Click or drag to resize

Connect to the Coordinator with TLS1.2

Problem

You want to connect to a Coordinator requiring a secured connection.

Solution

If the Coordinator and Agent(s) are using secured communications, any client code submitting jobs must also enable the option to use SSL. To do this, set the ClusterJobScheduler's UseSsl property to true. If using self-signed certificates, also set the AllowSelfSignedCertificates property to true.

Note Note

The trusted root certificate used to sign the Coordinator's certificate must be in either a custom TrustStore or the Java system TrustStore. If using a custom TrustStore, set the javax.net.ssl.trustStore Java system property to the filepath of the custom TrustStore.

To enable Certificate Revocation List checks, set the com.sun.security.enableCRLDP and com.sun.net.ssl.checkRevocation Java system properties to true. These properties can be set in client code, as in the example below, or passed as command line arguments to the JVM.

If the Coordinator and Agent(s) are using mutual SSL, any client code must provide a client certificate. To do this, set the ClusterJobScheduler's setProvideClientCertificate property to true. Specify the certificates to provide using the following Java System Properties:

  • javax.net.ssl.keyStore set to the filepath of the key file to use
  • javax.net.ssl.keyStoreType set to the type of keystore being used
  • javax.net.ssl.keyStorePassword set to the password of the keystore being used

To verify the Coordinator's certificate, set the CoordinatorThumbprint property to the Coordinator's certificate thumbprint (found on the Coordinator's connection settings page).

Java
Copy
package stkparallelcomputingserversdk.howto;

import agi.parallel.client.ClusterJobScheduler;
import agi.parallel.client.Job;
import agi.parallel.infrastructure.Task;

public class SslExample {
    public static void main(String[] args) {
        try (ClusterJobScheduler scheduler = new ClusterJobScheduler("localhost")) {
            scheduler.setUseSsl(true);
            scheduler.setProvideClientCertificate(true); // Only needed if using mutual SSL
            scheduler.setCoordinatorThumbprint("CoordinatorThumbprint"); // Only needed if the coordinator certificate should be verified.
            scheduler.setAllowSelfSignedCertificates(false);

            scheduler.connect();

            Job job = scheduler.createJob();
            job.setName("SslExampleJob");
            job.addTask(new AddTask(1, 1));

            job.submit();
            job.waitUntilDone();
        }
    }

    public static class AddTask extends Task {
        int a, b;

        public AddTask(int a, int b) {
            this.a = a;
            this.b = b;
        }

        @Override
        public void execute() {
            this.setResult(this.a + this.b);
        }
    }
}

STK Parallel Computing Server 2.9 API for Java