From c8175ec1077db33f56e2da4b0a69b81bc8cd2340 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Wed, 9 Oct 2019 17:37:00 +0200 Subject: [PATCH 1/2] Fixes #4177 - Configure HTTP proxy with SslContextFactory. It is now possible to pass a `SslContextFactory.Client` to HttpProxy so that it is possible to use a keystore for the proxy communication and another keystore for the server communication. Signed-off-by: Simone Bordet --- .../org/eclipse/jetty/client/HttpClient.java | 6 +- .../eclipse/jetty/client/HttpDestination.java | 9 +-- .../org/eclipse/jetty/client/HttpProxy.java | 7 +- .../jetty/client/ProxyConfiguration.java | 22 ++++++ .../org/eclipse/jetty/client/Socks4Proxy.java | 4 +- .../jetty/client/HttpClientTLSTest.java | 4 +- .../proxy/ForwardProxyTLSServerTest.java | 68 ++++++++++++++++++ .../test/resources/client_proxy_keystore.p12 | Bin 0 -> 3541 bytes .../test/resources/client_server_keystore.p12 | Bin 0 -> 3551 bytes .../http/client/HttpClientTimeoutTest.java | 6 +- 10 files changed, 113 insertions(+), 13 deletions(-) create mode 100644 jetty-proxy/src/test/resources/client_proxy_keystore.p12 create mode 100644 jetty-proxy/src/test/resources/client_server_keystore.p12 diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java index fddd0af85bf..d344335efb1 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java @@ -1160,9 +1160,11 @@ public class HttpClient extends ContainerLifeCycle return HttpScheme.HTTPS.is(scheme) || HttpScheme.WSS.is(scheme); } - protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory) + protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory) { - return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory); + if (sslContextFactory == null) + sslContextFactory = getSslContextFactory(); + return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory); } private class ContentDecoderFactorySet implements Set diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpDestination.java b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpDestination.java index e1868cc54dc..fa0a3f50d1d 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpDestination.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpDestination.java @@ -48,6 +48,7 @@ import org.eclipse.jetty.util.component.Dumpable; import org.eclipse.jetty.util.component.DumpableCollection; import org.eclipse.jetty.util.log.Log; import org.eclipse.jetty.util.log.Logger; +import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.util.thread.Scheduler; import org.eclipse.jetty.util.thread.Sweeper; @@ -86,12 +87,12 @@ public abstract class HttpDestination extends ContainerLifeCycle implements Dest { connectionFactory = proxy.newClientConnectionFactory(connectionFactory); if (proxy.isSecure()) - connectionFactory = newSslClientConnectionFactory(connectionFactory); + connectionFactory = newSslClientConnectionFactory(proxy.getSslContextFactory(), connectionFactory); } else { if (isSecure()) - connectionFactory = newSslClientConnectionFactory(connectionFactory); + connectionFactory = newSslClientConnectionFactory(null, connectionFactory); } this.connectionFactory = connectionFactory; @@ -132,9 +133,9 @@ public abstract class HttpDestination extends ContainerLifeCycle implements Dest return new