Package org.opencastproject.kernel.security

Class TrustedHttpClientImpl

java.lang.Object
org.opencastproject.kernel.security.TrustedHttpClientImpl
All Implemented Interfaces:
HttpConnectionMXBean, org.opencastproject.security.api.TrustedHttpClient
public class TrustedHttpClientImpl extends Object implements org.opencastproject.security.api.TrustedHttpClient, HttpConnectionMXBean
An http client that executes secure (though not necessarily encrypted) http requests.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    AUTHORIZATION_HEADER_NAME
    Header name used to request a new nonce from a server a request is sent to.
    static final int
    DEFAULT_CONNECTION_TIMEOUT
    The default time until a connection attempt fails
    static final int
    DEFAULT_NONCE_TIMEOUT_RETRIES
    The default number of times to attempt a request after it has failed due to a nonce expiring.
    static final int
    DEFAULT_RETRY_BASE_TIME
    The default amount of time to wait after a nonce timeout.
    static final int
    DEFAULT_RETRY_MAXIMUM_VARIABLE_TIME
    Default maximum amount of time in a random range between 0 and this value to add to the base time.
    static final int
    DEFAULT_SOCKET_TIMEOUT
    The default time between packets that causes a connection to fail
    protected static final long
    DEFAULT_URL_SIGNING_EXPIRES_DURATION
    The default time before a piece of signed content expires. 1 Minute.
    static final String
    DIGEST_AUTH_PASS_KEY
    The configuration property specifying the digest authentication password
    static final String
    DIGEST_AUTH_USER_KEY
    The configuration property specifying the digest authentication user
    protected static final String
    INTERNAL_URL_SIGNING_DURATION_KEY
    The configuration property specifying the duration a signed url will remain valid for.
    static final String
    NONCE_TIMEOUT_RETRY_BASE_TIME_KEY
    The configuration property specifying the minimum amount of time in seconds wait before retrying a request after a nonce timeout.
    static final String
    NONCE_TIMEOUT_RETRY_KEY
    The configuration property specifying the number of times to retry after the nonce timesouts on a request.
    static final String
    NONCE_TIMEOUT_RETRY_MAXIMUM_VARIABLE_TIME_KEY
    The configuration property specifying the maximum for a random amount of time in seconds above the base time to wait.
    protected org.opencastproject.security.api.OrganizationDirectoryService
    organizationDirectoryService
    The organization directory service
    protected String
    pass
    The configured password to send as part of the digest authenticated request
    protected Map<org.apache.http.HttpResponse,org.apache.http.impl.client.CloseableHttpClient>
    responseMap
    The map of open responses to their http clients, which need to be closed after we are finished with the response
    protected org.opencastproject.security.api.SecurityService
    securityService
    The security service
    protected org.opencastproject.security.urlsigning.service.UrlSigningService
    urlSigningService
    The url signing service
    protected String
    user
    The configured username to send as part of the digest authenticated request

  • Constructor Summary

    Constructors
    Constructor
    Description
    TrustedHttpClientImpl()
     
    TrustedHttpClientImpl(String user, String pass)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    activate(org.osgi.service.component.ComponentContext cc)
     
    void
    close(org.apache.http.HttpResponse response)
    void
    deactivate()
     
    org.apache.http.HttpResponse
    execute(org.apache.http.client.methods.HttpUriRequest httpUriRequest)
    org.apache.http.HttpResponse
    execute(org.apache.http.client.methods.HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout)
     
    int
    getNonceTimeoutRetries()
     
    int
    getOpenConnections()
    Gets the number of open http connections
    protected String[]
    getRealmAndNonce(org.apache.http.client.methods.HttpRequestBase request)
    Perform a request, and extract the realm and nonce values
    int
    getRetryBaseDelay()
     
    int
    getRetryMaximumVariableTime()
     
