svn commit: r1507117 - in /synapse/trunk/java: ./ modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/ modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/

Thu, 25 Jul 2013 13:42:59 -0700 

Author: hiranya
Date: Thu Jul 25 20:42:05 2013
New Revision: 1507117

URL: http://svn.apache.org/r1507117
Log:
Implementing a custom SSL client connection factory to support custom SSL 
profiles for outgoing HTTPS requests.

Modified:
    
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
    
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSender.java
    
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/SSLClientIOEventDispatch.java
    
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
    
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SSLTargetIOEventDispatch.java
    synapse/trunk/java/pom.xml

Modified: 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
URL: 
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java?rev=1507117&r1=1507116&r2=1507117&view=diff
==============================================================================
--- 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
 (original)
+++ 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
 Thu Jul 25 20:42:05 2013
@@ -52,10 +52,8 @@ public class HttpCoreNIOSSLSender extend
         SSLSetupHandler sslIOSessionHandler, HttpParams params,
         TransportOutDescription transportOut) throws AxisFault {
 
-        SSLClientIOEventDispatch dispatch = new 
SSLClientIOEventDispatch(handler, sslContext,
-                sslIOSessionHandler, params);
-        dispatch.setContextMap(getCustomSSLContexts(transportOut));
-        return dispatch;
+        return new SSLClientIOEventDispatch(handler, sslContext,
+                getCustomSSLContexts(transportOut), sslIOSessionHandler, 
params);
     }
 
     /**
@@ -97,14 +95,14 @@ public class HttpCoreNIOSSLSender extend
      * @return the SSLIOSessionHandler to be used
      * @throws AxisFault if a configuration error occurs
      */
-    protected SSLSetupHandler getSSLIOSessionHandler(TransportOutDescription 
transportOut)
+    protected SSLSetupHandler getSSLSetupHandler(TransportOutDescription 
transportOut)
             throws AxisFault {
 
         final Parameter hostnameVerifier = 
transportOut.getParameter("HostnameVerifier");
         if (hostnameVerifier != null) {
-            return 
createSSLIOSessionHandler(hostnameVerifier.getValue().toString());
+            return 
createSSLSetupHandler(hostnameVerifier.getValue().toString());
         } else {
-            return createSSLIOSessionHandler(null);
+            return createSSLSetupHandler(null);
         }        
     }
 
@@ -276,7 +274,7 @@ public class HttpCoreNIOSSLSender extend
         }
     }
 
-    private SSLSetupHandler createSSLIOSessionHandler(final String 
hostnameVerifier)
+    private SSLSetupHandler createSSLSetupHandler(final String 
hostnameVerifier)
             throws AxisFault {
 
         return new SSLSetupHandler() {

Modified: 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSender.java
URL: 
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSender.java?rev=1507117&r1=1507116&r2=1507117&view=diff
==============================================================================
--- 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSender.java
 (original)
+++ 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSender.java
 Thu Jul 25 20:42:05 2013
@@ -110,7 +110,7 @@ public class HttpCoreNIOSender extends A
     /** Weather Server header coming from server should be preserved */
     private boolean preserveServerHeader = true;
     /**
-     * Initialize the transport sender, and execute reactor in new seperate 
thread
+     * Initialize the transport sender, and execute reactor in new separate 
thread
      * @param cfgCtx the Axis2 configuration context
      * @param transportOut the description of the http/s transport from Axis2 
configuration
      * @throws AxisFault thrown on an error
@@ -118,7 +118,7 @@ public class HttpCoreNIOSender extends A
     public void init(ConfigurationContext cfgCtx, TransportOutDescription 
transportOut) throws AxisFault {
         // is this an SSL Sender?
         sslContext = getSSLContext(transportOut);
-        SSLSetupHandler sslSetupHandler = getSSLIOSessionHandler(transportOut);
+        SSLSetupHandler sslSetupHandler = getSSLSetupHandler(transportOut);
 
         // configure proxy settings - only supports HTTP right now (See 
SYNAPSE-418)
         if (sslContext == null) {
@@ -244,7 +244,7 @@ public class HttpCoreNIOSender extends A
      * @return always null
      * @throws AxisFault on error
      */
-    protected SSLSetupHandler getSSLIOSessionHandler(TransportOutDescription 
transportOut)
+    protected SSLSetupHandler getSSLSetupHandler(TransportOutDescription 
transportOut)
         throws AxisFault {
         return null;
     }

