Package org.opencastproject.kernel.security

Class TrustedHttpClientImpl

java.lang.Object
org.opencastproject.kernel.security.TrustedHttpClientImpl
All Implemented Interfaces:
HttpConnectionMXBean, TrustedHttpClient
public class TrustedHttpClientImpl extends Object implements TrustedHttpClient, HttpConnectionMXBean
An http client that executes secure (though not necessarily encrypted) http requests.

  • Field Details

    • AUTHORIZATION_HEADER_NAME

      public static final String AUTHORIZATION_HEADER_NAME
      Header name used to request a new nonce from a server a request is sent to.
      See Also:

    • DIGEST_AUTH_USER_KEY

      public static final String DIGEST_AUTH_USER_KEY
      The configuration property specifying the digest authentication user
      See Also:

    • DIGEST_AUTH_PASS_KEY

      public static final String DIGEST_AUTH_PASS_KEY
      The configuration property specifying the digest authentication password
      See Also:

    • NONCE_TIMEOUT_RETRY_KEY

      public static final String NONCE_TIMEOUT_RETRY_KEY
      The configuration property specifying the number of times to retry after the nonce timesouts on a request.
      See Also:

    • INTERNAL_URL_SIGNING_DURATION_KEY

      protected static final String INTERNAL_URL_SIGNING_DURATION_KEY
      The configuration property specifying the duration a signed url will remain valid for.
      See Also:

    • NONCE_TIMEOUT_RETRY_BASE_TIME_KEY

      public static final String NONCE_TIMEOUT_RETRY_BASE_TIME_KEY
      The configuration property specifying the minimum amount of time in seconds wait before retrying a request after a nonce timeout.
      See Also:

    • NONCE_TIMEOUT_RETRY_MAXIMUM_VARIABLE_TIME_KEY

      public static final String NONCE_TIMEOUT_RETRY_MAXIMUM_VARIABLE_TIME_KEY
      The configuration property specifying the maximum for a random amount of time in seconds above the base time to wait.
      See Also:

    • DEFAULT_CONNECTION_TIMEOUT

      public static final int DEFAULT_CONNECTION_TIMEOUT
      The default time until a connection attempt fails
      See Also:

    • DEFAULT_SOCKET_TIMEOUT

      public static final int DEFAULT_SOCKET_TIMEOUT
      The default time between packets that causes a connection to fail
      See Also:

    • DEFAULT_NONCE_TIMEOUT_RETRIES

      public static final int DEFAULT_NONCE_TIMEOUT_RETRIES
      The default number of times to attempt a request after it has failed due to a nonce expiring.
      See Also:

    • DEFAULT_RETRY_BASE_TIME

      public static final int DEFAULT_RETRY_BASE_TIME
      The default amount of time to wait after a nonce timeout.
      See Also:

    • DEFAULT_RETRY_MAXIMUM_VARIABLE_TIME

      public static final int DEFAULT_RETRY_MAXIMUM_VARIABLE_TIME
      Default maximum amount of time in a random range between 0 and this value to add to the base time.
      See Also:

    • DEFAULT_URL_SIGNING_EXPIRES_DURATION

      protected static final long DEFAULT_URL_SIGNING_EXPIRES_DURATION
      The default time before a piece of signed content expires. 1 Minute. These are internal calls to another server, if we can't make the request in under a minute something has gone horribly wrong.
      See Also:

    • user

      protected String user
      The configured username to send as part of the digest authenticated request

    • pass

      protected String pass
      The configured password to send as part of the digest authenticated request

    • responseMap

      protected Map<org.apache.http.HttpResponse,org.apache.http.impl.client.CloseableHttpClient> responseMap
      The map of open responses to their http clients, which need to be closed after we are finished with the response

    • securityService

      protected SecurityService securityService
      The security service

    • organizationDirectoryService

      protected OrganizationDirectoryService organizationDirectoryService
      The organization directory service

    • urlSigningService

      protected UrlSigningService urlSigningService
      The url signing service

  • Constructor Details

    • TrustedHttpClientImpl

      public TrustedHttpClientImpl()

    • TrustedHttpClientImpl

      public TrustedHttpClientImpl(String user, String pass)

  • Method Details

    • activate

      public void activate(org.osgi.service.component.ComponentContext cc)

