@@ -29,6 +29,7 @@
import java .security .AccessController ;
import java .security .KeyStore ;
import java .security .KeyStoreException ;
import java .security .KeyManagementException ;
import java .security .NoSuchAlgorithmException ;
import java .security .NoSuchProviderException ;
import java .security .PrivilegedActionException ;
@@ -42,7 +43,6 @@
import java .util .logging .Level ;
import javax .annotation .CheckForNull ;
import javax .annotation .concurrent .NotThreadSafe ;
import javax .net .ssl .HttpsURLConnection ;
import javax .net .ssl .SSLContext ;
import javax .net .ssl .SSLSocketFactory ;
import javax .net .ssl .TrustManagerFactory ;
@@ -214,46 +214,15 @@ public void run() {
Throwable firstError =null ;
String host =null ;
String port =null ;
SSLSocketFactory sslSocketFactory = null ;
if (candidateCertificates != null && !candidateCertificates .isEmpty ()) {
KeyStore keyStore = getCacertsKeyStore ();
// load the keystore
keyStore .load (null , null );
int i = 0 ;
for (X509Certificate c : candidateCertificates ) {
keyStore .setCertificateEntry (String .format ("alias-%d" , i ++), c );
}
// prepare the trust manager
TrustManagerFactory trustManagerFactory =
TrustManagerFactory .getInstance (TrustManagerFactory .getDefaultAlgorithm ());
trustManagerFactory .init (keyStore );
// prepare the SSL context
SSLContext ctx = SSLContext .getInstance ("TLS" );
ctx .init (null , trustManagerFactory .getTrustManagers (), null );
// now we have our custom socket factory
sslSocketFactory = ctx .getSocketFactory ();
}
SSLSocketFactory sslSocketFactory = getSSLSocketFactory ();
for (URL url : candidateUrls ) {
String s = url .toExternalForm ();
if (!s .endsWith ("/" )) s +='/' ;
URL salURL = new URL (s +"tcpSlaveAgentListener/" );
// find out the TCP port
HttpURLConnection con = (HttpURLConnection )Util .openURLConnection (salURL );
if (con instanceof HttpsURLConnection && sslSocketFactory != null ) {
((HttpsURLConnection ) con ).setSSLSocketFactory (sslSocketFactory );
}
if (credentials != null ) {
// TODO /tcpSlaveAgentListener is unprotected so why do we need to pass any credentials?
String encoding = Base64 .encode (credentials .getBytes ("UTF-8" ));
con .setRequestProperty ("Authorization" , "Basic " + encoding );
}
if (proxyCredentials != null ) {
String encoding = Base64 .encode (proxyCredentials .getBytes ("UTF-8" ));
con .setRequestProperty ("Proxy-Authorization" , "Basic " + encoding );
}
HttpURLConnection con = (HttpURLConnection )Util .openURLConnection (salURL , credentials , proxyCredentials , sslSocketFactory );
try {
try {
con .setConnectTimeout (30000 );
@@ -441,6 +410,12 @@ private Socket connect(String host, String port) throws IOException, Interrupted
private void waitForServerToBack () throws InterruptedException {
Thread t = Thread .currentThread ();
String oldName = t .getName ();
SSLSocketFactory sslSocketFactory = null ;
try {
sslSocketFactory = getSSLSocketFactory ();
} catch (Throwable e ) {
events .error (e );
}
try {
int retries =0 ;
while (true ) {
@@ -452,7 +427,7 @@ private void waitForServerToBack() throws InterruptedException {
retries ++;
t .setName (oldName +": trying " +url +" for " +retries +" times" );
HttpURLConnection con = (HttpURLConnection ) url . openConnection ( );
HttpURLConnection con = (HttpURLConnection )Util . openURLConnection ( url , credentials , proxyCredentials , sslSocketFactory );
con .setConnectTimeout (5000 );
con .setReadTimeout (5000 );
con .connect ();
@@ -578,6 +553,31 @@ public FileInputStream run() throws Exception {
}
});
}
private SSLSocketFactory getSSLSocketFactory ()
throws PrivilegedActionException , KeyStoreException , NoSuchProviderException , CertificateException ,
NoSuchAlgorithmException , IOException , KeyManagementException {
SSLSocketFactory sslSocketFactory = null ;
if (candidateCertificates != null && !candidateCertificates .isEmpty ()) {
KeyStore keyStore = getCacertsKeyStore ();
// load the keystore
keyStore .load (null , null );
int i = 0 ;
for (X509Certificate c : candidateCertificates ) {
keyStore .setCertificateEntry (String .format ("alias-%d" , i ++), c );
}
// prepare the trust manager
TrustManagerFactory trustManagerFactory =
TrustManagerFactory .getInstance (TrustManagerFactory .getDefaultAlgorithm ());
trustManagerFactory .init (keyStore );
// prepare the SSL context
SSLContext ctx = SSLContext .getInstance ("TLS" );
ctx .init (null , trustManagerFactory .getTrustManagers (), null );
// now we have our custom socket factory
sslSocketFactory = ctx .getSocketFactory ();
}
return sslSocketFactory ;
}
//a read() call on the SocketInputStream associated with underlying Socket will block for only this amount of time
static final int SOCKET_TIMEOUT = Integer .getInteger (Engine .class .getName ()+".socketTimeout" ,30 *60 *1000 );
/**