BlockingArrayQueue<>(client.getMaxRequestsQueuedPerDestination()); } - protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory) + protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory) { - return client.newSslClientConnectionFactory(connectionFactory); + return client.newSslClientConnectionFactory(sslContextFactory, connectionFactory); } public boolean isSecure() diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpProxy.java b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpProxy.java index 057918a9c04..63d3946f1f0 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpProxy.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpProxy.java @@ -54,6 +54,11 @@ public class HttpProxy extends ProxyConfiguration.Proxy super(address, secure); } + public HttpProxy(Origin.Address address, SslContextFactory.Client sslContextFactory) + { + super(address, sslContextFactory); + } + @Override public ClientConnectionFactory newClientConnectionFactory(ClientConnectionFactory connectionFactory) { @@ -204,7 +209,7 @@ public class HttpProxy extends ProxyConfiguration.Proxy context.put(HttpClientTransport.HTTP_CONNECTION_PROMISE_CONTEXT_KEY, promise); HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY); HttpClient client = destination.getHttpClient(); - ClientConnectionFactory sslConnectionFactory = client.newSslClientConnectionFactory(connectionFactory); + ClientConnectionFactory sslConnectionFactory = client.newSslClientConnectionFactory(null, connectionFactory); HttpConnectionOverHTTP oldConnection = (HttpConnectionOverHTTP)endPoint.getConnection(); context.put(SslClientConnectionFactory.SSL_PEER_HOST_CONTEXT_KEY, destination.getHost()); context.put(SslClientConnectionFactory.SSL_PEER_PORT_CONTEXT_KEY, destination.getPort()); diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/ProxyConfiguration.java b/jetty-client/src/main/java/org/eclipse/jetty/client/ProxyConfiguration.java index d8e8acbbc05..972dd0f29fc 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/ProxyConfiguration.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/ProxyConfiguration.java @@ -22,10 +22,12 @@ import java.net.URI; import java.util.ArrayList; import java.util.HashSet; import java.util.List; +import java.util.Objects; import java.util.Set; import org.eclipse.jetty.io.ClientConnectionFactory; import org.eclipse.jetty.util.HostPort; +import org.eclipse.jetty.util.ssl.SslContextFactory; /** * The configuration of the forward proxy to use with {@link org.eclipse.jetty.client.HttpClient}. @@ -64,11 +66,23 @@ public class ProxyConfiguration private final Set excluded = new HashSet<>(); private final Origin.Address address; private final boolean secure; + private final SslContextFactory.Client sslContextFactory; protected Proxy(Origin.Address address, boolean secure) + { + this(address, secure, null); + } + + public Proxy(Origin.Address address, SslContextFactory.Client sslContextFactory) + { + this(address, true, Objects.requireNonNull(sslContextFactory)); + } + + private Proxy(Origin.Address address, boolean secure, SslContextFactory.Client sslContextFactory) { this.address = address; this.secure = secure; + this.sslContextFactory = sslContextFactory; } /** @@ -87,6 +101,14 @@ public class ProxyConfiguration return secure; } + /** + * @return the optional SslContextFactory to use when connecting to proxies + */ + public SslContextFactory.Client getSslContextFactory() + { + return sslContextFactory; + } + /** * @return the list of origins that must be proxied * @see #matches(Origin) diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/Socks4Proxy.java b/jetty-client/src/main/java/org/eclipse/jetty/client/Socks4Proxy.java index 677867f1f6a..37b5f0b6769 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/Socks4Proxy.