Added #resolveCanonicalHostname to DnsResolver; GGS schemes to use DnsResolver when resolving to canonical hostname

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1724610 13f79535-47bb-0310-9956-ffa450edef68
2016-01-14 13:49:23 +00:00 · 2016-01-14 13:49:23 +00:00 · 9465651937
parent f68bde1394
commit 9465651937
10 changed files with 60 additions and 67 deletions
--- a/httpclient/src/main/java/org/apache/http/conn/DnsResolver.java
+++ b/httpclient/src/main/java/org/apache/http/conn/DnsResolver.java
@ -51,4 +51,10 @@ public interface DnsResolver {
     */
    InetAddress[] resolve(String host) throws UnknownHostException;

+    /**
+     * Gets the fully qualified domain name for given host name.
+     * @since 5.0
+     */
+    String resolveCanonicalHostname(String host) throws UnknownHostException;
+
 }
--- a/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/GGSSchemeBase.java
@ -26,7 +26,6 @@
 */
 package org.apache.http.impl.auth;

-import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.Principal;

@ -47,6 +46,8 @@ import org.apache.http.auth.CredentialsProvider;
 import org.apache.http.auth.InvalidCredentialsException;
 import org.apache.http.auth.KerberosCredentials;
 import org.apache.http.auth.MalformedChallengeException;
+import org.apache.http.conn.DnsResolver;
+import org.apache.http.impl.conn.SystemDefaultDnsResolver;
 import org.ietf.jgss.GSSContext;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
@ -69,6 +70,7 @@ public abstract class GGSSchemeBase implements AuthScheme {

    private final Log log = LogFactory.getLog(getClass());

+    private final DnsResolver dnsResolver;
    private final boolean stripPort;
    private final boolean useCanonicalHostname;

@ -78,19 +80,23 @@ public abstract class GGSSchemeBase implements AuthScheme {
    private String challenge;
    private byte[] token;

-    GGSSchemeBase(final boolean stripPort, final boolean useCanonicalHostname) {
+    GGSSchemeBase(
+            final DnsResolver dnsResolver,
+            final boolean stripPort,
+            final boolean useCanonicalHostname) {
        super();
+        this.dnsResolver = dnsResolver != null ? dnsResolver : SystemDefaultDnsResolver.INSTANCE;
        this.stripPort = stripPort;
        this.useCanonicalHostname = useCanonicalHostname;
        this.state = State.UNINITIATED;
    }

    GGSSchemeBase(final boolean stripPort) {
-        this(stripPort, true);
+        this(null, stripPort, true);
    }

    GGSSchemeBase() {
-        this(true, true);
+        this(null, true, true);
    }

    @Override
@ -189,15 +195,11 @@ public abstract class GGSSchemeBase implements AuthScheme {
                String hostname = host.getHostName();
                if (this.useCanonicalHostname){
                    try {
-                         //TODO: uncomment this statement and delete the resolveCanonicalHostname,
-                         //TODO: as soon canonical hostname resolving is implemented in the SystemDefaultDnsResolver
-                         //final DnsResolver dnsResolver = SystemDefaultDnsResolver.INSTANCE;
-                         //hostname = dnsResolver.resolveCanonicalHostname(host.getHostName());
-                         hostname = resolveCanonicalHostname(hostname);
+                         hostname = dnsResolver.resolveCanonicalHostname(host.getHostName());
                    } catch (UnknownHostException ignore){
                    }
                }
-                if (this.stripPort) { // || host.getPort()==80 || host.getPort()==443) {
+                if (this.stripPort) {
                    authServer = hostname;
                } else {
                    authServer = hostname + ":" + host.getPort();
@ -237,15 +239,6 @@ public abstract class GGSSchemeBase implements AuthScheme {
        }
    }

-    private String resolveCanonicalHostname(final String host) throws UnknownHostException {
-        final InetAddress in = InetAddress.getByName(host);
-        final String canonicalServer = in.getCanonicalHostName();
-        if (in.getHostAddress().contentEquals(canonicalServer)) {
-            return host;
-        }
-        return canonicalServer;
-    }
-
    @Override
    public String toString() {
        return getName() + "{" + this.state + " " + challenge + '}';
--- a/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/KerberosScheme.java
@ -27,6 +27,7 @@
 package org.apache.http.impl.auth;

 import org.apache.hc.core5.annotation.NotThreadSafe;
+import org.apache.http.conn.DnsResolver;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.Oid;

