You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mp...@apache.org on 2014/05/15 22:07:30 UTC

[2/2] git commit: AMBARI-5779. Recommission a DN fails when https is enabled in Ambari server. (mpaprikovskyy)

AMBARI-5779. Recommission a DN fails when https is enabled in Ambari server. (mpaprikovskyy)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6fd497f1
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6fd497f1
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6fd497f1

Branch: refs/heads/branch-1.6.0
Commit: 6fd497f17d0d3581d2acbece440e3014138581bc
Parents: 802ec41
Author: Myroslav Papirkovskyy <mp...@hortonworks.com>
Authored: Thu May 15 21:33:06 2014 +0300
Committer: Myroslav Papirkovskyy <mp...@hortonworks.com>
Committed: Thu May 15 22:53:31 2014 +0300

----------------------------------------------------------------------
 .../scheduler/ExecutionScheduleManager.java     | 63 ++++++++++++++++++--
 1 file changed, 59 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/6fd497f1/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java b/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
index 2ebb76b..2472fe0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionScheduleManager.java
@@ -26,8 +26,11 @@ import com.sun.jersey.api.client.Client;
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.api.client.UniformInterfaceException;
 import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
 import com.sun.jersey.api.client.filter.ClientFilter;
 import com.sun.jersey.api.client.filter.CsrfProtectionFilter;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.actionmanager.ActionDBAccessor;
 import org.apache.ambari.server.actionmanager.HostRoleStatus;
@@ -53,6 +56,13 @@ import org.quartz.SchedulerException;
 import org.quartz.Trigger;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.*;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.text.ParseException;
 import java.util.Collections;
 import java.util.Date;
@@ -110,13 +120,18 @@ public class ExecutionScheduleManager {
     this.actionDBAccessor = actionDBAccessor;
     this.gson = gson;
 
-    buildApiClient();
+    try {
+      buildApiClient();
+    } catch (NoSuchAlgorithmException e) {
+      throw new RuntimeException(e);
+    } catch (KeyManagementException e) {
+      throw new RuntimeException(e);
+    }
   }
 
-  protected void buildApiClient() {
+  protected void buildApiClient() throws NoSuchAlgorithmException, KeyManagementException {
 
-    Client client = Client.create();
-    this.ambariClient = client;
+    Client client;
 
     String pattern;
     String url;
@@ -124,11 +139,51 @@ public class ExecutionScheduleManager {
     if (configuration.getApiSSLAuthentication()) {
       pattern = "https://localhost:%s/";
       url = String.format(pattern, configuration.getClientSSLApiPort());
+
+      // Create a trust manager that does not validate certificate chains
+      TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
+        @Override
+        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+
+        }
+
+        public X509Certificate[] getAcceptedIssuers() {
+          return null;
+        }
+
+
+      }};
+
+      //Create SSL context
+      SSLContext sc = SSLContext.getInstance("TLS");
+      sc.init(null, trustAllCerts, new SecureRandom());
+
+      //Install all trusting cert SSL context for jersey client
+      ClientConfig config = new DefaultClientConfig();
+      config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(
+        new HostnameVerifier() {
+          @Override
+          public boolean verify( String s, SSLSession sslSession ) {
+            return true;
+          }
+        },
+        sc
+      ));
+
+      client = Client.create(config);
+
     } else {
+      client = Client.create();
       pattern = "http://localhost:%s/";
       url = String.format(pattern, configuration.getClientApiPort());
     }
 
+    this.ambariClient = client;
     this.ambariWebResource = client.resource(url);
 
     //Install auth filters