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/Socks4Proxy.java @@ -64,7 +64,7 @@ public class Socks4Proxy extends ProxyConfiguration.Proxy } @Override - public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map context) throws IOException + public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map context) { HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY); Executor executor = destination.getHttpClient().getExecutor(); @@ -198,7 +198,7 @@ public class Socks4Proxy extends ProxyConfiguration.Proxy HttpClient client = destination.getHttpClient(); ClientConnectionFactory connectionFactory = this.connectionFactory; if (destination.isSecure()) - connectionFactory = client.newSslClientConnectionFactory(connectionFactory); + connectionFactory = client.newSslClientConnectionFactory(null, connectionFactory); org.eclipse.jetty.io.Connection newConnection = connectionFactory.newConnection(getEndPoint(), context); getEndPoint().upgrade(newConnection); if (LOG.isDebugEnabled()) diff --git a/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java b/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java index b256901e143..d5c17170c12 100644 --- a/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java +++ b/jetty-client/src/test/java/org/eclipse/jetty/client/HttpClientTLSTest.java @@ -474,9 +474,9 @@ public class HttpClientTLSTest client = new HttpClient(createClientSslContextFactory()) { @Override - protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory) + protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory) { - SslClientConnectionFactory ssl = (SslClientConnectionFactory)super.newSslClientConnectionFactory(connectionFactory); + SslClientConnectionFactory ssl = (SslClientConnectionFactory)super.newSslClientConnectionFactory(sslContextFactory, connectionFactory); ssl.setAllowMissingCloseMessage(false); return ssl; } diff --git a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ForwardProxyTLSServerTest.java b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ForwardProxyTLSServerTest.java index fb99d2a6571..a0c1cea1ae5 100644 --- a/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ForwardProxyTLSServerTest.java +++ b/jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ForwardProxyTLSServerTest.java @@ -689,6 +689,74 @@ public class ForwardProxyTLSServerTest } } + @Test + public void testBothProxyAndServerNeedClientAuthWithDifferentKeyStores() throws Exception + { + SslContextFactory.Server serverTLS = newServerSslContextFactory(); + serverTLS.setEndpointIdentificationAlgorithm(null); + serverTLS.setNeedClientAuth(true); + startTLSServer(serverTLS, new ServerHandler()); + int serverPort = serverConnector.getLocalPort(); + + SslContextFactory.Server proxyServerTLS = newProxySslContextFactory(); + proxyServerTLS.setEndpointIdentificationAlgorithm(null); + proxyServerTLS.setNeedClientAuth(true); + startProxy(proxyServerTLS); + int proxyPort = proxyConnector.getLocalPort(); + + SslContextFactory.Client clientTLS = new SslContextFactory.Client() + { + @Override + public SSLEngine newSSLEngine(String host, int port) + { + if (port != serverPort) + throw new IllegalStateException(); + return super.newSSLEngine(host, port); + } + }; + clientTLS.