Modified: 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/SSLClientIOEventDispatch.java
URL: 
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/SSLClientIOEventDispatch.java?rev=1507117&r1=1507116&r2=1507117&view=diff
==============================================================================
--- 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/SSLClientIOEventDispatch.java
 (original)
+++ 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/SSLClientIOEventDispatch.java
 Thu Jul 25 20:42:05 2013
@@ -22,15 +22,21 @@ package org.apache.synapse.transport.nht
 import javax.net.ssl.SSLContext;
 
 import org.apache.http.HttpResponseFactory;
+import org.apache.http.impl.DefaultHttpResponseFactory;
 import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
 import org.apache.http.impl.nio.DefaultNHttpClientConnection;
-import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
 import org.apache.http.nio.NHttpClientEventHandler;
+import org.apache.http.nio.NHttpConnectionFactory;
 import org.apache.http.nio.reactor.IOSession;
+import org.apache.http.nio.reactor.ssl.SSLIOSession;
+import org.apache.http.nio.reactor.ssl.SSLMode;
 import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
 import org.apache.http.nio.util.ByteBufferAllocator;
+import org.apache.http.nio.util.HeapByteBufferAllocator;
+import org.apache.http.params.HttpConnectionParams;
 import org.apache.http.params.HttpParams;
 
+import java.net.InetSocketAddress;
 import java.util.Map;
 
 /**
@@ -38,59 +44,101 @@ import java.util.Map;
  * SSLContext when connecting to different servers. If a SSLContext cannot be 
found for a
  * particular server from the specified map it uses the default SSLContext.
  */
-public class SSLClientIOEventDispatch 
-    extends DefaultHttpClientIODispatch {
-
-    private Map<String, SSLContext> contextMap;
+public class SSLClientIOEventDispatch extends DefaultHttpClientIODispatch {
 
     public SSLClientIOEventDispatch(
             final NHttpClientEventHandler handler,
             final SSLContext sslcontext,
+            final Map<String, SSLContext> contextMap,
             final SSLSetupHandler sslHandler,
             final HttpParams params) {
-        super(LoggingUtils.decorate(handler), new 
SSLTargetConnectionFactory(sslcontext, sslHandler, params));
-    }
-
-    public void setContextMap(Map<String,SSLContext> contextMap) {
-        this.contextMap = contextMap;
+        super(LoggingUtils.decorate(handler),
+                new SSLClientConnectionFactory(sslcontext, contextMap, 
sslHandler, params));
     }
 
-//    protected SSLIOSession createSSLIOSession(IOSession ioSession, 
SSLContext sslContext,
-//                                              SSLIOSessionHandler 
sslioSessionHandler) {
-//
-//        InetSocketAddress address = (InetSocketAddress) 
ioSession.getRemoteAddress();
-//        String host = address.getHostName() + ":" + address.getPort();
-//        SSLContext customContext = null;
-//        if (contextMap != null) {
-//            // See if there's a custom SSL profile configured for this server
-//            customContext = contextMap.get(host);
-//        }
-//
-//        if (customContext == null) {
-//            customContext = sslContext;
-//        }
-//
-//        return super.createSSLIOSession(ioSession, customContext, 
sslioSessionHandler);
-//    }
-
-    private static class SSLTargetConnectionFactory extends 
SSLNHttpClientConnectionFactory {
-
-        public SSLTargetConnectionFactory(SSLContext sslcontext,
-                                          SSLSetupHandler sslHandler, 
HttpParams params) {
-            super(sslcontext, sslHandler, params);
+    /**
+     * Custom NHttpClientConnectionFactory implementation. Most of this code 
has been borrowed
+     * from the SSLNHttpClientConnectionFactory class of HttpCore-NIO. This 
custom implementation
+     * allows using different SSLContext instances for different target 
endpoints (custom SSL
+     * profiles feature). Hopefully a future HttpCore-NIO API will provide an 
easier way to
+     * customize the way SSLIOSession instances are created and we will be 
able to get rid of this.
+     */
+    private static class SSLClientConnectionFactory
+            implements NHttpConnectionFactory<DefaultNHttpClientConnection> {
+
+        private final HttpResponseFactory responseFactory;
+        private final ByteBufferAllocator allocator;
+        private final SSLContext sslcontext;
+        private final SSLSetupHandler sslHandler;
+        private final HttpParams params;
+        private final Map<String,SSLContext> contextMap;
+
+        public SSLClientConnectionFactory(
+                final SSLContext sslcontext,
+                final Map<String,SSLContext> contextMap,
+                final SSLSetupHandler sslHandler,
+                final HttpParams params) {
+
+            if (params == null) {
+                throw new IllegalArgumentException("HTTP parameters may not be 
null");
+            }
+            this.sslcontext = sslcontext;
+            this.contextMap = contextMap;
+            this.sslHandler = sslHandler;
+            this.responseFactory = new DefaultHttpResponseFactory();
+            this.allocator = new HeapByteBufferAllocator();
+            this.params = params;
         }
 