    • setServiceRegistry

      public void setServiceRegistry(ServiceRegistry serviceRegistry)
      Sets the service registry.
      Parameters:
      serviceRegistry - the serviceRegistry to set

    • unsetServiceRegistry

      public void unsetServiceRegistry(ServiceRegistry serviceRegistry)
      Unsets the service registry.
      Parameters:
      serviceRegistry - the serviceRegistry to unset (unused, but needed for OSGI)

    • setSecurityService

      public void setSecurityService(SecurityService securityService)
      Sets the security service.
      Parameters:
      securityService - the security service

    • setOrganizationDirectoryService

      public void setOrganizationDirectoryService(OrganizationDirectoryService organizationDirectoryService)
      Sets the organization directory service.
      Parameters:
      organizationDirectoryService - the organization directory service

    • setUrlSigningService

      public void setUrlSigningService(UrlSigningService urlSigningService)
      Sets the url signing service.
      Parameters:
      urlSigningService - The signing service to sign urls with.

    • deactivate

      public void deactivate()

    • makeHttpClientBuilder

      public org.apache.http.impl.client.HttpClientBuilder makeHttpClientBuilder(int connectionTimeout, int socketTimeout)
      Creates a new HttpClientBuilder to use for making requests.

    • execute

      public org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest httpUriRequest) throws TrustedHttpClientException
      Executes an HttpRequest using a secure, but not necessarily encrypted, http connection.
      Specified by:
      execute in interface TrustedHttpClient
      Parameters:
      httpUriRequest - The http request
      Returns:
      the http response returned by the server
      Throws:
      TrustedHttpClientException
      See Also:

    • execute

      public org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest httpUriRequest, int connectionTimeout, int socketTimeout) throws TrustedHttpClientException
      Description copied from interface: TrustedHttpClient
      Executes an HttpRequest using a secure, but not necessarily encrypted, http connection, waiting for the specified timeouts.
      Specified by:
      execute in interface TrustedHttpClient
      Parameters:
      httpUriRequest - The http request
      connectionTimeout - the wait time in milliseconds at which a connection attempt will throw
      socketTimeout - the maximum time in milliseconds allowed between packets before this method will throw
      Returns:
      the http response returned by the server
      Throws:
      TrustedHttpClientException

    • getSignedUrl

      protected org.apache.http.client.methods.HttpUriRequest getSignedUrl(org.apache.http.client.methods.HttpUriRequest httpUriRequest) throws TrustedHttpClientException
      If the request is a GET, sign the URL and return a new HttpUriRequest that is signed.
      Parameters:
      httpUriRequest - The possible URI to sign.
      Returns:
      HttpUriRequest if the request is a GET and is configured to be signed.
      Throws:
      TrustedHttpClientException - Thrown if there is a problem signing the URL.

    • close

      public void close(org.apache.http.HttpResponse response) throws IOException
      Closes this response. The caller must call close() once finished reading the response.
      Specified by:
      close in interface TrustedHttpClient
      Parameters:
      response - The response to close
      Throws:
      IOException
      See Also:

    • getRealmAndNonce

      protected String[] getRealmAndNonce(org.apache.http.client.methods.HttpRequestBase request) throws TrustedHttpClientException
      Perform a request, and extract the realm and nonce values
      Parameters:
      request - The request to execute in order to obtain the realm and nonce
      Returns:
      A String[] containing the {realm, nonce}
      Throws:
      TrustedHttpClientException

    • getOpenConnections

      public int getOpenConnections()
      Description copied from interface: HttpConnectionMXBean
      Gets the number of open http connections
      Specified by:
      getOpenConnections in interface HttpConnectionMXBean

    • getNonceTimeoutRetries

      public int getNonceTimeoutRetries()
      Returns:
      Returns the number of times the TrustedHttpClient will retry a request if nonce timeouts are occuring.

    • getRetryBaseDelay

      public int getRetryBaseDelay()
      Returns:
      The minimum amount of time to wait in seconds after a nonce timeout before retrying.

    • getRetryMaximumVariableTime

      public int getRetryMaximumVariableTime()
      Returns:
      The maximum amount of time to wait in seconds after a nonce timeout in addition to the base delay.