Return-Path: 
 <httpclient-users-return-8442-apmail-hc-httpclient-users-archive=hc.apache.org@hc.apache.org>
Delivered-To: apmail-hc-httpclient-users-archive@www.apache.org
Received: (qmail 1210 invoked from network); 7 Jul 2010 14:03:13 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 7 Jul 2010 14:03:13 -0000
Received: (qmail 68916 invoked by uid 500); 7 Jul 2010 14:03:13 -0000
Delivered-To: apmail-hc-httpclient-users-archive@hc.apache.org
Received: (qmail 68585 invoked by uid 500); 7 Jul 2010 14:03:11 -0000
Mailing-List: contact httpclient-users-help@hc.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:httpclient-users-help@hc.apache.org>
List-Unsubscribe: <mailto:httpclient-users-unsubscribe@hc.apache.org>
List-Post: <mailto:httpclient-users@hc.apache.org>
List-Id: <httpclient-users.hc.apache.org>
Reply-To: "HttpClient User Discussion" <httpclient-users@hc.apache.org>
Delivered-To: mailing list httpclient-users@hc.apache.org
Received: (qmail 68577 invoked by uid 99); 7 Jul 2010 14:03:10 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Jul 2010 14:03:10 +0000
X-ASF-Spam-Status: No, hits=0.7 required=10.0
	tests=NORMAL_HTTP_TO_IP,SPF_NEUTRAL,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [92.42.190.144] (HELO ok2cons2.nine.ch) (92.42.190.144)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Jul 2010 14:03:01 +0000
Received: from [192.168.1.104] (77-57-192-27.dclient.hispeed.ch
 [77.57.192.27])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ok2cons2.nine.ch (Postfix) with ESMTPSA id C8C924BA238
	for <httpclient-users@hc.apache.org>; Wed,  7 Jul 2010 16:02:40 +0200 (CEST)
Subject: Re: How to use httpclient4.0 to connect HTTPS via socks proxy?
From: Oleg Kalnichevski <olegk@apache.org>
To: HttpClient User Discussion <httpclient-users@hc.apache.org>
In-Reply-To: <29096266.post@talk.nabble.com>
References: <29070494.post@talk.nabble.com>
	 <1278334002.11837.9.camel@ubuntu> <29077304.post@talk.nabble.com>
	 <1278357984.3410.1.camel@ubuntu> <29081349.post@talk.nabble.com>
	 <1278442832.9552.1.camel@ubuntu> <29091968.post@talk.nabble.com>
	 <1278499205.9552.73.camel@ubuntu> <29095690.post@talk.nabble.com>
	 <1278509633.9552.88.camel@ubuntu>  <29096266.post@talk.nabble.com>
Content-Type: text/plain; charset="UTF-8"
Date: Wed, 07 Jul 2010 16:02:39 +0200
Message-ID: <1278511359.9552.95.camel@ubuntu>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3 
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

