From 7e6a5a5485d5b4efd4e5d94cf506f7c39a792175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Prante?= Date: Fri, 15 Mar 2024 17:22:19 +0100 Subject: [PATCH] do not keep the httpChannelInitializer in the netty client --- .../http1/Https1ChannelInitializer.java | 25 +++++++++++-------- .../http/client/netty/NettyHttpClient.java | 12 +++------ 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/net-http-client-netty-secure/src/main/java/org/xbib/net/http/client/netty/secure/http1/Https1ChannelInitializer.java b/net-http-client-netty-secure/src/main/java/org/xbib/net/http/client/netty/secure/http1/Https1ChannelInitializer.java index 8190f6f..5ab538a 100644 --- a/net-http-client-netty-secure/src/main/java/org/xbib/net/http/client/netty/secure/http1/Https1ChannelInitializer.java +++ b/net-http-client-netty-secure/src/main/java/org/xbib/net/http/client/netty/secure/http1/Https1ChannelInitializer.java @@ -24,7 +24,6 @@ import io.netty.handler.timeout.ReadTimeoutHandler; import java.io.IOException; import java.io.UncheckedIOException; import java.net.InetSocketAddress; -import java.security.Provider; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -114,6 +113,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer { ChannelPipeline pipeline = channel.pipeline(); try { SslHandler sslHandler = createSslHandler(nettyHttpClientConfig, httpAddress); + logger.log(Level.FINEST, "new SslHandler created = " + sslHandler); channel.attr(NettyHttpsClientConfig.ATTRIBUTE_KEY_SSL_HANDLER).set(sslHandler); pipeline.addLast("client-ssl-handler", sslHandler); } catch (IOException e) { @@ -149,7 +149,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer { ClientSecureSocketProvider clientSecureSocketProvider = null; for (ClientSecureSocketProvider provider : ServiceLoader.load(ClientSecureSocketProvider.class)) { if (logger.isLoggable(Level.FINEST)) { - logger.log(Level.FINEST, "trying secure socket provider = " + provider.name()); + logger.log(Level.FINEST, "trying secure socket provider = " + provider); } if (nettyHttpClientConfig.getSecureSocketProviderName().equals(provider.name())) { sslContextBuilder.sslProvider(provider.sslProvider(httpAddress)) @@ -161,8 +161,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer { ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); } if (provider.securityProvider(httpAddress) != null) { - Provider p = provider.securityProvider(httpAddress); - sslContextBuilder.sslContextProvider(p); + sslContextBuilder.sslContextProvider(provider.securityProvider(httpAddress)); } if (nettyHttpClientConfig.getTrustManagerFactory() != null) { sslContextBuilder.trustManager(nettyHttpClientConfig.getTrustManagerFactory()); @@ -178,6 +177,9 @@ public class Https1ChannelInitializer implements HttpChannelInitializer { params.setEndpointIdentificationAlgorithm("HTTPS"); List sniServerNames = new ArrayList<>(); sniServerNames.add(new SNIHostName(httpAddress.getHost())); // only single host_name allowed + if (logger.isLoggable(Level.FINEST)) { + logger.log(Level.FINEST, "SNI server names = " + sniServerNames); + } params.setServerNames(sniServerNames); engine.setSSLParameters(params); switch (nettyHttpClientConfig.getClientAuthMode()) { @@ -196,20 +198,21 @@ public class Https1ChannelInitializer implements HttpChannelInitializer { if (nettyHttpClientConfig.getSecureProtocolName() != null) { String[] enabledProtocols = nettyHttpClientConfig.getSecureProtocolName(); engine.setEnabledProtocols(enabledProtocols); - logger.log(Level.FINEST, "TLS: configured protocol = " + - Arrays.asList(nettyHttpClientConfig.getSecureProtocolName())); + if (logger.isLoggable(Level.FINEST)) { + logger.log(Level.FINEST, "configured TLS protocols = " + + Arrays.asList(nettyHttpClientConfig.getSecureProtocolName())); + } } sslHandler.setHandshakeTimeoutMillis(nettyHttpClientConfig.getSocketConfig().getSslHandshakeTimeoutMillis()); if (logger.isLoggable(Level.FINEST)) { logger.log(Level.FINEST, "TLS: selected secure socket provider = " + - (clientSecureSocketProvider != null ? clientSecureSocketProvider.name() : "")); - logger.log(Level.FINEST, "TLS:" + + (clientSecureSocketProvider != null ? clientSecureSocketProvider.name() : "") + " enabled protocols = " + Arrays.asList(engine.getEnabledProtocols()) + " supported protocols = " + Arrays.asList(engine.getSupportedProtocols()) + " application protocol = " + engine.getApplicationProtocol() + - " handshake application protocol = " + engine.getHandshakeApplicationProtocol()); - logger.log(Level.FINEST, "TLS: client need auth = " + - engine.getNeedClientAuth() + " client want auth = " + engine.getWantClientAuth()); + " handshake application protocol = " + engine.getHandshakeApplicationProtocol() + + " client need auth = " + engine.getNeedClientAuth() + + " client want auth = " + engine.getWantClientAuth()); } return sslHandler; } diff --git a/net-http-client-netty/src/main/java/org/xbib/net/http/client/netty/NettyHttpClient.java b/net-http-client-netty/src/main/java/org/xbib/net/http/client/netty/NettyHttpClient.java index 27fb031..54dcdbb 100644 --- a/net-http-client-netty/src/main/java/org/xbib/net/http/client/netty/NettyHttpClient.java +++ b/net-http-client-netty/src/main/java/org/xbib/net/http/client/netty/NettyHttpClient.java @@ -37,8 +37,6 @@ public class NettyHttpClient implements HttpClient, C private final AtomicBoolean closed; - private HttpChannelInitializer httpChannelInitializer; - private Pool pool; private final List interactions; @@ -50,7 +48,6 @@ public class NettyHttpClient implements HttpClient, C this.eventLoopGroup = eventLoopGroup; this.bootstrap = bootstrap; this.closed = new AtomicBoolean(false); - this.httpChannelInitializer = builder.httpChannelInitializer; createBoundedPool(builder.nettyHttpClientConfig, bootstrap); this.interactions = new CopyOnWriteArrayList<>(); } @@ -171,8 +168,7 @@ public class NettyHttpClient implements HttpClient, C if (closed.compareAndSet(false, true)) { try { for (Interaction interaction : interactions) { - logger.log(Level.FINER, "waiting for unfinshed interaction " + interaction); - //interaction.get(); + logger.log(Level.FINER, "waiting for unfinished interaction " + interaction); interaction.close(); } if (hasPooledNodes()) { @@ -207,18 +203,16 @@ public class NettyHttpClient implements HttpClient, C /** + * Always create a new channel initializer because the HTTP address is implanted into + * a possible SSL handler for DNS subject alternative name resolution. * The lookup here needs to be thread-safe. * @param httpAddress the HTTP address for the channel initializer to look up. * @return the channel initializer */ private HttpChannelInitializer lookupChannelInitializer(HttpAddress httpAddress) { - if (httpChannelInitializer != null || httpAddress == null) { - return httpChannelInitializer; - } synchronized (this) { for (HttpChannelInitializer initializer : ServiceLoader.load(HttpChannelInitializer.class)) { if (initializer.supports(httpAddress)) { - httpChannelInitializer = initializer; return initializer; } }