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_server_keystore.p12").getAbsolutePath()); + clientTLS.setKeyStorePassword("storepwd"); + clientTLS.setEndpointIdentificationAlgorithm(null); + HttpClient httpClient = new HttpClient(clientTLS); + + SslContextFactory.Client proxyClientTLS = new SslContextFactory.Client() + { + @Override + public SSLEngine newSSLEngine(String host, int port) + { + if (port != proxyPort) + throw new IllegalStateException(); + return super.newSSLEngine(host, port); + } + }; + proxyClientTLS.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_proxy_keystore.p12").getAbsolutePath()); + proxyClientTLS.setKeyStorePassword("storepwd"); + proxyClientTLS.setEndpointIdentificationAlgorithm(null); + proxyClientTLS.start(); + HttpProxy httpProxy = new HttpProxy(new Origin.Address("localhost", proxyConnector.getLocalPort()), proxyClientTLS); + httpClient.getProxyConfiguration().getProxies().add(httpProxy); + httpClient.start(); + + try + { + String body = "BODY"; + ContentResponse response = httpClient.newRequest("localhost", serverConnector.getLocalPort()) + .scheme(HttpScheme.HTTPS.asString()) + .method(HttpMethod.GET) + .path("/echo?body=" + URLEncoder.encode(body, "UTF-8")) + .timeout(5, TimeUnit.SECONDS) + .send(); + + assertEquals(HttpStatus.OK_200, response.getStatus()); + String content = response.getContentAsString(); + assertEquals(body, content); + } + finally + { + httpClient.stop(); + } + } + @Test @Tag("external") @Disabled diff --git a/jetty-proxy/src/test/resources/client_proxy_keystore.p12 b/jetty-proxy/src/test/resources/client_proxy_keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..0b55322162e14311ba11213cc5afd58179b638e2 GIT binary patch literal 3541 zcmY+EWmFRY+lB{>hDk|Eh`>N7KZw{Eh#=Pg8|(ZXO%lp~T~SdG5auF)HxLBy0wO>{@$dNWb2cD@tIUSU9pH`c z%xLd>Mv$Px)n=wCArYWQ2Z#U;-o(_Ds=rvSITVT+#C84332X+>={eeynAK`t>V&P0 zgVGGe;l6J8l9{%o#k8g*<+xuoPwJn8dbJ=PG&Xv5iMz94dg{X;@NQJrJ z?{G&_FYuJCq+M{Rl{z*-O}$%1QG!CT`c2A9xoIjoZiB9AR*R^BmdeWM<4(N0etU8! z^W#bvGbr)=&G(`rTs-Bzr9kt2j}|)d+a~8LP()&Kat59e!)E}rcW+y~Jk7SjRZdHl zWX*JZ>~1H|atwaLkIz2v(&JLqy6s_im`he3v8)v@wzN!E`V^|Ift znlgdlh+E8lw-Q1!v7Q(>?E5S@mb=dWcprR*TrsfDZ4q zQ%Y7St(y_oDYMgq5gA79M>sn)HBpD4gncCB&Khql`C~QNcy}eg!U8Ze5oshFHp|Sb<;{ zI-s`vGwd0ll=JuJ6X13BMrGmY^S8K1pG@ZCjyuM&X=e|}?J{aGUwuC9+S^6#3ye}+ElKpm_Kh)gBFa}{n(?O#SGM43;Rs0}u% z&N`ebeG|C8bU5E_^gSt{vEfrx*&{^RoK!~vmTZbOH#VkDvBI<`Yr?c9c zu6V0uyI?f8%n@K~AcfZ*CRu*0W``@VR?LS6(>EUyl>O$hVRPkRkrYF0_A4gK7Xs)MyjsgGN&km5W63PmBDQhiHKQxWz z7iamYK1%f%7((ary0XQ!xERwMS>VGC+dLo43Ju!P7{H9X;|lld)7s2PqnBOQ7Q58j zV)EQNC?FvkWU4Un=;}}=M}pF>1CeqO!VuKG8#yu6KeFMyXQz}lcg~Meg=QYpl+f9h zrcEd1-e(n9I{U>K1PopJqAWOsd-{iM@)k~6X}_eYo%Dm>{?*4d*tZ-#6Y}s6VhRwJ z|EQ9jL5zxn0^kmS1Ka@b0KSm>|3!Dj7=U#8jxM%bVp5MFQj$_qkHo|!9zhUf!2gs; zNpcaS=MV(x2_XUC@7n(_A^0D^lKh`vf6uFGSN6|#WJ3H~2}BdVg8m%W{l8yB5Tv!+ zToBI8ezOiy+&OL~;>Tk(oy+ZupiiH(E(hX+Co3%M{Q{#@0Z#@Wcjr=@e5L7O@4Hgk z6m*X8pRmd{!ii2LQHcB~0~isG!eer)^qOoalU!