You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ni...@apache.org on 2013/06/04 10:20:08 UTC
svn commit: r1489325 - in
/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client:
NettyHttpClientPipelineFactory.java NettyHttpConduit.java
NettyHttpConduitFactory.java
Author: ningjiang
Date: Tue Jun 4 08:20:07 2013
New Revision: 1489325
URL: http://svn.apache.org/r1489325
Log:
CXF-5042 added SSL support on netty client
Modified:
cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java
cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java
Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java?rev=1489325&r1=1489324&r2=1489325&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpClientPipelineFactory.java Tue Jun 4 08:20:07 2013
@@ -19,18 +19,45 @@
package org.apache.cxf.transport.http.netty.client;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.net.ssl.SSLEngine;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.transport.https.SSLUtils;
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.Channels;
import org.jboss.netty.handler.codec.http.HttpChunkAggregator;
import org.jboss.netty.handler.codec.http.HttpRequestEncoder;
import org.jboss.netty.handler.codec.http.HttpResponseDecoder;
+import org.jboss.netty.handler.ssl.SslHandler;
import org.jboss.netty.handler.stream.ChunkedWriteHandler;
public class NettyHttpClientPipelineFactory implements ChannelPipelineFactory {
+
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(NettyHttpClientPipelineFactory.class);
+
+ private final TLSClientParameters tlsClientParameters;
+
+ public NettyHttpClientPipelineFactory(TLSClientParameters tlsClientParameters) {
+ this.tlsClientParameters = tlsClientParameters;
+ }
+
@Override
public ChannelPipeline getPipeline() throws Exception {
ChannelPipeline pipeline = Channels.pipeline();
+
+ SslHandler sslHandler = configureClientSSLOnDemand();
+ if (sslHandler != null) {
+ LOG.log(Level.FINE,
+ "Server SSL handler configured and added as an interceptor against the ChannelPipeline: {}"
+ , sslHandler);
+ pipeline.addLast("ssl", sslHandler);
+ }
pipeline.addLast("decoder", new HttpResponseDecoder());
pipeline.addLast("aggregator", new HttpChunkAggregator(65536));
@@ -40,4 +67,15 @@ public class NettyHttpClientPipelineFact
return pipeline;
}
+
+ private SslHandler configureClientSSLOnDemand() throws Exception {
+ if (tlsClientParameters != null) {
+ SSLEngine sslEngine = SSLUtils.createClientSSLEngine(tlsClientParameters);
+ return new SslHandler(sslEngine);
+ } else {
+ return null;
+ }
+ }
+
+
}
Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java?rev=1489325&r1=1489324&r2=1489325&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java Tue Jun 4 08:20:07 2013
@@ -29,9 +29,15 @@ import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.Principal;
+import java.security.cert.Certificate;
import java.util.List;
import java.util.Map;
import java.util.Set;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+
import org.apache.cxf.Bus;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.HttpHeaderHelper;
@@ -41,10 +47,12 @@ import org.apache.cxf.message.MessageUti
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.http.Headers;
import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
+import org.apache.cxf.transport.https.CertificateHostnameVerifier;
import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.cxf.version.Version;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
+import org.jboss.netty.bootstrap.ClientBootstrap;
import org.jboss.netty.buffer.ChannelBuffer;
import org.jboss.netty.buffer.ChannelBufferInputStream;
import org.jboss.netty.buffer.ChannelBufferOutputStream;
@@ -52,20 +60,30 @@ import org.jboss.netty.buffer.ChannelBuf
import org.jboss.netty.channel.Channel;
import org.jboss.netty.channel.ChannelFuture;
import org.jboss.netty.channel.ChannelFutureListener;
+import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
import org.jboss.netty.handler.codec.http.HttpResponse;
public class NettyHttpConduit extends URLConnectionHTTPConduit {
public static final String USE_ASYNC = "use.async.http.conduit";