-        @Override
         protected DefaultNHttpClientConnection createConnection(IOSession 
session,
                                                                 
HttpResponseFactory responseFactory,
                                                                 
ByteBufferAllocator allocator,
                                                                 HttpParams 
params) {
+            session = 
org.apache.synapse.transport.passthru.logging.LoggingUtils.decorate(session, 
"sslclient");
             return LoggingUtils.createClientConnection(
                     session,
                     responseFactory,
                     allocator,
                     params);
         }
+
+        private SSLContext getDefaultSSLContext() {
+            SSLContext sslcontext;
+            try {
+                sslcontext = SSLContext.getInstance("TLS");
+                sslcontext.init(null, null, null);
+            } catch (Exception ex) {
+                throw new IllegalStateException("Failure initializing default 
SSL context", ex);
+            }
+            return sslcontext;
+        }
+
+        private SSLContext getSSLContext(IOSession session) {
+            InetSocketAddress address = (InetSocketAddress) 
session.getRemoteAddress();
+            String host = address.getHostName() + ":" + address.getPort();
+            SSLContext customContext = null;
+            if (contextMap != null) {
+                // See if there's a custom SSL profile configured for this 
server
+                customContext = contextMap.get(host);
+            }
+
+            if (customContext == null) {
+                customContext = this.sslcontext != null ? this.sslcontext : 
getDefaultSSLContext();
+            }
+            return customContext;
+        }
+
+        public DefaultNHttpClientConnection createConnection(final IOSession 
session) {
+            SSLContext sslcontext = getSSLContext(session);
+            SSLIOSession ssliosession = new SSLIOSession(session, 
SSLMode.CLIENT,
+                    sslcontext, this.sslHandler);
+            session.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
+            DefaultNHttpClientConnection conn = createConnection(
+                    ssliosession, this.responseFactory, this.allocator, 
this.params);
+            int timeout = HttpConnectionParams.getSoTimeout(this.params);
+            conn.setSocketTimeout(timeout);
+            return conn;
+        }
     }
 
 }

Modified: 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
URL: 
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java?rev=1507117&r1=1507116&r2=1507117&view=diff
==============================================================================
--- 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
 (original)
+++ 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
 Thu Jul 25 20:42:05 2013
@@ -56,7 +56,8 @@ public class PassThroughHttpSSLSender ex
                                                HttpParams params,
                                                TransportOutDescription 
transportOut) throws AxisFault {
 
-        return new SSLTargetIOEventDispatch(handler, sslContext, 
sslIOSessionHandler, params);
+        return new SSLTargetIOEventDispatch(handler, sslContext, 
getCustomSSLContexts(transportOut),
+                sslIOSessionHandler, params);
     }
 
     /**
@@ -105,9 +106,9 @@ public class PassThroughHttpSSLSender ex
 
         final Parameter hostnameVerifier = 
transportOut.getParameter("HostnameVerifier");
         if (hostnameVerifier != null) {
-            return 
createSSLIOSessionHandler(hostnameVerifier.getValue().toString());
+            return 
createSSLSetupHandler(hostnameVerifier.getValue().toString());
         } else {
-            return createSSLIOSessionHandler(null);
+            return createSSLSetupHandler(null);
         }
     }
 
