You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ni...@apache.org on 2013/06/04 10:20:08 UTC

svn commit: r1489325 - in /cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client: NettyHttpClientPipelineFactory.java NettyHttpConduit.java NettyHttpConduitFactory.java

Author: ningjiang
Date: Tue Jun  4 08:20:07 2013
New Revision: 1489325

URL: http://svn.apache.org/r1489325
Log:
CXF-5042 added SSL support on netty client

Modified:
    cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java
    cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
    cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java

Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java?rev=1489325&r1=1489324&r2=1489325&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java Tue Jun  4 08:20:07 2013
@@ -19,18 +19,45 @@
 
 package org.apache.cxf.transport.http.netty.client;
 
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.net.ssl.SSLEngine;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.transport.https.SSLUtils;
 import org.jboss.netty.channel.ChannelPipeline;
 import org.jboss.netty.channel.ChannelPipelineFactory;
 import org.jboss.netty.channel.Channels;
 import org.jboss.netty.handler.codec.http.HttpChunkAggregator;
 import org.jboss.netty.handler.codec.http.HttpRequestEncoder;
 import org.jboss.netty.handler.codec.http.HttpResponseDecoder;
+import org.jboss.netty.handler.ssl.SslHandler;
 import org.jboss.netty.handler.stream.ChunkedWriteHandler;
 
 public class NettyHttpClientPipelineFactory implements ChannelPipelineFactory {
+    
+    private static final Logger LOG =
+        LogUtils.getL7dLogger(NettyHttpClientPipelineFactory.class);
+    
+    private final TLSClientParameters tlsClientParameters;
+    
+    public NettyHttpClientPipelineFactory(TLSClientParameters tlsClientParameters) {
+        this.tlsClientParameters = tlsClientParameters;
+    }
+    
     @Override
     public ChannelPipeline getPipeline() throws Exception {
         ChannelPipeline pipeline = Channels.pipeline();
+        
+        SslHandler sslHandler = configureClientSSLOnDemand();
+        if (sslHandler != null) {
+            LOG.log(Level.FINE, 
+                    "Server SSL handler configured and added as an interceptor against the ChannelPipeline: {}"
+                    , sslHandler);
+            pipeline.addLast("ssl", sslHandler);
+        }
 
         pipeline.addLast("decoder", new HttpResponseDecoder());
         pipeline.addLast("aggregator", new HttpChunkAggregator(65536));
@@ -40,4 +67,15 @@ public class NettyHttpClientPipelineFact
         return pipeline;
 
     }
+    
+    private SslHandler configureClientSSLOnDemand() throws Exception {
+        if (tlsClientParameters != null) {
+            SSLEngine sslEngine = SSLUtils.createClientSSLEngine(tlsClientParameters);
+            return new SslHandler(sslEngine);
+        } else {
+            return null;
+        }
+    }
+    
+    
 }

Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java?rev=1489325&r1=1489324&r2=1489325&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java Tue Jun  4 08:20:07 2013
@@ -29,9 +29,15 @@ import java.net.MalformedURLException;
 import java.net.SocketTimeoutException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.security.Principal;
+import java.security.cert.Certificate;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.HttpHeaderHelper;
@@ -41,10 +47,12 @@ import org.apache.cxf.message.MessageUti
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.http.Headers;
 import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
+import org.apache.cxf.transport.https.CertificateHostnameVerifier;
 import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
 import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
 import org.apache.cxf.version.Version;
 import org.apache.cxf.ws.addressing.EndpointReferenceType;
+import org.jboss.netty.bootstrap.ClientBootstrap;
 import org.jboss.netty.buffer.ChannelBuffer;
 import org.jboss.netty.buffer.ChannelBufferInputStream;
 import org.jboss.netty.buffer.ChannelBufferOutputStream;
@@ -52,20 +60,30 @@ import org.jboss.netty.buffer.ChannelBuf
 import org.jboss.netty.channel.Channel;
 import org.jboss.netty.channel.ChannelFuture;
 import org.jboss.netty.channel.ChannelFutureListener;
+import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
 import org.jboss.netty.handler.codec.http.HttpResponse;
 
 public class NettyHttpConduit extends URLConnectionHTTPConduit {
     public static final String USE_ASYNC = "use.async.http.conduit";
     final NettyHttpConduitFactory factory;
+    private final ClientBootstrap bootstrap;
+    
     public NettyHttpConduit(Bus b, EndpointInfo ei, EndpointReferenceType t, NettyHttpConduitFactory conduitFactory)
         throws IOException {
         super(b, ei, t);
         factory = conduitFactory;
+        bootstrap = new ClientBootstrap(new NioClientSocketChannelFactory());
     }
 
     public NettyHttpConduitFactory getNettyHttpConduitFactory() {
         return factory;
     }
+    
+    public void close() {
+        super.close();
+        // clean up the resource that ClientChannelFactory used
+        bootstrap.shutdown();
+    }
 