On Wed, 2010-07-07 at 06:40 -0700, Jacky-Zhu-1 wrote:
> 
> 
> olegk wrote:
> > 
> > On Wed, 2010-07-07 at 05:48 -0700, Jacky-Zhu-1 wrote:
> >> 
> >> 
> >> olegk wrote:
> >> > 
> >> >> Hi Oleg,
> >> >> Yes, I have implemented my SocksSSLSocketFactory who has implemented
> >> the
> >> >> SocketFatory interface, as the code I pasted. 
> >> >> In the debug mode, I also found this class was used by HttpClient, and
> >> >> the
> >> >> function createSocket and connectSocket of the SocksSSLSocketFactory
> >> were
> >> >> calle, everything is ok before return from connectSocket: the normal
> >> >> socket
> >> >> has been created and conneted to proxy server, the socks4 protocol
> >> >> finished
> >> >> successfully, the sslsocket is created using this normal socket
> >> >> successfully, but after return this sslsocket from connectSocket, the
> >> >> error
> >> >> happens, from the log I found that this sslsocket was shutdown, I
> >> don't
> >> >> know
> >> >> why, I don't know what happend after connectSocket returned the
> >> >> sslsocket.
> >> >> So my problem is that the sslsocket I created was shutdown after I
> >> >> returned
> >> >> it to HttpClient in connectSocket function.
> >> >> 
> >> >> 
> >> >> 10-07-05 10:57:42,269 DEBUG -Get connection for route
> >> >> HttpRoute[{}->https://10.64.69.13:9000]
> >> >>
> >> [org.apache.http.impl.conn.SingleClientConnManager.getConnection(SingleClientConnManager.java:195)] 
> >> >> 2010-07-05 10:57:42,269 DEBUG -Get connection for route
> >> >> HttpRoute[{}->https://10.64.69.13:9000]
> >> >>
> >> [org.apache.http.impl.conn.SingleClientConnManager.getConnection(SingleClientConnManager.java:195)] 
> >> >> 2010-07-05 10:57:42,286 DEBUG -Connection shut down
> >> >>
> >> [org.apache.http.impl.conn.DefaultClientConnection.shutdown(DefaultClientConnection.java:141)] 
> >> >> 2010-07-05 10:57:42,286 DEBUG -Connection shut down
> >> >>
> >> [org.apache.http.impl.conn.DefaultClientConnection.shutdown(DefaultClientConnection.java:141)] 
> >> >> 2010-07-05 10:57:42,287 DEBUG -Releasing connection
> >> >> org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@19ab6f6
> >> >>
> >> [org.apache.http.impl.conn.SingleClientConnManager.releaseConnection(SingleClientConnManager.java:250)] 
> >> >> 2010-07-05 10:57:42,287 DEBUG -Releasing connection
> >> >> org.apache.http.impl.conn.SingleClientConnManager$ConnAdapter@19ab6f6
> >> >>
> >> [org.apache.http.impl.conn.SingleClientConnManager.releaseConnection(SingleClientConnManager.java:250)] 
> >> >> 2010-07-05 10:57:42,287 ERROR
> >> >> -executeRequest=============================:class:class
> >> >> java.net.SocketException:Socket is not connected
> >> >>
> >> [com.trendmicro.imss.ui.modelobjects.prefilter.client.CommonUtils.executeRequest(CommonUtils.java:641)] 
> >> >> 
> >> > 
> >> > Post code of the SocketFactory implementation.
> >> > 
> >> > Oleg
> >> > 
> >> > 
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >> > 
> >> > 
> >> > 
> >> 
> >> 
> >> Hi Oleg,
> >> Here is the class which implemented SocketFactory:
> >> public class SocksSSLSocketFactory implements SocketFactory { 
> >> 
> >>     private String proxyHost; 
> >>     private int proxyPort; 
> >>     private String userName; 
> >>     private String passWd; 
> >>     private final javax.net.ssl.SSLSocketFactory socketfactory; 
> >> 
> >>     public SocksSSLSocketFactory(SSLContext sslContext, String socksHost,
> >> int socksPort) { 
> >>         this(sslContext, socksHost, socksPort, null, null); 
> >>     } 
> >> 
> >>     public SocksSSLSocketFactory(SSLContext sslContext, String socksHost,
> >> int socksPort, 
> >>             String userName, String passWd) { 
> >>         this.socketfactory = sslContext.getSocketFactory(); 
> >>         proxyHost = socksHost; 
> >>         proxyPort = socksPort; 
> >>         this.userName = userName; 
> >>         this.passWd = passWd; 
> >>     } 
> >> 
> >>     public Socket createSocket() throws IOException { 
> >>         return (SSLSocket) this.socketfactory.createSocket(); 
> >>     } 
> >> 
> >>     public Socket connectSocket(Socket sock, 
> >>             String host, 
> >>             int port, 
> >>             InetAddress localAddress, 
> >>             int localPort, 
> >>             HttpParams params) throws IOException, UnknownHostException,
> >> ConnectTimeoutException { 
> >>         if (host == null) { 
> >>             throw new IllegalArgumentException("Target host may not be
> >> null."); 
> >>         } 
> >>         if (params == null) { 
> >>             throw new IllegalArgumentException("Parameters may not be
> >> null."); 
> >>         } 
> >> 
> > 
> > Is there any good reason for not re-using Socket instance passed to this
