/*
* Copyright © 2014-2015 Cask Data, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package co.cask.cdap.gateway.router;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.Constants;
import co.cask.cdap.common.conf.SConfiguration;
import co.cask.cdap.common.guice.ConfigModule;
import co.cask.cdap.common.guice.DiscoveryRuntimeModule;
import co.cask.cdap.common.guice.IOModule;
import co.cask.cdap.security.auth.AccessTokenTransformer;
import co.cask.cdap.security.guice.SecurityModules;
import co.cask.common.http.HttpRequests;
import com.google.common.collect.Maps;
import com.google.common.net.InetAddresses;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.apache.twill.discovery.DiscoveryService;
import org.apache.twill.discovery.DiscoveryServiceClient;
import org.junit.Assert;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.net.SocketFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* Tests Netty Router running on HTTPS.
*/
public class NettyRouterHttpsTest extends NettyRouterTestBase {
@Override
protected RouterService createRouterService() {
return new HttpsRouterService(HOSTNAME, DISCOVERY_SERVICE);
}
@Override
protected String getProtocol() {
return "https";
}
@Override
protected HttpURLConnection openURL(URL url) throws Exception {
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
HttpRequests.disableCertCheck(urlConn);
return urlConn;
}
@Override
protected DefaultHttpClient getHTTPClient() throws Exception {
SSLContext sslContext = SSLContext.getInstance("SSL");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s)
throws CertificateException {
//
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s)
throws CertificateException {
//
}
} }, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(sslContext);
Scheme httpsScheme = new Scheme("https", 10101, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(httpsScheme);
// apache HttpClient version >4.2 should use BasicClientConnectionManager
ClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
return new DefaultHttpClient(cm);
}
@Override
protected SocketFactory getSocketFactory() throws Exception {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}}, new java.security.SecureRandom());
return sc.getSocketFactory();
}
private static class HttpsRouterService extends RouterService {
private final String hostname;
private final DiscoveryService discoveryService;
private final Map<String, Integer> serviceMap = Maps.newHashMap();
private NettyRouter router;
private HttpsRouterService(String hostname, DiscoveryService discoveryService) {
this.hostname = hostname;
this.discoveryService = discoveryService;
}
@Override
protected void startUp() {
CConfiguration cConf = CConfiguration.create();
SConfiguration sConf = SConfiguration.create();
cConf.setBoolean(Constants.Security.SSL_ENABLED, true);
URL certUrl = getClass().getClassLoader().getResource("cert.jks");
Assert.assertNotNull(certUrl);
Injector injector = Guice.createInjector(new ConfigModule(cConf), new IOModule(),
new SecurityModules().getInMemoryModules(),
new DiscoveryRuntimeModule().getInMemoryModules());
DiscoveryServiceClient discoveryServiceClient = injector.getInstance(DiscoveryServiceClient.class);
AccessTokenTransformer accessTokenTransformer = injector.getInstance(AccessTokenTransformer.class);
cConf.set(Constants.Router.ADDRESS, hostname);
cConf.setInt(Constants.Router.ROUTER_PORT, 0);
cConf.setBoolean(Constants.Router.WEBAPP_ENABLED, true);
cConf.setInt(Constants.Router.WEBAPP_PORT, 0);
cConf.setInt(Constants.Router.CONNECTION_TIMEOUT_SECS, CONNECTION_IDLE_TIMEOUT_SECS);
sConf.set(Constants.Security.Router.SSL_KEYSTORE_PATH, certUrl.getPath());
router =
new NettyRouter(cConf, sConf, InetAddresses.forString(hostname),
new RouterServiceLookup((DiscoveryServiceClient) discoveryService,
new RouterPathLookup()),
new SuccessTokenValidator(), accessTokenTransformer, discoveryServiceClient);
router.startAndWait();
for (Map.Entry<Integer, String> entry : router.getServiceLookup().getServiceMap().entrySet()) {
serviceMap.put(entry.getValue(), entry.getKey());
}
}
@Override
protected void shutDown() {
router.stopAndWait();
}
@Override
public int lookupService(String serviceName) {
return serviceMap.get(serviceName);
}
}
}