HTTPCLIENT-1051: eliminated reverse DNS lookup when performing hostname verification for secure connections

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1079783 13f79535-47bb-0310-9956-ffa450edef68
2011-03-09 13:10:13 +00:00 · 2011-03-09 13:10:13 +00:00 · a1f6685cd8
parent 0bd45f2b39
commit a1f6685cd8
3 changed files with 68 additions and 2 deletions
--- a/httpclient/src/main/java/org/apache/http/conn/HttpInetSocketAddress.java
+++ b/httpclient/src/main/java/org/apache/http/conn/HttpInetSocketAddress.java
@ -0,0 +1,58 @@
+/*
+ * ====================================================================
+ *
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.conn;
+
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+
+import org.apache.http.HttpHost;
+
+/**
+ * Extended {@link InetSocketAddress} implementation that also provides access to the original
+ * {@link HttpHost} used to resolve the address.
+ * 
+ * @since 4.2
+ */
+public class HttpInetSocketAddress extends InetSocketAddress {
+
+    private static final long serialVersionUID = -6650701828361907957L;
+
+    private final HttpHost host;
+    
+    public HttpInetSocketAddress(final HttpHost host, final InetAddress addr, int port) {
+        super(addr, port);
+        if (host == null) {
+            throw new IllegalArgumentException("HTTP host may not be null");
+        }
+        this.host = host;
+    }
+
+    public HttpHost getHost() {
+        return this.host;
+    }
+    
+}
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/SSLSocketFactory.java
@ -30,6 +30,7 @@ package org.apache.http.conn.ssl;
 import org.apache.http.annotation.ThreadSafe;

 import org.apache.http.conn.ConnectTimeoutException;
+import org.apache.http.conn.HttpInetSocketAddress;
 import org.apache.http.conn.scheme.HostNameResolver;
 import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
 import org.apache.http.conn.scheme.LayeredSocketFactory;
@ -387,7 +388,13 @@ public class SSLSocketFactory implements LayeredSchemeSocketFactory, LayeredSock
        }
        if (this.hostnameVerifier != null) {
            try {
-                this.hostnameVerifier.verify(remoteAddress.getHostName(), sslsock);
+                String hostname;
+                if (remoteAddress instanceof HttpInetSocketAddress) {
+                    hostname = ((HttpInetSocketAddress) remoteAddress).getHost().getHostName();
+                } else {
+                    hostname = remoteAddress.getHostName();
+                }
+                this.hostnameVerifier.verify(hostname, sslsock);
                // verifyHostName() didn't blowup - good!
            } catch (IOException iox) {
                // close the socket before re-throwing the exception
--- a/httpclient/src/main/java/org/apache/http/impl/conn/DefaultClientConnectionOperator.java
+++ b/httpclient/src/main/java/org/apache/http/impl/conn/DefaultClientConnectionOperator.java
@ -45,6 +45,7 @@ import org.apache.http.protocol.HttpContext;

 import org.apache.http.conn.ConnectTimeoutException;
 import org.apache.http.conn.HttpHostConnectException;
+import org.apache.http.conn.HttpInetSocketAddress;
 import org.apache.http.conn.OperatedClientConnection;
 import org.apache.http.conn.ClientConnectionOperator;
 import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
@ -136,7 +137,7 @@ public class DefaultClientConnectionOperator implements ClientConnectionOperator
            Socket sock = sf.createSocket(params);
            conn.opening(sock, target);

-            InetSocketAddress remoteAddress = new InetSocketAddress(address, port);
+            InetSocketAddress remoteAddress = new HttpInetSocketAddress(target, address, port);
            InetSocketAddress localAddress = null;
            if (local != null) {
                localAddress = new InetSocketAddress(local, 0);