You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/05/10 07:34:00 UTC

[13/13] httpcomponents-core git commit: HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.

HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpcore/branches/4.4.x@1794666 13f79535-47bb-0310-9956-ffa450edef68


Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/commit/44344d4c
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/tree/44344d4c
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/diff/44344d4c

Branch: refs/heads/4.4.x
Commit: 44344d4cf9dd41b77998b5e7ceecc84e4b8840a5
Parents: 136bf3a
Author: Gary D. Gregory <gg...@apache.org>
Authored: Wed May 10 00:43:17 2017 +0000
Committer: Gary D. Gregory <gg...@apache.org>
Committed: Wed May 10 00:43:17 2017 +0000

----------------------------------------------------------------------
 RELEASE_NOTES.txt                               |  3 ++
 .../http/examples/nio/NHttpReverseProxy.java    | 32 +++++++++----
 .../examples/nio/TrustSelfSignedStrategy.java   | 50 ++++++++++++++++++++
 3 files changed, 77 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/44344d4c/RELEASE_NOTES.txt
----------------------------------------------------------------------
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 21409ad..95d3ac0 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -21,6 +21,9 @@ Changelog
 * HTTPCORE-464: org.apache.http.nio.protocol.HttpAsyncService does not always log exceptions.
   Contributed by Gary Gregory <ggregory at apache.org>
 
+* HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
 
 Release 4.4.6
 -------------------

http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/44344d4c/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
----------------------------------------------------------------------
diff --git a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
index 3bd720b..04c484a 100644
--- a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
+++ b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
@@ -34,6 +34,8 @@ import java.nio.ByteBuffer;
 import java.util.Locale;
 import java.util.concurrent.atomic.AtomicLong;
 
+import javax.net.ssl.SSLContext;
+
 import org.apache.http.ConnectionReuseStrategy;
 import org.apache.http.HttpEntityEnclosingRequest;
 import org.apache.http.HttpException;
@@ -50,6 +52,9 @@ import org.apache.http.impl.DefaultConnectionReuseStrategy;
 import org.apache.http.impl.EnglishReasonPhraseCatalog;
 import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
 import org.apache.http.impl.nio.DefaultHttpServerIODispatch;
+import org.apache.http.impl.nio.DefaultNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.pool.BasicNIOConnFactory;
 import org.apache.http.impl.nio.pool.BasicNIOConnPool;
 import org.apache.http.impl.nio.pool.BasicNIOPoolEntry;
 import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
@@ -95,21 +100,28 @@ import org.apache.http.protocol.ResponseConnControl;
 import org.apache.http.protocol.ResponseContent;
 import org.apache.http.protocol.ResponseDate;
 import org.apache.http.protocol.ResponseServer;
+import org.apache.http.ssl.SSLContextBuilder;
 
 /**
  * Asynchronous, fully streaming HTTP/1.1 reverse proxy.
+ * <p>
+ * Supports SSL to origin servers which use self-signed certificates.
+ * </p>
  */
 public class NHttpReverseProxy {
 
     public static void main(String[] args) throws Exception {
-        if (args.length < 1) {
-            System.out.println("Usage: NHttpReverseProxy <hostname[:hostport]> [port]");
+        if (args.length < 2) {
+            System.out.println("Usage: NHttpReverseProxy <HostNameURI> <Port> [\"TrustSelfSignedStrategy\"]");
             System.exit(1);
         }
+        // Extract command line arguments
         URI uri = new URI(args[0]);
-        int port = 8080;
-        if (args.length > 1) {
-            port = Integer.parseInt(args[1]);
+        int port = Integer.parseInt(args[1]);
+        SSLContext sslContext = null;
+        if (args.length > 2 && args[2].equals("TrustSelfSignedStrategy")) {
+            System.out.println("Using TrustSelfSignedStrategy (not for production.)");
+            sslContext = SSLContextBuilder.create().loadTrustMaterial(TrustSelfSignedStrategy.INSTANCE).build();
         }
 
         // Target host
@@ -151,7 +163,11 @@ public class NHttpReverseProxy {
         HttpAsyncRequester executor = new HttpAsyncRequester(
                 outhttpproc, new ProxyOutgoingConnectionReuseStrategy());
 
-        ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+        // Without SSL: ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+        ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor,
+                new BasicNIOConnFactory(new DefaultNHttpClientConnectionFactory(ConnectionConfig.DEFAULT),
+                        new SSLNHttpClientConnectionFactory(sslContext, null, ConnectionConfig.DEFAULT)),
+                0);
         connPool.setMaxTotal(100);
         connPool.setDefaultMaxPerRoute(20);
 
@@ -163,8 +179,8 @@ public class NHttpReverseProxy {
                 new ProxyIncomingConnectionReuseStrategy(),
                 handlerRegistry);
 
-        final IOEventDispatch connectingEventDispatch = new DefaultHttpClientIODispatch(
-                clientHandler, ConnectionConfig.DEFAULT);
+        final IOEventDispatch connectingEventDispatch = DefaultHttpClientIODispatch.create(
+                clientHandler, sslContext, ConnectionConfig.DEFAULT);
 
         final IOEventDispatch listeningEventDispatch = new DefaultHttpServerIODispatch(
                 serviceHandler, ConnectionConfig.DEFAULT);

http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/44344d4c/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
----------------------------------------------------------------------
diff --git a/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java b/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
new file mode 100644
index 0000000..5969b1c
--- /dev/null
+++ b/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
@@ -0,0 +1,50 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.http.examples.nio;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import org.apache.http.ssl.TrustStrategy;
+
+/**
+ * A trust strategy that accepts self-signed certificates as trusted. Verification of all other
+ * certificates is done by the trust manager configured in the SSL context.
+ * 
+ * Copied from HttClient.
+ */
+class TrustSelfSignedStrategy implements TrustStrategy {
+
+    public static final TrustSelfSignedStrategy INSTANCE = new TrustSelfSignedStrategy();
+
+    @Override
+    public boolean isTrusted(
+            final X509Certificate[] chain, final String authType) throws CertificateException {
+        return chain.length == 1;
+    }
+
+}