Merged branch 'jetty-9.4.x' into 'jetty-10.0.x'.
This commit is contained in:
Simone Bordet
commit
6430177685
|
|
@ -1106,11 +1106,26 @@ public class HttpClient extends ContainerLifeCycle
|
|||
return HttpScheme.HTTPS.is(scheme) || HttpScheme.WSS.is(scheme);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@code SslClientConnectionFactory} wrapping the given connection factory.
|
||||
*
|
||||
* @param connectionFactory the connection factory to wrap
|
||||
* @return a new SslClientConnectionFactory
|
||||
* @deprecated use {@link #newSslClientConnectionFactory(SslContextFactory, ClientConnectionFactory)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory);
|
||||
}
|
||||
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
if (sslContextFactory == null)
|
||||
return newSslClientConnectionFactory(connectionFactory);
|
||||
return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory);
|
||||
}
|
||||
|
||||
private class ContentDecoderFactorySet implements Set<ContentDecoder.Factory>
|
||||
{
|
||||
private final Set<ContentDecoder.Factory> set = new HashSet<>();
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ import org.eclipse.jetty.util.component.Dumpable;
|
|||
import org.eclipse.jetty.util.component.DumpableCollection;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.eclipse.jetty.util.thread.Scheduler;
|
||||
import org.eclipse.jetty.util.thread.Sweeper;
|
||||
|
||||
|
|
@ -108,12 +109,12 @@ public class HttpDestination extends ContainerLifeCycle implements Destination,
|
|||
{
|
||||
connectionFactory = proxy.newClientConnectionFactory(connectionFactory);
|
||||
if (proxy.isSecure())
|
||||
connectionFactory = newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = newSslClientConnectionFactory(proxy.getSslContextFactory(), connectionFactory);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (isSecure())
|
||||
connectionFactory = newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = newSslClientConnectionFactory(null, connectionFactory);
|
||||
}
|
||||
return connectionFactory;
|
||||
}
|
||||
|
|
@ -149,9 +150,9 @@ public class HttpDestination extends ContainerLifeCycle implements Destination,
|
|||
return new BlockingArrayQueue<>(client.getMaxRequestsQueuedPerDestination());
|
||||
}
|
||||
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return client.newSslClientConnectionFactory(connectionFactory);
|
||||
return client.newSslClientConnectionFactory(sslContextFactory, connectionFactory);
|
||||
}
|
||||
|
||||
public boolean isSecure()
|
||||
|
|
|
|||
|
|
@ -60,6 +60,16 @@ public class HttpProxy extends ProxyConfiguration.Proxy
|
|||
super(address, secure, Objects.requireNonNull(protocol));
|
||||
}
|
||||
|
||||
public HttpProxy(Origin.Address address, SslContextFactory.Client sslContextFactory)
|
||||
{
|
||||
super(address, sslContextFactory);
|
||||
}
|
||||
|
||||
public HttpProxy(Origin.Address address, SslContextFactory.Client sslContextFactory, HttpDestination.Protocol protocol)
|
||||
{
|
||||
super(address, sslContextFactory, Objects.requireNonNull(protocol));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientConnectionFactory newClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
|
|
@ -212,7 +222,7 @@ public class HttpProxy extends ProxyConfiguration.Proxy
|
|||
// Don't want to do DNS resolution here.
|
||||
InetSocketAddress address = InetSocketAddress.createUnresolved(destination.getHost(), destination.getPort());
|
||||
context.put(ClientConnector.REMOTE_SOCKET_ADDRESS_CONTEXT_KEY, address);
|
||||
connectionFactory = destination.newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = destination.newSslClientConnectionFactory(null, connectionFactory);
|
||||
}
|
||||
var oldConnection = endPoint.getConnection();
|
||||
var newConnection = connectionFactory.newConnection(endPoint, context);
|
||||
|
|
|
|||
|
|
@ -22,10 +22,12 @@ import java.net.URI;
|
|||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
||||
import org.eclipse.jetty.io.ClientConnectionFactory;
|
||||
import org.eclipse.jetty.util.HostPort;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
|
||||
/**
|
||||
* The configuration of the forward proxy to use with {@link org.eclipse.jetty.client.HttpClient}.