$ah1|uwj%z2)qQv5N5?MXBAHQH| zjaYQSUSS%tMP^<%zOuHJ;1<}7G}9XN-xMC}SMl;p?Ty3tls0a;3@f9Wsb*(`Ptroc z*>y=$8ZqpIQ96UUO^QxMa}4SH6oUrdW=*ltxld2=w)ziLR(mHtehh7IMh{jJ`uNC_ zd1e%NtPL=eN%mRE42atI*nZaMeRu9YY`+0xZYA=>wwHtMRmgiOm?4Q(byclJv0d00 zL@p%ykwzp01<^e(m0QSYq+c5nMUaXT4Qk_i?;T!>uI80qL3C z12^}Mi>Xn9z54|Jbxr25RvE6|hPHP9(ILq?g0=igfV-T3`fi>!QL{uVd`@1Mb0^bV zt^F9e=Yz=fy!i^9q)Dhzuox0cD|Zhcd{df{5NdQPl@d2WctlF3RQOw56uPuKM_xoN zf~FDssg2Bo*%)~&tLSz5EgAI7*po+utlToU(<}E~9%y}Hrq%hd4`)`RFn!twr;f__ zf^X}jSl$ms8Aje++dA;Br@zHqc8{VS)gYmw=(dLM*4b5QJaM0-`BBojN_dBS|Hfm0 z7G_7AHyX0~++^?)HgcW!k^cH+EjC|#cmR!N0bgYlIVl$%OoZ1yKWVPuXFfyu4a;p( zFx?4MuM8XvEEqNq-kT#8+Qg$$`y)L&xij^*<@)0_?mc0pSTIzB@{F~v+nY*aEWu1c zof6vv*E95*ZbNlr(hA8}&29y>rEk64+b{)**mEWmZAkeMH*t%-6U$;LXE_;; zT^P-eln0fHslVzQ$$H&%hs*9sjHF#g1h~<_0$ZCdlsj2 z?s_m$A9+7`m-S8&?3eg_2mf2cMfk0w{59{>!gT5EF^tIjNarPB$bwlA{U^(RFX#X?7iGtW zlhcu?Cfu(USCS;O3k9ROys;+GN0$%RZ? zM`3u?@icUTw80q@Gck9JA`d`?Su&N;dlM!xxCSi!>TvlMnVwM;e<|{&m+lRdH z2s@HX3h)i-OIY{FO0KcY+hqNNEqYKY1M2S5O zazV;}*a=6nX6)cb0er9I4!s4G#H3a^u2hGIu=*7oM05_LMs~t6SgFjij33(hwbgV6 zq&Yj*)4gGm$(x)_+MLR8lw#`7P%+^(TxTn9c;RC93Oq2D7uGRnyJgB4`g3huPrKiQ zCZ=m*EF2u}d&1fetUNG0D^>#ie5z}7WL~BydC z3Id)LSK&R+20vnOlr{cIX@a0R9->>P<;#{Ea3Ub2sMDrEpIrUv1BdG7h^@Lk7b`?P zM79zi40;+63$|I^A1MHLa|-$EcQvqkYRC9Znt2dq*+To*TZjVWK7^cvSP(=+ z$VvD6CA%1sEwYYfjBSKSlCi|#XU`BJWM3<5(@c$hUn^wIPB94C!W79~ zb|HI>wPA#}=RNQHJm>l2-h0mXd++z3d(H=mW0?j5=#e;H*!{mOuq_A&w)`ub{Vih%)BjyDGXjA5IM6W?2cjb35XS$P|AzB{V6F3r zN>7&5SrJW6Lvt~BwIzm60Z32RZ34o9$T2ik@#C&9$!Y>B=LwA;E4qLJ#Kc2DOJlUM zPG{+=sBtH*@%uBWsyF-%OUxlql?%Px#vOGwWl#Fa24cb%s@Bt;+>*7*w1`X}-78ob zGtK0iqQxTUK2AQ*l&VH`XrRZIq6cIM+)AXl!qdv4mLx{X`Q5%H)7y$PN3li@=GM$PjR~~9 z0ns*&cz(AXta@t}r<7(f|BP$aw@`nSyY5Wv;%Tw781mSLf$JYXkdeeIa_S<$5>fmdknnn$otD&CmFNm~2+oBBU$whTHavqrBGC zXmQSW!~pfh5wUi%x}ZL|FMO+8}NJx7tES4>G55B*sv`e zX2ab&9F{P6SzK}<+asI-@I1fD=}3b&+gAVajyVVrmW#p5im&cd1-LAY)ITl4vyCGk zf=|`fnsv|EPe)}gm%X(+nlG1y@tx?Y%E|6H9vz8x-bdRtbC@}dQ?T<97xyc?{sBp{ zD2Z0WqsDBCA!focAvC3NPu<#IIwj8mE002QWmRv2+lk-#!n)XC z2ELylgfVYqwyo`NrJx|-;A@I-D{#)o?ja_dP3E>JinM##wD$?U8nbE0K zs_kZbN%w=NsJkt`q$2LqX`z5u3rp80?piJpE&(gso7rM(rpux6)(L6?&~A@G$6X4 zA7AX?F??RFaOtQ_<_7+^Py21gkLO2Ee77mm6HugDlgN^tqv5pZ}uFp$&mLr*w3Z>I76{+BD$E!R+9c_rv<0%x|jz_}yBaG`GBk?^dbsal#b$niQic@_PAKQk*}2O`QGNmU*ySnf)d^ z&+MOaNg2?|G~S0NEa@6dsu4=Fox)e0yY6Qynlg~;!&GUv@Fk;5UE;GEDOY&MQUO+2 zb4Oka$@gzmGQi|n1)1pr=v?Uh>4N{&k;4Bmx#VFW4s&-e7a@6N6{NC~G7711MO7Jz zJIDO*B`72x2R%XJphrLe-QThM9|!PXgoXTzu)>xqPj0nuuy#v__b}MwrAez?asNx$ zC>*rO9enKVLY8z@w0c(eX;X`w)pf%TevT)C{Fv^R)2pG2a;UYbqY@de0KG9womAv4 zL(R^^IvW0&S)ZEwl19<$CzZmq-KXX=XYb>@V;1}_nppcM9Rt}|59#z~Fy!)kO#P1v zkK|l}0~y~vWP_>Er={7TG5%DJ*H%kXMc5>$ve~mS{(m+q((9N zWG{C{+G0emo)Op!P##m8?!GP}( zdPPy+^EJcF5Z&Vjlh}VaHat9(HJvteB1su03<==DehIfO*;I z@)FVn+{n@xyM3Sc5*2>#y(bVl)N^v$Ht|`8$wo-yYfN$-o*n)pxbdsUtaN7)WJ^Y* zov+sY_PAIWKL$P79Zbzx2Tdd#f-_AFd=_n6ejvbf(5(2^(Fu|m~BJ;qN?D1 z&8NgPCimH8YzDfBj9bH5P&*gGk)mdlt# z5lMYY&jLT$uPCg|L+_2O%O&dHZral7Lgd)(}_G>7VV^b5u=>A+1K zN_It0*?mqUujX*>8p8~L$eR`557rbO?j{$G{eE|EwXe4$8&m&O9lo1xH7vX#JQz)4 z2_+}r;~p%ABsbhS$kwty(q0oj!EHKgBYeZL~ zAhIzpHPEb{jZ3Nt+s(hDe*=LU|HreYct}E7QCFt)YiewOezer}M@}2h7GZf8HC-y# z&C8myC`RvWTI#s()Uz~PbMi+_DWzIxTbuN%USnWF>6(?*j`r=*ALd_KYihCH1LqvQ zd)nWHmi5PCza)9V9;Q=`%$_8-Q_ zGue?r1UO@exFxCRC8Hx9)Iyu#7OW$xs&m3rP(pFn^n_otXP=GPSN)*!I9&}N_%L@J z%uuWmP$6Qw<3Gs1x##~qsVt~EomML;0ygefNBCt#nMr}KQt`1Kv3#6tP{a=}8T_Ak zhQJ6vVe^AId{aVvQK=V!@e*rNZ1q&frrKOx`xmrj_ilcexc+G;igl*QmlkTIP@x=d zCC~dV1s~sX4JDq9B)tyyQg4PA4+B<<_^-=eMfUJ@Ea)AOxyMt9nLkotyY1I@F1(5Q zkUvAQRiAuwvUJjxmmz=4hWBx2dw#O22p?mz7|p>zU!1~&iuX^($;LTK<6e#MH7JOzsWe8tmi#`EE3QZETF@*Bdd*g2DzA9~?Ynvpx^&H-86hf#=iYk4#nj* zAl+_=o&0KlL^?p8-kGoW4ZB+3NtZ;(@_DW*X#{imj~vR>cyRHRZ}Zlr3U# zA@D-<*`8@F2Po;w+gdCdU)XN-L{s@oarK=Cz!^P1oar5(#c{AY#w z@Q+?q&S-Y|qrH)l#{jc`2Gwlug!`jId9ZbPq%|f?8g~2AgMd>q zXMBC9mAeOtj&4808d53S84(&(+V8sskzl#WiG*5JaWuryr;8>c2K1|mEjna2rogl2 zz1rQaQIkG)wvrdLkGIE~#EafYu0e+q(-{RO-2J!QK=?=)-U%5%yjAR8@CgQb4N@% zMdYG_@x;4OZDBRbAXSNnPSbA!&-pz+3NZz>W8XJGOK`RU4E&mq;qfr<;rz8^aliY5 z0~`gHa^h!NkB_)@k{ySXo1?^YjI>ugvSxz1VQ$Y0Wx74DsveFg+eG&8(g+lHFF2R% z3;f%x@Jt~C#Yy9dnu;U{OYX9ysaBmc2K1Jin}b!+>sTGg8px)%U7;x0Xp(A6*XpnHlM-xK_J~QmAlO%5gN#Aq$-;6EX9Fs5xI1k^ LpaMt_c$)t|ol}*Z literal 0 HcmV?d00001 diff --git a/tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTimeoutTest.java b/tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTimeoutTest.java index 4b8aece4408..b8c60c07149 100644 --- a/tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTimeoutTest.java +++ b/tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTimeoutTest.java @@ -254,9 +254,11 @@ public class HttpClientTimeoutTest extends AbstractTest scenario.client = new HttpClient(scenario.provideClientTransport(), sslContextFactory) { @Override - public ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory) + public ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory) { - return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory) + if (sslContextFactory == null) + sslContextFactory = getSslContextFactory(); + return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory) { @Override protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine) From a73568df28ce101470b0651b341c33a40ccde401 Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Thu, 10 Oct 2019 10:00:17 +0200 Subject: [PATCH 2/2] Fixes #4177 - Configure HTTP proxy with SslContextFactory. Updates after review. Signed-off-by: Simone Bordet --- .../java/org/eclipse/jetty/client/HttpClient.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java index d344335efb1..a295fe8735b 100644 --- a/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java +++ b/jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java @@ -1160,10 +1160,23 @@ public class HttpClient extends ContainerLifeCycle return HttpScheme.HTTPS.is(scheme) || HttpScheme.WSS.is(scheme); } + /** + * Creates a new {@code SslClientConnectionFactory} wrapping the given connection factory. + * + * @param connectionFactory the connection factory to wrap + * @return a new SslClientConnectionFactory + * @deprecated use {@link #newSslClientConnectionFactory(SslContextFactory, ClientConnectionFactory)} instead + */ + @Deprecated + protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory) + { + return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory); + } + protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory) { if (sslContextFactory == null) - sslContextFactory = getSslContextFactory(); + return newSslClientConnectionFactory(connectionFactory); return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory); }