@@ -279,7 +280,7 @@ public class PassThroughHttpSSLSender ex
         }
     }
 
-    private SSLSetupHandler createSSLIOSessionHandler(final String 
hostnameVerifier)
+    private SSLSetupHandler createSSLSetupHandler(final String 
hostnameVerifier)
             throws AxisFault {
 
         return new SSLSetupHandler() {

Modified: 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SSLTargetIOEventDispatch.java
URL: 
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SSLTargetIOEventDispatch.java?rev=1507117&r1=1507116&r2=1507117&view=diff
==============================================================================
--- 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SSLTargetIOEventDispatch.java
 (original)
+++ 
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/SSLTargetIOEventDispatch.java
 Thu Jul 25 20:42:05 2013
@@ -20,42 +20,70 @@
 package org.apache.synapse.transport.passthru;
 
 import org.apache.http.HttpResponseFactory;
+import org.apache.http.impl.DefaultHttpResponseFactory;
 import org.apache.http.impl.nio.DefaultHttpClientIODispatch;
 import org.apache.http.impl.nio.DefaultNHttpClientConnection;
-import org.apache.http.impl.nio.SSLNHttpClientConnectionFactory;
 import org.apache.http.nio.NHttpClientEventHandler;
+import org.apache.http.nio.NHttpConnectionFactory;
 import org.apache.http.nio.reactor.IOSession;
+import org.apache.http.nio.reactor.ssl.SSLIOSession;
+import org.apache.http.nio.reactor.ssl.SSLMode;
 import org.apache.http.nio.reactor.ssl.SSLSetupHandler;
 import org.apache.http.nio.util.ByteBufferAllocator;
+import org.apache.http.nio.util.HeapByteBufferAllocator;
+import org.apache.http.params.HttpConnectionParams;
 import org.apache.http.params.HttpParams;
 import org.apache.synapse.transport.passthru.logging.LoggingUtils;
 
 import javax.net.ssl.SSLContext;
+import java.net.InetSocketAddress;
 import java.util.Map;
 
 public class SSLTargetIOEventDispatch extends DefaultHttpClientIODispatch {
 
-    private Map<String, SSLContext> contextMap;
-
     public SSLTargetIOEventDispatch(NHttpClientEventHandler handler,
                                     SSLContext sslcontext,
+                                    Map<String,SSLContext> customContexts,
                                     SSLSetupHandler sslHandler,
                                     HttpParams params) {
-        super(handler, new SSLTargetConnectionFactory(sslcontext, sslHandler, 
params));
-    }
-
-    public void setContextMap(Map<String,SSLContext> contextMap) {
-        this.contextMap = contextMap;
+        super(handler,
+                new SSLTargetConnectionFactory(sslcontext, customContexts, 
sslHandler, params));
     }
 
-    private static class SSLTargetConnectionFactory extends 
SSLNHttpClientConnectionFactory {
-
-        public SSLTargetConnectionFactory(SSLContext sslcontext,
-                                          SSLSetupHandler sslHandler, 
HttpParams params) {
-            super(sslcontext, sslHandler, params);
+    /**
+     * Custom NHttpClientConnectionFactory implementation. Most of this code 
has been borrowed
+     * from the SSLNHttpClientConnectionFactory class of HttpCore-NIO. This 
custom implementation
+     * allows using different SSLContext instances for different target 
endpoints (custom SSL
+     * profiles feature). Hopefully a future HttpCore-NIO API will provide an 
easier way to
+     * customize the way SSLIOSession instances are created and we will be 
able to get rid of this.
+     */
+    private static class SSLTargetConnectionFactory
+            implements NHttpConnectionFactory<DefaultNHttpClientConnection> {
+
+        private final HttpResponseFactory responseFactory;
+        private final ByteBufferAllocator allocator;
+        private final SSLContext sslcontext;
+        private final SSLSetupHandler sslHandler;
+        private final HttpParams params;
+        private final Map<String,SSLContext> contextMap;
+
+        public SSLTargetConnectionFactory(
+                final SSLContext sslcontext,
+                final Map<String,SSLContext> contextMap,
+                final SSLSetupHandler sslHandler,
+                final HttpParams params) {
+
+            if (params == null) {
+                throw new IllegalArgumentException("HTTP parameters may not be 
null");
+            }
+            this.sslcontext = sslcontext;
+            this.contextMap = contextMap;
+            this.sslHandler = sslHandler;
+            this.responseFactory = new DefaultHttpResponseFactory();
+            this.allocator = new HeapByteBufferAllocator();
+            this.params = params;
         }
 