    protected org.apache.http.client.methods.HttpUriRequest
    getSignedUrl(org.apache.http.client.methods.HttpUriRequest httpUriRequest)
    If the request is a GET, sign the URL and return a new HttpUriRequest that is signed.
    org.apache.http.impl.client.HttpClientBuilder
    makeHttpClientBuilder(int connectionTimeout, int socketTimeout)
    Creates a new HttpClientBuilder to use for making requests.
    void
    setOrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService organizationDirectoryService)
    Sets the organization directory service.
    void
    setSecurityService(org.opencastproject.security.api.SecurityService securityService)
    Sets the security service.
    void
    setServiceRegistry(org.opencastproject.serviceregistry.api.ServiceRegistry serviceRegistry)
    Sets the service registry.
    void
    setUrlSigningService(org.opencastproject.security.urlsigning.service.UrlSigningService urlSigningService)
    Sets the url signing service.
    void
    unsetServiceRegistry(org.opencastproject.serviceregistry.api.ServiceRegistry serviceRegistry)
    Unsets the service registry.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • AUTHORIZATION_HEADER_NAME

      public static final String AUTHORIZATION_HEADER_NAME
      Header name used to request a new nonce from a server a request is sent to.
      See Also:

    • DIGEST_AUTH_USER_KEY

      public static final String DIGEST_AUTH_USER_KEY
      The configuration property specifying the digest authentication user
      See Also:

    • DIGEST_AUTH_PASS_KEY

      public static final String DIGEST_AUTH_PASS_KEY
      The configuration property specifying the digest authentication password
      See Also:

    • NONCE_TIMEOUT_RETRY_KEY

      public static final String NONCE_TIMEOUT_RETRY_KEY
      The configuration property specifying the number of times to retry after the nonce timesouts on a request.
      See Also:

    • INTERNAL_URL_SIGNING_DURATION_KEY

      protected static final String INTERNAL_URL_SIGNING_DURATION_KEY
      The configuration property specifying the duration a signed url will remain valid for.
      See Also:

    • NONCE_TIMEOUT_RETRY_BASE_TIME_KEY

      public static final String NONCE_TIMEOUT_RETRY_BASE_TIME_KEY
      The configuration property specifying the minimum amount of time in seconds wait before retrying a request after a nonce timeout.
      See Also:

    • NONCE_TIMEOUT_RETRY_MAXIMUM_VARIABLE_TIME_KEY

      public static final String NONCE_TIMEOUT_RETRY_MAXIMUM_VARIABLE_TIME_KEY
      The configuration property specifying the maximum for a random amount of time in seconds above the base time to wait.
      See Also:

    • DEFAULT_CONNECTION_TIMEOUT

      public static final int DEFAULT_CONNECTION_TIMEOUT
      The default time until a connection attempt fails
      See Also:

    • DEFAULT_SOCKET_TIMEOUT

      public static final int DEFAULT_SOCKET_TIMEOUT
      The default time between packets that causes a connection to fail
      See Also:

    • DEFAULT_NONCE_TIMEOUT_RETRIES

      public static final int DEFAULT_NONCE_TIMEOUT_RETRIES
      The default number of times to attempt a request after it has failed due to a nonce expiring.
      See Also:

    • DEFAULT_RETRY_BASE_TIME

      public static final int DEFAULT_RETRY_BASE_TIME
      The default amount of time to wait after a nonce timeout.
      See Also:

    • DEFAULT_RETRY_MAXIMUM_VARIABLE_TIME

      public static final int DEFAULT_RETRY_MAXIMUM_VARIABLE_TIME
      Default maximum amount of time in a random range between 0 and this value to add to the base time.
      See Also:

    • DEFAULT_URL_SIGNING_EXPIRES_DURATION

      protected static final long DEFAULT_URL_SIGNING_EXPIRES_DURATION
      The default time before a piece of signed content expires. 1 Minute. These are internal calls to another server, if we can't make the request in under a minute something has gone horribly wrong.
      See Also:

    • user

      protected String user
      The configured username to send as part of the digest authenticated request

    • pass

      protected String pass
      The configured password to send as part of the digest authenticated request

    • responseMap

      protected Map<org.apache.http.HttpResponse,org.apache.http.impl.client.CloseableHttpClient> responseMap
      The map of open responses to their http clients, which need to be closed after we are finished with the response

    • securityService

      protected org.opencastproject.security.api.SecurityService securityService
      The security service

    • organizationDirectoryService

      protected org.opencastproject.security.api.OrganizationDirectoryService organizationDirectoryService
      The organization directory service

    • urlSigningService

      protected org.opencastproject.security.urlsigning.service.UrlSigningService urlSigningService
      The url signing service

  • Constructor Details

    • TrustedHttpClientImpl

      public TrustedHttpClientImpl()

