hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Keyes <PKe...@starbucks.com>
Subject hc-4.3.6: AllowAllVerifier not used
Date Tue, 16 Dec 2014 18:08:59 GMT
Below is a unit test that attempts to use the "SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER"
option.  It never works and the wire level debug indicates that HC is always using "BrowserCompatHostnameVerifier"
instead.  Can someone explain why or where my code is incorrect?


WIRE LEVEL DEBUG I/O
===================
12-16 10:01:42.873|INFO |main        |gws-unit-test            |n.common.AllowAllIssue.main(AllowAllIssue.java:68)|unit
test started.
12-16 10:01:42.878|INFO |main        |gws-unit-test            |n.common.AllowAllIssue.main(AllowAllIssue.java:74)|creating
http method...
12-16 10:01:42.893|INFO |main        |gws-unit-test            |n.common.AllowAllIssue.main(AllowAllIssue.java:84)|creating
http client...
12-16 10:01:42.986|INFO |main        |gws-unit-test            |.common.AllowAllIssue.main(AllowAllIssue.java:110)|creating
http context...
12-16 10:01:43.004|INFO |main        |gws-unit-test            |.common.AllowAllIssue.main(AllowAllIssue.java:123)|invoking:
https://pkeyes668377:8443/block/ct-env/all/tp-haws_sys_svcs/tx-sync/alert?durMins=2
12-16 10:01:43.025|DEBUG|main        |                         |uestAddCookies.process(RequestAddCookies.java:122)|CookieSpec
selected: best-match
12-16 10:01:43.045|DEBUG|main        |                         |nection(BasicHttpClientConnectionManager.java:246)|Get
connection for route {s}->https://pkeyes668377:8443
12-16 10:01:43.074|DEBUG|main        |                         |in.MainClientExec.execute(MainClientExec.java:217)|Opening
connection {s}->https://pkeyes668377:8443
12-16 10:01:43.082|DEBUG|main        |                         |tor.connect(HttpClientConnectionOperator.java:122)|Connecting
to pkeyes668377/127.0.0.1:8443
12-16 10:01:43.528|DEBUG|main        |                         |utdown(LoggingManagedHttpClientConnection.java:87)|http-outgoing-0:
Shutdown connection
12-16 10:01:43.528|DEBUG|main        |                         |nHolder.abortConnection(ConnectionHolder.java:126)|Connection
discarded
12-16 10:01:43.529|DEBUG|main        |                         |nection(BasicHttpClientConnectionManager.java:269)|Releasing
connection [Not bound]
12-16 10:01:43.529|FATAL|main        |gws-unit-test            |.common.AllowAllIssue.main(AllowAllIssue.java:133)|service
exec failed: err=javax.net.ssl.SSLException: hostname in certificate didn't match: <pkeyes668377>
!= <localhost>
javax.net.ssl.SSLException: hostname in certificate didn't match: <pkeyes668377> !=
<localhost>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54)
~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:159) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:301)
~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:291)
~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.conn.BasicHttpClientConnectionManager.connect(BasicHttpClientConnectionManager.java:318)
~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[apache-httpclient-4.3.6.jar:4.3.6]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[apache-httpclient-4.3.6.jar:4.3.6]
at com.sbux.ws.admin.common.AllowAllIssue.main(AllowAllIssue.java:124) [classes/:?]
12-16 10:01:43.535|INFO |main        |gws-unit-test            |.common.AllowAllIssue.main(AllowAllIssue.java:141)|unit
test complete.


JAVA UNIT TEST CODE
==================
package com.sbux.ws.admin.common;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.ws.rs.core.MediaType;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthCache;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.config.ConnectionConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.Marker;
import org.apache.logging.log4j.MarkerManager;

public class AllowAllIssue {
    private static final Logger log = LogManager.getLogger(GWSUnitTestContext.class);
    private static final Marker gMarker = MarkerManager.getMarker("gws-unit-test");

