com.amazonaws.http.apache.client.impl.ApacheConnectionManagerFactory Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws-java-sdk-osgi Show documentation
Show all versions of aws-java-sdk-osgi Show documentation
The AWS SDK for Java with support for OSGi. The AWS SDK for Java provides Java APIs for building software on AWS' cost-effective, scalable, and reliable infrastructure products. The AWS Java SDK allows developers to code against APIs for all of Amazon's infrastructure web services (Amazon S3, Amazon EC2, Amazon SQS, Amazon Relational Database Service, Amazon AutoScaling, etc).
/*
* Copyright (c) 2016. Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.http.apache.client.impl;
import com.amazonaws.SDKGlobalConfiguration;
import com.amazonaws.http.AmazonHttpClient;
import com.amazonaws.http.DelegatingDnsResolver;
import com.amazonaws.http.client.ConnectionManagerFactory;
import com.amazonaws.http.conn.ssl.SdkTLSSocketFactory;
import com.amazonaws.http.settings.HttpClientSettings;
import com.amazonaws.internal.SdkSSLContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHost;
import org.apache.http.config.ConnectionConfig;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.conn.DefaultSchemePortResolver;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import static com.amazonaws.SDKGlobalConfiguration.DISABLE_CERT_CHECKING_SYSTEM_PROPERTY;
/**
* Factory class to create connection manager used by the apache client.
*/
public class ApacheConnectionManagerFactory implements
ConnectionManagerFactory {
private final Log LOG = LogFactory.getLog(AmazonHttpClient.class);
@Override
public HttpClientConnectionManager create(final HttpClientSettings settings) {
ConnectionSocketFactory sslsf = getPreferredSocketFactory(settings);
final PoolingHttpClientConnectionManager cm = new
PoolingHttpClientConnectionManager(
createSocketFactoryRegistry(sslsf),
null,
DefaultSchemePortResolver.INSTANCE,
new DelegatingDnsResolver(settings.getDnsResolver()),
settings.getConnectionPoolTTL(),
TimeUnit.MILLISECONDS);
cm.setDefaultMaxPerRoute(settings.getMaxConnections());
cm.setMaxTotal(settings.getMaxConnections());
cm.setDefaultSocketConfig(buildSocketConfig(settings));
cm.setDefaultConnectionConfig(buildConnectionConfig(settings));
return cm;
}
private ConnectionSocketFactory getPreferredSocketFactory(HttpClientSettings settings) {
ConnectionSocketFactory sslsf = settings.getApacheHttpClientConfig().getSslSocketFactory();
return sslsf != null
? sslsf
: new SdkTLSSocketFactory(
SdkSSLContext.getPreferredSSLContext(settings.getSecureRandom()),
getHostNameVerifier(settings));
}
private SocketConfig buildSocketConfig(HttpClientSettings settings) {
return SocketConfig.custom()
.setSoKeepAlive(settings.useTcpKeepAlive())
.setSoTimeout(settings.getSocketTimeout())
.setTcpNoDelay(true)
.build();
}
private ConnectionConfig buildConnectionConfig(HttpClientSettings settings) {
int socketBufferSize = Math.max(settings.getSocketBufferSize()[0],
settings.getSocketBufferSize()[1]);
return socketBufferSize <= 0
? null
: ConnectionConfig.custom()
.setBufferSize(socketBufferSize)
.build();
}
private HostnameVerifier getHostNameVerifier
(HttpClientSettings options) {
// TODO Need to find a better way to handle these deprecations.
return options.useBrowserCompatibleHostNameVerifier()
? SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
: SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER;
}
private Registry createSocketFactoryRegistry(ConnectionSocketFactory sslSocketFactory) {
/*
* If SSL cert checking for endpoints has been explicitly disabled,
* register a new scheme for HTTPS that won't cause self-signed certs to
* error out.
*/
if (SDKGlobalConfiguration.isCertCheckingDisabled()) {
if (LOG.isWarnEnabled()) {
LOG.warn("SSL Certificate checking for endpoints has been " +
"explicitly disabled.");
}
sslSocketFactory = new TrustingSocketFactory();
}
return RegistryBuilder.create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslSocketFactory)
.build();
}
/**
* Simple implementation of SchemeSocketFactory (and
* LayeredSchemeSocketFactory) that bypasses SSL certificate checks. This
* class is only intended to be used for testing purposes.
*/
private static class TrustingSocketFactory implements
LayeredConnectionSocketFactory {
private SSLContext sslcontext = null;
private static SSLContext createSSLContext() throws IOException {
try {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[]{new TrustingX509TrustManager()}, null);
return context;
} catch (Exception e) {
throw new IOException(e.getMessage(), e);
}
}
@Override
public Socket createLayeredSocket(Socket socket, String target, int port, HttpContext context) throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(socket,
target, port, true);
}
@Override
public Socket createSocket(HttpContext context) throws IOException {
return getSSLContext().getSocketFactory().createSocket();
}
@Override
public Socket connectSocket(int connectTimeout, Socket sock, HttpHost host, InetSocketAddress remoteAddress, InetSocketAddress localAddress, HttpContext context) throws IOException {
SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock :
createSocket(context));
if (localAddress != null) sslsock.bind(localAddress);
sslsock.connect(remoteAddress, connectTimeout);
// socket timeout is set internally by the
// PoolingHttpClientConnectionManager.
return sslsock;
}
private SSLContext getSSLContext() throws IOException {
if (this.sslcontext == null) this.sslcontext = createSSLContext();
return this.sslcontext;
}
}
/**
* Simple implementation of X509TrustManager that trusts all certificates.
* This class is only intended to be used for testing purposes.
*/
private static class TrustingX509TrustManager implements X509TrustManager {
private static final X509Certificate[] X509_CERTIFICATES = new X509Certificate[0];
@Override
public X509Certificate[] getAcceptedIssuers() {
return X509_CERTIFICATES;
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// No-op, to trust all certs
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// No-op, to trust all certs
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy