https://bz.apache.org/bugzilla/show_bug.cgi?id=66592
--- Comment #5 from radhika.j...@veritas.com <radhika.j...@veritas.com> ---
=================
if (proxyConnect != null) {
fConnect.get(timeout, TimeUnit.MILLISECONDS);
// Proxy CONNECT is secure text
if(secureProxy) {
InetSocketAddress inetProxy = (InetSocketAddress)sa;
SSLEngine sslEngine =
createSSLEngine(clientEndpointConfiguration, inetProxy.getHostName(),
inetProxy.getPort());
channel = new AsyncChannelWrapperSecure(socketChannel,
sslEngine);
Future<Void> fHandshake = channel.handshake();
fHandshake.get(timeout, TimeUnit.MILLISECONDS);
} else {
// Proxy CONNECT is clear text
channel = new
AsyncChannelWrapperNonSecure(socketChannel);
}
writeRequest(channel, proxyConnect, timeout);
HttpResponse httpResponse = processResponse(response, channel,
timeout);
if (httpResponse.status ==
Constants.PROXY_AUTHENTICATION_REQUIRED) {
return processAuthenticationChallenge(clientEndpointHolder,
clientEndpointConfiguration, path,
redirectSet, userProperties, request, httpResponse,
AuthenticationType.PROXY, container);
} else if (httpResponse.getStatus() != 200) {
throw new
DeploymentException("wsWebSocketContainer.proxyConnectFail" +selectedProxy + "
"
+Integer.toString(httpResponse.getStatus()));
}
}
I am able to send Secure CONNECT request to the SSL proxy through this
modification in the code to establish secure connection with Proxy.
Receiving HTTPStatus 200, Connection Established reply from the proxy.
=================
However, further ahead, i am not able to make the actual connection to the
target server over this tunnel through this code as i am not able to overlay
the socket:
=================
if (secure) {
// Regardless of whether a non-secure wrapper was created for a
// proxy CONNECT, need to use TLS from this point on so wrap
the
// original AsynchronousSocketChannel
SSLEngine sslEngine =
createSSLEngine(clientEndpointConfiguration, host, port);
channel = new AsyncChannelWrapperSecure(socketChannel,
sslEngine);
} else if (channel == null) {
// Only need to wrap as this point if it wasn't wrapped to
process a
// proxy CONNECT
channel = new AsyncChannelWrapperNonSecure(socketChannel);
}
fConnect.get(timeout, TimeUnit.MILLISECONDS);
Future<Void> fHandshake = channel.handshake();
fHandshake.get(timeout, TimeUnit.MILLISECONDS);
=================
The handshake with target server is giving:
java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException:
Invalid Alert message: no sufficient data
If i dont do a SSL handshake with Target server , then i am not able to write
the request to the target server.
There is no function to overlay the socketchannel in the
AsyncChannelWrapperSecure class.
-----------------------------
However, with a normal socket program, i am able to overlay the secure sockets
and able to connect and upgrade to websocket protocol
Here is the code:
--------------------------
try {
// Open the connection
//Future<Void> fConnect = socketChannel.connect(sa);
Socket tunnel = null;
if (proxyConnect != null) {
//fConnect.get(timeout, TimeUnit.MILLISECONDS);
// Proxy CONNECT is clear text
// channel = new AsyncChannelWrapperNonSecure(socketChannel);
if (proxySecure) {
// Regardless of whether a non-secure wrapper was created
for a
// proxy CONNECT, need to use TLS from this point on so
wrap the
// original AsynchronousSocketChannel
SSLContext sslContext = (SSLContext)
userProperties.get(PROXY_SSL_CONTEXT);
SSLSocketFactory factory =
sslContext.getSocketFactory();
InetSocketAddress proxySA = (InetSocketAddress)sa;
tunnel =
(SSLSocket)factory.createSocket(proxySA.getHostName(),
proxySA.getPort());
} else {
// Only need to wrap as this point if it wasn't wrapped to
// process a
// proxy CONNECT
SocketFactory factory = SocketFactory.getDefault();
InetSocketAddress proxySA = (InetSocketAddress)sa;
tunnel =
factory.createSocket(proxySA.getHostName(),
proxySA.getPort());
}
writeRequest(tunnel, proxyConnect, timeout);
HttpResponse httpResponse = processResponse(response, tunnel,
timeout);
if (httpResponse.status ==
Constants.PROXY_AUTHENTICATION_REQUIRED) {
/*return
processAuthenticationChallenge(clientEndpointHolder,
clientEndpointConfiguration, path,
redirectSet, userProperties, request, httpResponse,
AuthenticationType.PROXY);*/ // uncomment the code for
proxy auth
} else if (httpResponse.getStatus() != 200) {
throw new
DeploymentException("wsWebSocketContainer.proxyConnectFail" + selectedProxy
+ Integer.toString(httpResponse.getStatus()));
}
}
SSLSocket actualWebSocket = null;
SSLSocketFactory factory = null;
if (secure) {
SSLContext sslContext = (SSLContext)
userProperties.get(Constants.SSL_CONTEXT_PROPERTY);
factory =
(SSLSocketFactory)sslContext.getSocketFactory();
} else {
factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
}
if(tunnel != null) {
actualWebSocket =
(SSLSocket)factory.createSocket(tunnel, host, port, true);
} else {
actualWebSocket = (SSLSocket)factory.createSocket(host,
port);
}
/*
* register a callback for handshaking completion event
*/
actualWebSocket.addHandshakeCompletedListener(
new HandshakeCompletedListener() {
public void handshakeCompleted(
HandshakeCompletedEvent event) {
System.out.println("Handshake finished!");
System.out.println(
"\t CipherSuite:" + event.getCipherSuite());
System.out.println(
"\t SessionId " + event.getSession());
System.out.println(
"\t PeerHost " + event.getSession().getPeerHost());
}
}
);
writeRequest(actualWebSocket, request, timeout);
HttpResponse httpResponse = processResponse(response, actualWebSocket,
timeout);
--------------------------
changed writeRequest/processResponse to pass socket as param.
Any clues?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