    • TrustedHttpClientImpl

      public TrustedHttpClientImpl(String user, String pass)

  • Method Details

    • activate

      public void activate(org.osgi.service.component.ComponentContext cc)

    • setServiceRegistry

      public void setServiceRegistry(org.opencastproject.serviceregistry.api.ServiceRegistry serviceRegistry)
      Sets the service registry.
      Parameters:
      serviceRegistry - the serviceRegistry to set

    • unsetServiceRegistry

      public void unsetServiceRegistry(org.opencastproject.serviceregistry.api.ServiceRegistry serviceRegistry)
      Unsets the service registry.
      Parameters:
      serviceRegistry - the serviceRegistry to unset (unused, but needed for OSGI)

    • setSecurityService

      public void setSecurityService(org.opencastproject.security.api.SecurityService securityService)
      Sets the security service.
      Parameters:
      securityService - the security service

    • setOrganizationDirectoryService

      public void setOrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService organizationDirectoryService)
      Sets the organization directory service.
      Parameters:
      organizationDirectoryService - the organization directory service

    • setUrlSigningService

      public void setUrlSigningService(org.opencastproject.security.urlsigning.service.UrlSigningService urlSigningService)
      Sets the url signing service.
      Parameters:
      urlSigningService - The signing service to sign urls with.

    • deactivate

      public void deactivate()

    • makeHttpClientBuilder

      public org.apache.http.impl.client.HttpClientBuilder makeHttpClientBuilder(int connectionTimeout, int socketTimeout)
      Creates a new HttpClientBuilder to use for making requests.

    • execute

      public org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest httpUriRequest) throws org.opencastproject.security.api.TrustedHttpClientException
      Specified by:
      execute in interface org.opencastproject.security.api.TrustedHttpClient
      Throws:
      org.opencastproject.security.api.TrustedHttpClientException
      See Also:
      • TrustedHttpClient.execute(org.apache.http.client.methods.HttpUriRequest)

    • execute

      public org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout) throws org.opencastproject.security.api.TrustedHttpClientException
      Specified by:
      execute in interface org.opencastproject.security.api.TrustedHttpClient
      Throws:
      org.opencastproject.security.api.TrustedHttpClientException

    • getSignedUrl

      protected org.apache.http.client.methods.HttpUriRequest getSignedUrl(org.apache.http.client.methods.HttpUriRequest httpUriRequest) throws org.opencastproject.security.api.TrustedHttpClientException
      If the request is a GET, sign the URL and return a new HttpUriRequest that is signed.
      Parameters:
      httpUriRequest - The possible URI to sign.
      Returns:
      HttpUriRequest if the request is a GET and is configured to be signed.
      Throws:
      org.opencastproject.security.api.TrustedHttpClientException - Thrown if there is a problem signing the URL.

    • close

      public void close(org.apache.http.HttpResponse response) throws IOException
      Specified by:
      close in interface org.opencastproject.security.api.TrustedHttpClient
      Throws:
      IOException
      See Also:
      • TrustedHttpClient.close(org.apache.http.HttpResponse)

    • getRealmAndNonce

      protected String[] getRealmAndNonce(org.apache.http.client.methods.HttpRequestBase request) throws org.opencastproject.security.api.TrustedHttpClientException
      Perform a request, and extract the realm and nonce values
      Parameters:
      request - The request to execute in order to obtain the realm and nonce
      Returns:
      A String[] containing the {realm, nonce}
      Throws:
      org.opencastproject.security.api.TrustedHttpClientException

    • getOpenConnections

      public int getOpenConnections()
      Description copied from interface: HttpConnectionMXBean
      Gets the number of open http connections
      Specified by:
      getOpenConnections in interface HttpConnectionMXBean

    • getNonceTimeoutRetries

      public int getNonceTimeoutRetries()
      Returns:
      Returns the number of times the TrustedHttpClient will retry a request if nonce timeouts are occuring.

    • getRetryBaseDelay

      public int getRetryBaseDelay()
      Returns:
      The minimum amount of time to wait in seconds after a nonce timeout before retrying.

    • getRetryMaximumVariableTime

      public int getRetryMaximumVariableTime()
      Returns:
      The maximum amount of time to wait in seconds after a nonce timeout in addition to the base delay.