Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support null PROXY_USERNAME #5046

Merged
merged 2 commits into from
Apr 28, 2022
Merged

Support null PROXY_USERNAME #5046

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
00a142b
Support null PROXY_USERNAME
jansupol Apr 21, 2022
422068a
Add javadoc to Netty ENABLE_SSL_HOSTNAME_VERIFICATION configuration p…
jansupol Apr 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion ...y-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyClientProperties.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2021 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2022 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -53,4 +53,19 @@ public class NettyClientProperties {
* </p>
*/
public static final String MAX_CONNECTIONS = "jersey.config.client.maxConnections";

/**
* <p>
* Sets the endpoint identification algorithm to HTTPS.
* </p>
* <p>
* The default value is {@code true} (for HTTPS uri scheme).
* </p>
* <p>
* The name of the configuration property is <tt>{@value}</tt>.
* </p>
* @since 2.35
* @see javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
*/
public static final String ENABLE_SSL_HOSTNAME_VERIFICATION = "jersey.config.client.tls.enableHostnameVerification";
}
50 changes: 39 additions & 11 deletions ...rs/netty-connector/src/main/java/org/glassfish/jersey/netty/connector/NettyConnector.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2021 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2022 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -32,6 +32,9 @@
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.core.Configuration;
Expand All @@ -58,8 +61,11 @@
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.proxy.HttpProxyHandler;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.stream.ChunkedWriteHandler;
import io.netty.handler.timeout.IdleState;
import io.netty.handler.timeout.IdleStateEvent;
Expand Down Expand Up @@ -216,15 +222,9 @@ protected CompletableFuture<ClientResponse> execute(final ClientRequest jerseyRe
protected void initChannel(SocketChannel ch) throws Exception {
ChannelPipeline p = ch.pipeline();

// Enable HTTPS if necessary.
if ("https".equals(requestUri.getScheme())) {
// making client authentication optional for now; it could be extracted to configurable property
JdkSslContext jdkSslContext = new JdkSslContext(client.getSslContext(), true, ClientAuth.NONE);
p.addLast(jdkSslContext.newHandler(ch.alloc()));
}
Configuration config = jerseyRequest.getConfiguration();

// http proxy
Configuration config = jerseyRequest.getConfiguration();
final Object proxyUri = config.getProperties().get(ClientProperties.PROXY_URI);
if (proxyUri != null) {
final URI u = getProxyUri(proxyUri);
Expand All @@ -234,9 +234,37 @@ protected void initChannel(SocketChannel ch) throws Exception {
final String password = ClientProperties.getValue(
config.getProperties(), ClientProperties.PROXY_PASSWORD, String.class);

p.addLast(new HttpProxyHandler(new InetSocketAddress(u.getHost(),
u.getPort() == -1 ? 8080 : u.getPort()),
userName, password));
InetSocketAddress proxyAddr = new InetSocketAddress(u.getHost(),
u.getPort() == -1 ? 8080 : u.getPort());
p.addLast(userName == null ? new HttpProxyHandler(proxyAddr)
: new HttpProxyHandler(proxyAddr, userName, password));
}

// Enable HTTPS if necessary.
if ("https".equals(requestUri.getScheme())) {
// making client authentication optional for now; it could be extracted to configurable property
JdkSslContext jdkSslContext = new JdkSslContext(
client.getSslContext(),
true,
(Iterable) null,
IdentityCipherSuiteFilter.INSTANCE,
(ApplicationProtocolConfig) null,
ClientAuth.NONE,
(String[]) null, /* enable default protocols */
false /* true if the first write request shouldn't be encrypted */
);
int port = requestUri.getPort();
SslHandler sslHandler = jdkSslContext.newHandler(ch.alloc(), requestUri.getHost(),
port <= 0 ? 443 : port, executorService);
if (ClientProperties.getValue(config.getProperties(),
NettyClientProperties.ENABLE_SSL_HOSTNAME_VERIFICATION, true)) {
SSLEngine sslEngine = sslHandler.engine();
SSLParameters sslParameters = sslEngine.getSSLParameters();
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParameters);
}

p.addLast(sslHandler);
}

p.addLast(new HttpClientCodec());
Expand Down