private static void fetchSslTrust(Service sender, HostSpec hostSpec, Operation op, String sslTrustLink, Runnable callbackFunction) { logger.fine("Fetching ssl trust: " + sslTrustLink); Operation fetchSslTrust = Operation.createGet(sender, sslTrustLink) .setCompletion((o, ex) -> { if (ex != null) { logger.severe(ex.getMessage()); failOperation(hostSpec, op, ex); return; } hostSpec.sslTrust = o.getBody(SslTrustCertificateState.class); callbackFunction.run(); }); sender.sendRequest(fetchSslTrust); }
private void validateSslTrust(EndpointSpec spec, Operation op, Runnable callback) { boolean acceptAll = "*".equals(spec.acceptCertificateForHost); spec.uri = spec.uaaUri; String uaaUri = spec.uaaUri.toString(); spec.acceptCertificate = uaaUri.equals(spec.acceptCertificateForHost) || acceptAll; EndpointCertificateUtil.validateSslTrust(this, spec, op, () -> { if (spec.sslTrust != null && spec.sslTrust.documentSelfLink != null) { storeCertLinkInEndpoint(spec, CertificateUtilExtended.CUSTOM_PROPERTY_PKS_UAA_TRUST_CERT_LINK, spec.sslTrust.documentSelfLink); } spec.uri = spec.apiUri; String apiUri = spec.apiUri.toString(); spec.acceptCertificate = apiUri.equals(spec.acceptCertificateForHost) || acceptAll; spec.sslTrust = null; EndpointCertificateUtil.validateSslTrust(this, spec, op, () -> { if (spec.sslTrust != null && spec.sslTrust.documentSelfLink != null) { storeCertLinkInEndpoint(spec, CertificateUtilExtended.CUSTOM_PROPERTY_PKS_API_TRUST_CERT_LINK, spec.sslTrust.documentSelfLink); } callback.run(); }); }); }
fetchSslTrust(sender, hostSpec, op, sslTrustLink, callbackFunction); } else { callbackFunction.run();
private void validateConnection(ContainerHostSpec hostSpec, Operation op) { EndpointCertificateUtil.validateSslTrust(this, hostSpec, op, () -> { fetchSslTrustAliasProperty(hostSpec, () -> { pingHost(hostSpec, op, hostSpec.sslTrust, () -> completeOperationSuccess(op)); }); }); }
private void validateConnection(RegistryHostSpec hostSpec, Operation op, boolean storeHost) { validatePlainHttpConnection(this, hostSpec, op, () -> validateSslTrust(this, hostSpec, op, () -> { if (hostSpec.sslTrust != null && hostSpec.hostState != null) { if (hostSpec.hostState.customProperties == null) { hostSpec.hostState.customProperties = new HashMap<>(); } hostSpec.hostState.customProperties.put(RegistryService .REGISTRY_TRUST_CERTS_PROP_NAME, UriUtils .buildUriPath( SslTrustCertificateService .FACTORY_LINK, hostSpec .sslTrust.documentSelfLink)); } pingHost(hostSpec, op, hostSpec.sslTrust, () -> { if (storeHost) { storeHost(hostSpec, op); } else { completeOperationSuccess(op); } }); }) ); }
private void validateVicHost(ContainerHostSpec hostSpec, Operation op) { String computeAddress = hostSpec.hostState.address; EndpointCertificateUtil.validateSslTrust(this, hostSpec, op, () -> { fetchSslTrustAliasProperty(hostSpec, () -> { getHostInfo(hostSpec, op, hostSpec.sslTrust, (computeState) -> { if (ContainerHostUtil.isVicHost(computeState)) { logInfo("VIC host verification passed for %s", computeAddress); completeOperationSuccess(op); } else { logInfo("VIC host verification failed for %s", computeAddress); op.fail(new LocalizableValidationException( CONTAINER_HOST_IS_NOT_VCH_MESSAGE, CONTAINER_HOST_IS_NOT_VCH_MESSAGE_CODE)); } }); }); }); }
private void createHost(ContainerHostSpec hostSpec, Operation op) { fetchSslTrustAliasProperty(hostSpec, () -> { if (hostSpec.acceptHostAddress) { if (hostSpec.acceptCertificate) { Operation o = Operation.createGet(null) .setCompletion((completedOp, e) -> { if (e != null) { storeHost(hostSpec, op); } else { op.setStatusCode(completedOp.getStatusCode()); op.transferResponseHeadersFrom(completedOp); op.setBodyNoCloning(completedOp.getBodyRaw()); op.complete(); } }); EndpointCertificateUtil .validateSslTrust(this, hostSpec, o, () -> storeHost(hostSpec, op)); } else { storeHost(hostSpec, op); } } else { EndpointCertificateUtil .validateSslTrust(this, hostSpec, op, () -> storeHost(hostSpec, op)); } }); }