@ -43,8 +44,8 @@ public class KerberosScheme extends GGSSchemeBase {
    /**
     * @since 4.4
     */
-    public KerberosScheme(final boolean stripPort, final boolean useCanonicalHostname) {
-        super(stripPort, useCanonicalHostname);
+    public KerberosScheme(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) {
+        super(dnsResolver, stripPort, useCanonicalHostname);
    }

    public KerberosScheme(final boolean stripPort) {
--- a/httpclient/src/main/java/org/apache/http/impl/auth/KerberosSchemeFactory.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/KerberosSchemeFactory.java
@ -30,6 +30,7 @@ import org.apache.hc.core5.annotation.Immutable;
 import org.apache.hc.core5.http.protocol.HttpContext;
 import org.apache.http.auth.AuthScheme;
 import org.apache.http.auth.AuthSchemeProvider;
+import org.apache.http.conn.DnsResolver;

 /**
 * {@link AuthSchemeProvider} implementation that creates and initializes
@ -40,39 +41,23 @@ import org.apache.http.auth.AuthSchemeProvider;
@Immutable
 public class KerberosSchemeFactory implements AuthSchemeProvider {

+    private final DnsResolver dnsResolver;
    private final boolean stripPort;
    private final boolean useCanonicalHostname;

    /**
     * @since 4.4
     */
-    public KerberosSchemeFactory(final boolean stripPort, final boolean useCanonicalHostname) {
+    public KerberosSchemeFactory(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) {
        super();
+        this.dnsResolver = dnsResolver;
        this.stripPort = stripPort;
        this.useCanonicalHostname = useCanonicalHostname;
    }

-    public KerberosSchemeFactory(final boolean stripPort) {
-        super();
-        this.stripPort = stripPort;
-        this.useCanonicalHostname = true;
-    }
-
-    public KerberosSchemeFactory() {
-        this(true, true);
-    }
-
-    public boolean isStripPort() {
-        return stripPort;
-    }
-
-    public boolean isUseCanonicalHostname() {
-        return useCanonicalHostname;
-    }
-
    @Override
    public AuthScheme create(final HttpContext context) {
-        return new KerberosScheme(this.stripPort, this.useCanonicalHostname);
+        return new KerberosScheme(this.dnsResolver, this.stripPort, this.useCanonicalHostname);
    }

 }
--- a/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoScheme.java
@ -27,6 +27,7 @@
 package org.apache.http.impl.auth;

 import org.apache.hc.core5.annotation.NotThreadSafe;
+import org.apache.http.conn.DnsResolver;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.Oid;

@ -44,8 +45,8 @@ public class SPNegoScheme extends GGSSchemeBase {
    /**
     * @since 4.4
     */
-    public SPNegoScheme(final boolean stripPort, final boolean useCanonicalHostname) {
-        super(stripPort, useCanonicalHostname);
+    public SPNegoScheme(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) {
+        super(dnsResolver, stripPort, useCanonicalHostname);
    }

    public SPNegoScheme(final boolean stripPort) {
--- a/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java
+++ b/httpclient/src/main/java/org/apache/http/impl/auth/SPNegoSchemeFactory.java
@ -30,6 +30,7 @@ import org.apache.hc.core5.annotation.Immutable;
 import org.apache.hc.core5.http.protocol.HttpContext;
 import org.apache.http.auth.AuthScheme;
 import org.apache.http.auth.AuthSchemeProvider;
+import org.apache.http.conn.DnsResolver;

 /**
 * {@link AuthSchemeProvider} implementation that creates and initializes
@ -40,39 +41,23 @@ import org.apache.http.auth.AuthSchemeProvider;
@Immutable
 public class SPNegoSchemeFactory implements AuthSchemeProvider {

+    private final DnsResolver dnsResolver;
    private final boolean stripPort;
    private final boolean useCanonicalHostname;

    /**
     * @since 4.4
     */
-    public SPNegoSchemeFactory(final boolean stripPort, final boolean useCanonicalHostname) {
+    public SPNegoSchemeFactory(final DnsResolver dnsResolver, final boolean stripPort, final boolean useCanonicalHostname) {
        super();
+        this.dnsResolver = dnsResolver;
        this.stripPort = stripPort;
        this.useCanonicalHostname = useCanonicalHostname;
    }