|
||||
|
|
@ -64,12 +66,24 @@ public class ProxyConfiguration
|
|||
private final Set<String> excluded = new HashSet<>();
|
||||
private final Origin.Address address;
|
||||
private final boolean secure;
|
||||
private final SslContextFactory.Client sslContextFactory;
|
||||
private final HttpDestination.Protocol protocol;
|
||||
|
||||
protected Proxy(Origin.Address address, boolean secure, HttpDestination.Protocol protocol)
|
||||
protected Proxy(Origin.Address address, boolean secure)
|
||||
{
|
||||
this(address, secure, null);
|
||||
}
|
||||
|
||||
public Proxy(Origin.Address address, SslContextFactory.Client sslContextFactory)
|
||||
{
|
||||
this(address, true, Objects.requireNonNull(sslContextFactory));
|
||||
}
|
||||
|
||||
private Proxy(Origin.Address address, boolean secure, SslContextFactory.Client sslContextFactory)
|
||||
{
|
||||
this.address = address;
|
||||
this.secure = secure;
|
||||
this.sslContextFactory = sslContextFactory;
|
||||
this.protocol = protocol;
|
||||
}
|
||||
|
||||
|
|
@ -89,6 +103,14 @@ public class ProxyConfiguration
|
|||
return secure;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the optional SslContextFactory to use when connecting to proxies
|
||||
*/
|
||||
public SslContextFactory.Client getSslContextFactory()
|
||||
{
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
public HttpDestination.Protocol getProtocol()
|
||||
{
|
||||
return protocol;
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ public class Socks4Proxy extends ProxyConfiguration.Proxy
|
|||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
ClientConnectionFactory connectionFactory = this.connectionFactory;
|
||||
if (destination.isSecure())
|
||||
connectionFactory = destination.newSslClientConnectionFactory(connectionFactory);
|
||||
connectionFactory = destination.newSslClientConnectionFactory(null, connectionFactory);
|
||||
org.eclipse.jetty.io.Connection newConnection = connectionFactory.newConnection(getEndPoint(), context);
|
||||
getEndPoint().upgrade(newConnection);
|
||||
if (LOG.isDebugEnabled())
|
||||
|
|
|
|||
|
|
@ -482,9 +482,9 @@ public class HttpClientTLSTest
|
|||
client = new HttpClient(new HttpClientTransportOverHTTP(clientConnector))
|
||||
{
|
||||
@Override
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
SslClientConnectionFactory ssl = (SslClientConnectionFactory)super.newSslClientConnectionFactory(connectionFactory);
|
||||
SslClientConnectionFactory ssl = (SslClientConnectionFactory)super.newSslClientConnectionFactory(sslContextFactory, connectionFactory);
|
||||
ssl.setAllowMissingCloseMessage(false);
|
||||
return ssl;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -703,6 +703,74 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBothProxyAndServerNeedClientAuthWithDifferentKeyStores() throws Exception
|
||||
{
|
||||
SslContextFactory.Server serverTLS = newServerSslContextFactory();
|
||||
serverTLS.setEndpointIdentificationAlgorithm(null);
|
||||
serverTLS.setNeedClientAuth(true);
|
||||
startTLSServer(serverTLS, new ServerHandler());
|
||||
int serverPort = serverConnector.getLocalPort();
|
||||
|
||||
SslContextFactory.Server proxyServerTLS = newProxySslContextFactory();
|
||||
proxyServerTLS.setEndpointIdentificationAlgorithm(null);
|
||||
proxyServerTLS.setNeedClientAuth(true);
|
||||
startProxy(proxyServerTLS);
|
||||
int proxyPort = proxyConnector.getLocalPort();
|
||||
|
||||
SslContextFactory.Client clientTLS = new SslContextFactory.Client()
|
||||
{
|
||||
@Override
|
||||
public SSLEngine newSSLEngine(String host, int port)
|
||||
{
|
||||
if (port != serverPort)
|
||||
throw new IllegalStateException();
|
||||
return super.newSSLEngine(host, port);
|
||||
}
|
||||
};
|
||||
clientTLS.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_server_keystore.p12").getAbsolutePath());
|
||||
clientTLS.setKeyStorePassword("storepwd");
|
||||
clientTLS.setEndpointIdentificationAlgorithm(null);
|
||||
HttpClient httpClient = new HttpClient(clientTLS);
|
||||
|
||||
SslContextFactory.Client proxyClientTLS = new SslContextFactory.Client()
|
||||
{
|
||||
@Override
|
||||
public SSLEngine newSSLEngine(String host, int port)
|
||||
{
|
||||
if (port != proxyPort)
|
||||
throw new IllegalStateException();
|
||||
return super.newSSLEngine(host, port);
|
||||
}
|
||||
};
|
||||
proxyClientTLS.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_proxy_keystore.p12").getAbsolutePath());
|
||||
proxyClientTLS.setKeyStorePassword("storepwd");
|
||||
proxyClientTLS.setEndpointIdentificationAlgorithm(null);
|
||||
proxyClientTLS.start();
|
||||
HttpProxy httpProxy = new HttpProxy(new Origin.Address("localhost", proxyConnector.getLocalPort()), proxyClientTLS);
|
||||
httpClient.getProxyConfiguration().getProxies().add(httpProxy);
|
||||
httpClient.start();
|
||||
|
||||
try
|
||||
{
|
||||
String body = "BODY";
|
||||
ContentResponse response = httpClient.newRequest("localhost", serverConnector.getLocalPort())
|
||||
.scheme(HttpScheme.HTTPS.asString())
|
||||
.method(HttpMethod.GET)
|
||||
.path("/echo?body=" + URLEncoder.encode(body, "UTF-8"))
|
||||
.timeout(5, TimeUnit.SECONDS)
|
||||
.send();
|
||||
|
||||
assertEquals(HttpStatus.OK_200, response.getStatus());
|
||||
String content = response.getContentAsString();
|
||||
assertEquals(body, content);
|
||||
}
|
||||
finally
|
||||
{
|
||||
httpClient.stop();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Tag("external")
|
||||
@Disabled
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -252,9 +252,11 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
|
|||
scenario.client = new HttpClient(scenario.provideClientTransport(transport, sslContextFactory))
|
||||
{
|
||||
@Override
|
||||
public ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
public ClientConnectionFactory newSslClientConnectionFactory(SslContextFactory sslContextFactory, ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return new SslClientConnectionFactory(getSslContextFactory(), getByteBufferPool(), getExecutor(), connectionFactory)
|
||||
if (sslContextFactory == null)
|
||||
sslContextFactory = getSslContextFactory();
|
||||
return new SslClientConnectionFactory(sslContextFactory, getByteBufferPool(), getExecutor(), connectionFactory)
|
||||
{
|
||||
@Override
|
||||
protected SslConnection newSslConnection(ByteBufferPool byteBufferPool, Executor executor, EndPoint endPoint, SSLEngine engine)
|
||||
|
|
|
|||
Loading…
Reference in New Issue