use of com.predic8.membrane.core.transport.ssl.SSLProvider in project service-proxy by membrane.
the class RuleManager method openPorts.
public synchronized void openPorts() throws IOException {
HashMap<IpPort, SSLProvider> sslProviders;
try {
HashMap<IpPort, SSLContextCollection.Builder> sslContexts = new HashMap<IpPort, SSLContextCollection.Builder>();
for (Rule rule : rules) {
SSLContext sslContext = rule.getSslInboundContext();
if (sslContext != null) {
IpPort ipPort = new IpPort(rule.getKey().getIp(), rule.getKey().getPort());
SSLContextCollection.Builder builder = sslContexts.get(ipPort);
if (builder == null) {
builder = new SSLContextCollection.Builder();
sslContexts.put(ipPort, builder);
}
builder.add(sslContext);
}
}
sslProviders = new HashMap<IpPort, SSLProvider>();
for (Map.Entry<IpPort, SSLContextCollection.Builder> entry : sslContexts.entrySet()) sslProviders.put(entry.getKey(), entry.getValue().build());
} catch (ConfigurationException e) {
throw new IOException(e);
}
for (Rule rule : rules) {
IpPort ipPort = new IpPort(rule.getKey().getIp(), rule.getKey().getPort());
router.getTransport().openPort(rule.getKey().getIp(), rule.getKey().getPort(), sslProviders.get(ipPort));
}
}
use of com.predic8.membrane.core.transport.ssl.SSLProvider in project service-proxy by membrane.
the class HttpClient method call.
public Exchange call(Exchange exc, boolean adjustHostHeader, boolean failOverOn5XX) throws Exception {
if (exc.getDestinations().isEmpty())
throw new IllegalStateException("List of destinations is empty. Please specify at least one destination.");
int counter = 0;
Exception exception = null;
Object trackNodeStatusObj = exc.getProperty(Exchange.TRACK_NODE_STATUS);
boolean trackNodeStatus = trackNodeStatusObj != null && trackNodeStatusObj instanceof Boolean && (Boolean) trackNodeStatusObj;
disableStreamingForRetries(exc);
while (counter < maxRetries) {
Connection con = null;
String dest = getDestination(exc, counter);
HostColonPort target = null;
try {
log.debug("try # " + counter + " to " + dest);
target = init(exc, dest, adjustHostHeader);
if (counter == 0) {
con = exc.getTargetConnection();
if (con != null) {
if (!con.isSame(target.host, target.port)) {
con.close();
con = null;
} else {
con.setKeepAttachedToExchange(true);
}
}
}
SSLProvider sslProvider = getOutboundSSLProvider(exc, target);
if (con == null) {
con = conMgr.getConnection(target.host, target.port, localAddr, sslProvider, connectTimeout, getSNIServerName(exc), proxy, proxySSLContext);
con.setKeepAttachedToExchange(exc.getRequest().isBindTargetConnectionToIncoming());
exc.setTargetConnection(con);
}
if (proxy != null && sslProvider == null)
// if we use a proxy for a plain HTTP (=non-HTTPS) request, attach the proxy credentials.
exc.getRequest().getHeader().setProxyAutorization(proxy.getCredentials());
Response response;
String newProtocol = null;
if (exc.getRequest().isCONNECTRequest()) {
handleConnectRequest(exc, con);
response = Response.ok().build();
newProtocol = "CONNECT";
} else {
response = doCall(exc, con);
if (trackNodeStatus)
exc.setNodeStatusCode(counter, response.getStatusCode());
if (exc.getProperty(Exchange.ALLOW_WEBSOCKET) == Boolean.TRUE && isUpgradeToResponse(response, "websocket")) {
log.debug("Upgrading to WebSocket protocol.");
newProtocol = "WebSocket";
}
if (exc.getProperty(Exchange.ALLOW_TCP) == Boolean.TRUE && isUpgradeToResponse(response, "tcp")) {
log.debug("Upgrading to TCP protocol.");
newProtocol = "TCP";
}
if (exc.getProperty(Exchange.ALLOW_SPDY) == Boolean.TRUE && isUpgradeToResponse(response, "SPDY/3.1")) {
log.debug("Upgrading to SPDY/3.1 protocol.");
newProtocol = "SPDY/3.1";
}
}
if (newProtocol != null) {
setupConnectionForwarding(exc, con, newProtocol, streamPumpStats);
exc.getDestinations().clear();
exc.getDestinations().add(dest);
con.setExchange(exc);
exc.setResponse(response);
return exc;
}
boolean is5XX = 500 <= response.getStatusCode() && response.getStatusCode() < 600;
if (!failOverOn5XX || !is5XX || counter == maxRetries - 1) {
applyKeepAliveHeader(response, con);
exc.getDestinations().clear();
exc.getDestinations().add(dest);
con.setExchange(exc);
response.addObserver(con);
exc.setResponse(response);
return exc;
}
// java.net.SocketException: Software caused connection abort: socket write error
} catch (ConnectException e) {
exception = e;
log.info("Connection to " + (target == null ? dest : target) + " refused.");
} catch (SocketException e) {
if (e.getMessage().contains("Software caused connection abort")) {
log.info("Connection to " + dest + " was aborted externally. Maybe by the server or the OS Membrane is running on.");
} else if (e.getMessage().contains("Connection reset")) {
log.info("Connection to " + dest + " was reset externally. Maybe by the server or the OS Membrane is running on.");
} else {
logException(exc, counter, e);
}
exception = e;
} catch (UnknownHostException e) {
log.warn("Unknown host: " + (target == null ? dest : target));
exception = e;
if (exc.getDestinations().size() < 2) {
// don't retry this host, it's useless. (it's very unlikely that it will work after timeBetweenTriesMs)
break;
}
} catch (EOFWhileReadingFirstLineException e) {
log.debug("Server connection to " + dest + " terminated before line was read. Line so far: " + e.getLineSoFar());
exception = e;
} catch (NoResponseException e) {
throw e;
} catch (Exception e) {
logException(exc, counter, e);
exception = e;
} finally {
if (trackNodeStatus) {
if (exception != null) {
exc.setNodeException(counter, exception);
}
}
}
counter++;
if (exc.getDestinations().size() == 1) {
// as documented above, the sleep timeout is only applied between successive calls to the same destination.
