You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/05/10 07:34:00 UTC
[13/13] httpcomponents-core git commit: HTTPCORE-465: Update example
NHttpReverseProxy to support SSL to origin servers which use self-signed
certificates.
HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpcore/branches/4.4.x@1794666 13f79535-47bb-0310-9956-ffa450edef68
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/commit/44344d4c
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/tree/44344d4c
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/diff/44344d4c
Branch: refs/heads/4.4.x
Commit: 44344d4cf9dd41b77998b5e7ceecc84e4b8840a5
Parents: 136bf3a
Author: Gary D. Gregory <gg...@apache.org>
Authored: Wed May 10 00:43:17 2017 +0000
Committer: Gary D. Gregory <gg...@apache.org>
Committed: Wed May 10 00:43:17 2017 +0000
----------------------------------------------------------------------
RELEASE_NOTES.txt | 3 ++
.../http/examples/nio/NHttpReverseProxy.java | 32 +++++++++----
.../examples/nio/TrustSelfSignedStrategy.java | 50 ++++++++++++++++++++
3 files changed, 77 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/44344d4c/RELEASE_NOTES.txt
----------------------------------------------------------------------
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 21409ad..95d3ac0 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -21,6 +21,9 @@ Changelog
* HTTPCORE-464: org.apache.http.nio.protocol.HttpAsyncService does not always log exceptions.
Contributed by Gary Gregory <ggregory at apache.org>
+* HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
+ Contributed by Gary Gregory <ggregory at apache.org>
+
Release 4.4.6
-------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/44344d4c/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
----------------------------------------------------------------------
diff --git a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
index 3bd720b..04c484a 100644
--- a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
+++ b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
@@ -34,6 +34,8 @@ import java.nio.ByteBuffer;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicLong;
+import javax.net.ssl.SSLContext;
+
import org.apache.http.ConnectionReuseStrategy;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
@@ -50,6 +52,9 @@ import org.apache.http.impl.DefaultConnectionReuseStrategy;
import org.apache.http.impl.EnglishReasonPhraseCatalog;
import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
import org.apache.http.impl.nio.DefaultHttpServerIODispatch;
+import org.apache.http.impl.nio.DefaultNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.pool.BasicNIOConnFactory;
import org.apache.http.impl.nio.pool.BasicNIOConnPool;
import org.apache.http.impl.nio.pool.BasicNIOPoolEntry;
import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
@@ -95,21 +100,28 @@ import org.apache.http.protocol.ResponseConnControl;
import org.apache.http.protocol.ResponseContent;
import org.apache.http.protocol.ResponseDate;
import org.apache.http.protocol.ResponseServer;
+import org.apache.http.ssl.SSLContextBuilder;
/**
* Asynchronous, fully streaming HTTP/1.1 reverse proxy.
+ * <p>
+ * Supports SSL to origin servers which use self-signed certificates.
+ * </p>
*/
public class NHttpReverseProxy {
public static void main(String[] args) throws Exception {
- if (args.length < 1) {
- System.out.println("Usage: NHttpReverseProxy <hostname[:hostport]> [port]");
+ if (args.length < 2) {
+ System.out.println("Usage: NHttpReverseProxy <HostNameURI> <Port> [\"TrustSelfSignedStrategy\"]");
System.exit(1);
}
+ // Extract command line arguments
URI uri = new URI(args[0]);
- int port = 8080;
- if (args.length > 1) {
- port = Integer.parseInt(args[1]);
+ int port = Integer.parseInt(args[1]);
+ SSLContext sslContext = null;
+ if (args.length > 2 && args[2].equals("TrustSelfSignedStrategy")) {
+ System.out.println("Using TrustSelfSignedStrategy (not for production.)");
+ sslContext = SSLContextBuilder.create().loadTrustMaterial(TrustSelfSignedStrategy.INSTANCE).build();
}
// Target host
@@ -151,7 +163,11 @@ public class NHttpReverseProxy {
HttpAsyncRequester executor = new HttpAsyncRequester(
outhttpproc, new ProxyOutgoingConnectionReuseStrategy());
- ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+ // Without SSL: ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+ ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor,
+ new BasicNIOConnFactory(new DefaultNHttpClientConnectionFactory(ConnectionConfig.DEFAULT),
+ new SSLNHttpClientConnectionFactory(sslContext, null, ConnectionConfig.DEFAULT)),
+ 0);
connPool.setMaxTotal(100);
connPool.setDefaultMaxPerRoute(20);
@@ -163,8 +179,8 @@ public class NHttpReverseProxy {
new ProxyIncomingConnectionReuseStrategy(),
handlerRegistry);
- final IOEventDispatch connectingEventDispatch = new DefaultHttpClientIODispatch(
- clientHandler, ConnectionConfig.DEFAULT);
+ final IOEventDispatch connectingEventDispatch = DefaultHttpClientIODispatch.create(
+ clientHandler, sslContext, ConnectionConfig.DEFAULT);
final IOEventDispatch listeningEventDispatch = new DefaultHttpServerIODispatch(
serviceHandler, ConnectionConfig.DEFAULT);
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/44344d4c/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
----------------------------------------------------------------------
diff --git a/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java b/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
new file mode 100644
index 0000000..5969b1c
--- /dev/null
+++ b/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
@@ -0,0 +1,50 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.http.examples.nio;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import org.apache.http.ssl.TrustStrategy;
+
+/**
+ * A trust strategy that accepts self-signed certificates as trusted. Verification of all other
+ * certificates is done by the trust manager configured in the SSL context.
+ *
+ * Copied from HttClient.
+ */
+class TrustSelfSignedStrategy implements TrustStrategy {
+
+ public static final TrustSelfSignedStrategy INSTANCE = new TrustSelfSignedStrategy();
+
+ @Override
+ public boolean isTrusted(
+ final X509Certificate[] chain, final String authType) throws CertificateException {
+ return chain.length == 1;
+ }
+
+}