String certPath) throws IOException {
        try {
            KeyStore keyStore = KeyStoreUtil.createDockerKeyStore(certPath);

            SSLContext sslContext = SSLContexts.custom().useProtocol(SSLConnectionSocketFactory.TLS)
                    .loadKeyMaterial(keyStore, "docker".toCharArray()).loadTrustMaterial(keyStore, null).build();
            String tlsVerify = System.getenv("DOCKER_TLS_VERIFY");
            SSLConnectionSocketFactory sslsf = tlsVerify != null && !tlsVerify.equals("0")
                    && !tlsVerify.equals("false") ? new SSLConnectionSocketFactory(sslContext)
                            : new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

            return RegistryBuilder.<ConnectionSocketFactory>create().register("https", sslsf).build();
        } catch (GeneralSecurityException e) {
            // this isn't ideal but the net effect is the same
            throw new IOException(e);
        }
    }
}