From 94656519373f7ff515e3634ef71e21c74850cdf9 Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Thu, 14 Jan 2016 13:49:23 +0000 Subject: [PATCH] Added #resolveCanonicalHostname to DnsResolver; GGS schemes to use DnsResolver when resolving to canonical hostname git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1724610 13f79535-47bb-0310-9956-ffa450edef68 --- .../org/apache/http/conn/DnsResolver.java | 6 ++++ .../apache/http/impl/auth/GGSSchemeBase.java | 31 +++++++------------ .../apache/http/impl/auth/KerberosScheme.java | 5 +-- .../http/impl/auth/KerberosSchemeFactory.java | 25 +++------------ .../apache/http/impl/auth/SPNegoScheme.java | 5 +-- .../http/impl/auth/SPNegoSchemeFactory.java | 25 +++------------ .../http/impl/client/HttpClientBuilder.java | 5 +-- .../apache/http/impl/client/ProxyClient.java | 5 +-- .../http/impl/conn/InMemoryDnsResolver.java | 8 +++++ .../impl/conn/SystemDefaultDnsResolver.java | 12 +++++++ 10 files changed, 60 insertions(+), 67 deletions(-) diff --git a/httpclient/src/main/java/org/apache/http/conn/DnsResolver.java b/httpclient/src/main/java/org/apache/http/conn/DnsResolver.java index c4501f39e..b6d0f32b4 100644 --- a/httpclient/src/main/java/org/apache/http/conn/DnsResolver.java +++ b/httpclient/src/main/java/org/apache/http/conn/DnsResolver.java @@ -51,4 +51,10 @@ public interface DnsResolver { */ InetAddress[] resolve(String host) throws UnknownHostException; + /** + * Gets the fully qualified domain name for given host name. + * @since 5.0 + */ + String resolveCanonicalHostname(String host) throws UnknownHostException; + } diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java b/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java index 6ed74e58d..edab32d23 100644 --- a/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java +++ b/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java @@ -26,7 +26,6 @@ */ package org.apache.http.impl.auth; -import java.net.InetAddress; import java.net.UnknownHostException; import java.security.Principal; @@ -47,6 +46,8 @@ import org.apache.http.auth.CredentialsProvider; import org.apache.http.auth.InvalidCredentialsException; import org.apache.http.auth.KerberosCredentials; import org.apache.http.auth.MalformedChallengeException; +import org.apache.http.conn.DnsResolver; +import org.apache.http.impl.conn.SystemDefaultDnsResolver; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; @@ -69,6 +70,7 @@ public abstract class GGSSchemeBase implements AuthScheme { private final Log log = LogFactory.getLog(getClass()); + private final DnsResolver dnsResolver; private final boolean stripPort; private final boolean useCanonicalHostname; @@ -78,19 +80,23 @@ public abstract class GGSSchemeBase implements AuthScheme { private String challenge; private byte[] token; - GGSSchemeBase(final boolean stripPort, final boolean useCanonicalHostname) { + GGSSchemeBase( + final DnsResolver dnsResolver, + final boolean stripPort, + final boolean useCanonicalHostname) { super(); + this.dnsResolver = dnsResolver != null ? dnsResolver : SystemDefaultDnsResolver.INSTANCE; this.stripPort = stripPort; this.useCanonicalHostname = useCanonicalHostname; this.state = State.UNINITIATED; } GGSSchemeBase(final boolean stripPort) { - this(stripPort, true); + this(null, stripPort, true); } GGSSchemeBase() { - this(true, true); + this(null, true, true); } @Override @@ -189,15 +195,11 @@ public abstract class GGSSchemeBase implements AuthScheme { String hostname = host.getHostName(); if (this.useCanonicalHostname){ try { - //TODO: uncomment this statement and delete the resolveCanonicalHostname, - //TODO: as soon canonical hostname resolving is implemented in the SystemDefaultDnsResolver - //final DnsResolver dnsResolver = SystemDefaultDnsResolver.INSTANCE; - //hostname = dnsResolver.resolveCanonicalHostname(host.getHostName()); - hostname = resolveCanonicalHostname(hostname); + hostname = dnsResolver.resolveCanonicalHostname(host.getHostName()); } catch (UnknownHostException ignore){ } } - if (this.stripPort) { // || host.getPort()==80 || host.getPort()==443) { + if (this.stripPort) { authServer = hostname; } else { authServer = hostname + ":" + host.getPort(); @@ -237,15 +239,6 @@ public abstract class GGSSchemeBase implements AuthScheme { } } - private String resolveCanonicalHostname(final String host) throws UnknownHostException { - final InetAddress in = InetAddress.getByName(host); - final String canonicalServer = in.getCanonicalHostName(); - if (in.getHostAddress().contentEquals(canonicalServer)) { - return host; - } - return canonicalServer; - } - @Override public String toString() { return getName() + "{" + this.state + " " + challenge + '}'; diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java