     // Using Netty API directly
     protected void setupConnection(Message message, URI uri, HTTPClientPolicy csPolicy) throws IOException {
@@ -98,6 +116,7 @@ public class NettyHttpConduit extends UR
         // need to socket connection timeout
 
         message.put(NettyHttpClientRequest.class, request);
+        bootstrap.setPipelineFactory(new NettyHttpClientPipelineFactory());
     }
 
     protected OutputStream createOutputStream(Message message,
@@ -238,7 +257,7 @@ public class NettyHttpConduit extends UR
         protected void connect(boolean output) {
 
             ChannelFuture connFuture = 
-                factory.getBootstrap().connect(new InetSocketAddress(url.getHost(), url.getPort()));
+                bootstrap.connect(new InetSocketAddress(url.getHost(), url.getPort()));
 
             // Setup the call back on the NettyHttpClientRequest
             ChannelFutureListener listener = new ChannelFutureListener() {
@@ -274,7 +293,40 @@ public class NettyHttpConduit extends UR
 
         @Override
         protected HttpsURLConnectionInfo getHttpsURLConnectionInfo() throws IOException {
-            // TODO to setup the SSL info
+            if ("http".equals(outMessage.get("http.scheme"))) {
+                return null;
+            }
+            connect(true);
+            // TODO need to find a way to inject the SSLSession
+            /*
+            HostnameVerifier verifier;
+            if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
+                verifier = HttpsURLConnection.getDefaultHostnameVerifier();
+            } else if (tlsClientParameters.isDisableCNCheck()) {
+                verifier = CertificateHostnameVerifier.ALLOW_ALL;
+            } else {
+                verifier = CertificateHostnameVerifier.DEFAULT;
+            }
+            
+            if (!verifier.verify(url.getHost(), session)) {
+                throw new IOException("Could not verify host " + url.getHost());
+            }
+            
+            String method = (String)outMessage.get(Message.HTTP_REQUEST_METHOD);
+            String cipherSuite = null;
+            Certificate[] localCerts = null;
+            Principal principal = null;
+            Certificate[] serverCerts = null;
+            Principal peer = null;
+            if (session != null) {
+                cipherSuite = session.getCipherSuite();
+                localCerts = session.getLocalCertificates();
+                principal = session.getLocalPrincipal();
+                serverCerts = session.getPeerCertificates();
+                peer = session.getPeerPrincipal();
+            }
+            
+            return new HttpsURLConnectionInfo(url, method, cipherSuite, localCerts, principal, serverCerts, peer);*/
             return null;
         }
 

Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java?rev=1489325&r1=1489324&r2=1489325&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java Tue Jun  4 08:20:07 2013
@@ -30,21 +30,13 @@ import org.apache.cxf.transport.http.HTT
 import org.apache.cxf.transport.http.HTTPConduitFactory;
 import org.apache.cxf.transport.http.HTTPTransportFactory;
 import org.apache.cxf.ws.addressing.EndpointReferenceType;
-import org.jboss.netty.bootstrap.ClientBootstrap;
-import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
 
 @NoJSR250Annotations(unlessNull = "bus")
 public class NettyHttpConduitFactory implements BusLifeCycleListener, HTTPConduitFactory {
 
     boolean isShutdown;
 
-    private final ClientBootstrap bootstrap;
-
     public NettyHttpConduitFactory() {
-        //TODO setup the bootstrap thread pool according to the configuration
-        bootstrap = new ClientBootstrap(
-                new NioClientSocketChannelFactory());
-        bootstrap.setPipelineFactory(new NettyHttpClientPipelineFactory());
     }
 
     public NettyHttpConduitFactory(Bus b) {
@@ -79,16 +71,11 @@ public class NettyHttpConduitFactory imp
 
     @Override
     public void postShutdown() {
-        // shutdown the bootstrap
-        bootstrap.shutdown();
+        // TODO Do we need to keep the track of the NettyHttpConduit?
     }
 
     public boolean isShutdown() {
         return isShutdown;
     }
 
-    public ClientBootstrap getBootstrap() {
-        return bootstrap;
-    }
-
 }