use of io.envoyproxy.envoy.config.core.v3.Address in project okhttp by square.
the class RealConnection method connectTls.
private void connectTls(ConnectionSpecSelector connectionSpecSelector) throws IOException {
Address address = route.address();
SSLSocketFactory sslSocketFactory = address.sslSocketFactory();
boolean success = false;
SSLSocket sslSocket = null;
try {
// Create the wrapper over the connected socket.
sslSocket = (SSLSocket) sslSocketFactory.createSocket(rawSocket, address.url().host(), address.url().port(), true);
// Configure the socket's ciphers, TLS versions, and extensions.
ConnectionSpec connectionSpec = connectionSpecSelector.configureSecureSocket(sslSocket);
if (connectionSpec.supportsTlsExtensions()) {
Platform.get().configureTlsExtensions(sslSocket, address.url().host(), address.protocols());
}
// Force handshake. This can throw!
sslSocket.startHandshake();
Handshake unverifiedHandshake = Handshake.get(sslSocket.getSession());
// Verify that the socket's certificates are acceptable for the target host.
if (!address.hostnameVerifier().verify(address.url().host(), sslSocket.getSession())) {
X509Certificate cert = (X509Certificate) unverifiedHandshake.peerCertificates().get(0);
throw new SSLPeerUnverifiedException("Hostname " + address.url().host() + " not verified:" + "\n certificate: " + CertificatePinner.pin(cert) + "\n DN: " + cert.getSubjectDN().getName() + "\n subjectAltNames: " + OkHostnameVerifier.allSubjectAltNames(cert));
}
// Check that the certificate pinner is satisfied by the certificates presented.
address.certificatePinner().check(address.url().host(), unverifiedHandshake.peerCertificates());
// Success! Save the handshake and the ALPN protocol.
String maybeProtocol = connectionSpec.supportsTlsExtensions() ? Platform.get().getSelectedProtocol(sslSocket) : null;
socket = sslSocket;
source = Okio.buffer(Okio.source(socket));
sink = Okio.buffer(Okio.sink(socket));
handshake = unverifiedHandshake;
protocol = maybeProtocol != null ? Protocol.get(maybeProtocol) : Protocol.HTTP_1_1;
success = true;
} catch (AssertionError e) {
if (Util.isAndroidGetsocknameError(e))
throw new IOException(e);
throw e;
} finally {
if (sslSocket != null) {
Platform.get().afterHandshake(sslSocket);
}
if (!success) {
closeQuietly(sslSocket);
}
}
}
use of io.envoyproxy.envoy.config.core.v3.Address in project okhttp by square.
the class RouteSelectorTest method explicitProxyTriesThatProxysAddressesOnly.
@Test
public void explicitProxyTriesThatProxysAddressesOnly() throws Exception {
Address address = new Address(uriHost, uriPort, dns, socketFactory, null, null, null, authenticator, proxyA, protocols, connectionSpecs, proxySelector);
RouteSelector routeSelector = new RouteSelector(address, routeDatabase);
assertTrue(routeSelector.hasNext());
dns.set(proxyAHost, dns.allocate(2));
assertRoute(routeSelector.next(), address, proxyA, dns.lookup(proxyAHost, 0), proxyAPort);
assertRoute(routeSelector.next(), address, proxyA, dns.lookup(proxyAHost, 1), proxyAPort);
assertFalse(routeSelector.hasNext());
dns.assertRequests(proxyAHost);
// No proxy selector requests!
proxySelector.assertRequests();
}
use of io.envoyproxy.envoy.config.core.v3.Address in project okhttp by square.
the class RouteSelectorTest method proxySelectorDirectConnectionsAreSkipped.
@Test
public void proxySelectorDirectConnectionsAreSkipped() throws Exception {
Address address = httpAddress();
proxySelector.proxies.add(NO_PROXY);
RouteSelector routeSelector = new RouteSelector(address, routeDatabase);
proxySelector.assertRequests(address.url().uri());
// Only the origin server will be attempted.
assertTrue(routeSelector.hasNext());
dns.set(uriHost, dns.allocate(1));
assertRoute(routeSelector.next(), address, NO_PROXY, dns.lookup(uriHost, 0), uriPort);
dns.assertRequests(uriHost);
assertFalse(routeSelector.hasNext());
}
use of io.envoyproxy.envoy.config.core.v3.Address in project okhttp by square.
the class RouteSelectorTest method singleRouteReturnsFailedRoute.
@Test
public void singleRouteReturnsFailedRoute() throws Exception {
Address address = httpAddress();
RouteSelector routeSelector = new RouteSelector(address, routeDatabase);
assertTrue(routeSelector.hasNext());
dns.set(uriHost, dns.allocate(1));
Route route = routeSelector.next();
routeDatabase.failed(route);
routeSelector = new RouteSelector(address, routeDatabase);
assertRoute(routeSelector.next(), address, NO_PROXY, dns.lookup(uriHost, 0), uriPort);
assertFalse(routeSelector.hasNext());
try {
routeSelector.next();
fail();
} catch (NoSuchElementException expected) {
}
}
use of io.envoyproxy.envoy.config.core.v3.Address in project okhttp by square.
the class RouteSelectorTest method proxySelectorReturnsNoProxies.
@Test
public void proxySelectorReturnsNoProxies() throws Exception {
Address address = httpAddress();
RouteSelector routeSelector = new RouteSelector(address, routeDatabase);
assertTrue(routeSelector.hasNext());
dns.set(uriHost, dns.allocate(2));
assertRoute(routeSelector.next(), address, NO_PROXY, dns.lookup(uriHost, 0), uriPort);
assertRoute(routeSelector.next(), address, NO_PROXY, dns.lookup(uriHost, 1), uriPort);
assertFalse(routeSelector.hasNext());
dns.assertRequests(uriHost);
proxySelector.assertRequests(address.url().uri());
}
Aggregations