You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by gg...@apache.org on 2017/05/10 00:43:17 UTC
svn commit: r1794666 - in /httpcomponents/httpcore/branches/4.4.x:
RELEASE_NOTES.txt
httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
Author: ggregory
Date: Wed May 10 00:43:17 2017
New Revision: 1794666
URL: http://svn.apache.org/viewvc?rev=1794666&view=rev
Log:
HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
Added:
httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
Modified:
httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt
httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
Modified: httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt?rev=1794666&r1=1794665&r2=1794666&view=diff
==============================================================================
--- httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpcore/branches/4.4.x/RELEASE_NOTES.txt Wed May 10 00:43:17 2017
@@ -21,6 +21,9 @@ Changelog
* HTTPCORE-464: org.apache.http.nio.protocol.HttpAsyncService does not always log exceptions.
Contributed by Gary Gregory <ggregory at apache.org>
+* HTTPCORE-465: Update example NHttpReverseProxy to support SSL to origin servers which use self-signed certificates.
+ Contributed by Gary Gregory <ggregory at apache.org>
+
Release 4.4.6
-------------------
Modified: httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java?rev=1794666&r1=1794665&r2=1794666&view=diff
==============================================================================
--- httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java (original)
+++ httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/NHttpReverseProxy.java Wed May 10 00:43:17 2017
@@ -34,6 +34,8 @@ import java.nio.ByteBuffer;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicLong;
+import javax.net.ssl.SSLContext;
+
import org.apache.http.ConnectionReuseStrategy;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
@@ -50,6 +52,9 @@ import org.apache.http.impl.DefaultConne
import org.apache.http.impl.EnglishReasonPhraseCatalog;
import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
import org.apache.http.impl.nio.DefaultHttpServerIODispatch;
+import org.apache.http.impl.nio.DefaultNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
+import org.apache.http.impl.nio.pool.BasicNIOConnFactory;
import org.apache.http.impl.nio.pool.BasicNIOConnPool;
import org.apache.http.impl.nio.pool.BasicNIOPoolEntry;
import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
@@ -95,21 +100,28 @@ import org.apache.http.protocol.Response
import org.apache.http.protocol.ResponseContent;
import org.apache.http.protocol.ResponseDate;
import org.apache.http.protocol.ResponseServer;
+import org.apache.http.ssl.SSLContextBuilder;
/**
* Asynchronous, fully streaming HTTP/1.1 reverse proxy.
+ * <p>
+ * Supports SSL to origin servers which use self-signed certificates.
+ * </p>
*/
public class NHttpReverseProxy {
public static void main(String[] args) throws Exception {
- if (args.length < 1) {
- System.out.println("Usage: NHttpReverseProxy <hostname[:hostport]> [port]");
+ if (args.length < 2) {
+ System.out.println("Usage: NHttpReverseProxy <HostNameURI> <Port> [\"TrustSelfSignedStrategy\"]");
System.exit(1);
}
+ // Extract command line arguments
URI uri = new URI(args[0]);
- int port = 8080;
- if (args.length > 1) {
- port = Integer.parseInt(args[1]);
+ int port = Integer.parseInt(args[1]);
+ SSLContext sslContext = null;
+ if (args.length > 2 && args[2].equals("TrustSelfSignedStrategy")) {
+ System.out.println("Using TrustSelfSignedStrategy (not for production.)");
+ sslContext = SSLContextBuilder.create().loadTrustMaterial(TrustSelfSignedStrategy.INSTANCE).build();
}
// Target host
@@ -151,7 +163,11 @@ public class NHttpReverseProxy {
HttpAsyncRequester executor = new HttpAsyncRequester(
outhttpproc, new ProxyOutgoingConnectionReuseStrategy());
- ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+ // Without SSL: ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor, ConnectionConfig.DEFAULT);
+ ProxyConnPool connPool = new ProxyConnPool(connectingIOReactor,
+ new BasicNIOConnFactory(new DefaultNHttpClientConnectionFactory(ConnectionConfig.DEFAULT),
+ new SSLNHttpClientConnectionFactory(sslContext, null, ConnectionConfig.DEFAULT)),
+ 0);
connPool.setMaxTotal(100);
connPool.setDefaultMaxPerRoute(20);
@@ -163,8 +179,8 @@ public class NHttpReverseProxy {
new ProxyIncomingConnectionReuseStrategy(),
handlerRegistry);
- final IOEventDispatch connectingEventDispatch = new DefaultHttpClientIODispatch(
- clientHandler, ConnectionConfig.DEFAULT);
+ final IOEventDispatch connectingEventDispatch = DefaultHttpClientIODispatch.create(
+ clientHandler, sslContext, ConnectionConfig.DEFAULT);
final IOEventDispatch listeningEventDispatch = new DefaultHttpServerIODispatch(
serviceHandler, ConnectionConfig.DEFAULT);
Added: httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java?rev=1794666&view=auto
==============================================================================
--- httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java (added)
+++ httpcomponents/httpcore/branches/4.4.x/httpcore-nio/src/examples/org/apache/http/examples/nio/TrustSelfSignedStrategy.java Wed May 10 00:43:17 2017
@@ -0,0 +1,50 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.http.examples.nio;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import org.apache.http.ssl.TrustStrategy;
+
+/**
+ * A trust strategy that accepts self-signed certificates as trusted. Verification of all other
+ * certificates is done by the trust manager configured in the SSL context.
+ *
+ * Copied from HttClient.
+ */
+class TrustSelfSignedStrategy implements TrustStrategy {
+
+ public static final TrustSelfSignedStrategy INSTANCE = new TrustSelfSignedStrategy();
+
+ @Override
+ public boolean isTrusted(
+ final X509Certificate[] chain, final String authType) throws CertificateException {
+ return chain.length == 1;
+ }
+
+}