Thread.sleep(timeBetweenTriesMs);
}
}
throw exception;
}
use of com.predic8.membrane.core.transport.ssl.SSLProvider in project service-proxy by membrane.
the class Connection method open.
public static Connection open(String host, int port, String localHost, SSLProvider sslProvider, ConnectionManager mgr, int connectTimeout, @Nullable String sniServername, @Nullable ProxyConfiguration proxy, @Nullable SSLProvider proxySSLProvider) throws UnknownHostException, IOException {
Connection con = new Connection(mgr, host, sslProvider, sniServername, proxy);
String origHost = host;
int origPort = port;
SSLProvider origSSLProvider = sslProvider;
String origSniServername = sniServername;
if (proxy != null) {
sslProvider = proxySSLProvider;
host = proxy.getHost();
port = proxy.getPort();
sniServername = null;
}
if (sslProvider != null) {
if (isNullOrEmpty(localHost))
con.socket = sslProvider.createSocket(host, port, connectTimeout, sniServername);
else
con.socket = sslProvider.createSocket(host, port, InetAddress.getByName(localHost), 0, connectTimeout, sniServername);
} else {
if (isNullOrEmpty(localHost)) {
con.socket = new Socket();
} else {
con.socket = new Socket();
con.socket.bind(new InetSocketAddress(InetAddress.getByName(localHost), 0));
}
con.socket.connect(new InetSocketAddress(host, port), connectTimeout);
}
if (proxy != null && origSSLProvider != null) {
con.doTunnelHandshake(proxy, con.socket, origHost, origPort);
con.socket = origSSLProvider.createSocket(con.socket, origHost, origPort, connectTimeout, origSniServername);
}
log.debug("Opened connection on localPort: " + con.socket.getLocalPort());
// Creating output stream before input stream is suggested.
con.out = new BufferedOutputStream(con.socket.getOutputStream(), 2048);
con.in = new BufferedInputStream(con.socket.getInputStream(), 2048);
return con;
}
use of com.predic8.membrane.core.transport.ssl.SSLProvider in project service-proxy by membrane.
the class HttpTransport method openPort.
/**
* @param port
* @throws IOException
*/
@Override
public synchronized void openPort(String ip, int port, SSLProvider sslProvider) throws IOException {
if (isAnyThreadListeningAt(ip, port)) {
return;
}
if (port == -1)
throw new RuntimeException("The port-attribute is missing (probably on a <serviceProxy> element).");
HttpEndpointListener portListenerThread = new HttpEndpointListener(ip, port, this, sslProvider);
portListenerMapping.put(new IpPort(ip, port), portListenerThread);
portListenerThread.start();
for (IPortChangeListener listener : menuListeners) {
listener.addPort(port);
}
}
use of com.predic8.membrane.core.transport.ssl.SSLProvider in project service-proxy by membrane.
the class HttpServerHandler method setup.
private void setup() throws IOException {
this.exchange = new Exchange(this);
SSLProvider sslProvider = endpointListener.getSslProvider();
if (sslProvider != null) {
showSSLExceptions = sslProvider.showSSLExceptions();
sourceSocket = sslProvider.wrapAcceptedSocket(sourceSocket);
} else {
// if there is no SSLProvider then there shouldn't be any ssl exceptions showing here
showSSLExceptions = false;
}
log.debug("New ServerThread created. " + counter.incrementAndGet());
srcIn = new BufferedInputStream(sourceSocket.getInputStream(), 2048);
srcOut = new BufferedOutputStream(sourceSocket.getOutputStream(), 2048);
sourceSocket.setSoTimeout(endpointListener.getTransport().getSocketTimeout());
sourceSocket.setTcpNoDelay(endpointListener.getTransport().isTcpNoDelay());
}
Aggregations