-        @Override
         protected DefaultNHttpClientConnection createConnection(IOSession 
session,
                                                                 
HttpResponseFactory responseFactory,
                                                                 
ByteBufferAllocator allocator,
@@ -67,24 +95,43 @@ public class SSLTargetIOEventDispatch ex
                     allocator,
                     params);
         }
-    }
 
-    /*protected SSLIOSession createSSLIOSession(IOSession session,
-                                              SSLContext sslcontext,
-                                              SSLSetupHandler sslHandler) {
-
-        InetSocketAddress address = (InetSocketAddress) 
session.getRemoteAddress();
-        String host = address.getHostName() + ":" + address.getPort();
-        SSLContext customContext = null;
-        if (contextMap != null) {
-            // See if there's a custom SSL profile configured for this server
-            customContext = contextMap.get(host);
+        private SSLContext getDefaultSSLContext() {
+            SSLContext sslcontext;
+            try {
+                sslcontext = SSLContext.getInstance("TLS");
+                sslcontext.init(null, null, null);
+            } catch (Exception ex) {
+                throw new IllegalStateException("Failure initializing default 
SSL context", ex);
+            }
+            return sslcontext;
         }
 
-        if (customContext == null) {
-            customContext = sslcontext;
+        private SSLContext getSSLContext(IOSession session) {
+            InetSocketAddress address = (InetSocketAddress) 
session.getRemoteAddress();
+            String host = address.getHostName() + ":" + address.getPort();
+            SSLContext customContext = null;
+            if (contextMap != null) {
+                // See if there's a custom SSL profile configured for this 
server
+                customContext = contextMap.get(host);
+            }
+
+            if (customContext == null) {
+                customContext = this.sslcontext != null ? this.sslcontext : 
getDefaultSSLContext();
+            }
+            return customContext;
         }
 
-        return super.createSSLIOSession(session, customContext, sslHandler);
-    }*/
+        public DefaultNHttpClientConnection createConnection(final IOSession 
session) {
+            SSLContext sslcontext = getSSLContext(session);
+            SSLIOSession ssliosession = new SSLIOSession(session, 
SSLMode.CLIENT,
+                    sslcontext, this.sslHandler);
+            session.setAttribute(SSLIOSession.SESSION_KEY, ssliosession);
+            DefaultNHttpClientConnection conn = createConnection(
+                    ssliosession, this.responseFactory, this.allocator, 
this.params);
+            int timeout = HttpConnectionParams.getSoTimeout(this.params);
+            conn.setSocketTimeout(timeout);
+            return conn;
+        }
+    }
 }

Modified: synapse/trunk/java/pom.xml
URL: 
http://svn.apache.org/viewvc/synapse/trunk/java/pom.xml?rev=1507117&r1=1507116&r2=1507117&view=diff
==============================================================================
--- synapse/trunk/java/pom.xml (original)
+++ synapse/trunk/java/pom.xml Thu Jul 25 20:42:05 2013
@@ -1269,18 +1269,18 @@
             <email>hiranya AT apache.org</email>
             <organization>WSO2</organization>
         </developer>
-       <developer>
+           <developer>
             <name>Charith Wickramarachchi</name>
             <id>charith</id>
             <email>charith AT apache.org</email>
             <organization>WSO2</organization>
         </developer>
-       <developer>
+           <developer>
             <name>Heshan Suriyaarachchi</name>
             <id>heshan</id>
             <email>heshan AT apache.org</email>
             <organization>WSO2</organization>
-           <url>http://heshans.blogspot.com/</url>
+               <url>http://heshans.blogspot.com/</url>
         </developer>
         <developer>
             <name>Rajika Kumarasiri</name>
@@ -1293,7 +1293,7 @@
             <email>kasun AT apache.org</email>
            <organization>WSO2</organization>
         </developer> 
-       <developer>
+           <developer>
             <name>Udayanga Wickramasinghe</name>
             <id>uswick</id>
             <email>uswick AT apache.org</email>

Reply via email to