final NettyHttpConduitFactory factory;
+ private final ClientBootstrap bootstrap;
+
public NettyHttpConduit(Bus b, EndpointInfo ei, EndpointReferenceType t, NettyHttpConduitFactory conduitFactory)
throws IOException {
super(b, ei, t);
factory = conduitFactory;
+ bootstrap = new ClientBootstrap(new NioClientSocketChannelFactory());
}
public NettyHttpConduitFactory getNettyHttpConduitFactory() {
return factory;
}
+
+ public void close() {
+ super.close();
+ // clean up the resource that ClientChannelFactory used
+ bootstrap.shutdown();
+ }
// Using Netty API directly
protected void setupConnection(Message message, URI uri, HTTPClientPolicy csPolicy) throws IOException {
@@ -98,6 +116,7 @@ public class NettyHttpConduit extends UR
// need to socket connection timeout
message.put(NettyHttpClientRequest.class, request);
+ bootstrap.setPipelineFactory(new NettyHttpClientPipelineFactory());
}
protected OutputStream createOutputStream(Message message,
@@ -238,7 +257,7 @@ public class NettyHttpConduit extends UR
protected void connect(boolean output) {
ChannelFuture connFuture =
- factory.getBootstrap().connect(new InetSocketAddress(url.getHost(), url.getPort()));
+ bootstrap.connect(new InetSocketAddress(url.getHost(), url.getPort()));
// Setup the call back on the NettyHttpClientRequest
ChannelFutureListener listener = new ChannelFutureListener() {
@@ -274,7 +293,40 @@ public class NettyHttpConduit extends UR
@Override
protected HttpsURLConnectionInfo getHttpsURLConnectionInfo() throws IOException {
- // TODO to setup the SSL info
+ if ("http".equals(outMessage.get("http.scheme"))) {
+ return null;
+ }
+ connect(true);
+ // TODO need to find a way to inject the SSLSession
+ /*
+ HostnameVerifier verifier;
+ if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
+ verifier = HttpsURLConnection.getDefaultHostnameVerifier();
+ } else if (tlsClientParameters.isDisableCNCheck()) {
+ verifier = CertificateHostnameVerifier.ALLOW_ALL;
+ } else {
+ verifier = CertificateHostnameVerifier.DEFAULT;
+ }
+
+ if (!verifier.verify(url.getHost(), session)) {
+ throw new IOException("Could not verify host " + url.getHost());
+ }
+
+ String method = (String)outMessage.get(Message.HTTP_REQUEST_METHOD);
+ String cipherSuite = null;
+ Certificate[] localCerts = null;
+ Principal principal = null;
+ Certificate[] serverCerts = null;
+ Principal peer = null;
+ if (session != null) {
+ cipherSuite = session.getCipherSuite();
+ localCerts = session.getLocalCertificates();
+ principal = session.getLocalPrincipal();
+ serverCerts = session.getPeerCertificates();
+ peer = session.getPeerPrincipal();
+ }
+
+ return new HttpsURLConnectionInfo(url, method, cipherSuite, localCerts, principal, serverCerts, peer);*/
return null;
}
Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java?rev=1489325&r1=1489324&r2=1489325&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduitFactory.java Tue Jun 4 08:20:07 2013
@@ -30,21 +30,13 @@ import org.apache.cxf.transport.http.HTT
import org.apache.cxf.transport.http.HTTPConduitFactory;
import org.apache.cxf.transport.http.HTTPTransportFactory;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
-import org.jboss.netty.bootstrap.ClientBootstrap;
-import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory;
@NoJSR250Annotations(unlessNull = "bus")
public class NettyHttpConduitFactory implements BusLifeCycleListener, HTTPConduitFactory {
boolean isShutdown;
- private final ClientBootstrap bootstrap;
-
public NettyHttpConduitFactory() {
- //TODO setup the bootstrap thread pool according to the configuration
- bootstrap = new ClientBootstrap(
- new NioClientSocketChannelFactory());
- bootstrap.setPipelineFactory(new NettyHttpClientPipelineFactory());
}
public NettyHttpConduitFactory(Bus b) {
@@ -79,16 +71,11 @@ public class NettyHttpConduitFactory imp
@Override
public void postShutdown() {
- // shutdown the bootstrap
- bootstrap.shutdown();
+ // TODO Do we need to keep the track of the NettyHttpConduit?
}
public boolean isShutdown() {
return isShutdown;
}
- public ClientBootstrap getBootstrap() {
- return bootstrap;
- }
-
}