b/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java index f58f0a476..58bf6834e 100644 --- a/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java +++ b/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java @@ -27,6 +27,7 @@ package org.apache.http.impl.auth; import org.apache.hc.core5.annotation.NotThreadSafe; +import org.apache.http.conn.DnsResolver; import org.ietf.jgss.GSSException; import org.ietf.jgss.Oid; @@ -43,8 +44,8 @@ public class KerberosScheme extends GGSSchemeBase { /** * @since 4.4 */ - public KerberosScheme(final boolean stripPort, final boolean useCanonicalHostname) { - super(stripPort, useCanonicalHostname); + public KerberosScheme(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) { + super(dnsResolver, stripPort, useCanonicalHostname); } public KerberosScheme(final boolean stripPort) { diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/KerberosSchemeFactory.java b/httpclient/src/main/java/org/apache/http/impl/auth/KerberosSchemeFactory.java index dee866def..e9e25c95a 100644 --- a/httpclient/src/main/java/org/apache/http/impl/auth/KerberosSchemeFactory.java +++ b/httpclient/src/main/java/org/apache/http/impl/auth/KerberosSchemeFactory.java @@ -30,6 +30,7 @@ import org.apache.hc.core5.annotation.Immutable; import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.http.auth.AuthScheme; import org.apache.http.auth.AuthSchemeProvider; +import org.apache.http.conn.DnsResolver; /** * {@link AuthSchemeProvider} implementation that creates and initializes @@ -40,39 +41,23 @@ import org.apache.http.auth.AuthSchemeProvider; @Immutable public class KerberosSchemeFactory implements AuthSchemeProvider { + private final DnsResolver dnsResolver; private final boolean stripPort; private final boolean useCanonicalHostname; /** * @since 4.4 */ - public KerberosSchemeFactory(final boolean stripPort, final boolean useCanonicalHostname) { + public KerberosSchemeFactory(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) { super(); + this.dnsResolver = dnsResolver; this.stripPort = stripPort; this.useCanonicalHostname = useCanonicalHostname; } - public KerberosSchemeFactory(final boolean stripPort) { - super(); - this.stripPort = stripPort; - this.useCanonicalHostname = true; - } - - public KerberosSchemeFactory() { - this(true, true); - } - - public boolean isStripPort() { - return stripPort; - } - - public boolean isUseCanonicalHostname() { - return useCanonicalHostname; - } - @Override public AuthScheme create(final HttpContext context) { - return new KerberosScheme(this.stripPort, this.useCanonicalHostname); + return new KerberosScheme(this.dnsResolver, this.stripPort, this.useCanonicalHostname); } } diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java b/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java index fa606ff1a..fc5222fea 100644 --- a/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java +++ b/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java @@ -27,6 +27,7 @@ package org.apache.http.impl.auth; import org.apache.hc.core5.annotation.NotThreadSafe; +import org.apache.http.conn.DnsResolver; import org.ietf.jgss.GSSException; import org.ietf.jgss.Oid; @@ -44,8 +45,8 @@ public class SPNegoScheme extends GGSSchemeBase { /** * @since 4.4 */ - public SPNegoScheme(final boolean stripPort, final boolean useCanonicalHostname) { - super(stripPort, useCanonicalHostname); + public SPNegoScheme(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) { + super(dnsResolver, stripPort, useCanonicalHostname); } public SPNegoScheme(final boolean stripPort) { diff --git a/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java b/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java index 36b9aee02..c08f2c725 100644 --- a/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java +++ b/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java @@ -30,6 +30,7 @@ import org.apache.hc.core5.annotation.Immutable; import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.http.auth.AuthScheme; import org.apache.http.auth.AuthSchemeProvider; +import org.apache.http.conn.DnsResolver; /** * {@link AuthSchemeProvider} implementation that creates and initializes @@ -40,39 +41,23 @@ import org.apache.http.auth.AuthSchemeProvider; @Immutable public class SPNegoSchemeFactory implements AuthSchemeProvider { + private final DnsResolver dnsResolver; private final boolean stripPort; private final boolean useCanonicalHostname; /** * @since 4.4 */ - public SPNegoSchemeFactory(final boolean stripPort, final boolean useCanonicalHostname) { + public SPNegoSchemeFactory(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) { super(); + this.dnsResolver = dnsResolver; this.stripPort = stripPort; this.useCanonicalHostname = useCanonicalHostname; } - public SPNegoSchemeFactory(final boolean stripPort) { - super(); - this.stripPort = stripPort; - this.useCanonicalHostname = true; - } - - public SPNegoSchemeFactory() { - this(true, true); - } - - public boolean isStripPort() { - return stripPort; - } - - public boolean isUseCanonicalHostname() { - return useCanonicalHostname; - } - @Override public AuthScheme create(final HttpContext context) { - return new SPNegoScheme(this.stripPort, this.useCanonicalHostname); + return new SPNegoScheme(this.dnsResolver, this.stripPort, this.useCanonicalHostname); } } diff --git a/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java b/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java index bb857041b..a1392c36f 100644 --- a/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java +++ b/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java @@ -108,6 +108,7 @@ import org.apache.http.impl.conn.DefaultProxyRoutePlanner; import org.apache.http.impl.conn.DefaultRoutePlanner; import org.apache.http.impl.conn.DefaultSchemePortResolver; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; +import org.apache.http.impl.conn.SystemDefaultDnsResolver; import org.apache.http.impl.conn.SystemDefaultRoutePlanner; import org.apache.http.impl.execchain.BackoffStrategyExec; import org.apache.http.impl.execchain.ClientExecChain; @@ -1110,8 +1111,8 @@ public class HttpClientBuilder { .register(AuthSchemes.BASIC, new BasicSchemeFactory()) .register(AuthSchemes.DIGEST, new DigestSchemeFactory()) .register(AuthSchemes.NTLM, new NTLMSchemeFactory()) - .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()) - .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory()) + .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true)) + .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true)) .build(); } Lookup cookieSpecRegistryCopy = this.cookieSpecRegistry; diff --git a/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java b/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java index c11478dca..969c31f25 100644 --- a/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java +++ b/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java @@ -76,6 +76,7 @@ import org.apache.http.impl.auth.KerberosSchemeFactory; import org.apache.http.impl.auth.NTLMSchemeFactory; import org.apache.http.impl.auth.SPNegoSchemeFactory; import org.apache.http.impl.conn.ManagedHttpClientConnectionFactory; +import org.apache.http.impl.conn.SystemDefaultDnsResolver; import org.apache.http.impl.execchain.TunnelRefusedException; /** @@ -115,8 +116,8 @@ public class ProxyClient { .register(AuthSchemes.BASIC, new BasicSchemeFactory()) .register(AuthSchemes.DIGEST, new DigestSchemeFactory()) .register(AuthSchemes.NTLM, new NTLMSchemeFactory()) - .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory()) - .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory()) + .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true)) + .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true)) .build(); this.reuseStrategy = new DefaultConnectionReuseStrategy(); } diff --git a/httpclient/src/main/java/org/apache/http/impl/conn/InMemoryDnsResolver.java b/httpclient/src/main/java/org/apache/http/impl/conn/InMemoryDnsResolver.java index 9516d5e2e..6b0fe6108 100644 --- a/httpclient/src/main/java/org/apache/http/impl/conn/InMemoryDnsResolver.java +++ b/httpclient/src/main/java/org/apache/http/impl/conn/InMemoryDnsResolver.java @@ -92,4 +92,12 @@ public class InMemoryDnsResolver implements DnsResolver { return resolvedAddresses; } + @Override + public String resolveCanonicalHostname(final String host) throws UnknownHostException { + final InetAddress[] resolvedAddresses = resolve(host); + if (resolvedAddresses.length > 0) { + return resolvedAddresses[0].getCanonicalHostName(); + } + return host; + } } diff --git a/httpclient/src/main/java/org/apache/http/impl/conn/SystemDefaultDnsResolver.java b/httpclient/src/main/java/org/apache/http/impl/conn/SystemDefaultDnsResolver.java index 94e213fe4..8f02e8bd5 100644 --- a/httpclient/src/main/java/org/apache/http/impl/conn/SystemDefaultDnsResolver.java +++ b/httpclient/src/main/java/org/apache/http/impl/conn/SystemDefaultDnsResolver.java @@ -45,4 +45,16 @@ public class SystemDefaultDnsResolver implements DnsResolver { return InetAddress.getAllByName(host); } + @Override + public String resolveCanonicalHostname(final String host) throws UnknownHostException { + if (host == null) { + return null; + } + final InetAddress in = InetAddress.getByName(host); + final String canonicalServer = in.getCanonicalHostName(); + if (in.getHostAddress().contentEquals(canonicalServer)) { + return host; + } + return canonicalServer; + } }