-    public SPNegoSchemeFactory(final boolean stripPort) {
-        super();
-        this.stripPort = stripPort;
-        this.useCanonicalHostname = true;
-    }
-
-    public SPNegoSchemeFactory() {
-        this(true, true);
-    }
-
-    public boolean isStripPort() {
-        return stripPort;
-    }
-
-    public boolean isUseCanonicalHostname() {
-        return useCanonicalHostname;
-    }
-
    @Override
    public AuthScheme create(final HttpContext context) {
-        return new SPNegoScheme(this.stripPort, this.useCanonicalHostname);
+        return new SPNegoScheme(this.dnsResolver, this.stripPort, this.useCanonicalHostname);
    }

 }
--- a/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java
+++ b/httpclient/src/main/java/org/apache/http/impl/client/HttpClientBuilder.java
@ -108,6 +108,7 @@ import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
 import org.apache.http.impl.conn.DefaultRoutePlanner;
 import org.apache.http.impl.conn.DefaultSchemePortResolver;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.impl.conn.SystemDefaultDnsResolver;
 import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
 import org.apache.http.impl.execchain.BackoffStrategyExec;
 import org.apache.http.impl.execchain.ClientExecChain;
@ -1110,8 +1111,8 @@ public class HttpClientBuilder {
                .register(AuthSchemes.BASIC, new BasicSchemeFactory())
                .register(AuthSchemes.DIGEST, new DigestSchemeFactory())
                .register(AuthSchemes.NTLM, new NTLMSchemeFactory())
-                .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory())
-                .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory())
+                .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true))
+                .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true))
                .build();
        }
        Lookup<CookieSpecProvider> cookieSpecRegistryCopy = this.cookieSpecRegistry;
--- a/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java
+++ b/httpclient/src/main/java/org/apache/http/impl/client/ProxyClient.java
@ -76,6 +76,7 @@ import org.apache.http.impl.auth.KerberosSchemeFactory;
 import org.apache.http.impl.auth.NTLMSchemeFactory;
 import org.apache.http.impl.auth.SPNegoSchemeFactory;
 import org.apache.http.impl.conn.ManagedHttpClientConnectionFactory;
+import org.apache.http.impl.conn.SystemDefaultDnsResolver;
 import org.apache.http.impl.execchain.TunnelRefusedException;

 /**
@ -115,8 +116,8 @@ public class ProxyClient {
                .register(AuthSchemes.BASIC, new BasicSchemeFactory())
                .register(AuthSchemes.DIGEST, new DigestSchemeFactory())
                .register(AuthSchemes.NTLM, new NTLMSchemeFactory())
-                .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory())
-                .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory())
+                .register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true))
+                .register(AuthSchemes.KERBEROS, new KerberosSchemeFactory(SystemDefaultDnsResolver.INSTANCE, true, true))
                .build();
        this.reuseStrategy = new DefaultConnectionReuseStrategy();
    }
--- a/httpclient/src/main/java/org/apache/http/impl/conn/InMemoryDnsResolver.java
+++ b/httpclient/src/main/java/org/apache/http/impl/conn/InMemoryDnsResolver.java
@ -92,4 +92,12 @@ public class InMemoryDnsResolver implements DnsResolver {
        return resolvedAddresses;
    }

+    @Override
+    public String resolveCanonicalHostname(final String host) throws UnknownHostException {
+        final InetAddress[] resolvedAddresses = resolve(host);
+        if (resolvedAddresses.length > 0) {
+            return resolvedAddresses[0].getCanonicalHostName();
+        }
+        return host;
+    }
 }
--- a/httpclient/src/main/java/org/apache/http/impl/conn/SystemDefaultDnsResolver.java
+++ b/httpclient/src/main/java/org/apache/http/impl/conn/SystemDefaultDnsResolver.java
@ -45,4 +45,16 @@ public class SystemDefaultDnsResolver implements DnsResolver {
        return InetAddress.getAllByName(host);
    }

+    @Override
+    public String resolveCanonicalHostname(final String host) throws UnknownHostException {
+        if (host == null) {
+            return null;
+        }
+        final InetAddress in = InetAddress.getByName(host);
+        final String canonicalServer = in.getCanonicalHostName();
+        if (in.getHostAddress().contentEquals(canonicalServer)) {
+            return host;
+        }
+        return canonicalServer;
+    }
 }