Documentation Center

Creating a custom protocol provider example

Archive Manager provides protocol registration so that you can configure the protocols you want to allow in the captured URLs. Archive Manager registers by default the RelaxedSSLProtocolSocketFactory to be used with HTTPS calls on port 443. If you need to override this behavior, for example to validate the identity of the HTTPS servers against a list of trusted certificates and/or to authenticate to the HTTPS server using a private key, you can create custom protocol providers.

About this task

To implement a custom protocol provider:

  • Develop a class that implements a ProtocolProvider
  • Configure the protocol provider in cd_archivemanager_conf.xml.

Procedure

  1. Develop a class—the following stub implementation enables client authentication when supplied with key store file containing a private key/public certificate pair:
    package com.tridion.example;
     
    import java.net.MalformedURLException;
    import java.net.URL;
    import org.apache.commons.httpclient.protocol.Protocol;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory;
    import com.tridion.configuration.Configuration;
    import com.tridion.configuration.ConfigurationException;
    import com.tridion.archiving.http.protocol.ProtocolProvider;
     
    /**
     * This example protocol provider class registers AuthSSLProtocolSocketFactory that can be used to validate
     * the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS
     * server using a private key.
     */
    public class AuthSSLProtocolProvider implements ProtocolProvider {
     
           private static final String CONFIG_KEYSTORE_URL = "KeyStoreURL";
           private static final String CONFIG_KEYSTORE_PASSWORD = "KeyStorePassword";
           private static final String CONFIG_TRUSTSTORE_URL = "TrustStoreURL";
           private static final String CONFIG_TRUSTSTORE_PASSWORD = "TrustStorePassword";
           private static final Logger log = LoggerFactory.getLogger(AuthSSLProtocolProvider.class);
     
           /**
            * Provides a protocol to be registered at init time by Archive Manager.
            * This provider returns a protocol that has the AuthSSLProtocolSocketFactory as the factory to handle
            * https requests.
            *
            * @param configuration the protocol provider configuration to be used when creating the protocol.
            * @return the auth SSL protocol to be registered at init time by Archive Manager.
            * @throws Configuration Exception if the given configuration is not valid for the protocol provider.
            */
           public Protocol provideProtocol(final Configuration configuration) throws ConfigurationException {
                  // read our configured parameters from cd_archivemanager_conf.xml
                  final String keyStoreURL = configuration.getParameterValue(CONFIG_KEYSTORE_URL);
                  final String keyStorePassword = configuration.getParameterValue(CONFIG_KEYSTORE_PASSWORD);
                  final String trustStoreURL = configuration.getParameterValue(CONFIG_TRUSTSTORE_URL);
                  final String trustStorePassword = configuration.getParameterValue(CONFIG_TRUSTSTORE_PASSWORD);
                  log.debug("Creating protocol for AuthSSLProtocolSocketFactory with keyStoreURL='{}' and trustStoreURL='{}'.", keyStoreURL, trustStoreURL);
                  
                  try {              
                         return new Protocol("https", new AuthSSLProtocolSocketFactory(new URL(keyStoreURL), keyStorePassword, new URL(trustStoreURL), trustStorePassword), 443);
                  } catch (MalformedURLException e) {
                         throw new ConfigurationException("Wrong URL provided in configuration: " + e.getMessage() + "!!!", e);
                  }
           }
    }
  2. Open your Archive Manager cd_archivemanager_conf.xml configuration file in a text editor and configure as follows:
    <ProtocolProvider Class="com.tridion.example.AuthSSLProtocolProvider" Id="https">
        <Param Name="KeyStoreURL" Value="file:my.keystore"/>
        <Param Name="KeyStorePassword" Value="mypassword"/>
        <Param Name="TrustStoreURL" Value="file:my.truststore"/>
        <Param Name="TrustStorePassword" Value="mypassword"/>
    </ProtocolProvider>
  3. Save and close cd_archivemanager_conf.xml.