> > method as parameter 'sock'?
> > 
> > Otherwise, I see no obvious problems with your code and I am afraid I
> > will not be able to help any further.
> > 
> > Oleg 
> > 
> > 
> > 
> >>         InetSocketAddress epoint = new InetSocketAddress(host, port); 
> >>         sock = getSocketConnected(epoint); 
> >>         SSLSocket sslSocket =
> >> (SSLSocket)this.socketfactory.createSocket(sock, host, port, false); 
> >>         if ((localAddress != null) || (localPort > 0)) { 
> >>             // we need to bind explicitly 
> >>             if (localPort < 0) { 
> >>                 localPort = 0; // indicates "any" 
> >>             } 
> >>             InetSocketAddress isa = 
> >>                     new InetSocketAddress(localAddress, localPort); 
> >>             sslSocket.bind(isa); 
> >>         } 
> >>         
> >>         return sslSocket; 
> >>     } 
> >> 
> >>     public boolean isSecure(Socket sock) throws IllegalArgumentException
> >> { 
> >>         if (sock == null) { 
> >>             throw new IllegalArgumentException("Socket may not be
> >> null."); 
> >>         } 
> >>         // This check is performed last since it calls a method
> >> implemented 
> >>         // by the argument object. getClass() is final in
> >> java.lang.Object. 
> >>         if (sock.isClosed()) { 
> >>             throw new IllegalArgumentException("Socket is closed."); 
> >>         } 
> >>         return false; 
> >>     } 
> >> 
> >>     //generate the socket connected to socks4 proxy server 
> >>     private Socket getSocketConnected(InetSocketAddress endpoint) throws
> >> IOException { 
> >>         Socket socket = new Socket(proxyHost, proxyPort); 
> >>         InputStream in = socket.getInputStream(); 
> >>         OutputStream out = socket.getOutputStream(); 
> >> 
> >>         out.write(4); 
> >>         out.write(1); 
> >>         out.write((endpoint.getPort() >> 8) & 0xff); 
> >>         out.write((endpoint.getPort() >> 0) & 0xff); 
> >>         out.write(endpoint.getAddress().getAddress()); 
> >>         if (userName != null) 
> >>         { 
> >>             try { 
> >>                 out.write(userName.getBytes("ISO-8859-1")); 
> >>             } catch (java.io.UnsupportedEncodingException uee) { 
> >>                 assert false; 
> >>             } 
> >>         } 
> >>         out.write(0); 
> >>         out.flush(); 
> >>         byte[] data = new byte[8]; 
> >>         int n = readSocketReply(in, data); 
> >>         if (n != 8) { 
> >>             throw new SocketException("Reply from SOCKS server has bad
> >> length: " + n); 
> >>         } 
> >>         if (data[0] != 0 && data[0] != 4) { 
> >>             throw new SocketException("Reply from SOCKS server has bad
> >> version"); 
> >>         } 
> >>         SocketException ex = null; 
> >>         switch (data[1]) { 
> >>             case 90: 
> >>                 // Success! 
> >>                 break; 
> >>             case 91: 
> >>                 ex = new SocketException("SOCKS request rejected"); 
> >>                 break; 
> >>             case 92: 
> >>                 ex = new SocketException("SOCKS server couldn't reach
> >> destination"); 
> >>                 break; 
> >>             case 93: 
> >>                 ex = new SocketException("SOCKS authentication failed"); 
> >>                 break; 
> >>             default: 
> >>                 ex = new SocketException("Reply from SOCKS server
> >> contains
> >> bad status"); 
> >>                 break; 
> >>         } 
> >>         if (ex != null) { 
> >>             in.close(); 
> >>             out.close(); 
> >>             throw ex; 
> >>         } 
> >> 
> >>         return socket; 
> >>     } 
> >> 
> >>     private int readSocketReply(InputStream in, byte[] data) throws
> >> IOException { 
> >>         int len = data.length; 
> >>         int received = 0; 
> >>         for (int attempts = 0; received < len && attempts < 3;
> >> attempts++) { 
> >>             int count = in.read(data, received, len - received); 
> >>             if (count < 0) 
> >>                 throw new SocketException("Malformed reply from SOCKS
> >> server"); 
> >>             received += count; 
> >>         } 
> >>         return received; 
> >>     } 
> >> } 
> >> 
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > 
> > 
> > 
> 
> 
> Because the 'sock' passed in is just one unconnected sslsocket created in
> the function createSocket, it's not useful in my solution.
> 

Why?

> Maybe I should read the httpclient source code to see what happened.
> If any finding, I will update it here.
> Maybe I should read the HttpClient source code to see 

This always helps.

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org