You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/05/11 18:18:16 UTC
[41/42] httpcomponents-core git commit: HTTPCORE-465: Update example
NHttpReverseProxy to support SSL to origin servers which use self-signed
certificates.
HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/commit/6678c950
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/tree/6678c950
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/diff/6678c950
Branch: refs/heads/4.4.x
Commit: 6678c950280760b0d1551a3e311e3b1e94ee2c92
Parents: b426706
Author: Gary D. Gregory <gg...@apache.org>
Authored: Wed May 10 00:43:17 2017 +0000
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Thu May 11 20:16:44 2017 +0200
----------------------------------------------------------------------
RELEASE_NOTES.txt | 3 ++
.../http/examples/nio/NHttpReverseProxy.java | 49 ++++++++++++++------
2 files changed, 38 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/6678c950/RELEASE_NOTES.txt
----------------------------------------------------------------------
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 21409ad..95d3ac0 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -21,6 +21,9 @@ Changelog
* HTTPCORE-464: org.apache.http.nio.protocol.HttpAsyncService does not always log exceptions.
Contributed by Gary Gregory <ggregory at apache.org>
+* HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
+ Contributed by Gary Gregory <ggregory at apache.org>
+
Release 4.4.6
-------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/6678c950/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
----------------------------------------------------------------------
diff --git a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
index 3bd720b..3e04f5b 100644
--- a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
+++ b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
@@ -31,9 +31,13 @@ import java.io.InterruptedIOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.nio.ByteBuffer;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicLong;
+import javax.net.ssl.SSLContext;
+
import org.apache.http.ConnectionReuseStrategy;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
@@ -50,6 +54,9 @@ import org.apache.http.impl.DefaultConnectionReuseStrategy;
import org.apache.http.impl.EnglishReasonPhraseCatalog;
import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
import org.apache.http.impl.nio.DefaultHttpServerIODispatch;
+import org.apache.http.impl.nio.DefaultNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.pool.BasicNIOConnFactory;
import org.apache.http.impl.nio.pool.BasicNIOConnPool;
import org.apache.http.impl.nio.pool.BasicNIOPoolEntry;
import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
@@ -95,21 +102,37 @@ import org.apache.http.protocol.ResponseConnControl;
import org.apache.http.protocol.ResponseContent;
import org.apache.http.protocol.ResponseDate;
import org.apache.http.protocol.ResponseServer;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.TrustStrategy;
/**
* Asynchronous, fully streaming HTTP/1.1 reverse proxy.
+ * <p>
+ * Supports SSL to origin servers which use self-signed certificates.
+ * </p>
*/
public class NHttpReverseProxy {
public static void main(String[] args) throws Exception {
- if (args.length < 1) {
- System.out.println("Usage: NHttpReverseProxy <hostname[:hostport]> [port]");
+ if (args.length < 2) {
+ System.out.println("Usage: NHttpReverseProxy <HostNameURI> <Port> [\"TrustSelfSignedStrategy\"]");
System.exit(1);
}
+ // Extract command line arguments
URI uri = new URI(args[0]);
- int port = 8080;
- if (args.length > 1) {
- port = Integer.parseInt(args[1]);
+ int port = Integer.parseInt(args[1]);
+ SSLContext sslContext = null;
+ if (args.length > 2 && args[2].equals("TrustSelfSignedStrategy")) {
+ System.out.println("Using TrustSelfSignedStrategy (not for production)");
+ sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustStrategy() {
+
+ @Override
+ public boolean isTrusted(
+ final X509Certificate[] chain, final String authType) throws CertificateException {
+ return chain.length == 1;
+ }
+
+ }).build();
}
// Target host
@@ -151,7 +174,11 @@ public class NHttpReverseProxy {
HttpAsyncRequester executor = new HttpAsyncRequester(
outhttpproc, new ProxyOutgoingConnectionReuseStrategy());
- ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+ // Without SSL: ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+ ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor,
+ new BasicNIOConnFactory(new DefaultNHttpClientConnectionFactory(ConnectionConfig.DEFAULT),
+ new SSLNHttpClientConnectionFactory(sslContext, null, ConnectionConfig.DEFAULT)),
+ 0);
connPool.setMaxTotal(100);
connPool.setDefaultMaxPerRoute(20);
@@ -163,8 +190,8 @@ public class NHttpReverseProxy {
new ProxyIncomingConnectionReuseStrategy(),
handlerRegistry);
- final IOEventDispatch connectingEventDispatch = new DefaultHttpClientIODispatch(
- clientHandler, ConnectionConfig.DEFAULT);
+ final IOEventDispatch connectingEventDispatch = DefaultHttpClientIODispatch.create(
+ clientHandler, sslContext, ConnectionConfig.DEFAULT);
final IOEventDispatch listeningEventDispatch = new DefaultHttpServerIODispatch(
serviceHandler, ConnectionConfig.DEFAULT);
@@ -845,12 +872,6 @@ public class NHttpReverseProxy {
public ProxyConnPool(
final ConnectingIOReactor ioreactor,
- final ConnectionConfig config) {
- super(ioreactor, config);
- }
-
- public ProxyConnPool(
- final ConnectingIOReactor ioreactor,
final NIOConnFactory<HttpHost, NHttpClientConnection> connFactory,
final int connectTimeout) {
super(ioreactor, connFactory, connectTimeout);