    public static void main(String args[]) throws Exception {
        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "DEBUG");
               // v3.1
        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http", "DEBUG");
               // v4.x
        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"DEBUG");  // v3.1
        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.wire",
"DEBUG");           // v4.x
        System.setProperty("log4j.logger.httpclient.wire", "DEBUG");
        System.setProperty("log4j.logger.org.apache.commons.httpclient", "DEBUG");
        System.setProperty("javax.net.ssl.keyStore", "/opt/gsit/tomee/gsit-keystore/gws-cacerts.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
        System.setProperty("javax.net.ssl.trustStore", "/opt/gsit/tomee/gsit-keystore/gws-cacerts.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
        org.apache.logging.log4j.core.config.Configurator.initialize("basic", null, "/opt/gsit/tomee/tomee-lib/log4j2.xml");

        final BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
        System.out.print("enter http user: "); System.out.flush(); String user = stdin.readLine();
        System.out.print("enter http pass: "); System.out.flush(); String pass = stdin.readLine();
        System.out.print("enter http host: "); System.out.flush(); String host = stdin.readLine();
        System.out.println("\n\n\n");

        final BasicHttpClientConnectionManager basicHttpConnMgr = new BasicHttpClientConnectionManager();
        final int portNo = 8443;
        final String hostAndPortNo = "https://" + host + ":" + portNo;

        log.info(gMarker, "unit test started.");
        HttpRequestBase method;
        CloseableHttpClient httpClient = null;
        HttpClientContext httpContext;
        HttpResponse rsp=null;
        try {
            log.info(gMarker, "creating http method...");
            URL url = new URL(hostAndPortNo + "/block/ct-env/all/tp-haws_sys_svcs/tx-sync/alert");
            method = new HttpPut(url.toString());
            method.setHeader("Accept", MediaType.APPLICATION_XML);
            final List<NameValuePair> queryParams = new ArrayList<>();
            queryParams.add(new BasicNameValuePair("durMins", "2"));
            method.setURI(
                new URIBuilder(method.getURI()).addParameters(queryParams).build()
            );

            log.info(gMarker, "creating http client...");
            final RequestConfig requestConfig = RequestConfig.custom()
                .setAuthenticationEnabled(true)
                .setRedirectsEnabled(true)
                .build()
            ;
            final SSLContext sslContext = SSLContexts.custom()
                .useTLS()
                .loadTrustMaterial(null, new TrustSelfSignedStrategy())
                .build()
            ;
            final SSLConnectionSocketFactory sslConnFactory = new SSLConnectionSocketFactory(
                sslContext
                , SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
            );

            final HttpClientBuilder builder = HttpClients.custom()
                .setDefaultConnectionConfig(ConnectionConfig.DEFAULT)
                .setDefaultRequestConfig(requestConfig)
                .setConnectionManager(basicHttpConnMgr)
                .setSslcontext(sslContext)
                .setSSLSocketFactory(sslConnFactory)
                .setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
            ;
            httpClient = builder.build();

            log.info(gMarker, "creating http context...");
            httpContext = HttpClientContext.create();
            final HttpHost httpHost = new HttpHost(host);
            final AuthScope authScope = new AuthScope(host, portNo);
            final UsernamePasswordCredentials basic = new UsernamePasswordCredentials(user,
pass);
            final CredentialsProvider credsProvider = new BasicCredentialsProvider();
            credsProvider.setCredentials(authScope, basic);
            httpContext.setCredentialsProvider(credsProvider);
            final AuthCache authCache = new BasicAuthCache();
            final BasicScheme basicScheme = new BasicScheme();
            authCache.put(httpHost, basicScheme);
            httpContext.setAuthCache(authCache);

            log.info(gMarker, "invoking: " + method.getURI().toString());
            rsp = httpClient.execute(method, httpContext);

            log.info(gMarker, "service exec success:"
                + " s-code=" + rsp.getStatusLine().getStatusCode()
                + "; re=" + rsp.getStatusLine().getReasonPhrase()
                + "\n" + rsp.getEntity().toString()
            );
        }
        catch(Throwable t) {
            log.fatal(gMarker, "service exec failed: err=" + t, t);
        }
        finally {
            try { rsp.getEntity().getContent().close(); } catch(Throwable t) {}
            try { httpClient.close(); } catch(Throwable t) {}
            try { basicHttpConnMgr.shutdown(); } catch(Throwable t) {}
        }

        log.info(gMarker, "unit test complete.");
        System.exit(0);
    }
}

--
Pete Keyes
Starbucks Coffee Co.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message