Merge pull request #4178 from eclipse/jetty-9.4.x-4177-http_proxy_sslcontextfactory
Fixes #4177 - Configure HTTP proxy with SslContextFactory.
This commit is contained in:
commit
53ed8f346c
|
@ -1160,11 +1160,26 @@ public class HttpClient extends ContainerLifeCycle
|
|||
return HttpScheme.HTTPS.is(scheme) || HttpScheme.WSS.is(scheme);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@code SslClientConnectionFactory} wrapping the given connection factory.
|
||||
*
|
||||
* @param connectionFactory the connection factory to wrap
|
||||
* @return a new SslClientConnectionFactory
|
||||
* @deprecated use {@link #newSslClientConnectionFactory(SslContextFactory, ClientConnectionFactory)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory);
|
||||
}
|
||||
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
if (sslContextFactory == null)
|
||||
return newSslClientConnectionFactory(connectionFactory);
|
||||
return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory);
|
||||
}
|
||||
|
||||
private class ContentDecoderFactorySet implements Set<ContentDecoder.Factory>
|
||||
{
|
||||
private final Set<ContentDecoder.Factory> set = new HashSet<>();
|
||||
|
|
|
@ -48,6 +48,7 @@ import org.eclipse.jetty.util.component.Dumpable;
|
|||
import org.eclipse.jetty.util.component.DumpableCollection;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.eclipse.jetty.util.thread.Scheduler;
|
||||
import org.eclipse.jetty.util.thread.Sweeper;
|
||||
|
||||
|
@ -86,12 +87,12 @@ public abstract class HttpDestination extends ContainerLifeCycle implements Dest
|
|||
{
|
||||
connectionFactory = proxy.newClientConnectionFactory(connectionFactory);
|
||||
if (proxy.isSecure())
|
||||
connectionFactory = newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = newSslClientConnectionFactory(proxy.getSslContextFactory(), connectionFactory);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (isSecure())
|
||||
connectionFactory = newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = newSslClientConnectionFactory(null, connectionFactory);
|
||||
}
|
||||
this.connectionFactory = connectionFactory;
|
||||
|
||||
|
@ -132,9 +133,9 @@ public abstract class HttpDestination extends ContainerLifeCycle implements Dest
|
|||
return new BlockingArrayQueue<>(client.getMaxRequestsQueuedPerDestination());
|
||||
}
|
||||
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return client.newSslClientConnectionFactory(connectionFactory);
|
||||
return client.newSslClientConnectionFactory(sslContextFactory, connectionFactory);
|
||||
}
|
||||
|
||||
public boolean isSecure()
|
||||
|
|
|
@ -54,6 +54,11 @@ public class HttpProxy extends ProxyConfiguration.Proxy
|
|||
super(address, secure);
|
||||
}
|
||||
|
||||
public HttpProxy(Origin.Address address, SslContextFactory.Client sslContextFactory)
|
||||
{
|
||||
super(address, sslContextFactory);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientConnectionFactory newClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
|
@ -204,7 +209,7 @@ public class HttpProxy extends ProxyConfiguration.Proxy
|
|||
context.put(HttpClientTransport.HTTP_CONNECTION_PROMISE_CONTEXT_KEY, promise);
|
||||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
HttpClient client = destination.getHttpClient();
|
||||
ClientConnectionFactory sslConnectionFactory = client.newSslClientConnectionFactory(connectionFactory);
|
||||
ClientConnectionFactory sslConnectionFactory = client.newSslClientConnectionFactory(null, connectionFactory);
|
||||
HttpConnectionOverHTTP oldConnection = (HttpConnectionOverHTTP)endPoint.getConnection();
|
||||
context.put(SslClientConnectionFactory.SSL_PEER_HOST_CONTEXT_KEY, destination.getHost());
|
||||
context.put(SslClientConnectionFactory.SSL_PEER_PORT_CONTEXT_KEY, destination.getPort());
|
||||
|
|
|
@ -22,10 +22,12 @@ import java.net.URI;
|
|||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
||||
import org.eclipse.jetty.io.ClientConnectionFactory;
|
||||
import org.eclipse.jetty.util.HostPort;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
|
||||
/**
|
||||
* The configuration of the forward proxy to use with {@link org.eclipse.jetty.client.HttpClient}.
