You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/05/11 18:18:16 UTC
[41/42] httpcomponents-core git commit: HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.

HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.


Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/commit/6678c950
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/tree/6678c950
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/diff/6678c950

Branch: refs/heads/4.4.x
Commit: 6678c950280760b0d1551a3e311e3b1e94ee2c92
Parents: b426706
Author: Gary D. Gregory <gg...@apache.org>
Authored: Wed May 10 00:43:17 2017 +0000
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Thu May 11 20:16:44 2017 +0200

----------------------------------------------------------------------
 RELEASE_NOTES.txt                               |  3 ++
 .../http/examples/nio/NHttpReverseProxy.java    | 49 ++++++++++++++------
 2 files changed, 38 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/6678c950/RELEASE_NOTES.txt
----------------------------------------------------------------------
diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt
index 21409ad..95d3ac0 100644
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@@ -21,6 +21,9 @@ Changelog
 * HTTPCORE-464: org.apache.http.nio.protocol.HttpAsyncService does not always log exceptions.
   Contributed by Gary Gregory <ggregory at apache.org>
 
+* HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
+  Contributed by Gary Gregory <ggregory at apache.org>
+
 
 Release 4.4.6
 -------------------

http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/6678c950/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
----------------------------------------------------------------------
diff --git a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
index 3bd720b..3e04f5b 100644
--- a/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
+++ b/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
@@ -31,9 +31,13 @@ import java.io.InterruptedIOException;
 import java.net.InetSocketAddress;
 import java.net.URI;
 import java.nio.ByteBuffer;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.Locale;
 import java.util.concurrent.atomic.AtomicLong;
 
+import javax.net.ssl.SSLContext;
+
 import org.apache.http.ConnectionReuseStrategy;
 import org.apache.http.HttpEntityEnclosingRequest;
 import org.apache.http.HttpException;
@@ -50,6 +54,9 @@ import org.apache.http.impl.DefaultConnectionReuseStrategy;
 import org.apache.http.impl.EnglishReasonPhraseCatalog;
 import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
 import org.apache.http.impl.nio.DefaultHttpServerIODispatch;
+import org.apache.http.impl.nio.DefaultNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.pool.BasicNIOConnFactory;
 import org.apache.http.impl.nio.pool.BasicNIOConnPool;
 import org.apache.http.impl.nio.pool.BasicNIOPoolEntry;
 import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
@@ -95,21 +102,37 @@ import org.apache.http.protocol.ResponseConnControl;
 import org.apache.http.protocol.ResponseContent;
 import org.apache.http.protocol.ResponseDate;
 import org.apache.http.protocol.ResponseServer;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.TrustStrategy;
 
 /**
  * Asynchronous, fully streaming HTTP/1.1 reverse proxy.
+ * <p>
+ * Supports SSL to origin servers which use self-signed certificates.
+ * </p>
  */
 public class NHttpReverseProxy {
 
     public static void main(String[] args) throws Exception {
-        if (args.length < 1) {
-            System.out.println("Usage: NHttpReverseProxy <hostname[:hostport]> [port]");
+        if (args.length < 2) {
+            System.out.println("Usage: NHttpReverseProxy <HostNameURI> <Port> [\"TrustSelfSignedStrategy\"]");
             System.exit(1);
         }
+        // Extract command line arguments
         URI uri = new URI(args[0]);
-        int port = 8080;
-        if (args.length > 1) {
-            port = Integer.parseInt(args[1]);
+        int port = Integer.parseInt(args[1]);
+        SSLContext sslContext = null;
+        if (args.length > 2 && args[2].equals("TrustSelfSignedStrategy")) {
+            System.out.println("Using TrustSelfSignedStrategy (not for production)");
+            sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustStrategy() {
+
+                @Override
+                public boolean isTrusted(
+                final X509Certificate[] chain, final String authType) throws CertificateException {
+                    return chain.length == 1;
+                }
+
+            }).build();
         }
 
         // Target host
@@ -151,7 +174,11 @@ public class NHttpReverseProxy {
         HttpAsyncRequester executor = new HttpAsyncRequester(
                 outhttpproc, new ProxyOutgoingConnectionReuseStrategy());
 
-        ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+        // Without SSL: ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+        ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor,
+                new BasicNIOConnFactory(new DefaultNHttpClientConnectionFactory(ConnectionConfig.DEFAULT),
+                        new SSLNHttpClientConnectionFactory(sslContext, null, ConnectionConfig.DEFAULT)),
+                0);
         connPool.setMaxTotal(100);
         connPool.setDefaultMaxPerRoute(20);
 
@@ -163,8 +190,8 @@ public class NHttpReverseProxy {
                 new ProxyIncomingConnectionReuseStrategy(),
                 handlerRegistry);
 
-        final IOEventDispatch connectingEventDispatch = new DefaultHttpClientIODispatch(
-                clientHandler, ConnectionConfig.DEFAULT);
+        final IOEventDispatch connectingEventDispatch = DefaultHttpClientIODispatch.create(
+                clientHandler, sslContext, ConnectionConfig.DEFAULT);
 
         final IOEventDispatch listeningEventDispatch = new DefaultHttpServerIODispatch(
                 serviceHandler, ConnectionConfig.DEFAULT);
@@ -845,12 +872,6 @@ public class NHttpReverseProxy {
 
         public ProxyConnPool(
                 final ConnectingIOReactor ioreactor,
-                final ConnectionConfig config) {
-            super(ioreactor, config);
-        }
-
-        public ProxyConnPool(
-                final ConnectingIOReactor ioreactor,
                 final NIOConnFactory<HttpHost, NHttpClientConnection> connFactory,
                 final int connectTimeout) {
             super(ioreactor, connFactory, connectTimeout);