|
||||
|
@ -64,11 +66,23 @@ public class ProxyConfiguration
|
|||
private final Set<String> excluded = new HashSet<>();
|
||||
private final Origin.Address address;
|
||||
private final boolean secure;
|
||||
private final SslContextFactory.Client sslContextFactory;
|
||||
|
||||
protected Proxy(Origin.Address address, boolean secure)
|
||||
{
|
||||
this(address, secure, null);
|
||||
}
|
||||
|
||||
public Proxy(Origin.Address address, SslContextFactory.Client sslContextFactory)
|
||||
{
|
||||
this(address, true, Objects.requireNonNull(sslContextFactory));
|
||||
}
|
||||
|
||||
private Proxy(Origin.Address address, boolean secure, SslContextFactory.Client sslContextFactory)
|
||||
{
|
||||
this.address = address;
|
||||
this.secure = secure;
|
||||
this.sslContextFactory = sslContextFactory;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -87,6 +101,14 @@ public class ProxyConfiguration
|
|||
return secure;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the optional SslContextFactory to use when connecting to proxies
|
||||
*/
|
||||
public SslContextFactory.Client getSslContextFactory()
|
||||
{
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the list of origins that must be proxied
|
||||
* @see #matches(Origin)
|
||||
|
|
|
@ -64,7 +64,7 @@ public class Socks4Proxy extends ProxyConfiguration.Proxy
|
|||
}
|
||||
|
||||
@Override
|
||||
public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context) throws IOException
|
||||
public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context)
|
||||
{
|
||||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
Executor executor = destination.getHttpClient().getExecutor();
|
||||
|
@ -198,7 +198,7 @@ public class Socks4Proxy extends ProxyConfiguration.Proxy
|
|||
HttpClient client = destination.getHttpClient();
|
||||
ClientConnectionFactory connectionFactory = this.connectionFactory;
|
||||
if (destination.isSecure())
|
||||
connectionFactory = client.newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = client.newSslClientConnectionFactory(null, connectionFactory);
|
||||
org.eclipse.jetty.io.Connection newConnection = connectionFactory.newConnection(getEndPoint(), context);
|
||||
getEndPoint().upgrade(newConnection);
|
||||
if (LOG.isDebugEnabled())
|
||||
|
|
|
@ -474,9 +474,9 @@ public class HttpClientTLSTest
|
|||
client = new HttpClient(createClientSslContextFactory())
|
||||
{
|
||||
@Override
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
SslClientConnectionFactory ssl = (SslClientConnectionFactory)super.newSslClientConnectionFactory(connectionFactory);
|
||||
SslClientConnectionFactory ssl = (SslClientConnectionFactory)super.newSslClientConnectionFactory(sslContextFactory, connectionFactory);
|
||||
ssl.setAllowMissingCloseMessage(false);
|
||||
return ssl;
|
||||
}
|
||||
|
|
|
@ -689,6 +689,74 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBothProxyAndServerNeedClientAuthWithDifferentKeyStores() throws Exception
|
||||
{
|
||||
SslContextFactory.Server serverTLS = newServerSslContextFactory();
|
||||
serverTLS.setEndpointIdentificationAlgorithm(null);
|
||||
serverTLS.setNeedClientAuth(true);
|
||||
startTLSServer(serverTLS, new ServerHandler());
|
||||
int serverPort = serverConnector.getLocalPort();
|
||||
|
||||
SslContextFactory.Server proxyServerTLS = newProxySslContextFactory();
|
||||
proxyServerTLS.setEndpointIdentificationAlgorithm(null);
|
||||
proxyServerTLS.setNeedClientAuth(true);
|
||||
startProxy(proxyServerTLS);
|
||||
int proxyPort = proxyConnector.getLocalPort();
|
||||
|
||||
SslContextFactory.Client clientTLS = new SslContextFactory.Client()
|
||||
{
|
||||
@Override
|
||||
public SSLEngine newSSLEngine(String host, int port)
|
||||
{
|
||||
if (port != serverPort)
|
||||
throw new IllegalStateException();
|
||||
return super.newSSLEngine(host, port);
|
||||
}
|
||||
};
|
||||
clientTLS.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_server_keystore.p12").getAbsolutePath());
|
||||
clientTLS.setKeyStorePassword("storepwd");
|
||||
clientTLS.setEndpointIdentificationAlgorithm(null);
|
||||
HttpClient httpClient = new HttpClient(clientTLS);
|
||||
|
||||
SslContextFactory.Client proxyClientTLS = new SslContextFactory.Client()
|
||||
{
|
||||
@Override
|
||||
public SSLEngine newSSLEngine(String host, int port)
|
||||
{
|
||||
if (port != proxyPort)
|
||||
throw new IllegalStateException();
|
||||
return super.newSSLEngine(host, port);
|
||||
}
|
||||
};
|
||||
proxyClientTLS.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_proxy_keystore.p12").getAbsolutePath());
|
||||
proxyClientTLS.setKeyStorePassword("storepwd");
|
||||
proxyClientTLS.setEndpointIdentificationAlgorithm(null);
|
||||
proxyClientTLS.start();
|
||||
HttpProxy httpProxy = new HttpProxy(new Origin.Address("localhost", proxyConnector.getLocalPort()), proxyClientTLS);
|
||||
httpClient.getProxyConfiguration().getProxies().add(httpProxy);
|
||||
httpClient.start();
|
||||
|
||||
try
|
||||
{
|
||||
String body = "BODY";
|
||||
ContentResponse response = httpClient.newRequest("localhost", serverConnector.getLocalPort())
|
||||
.scheme(HttpScheme.HTTPS.asString())
|
||||
.method(HttpMethod.GET)
|
||||
.path("/echo?body=" + URLEncoder.encode(body, "UTF-8"))
|
||||
.timeout(5, TimeUnit.SECONDS)
|
||||
.send();
|
||||
|
||||
assertEquals(HttpStatus.OK_200, response.getStatus());
|
||||
String content = response.getContentAsString();
|
||||
assertEquals(body, content);
|
||||
}
|
||||
finally
|
||||
{
|
||||
httpClient.stop();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Tag("external")
|
||||
@Disabled
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -254,9 +254,11 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
|
|||
scenario.client = new HttpClient(scenario.provideClientTransport(), sslContextFactory)
|
||||
{
|
||||
@Override
|
||||
public ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
public ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory)
|
||||
if (sslContextFactory == null)
|
||||
sslContextFactory = getSslContextFactory();
|
||||
return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory)
|
||||
{
|
||||
@Override
|
||||
protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine)
|
||||
|
|
Loading…
Reference in New Issue