do not keep the httpChannelInitializer in the netty client

This commit is contained in:
Jörg Prante 2024-03-15 17:22:19 +01:00
parent a270ea2854
commit 7e6a5a5485
2 changed files with 17 additions and 20 deletions

View file

@ -24,7 +24,6 @@ import io.netty.handler.timeout.ReadTimeoutHandler;
import java.io.IOException; import java.io.IOException;
import java.io.UncheckedIOException; import java.io.UncheckedIOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.security.Provider;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -114,6 +113,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
ChannelPipeline pipeline = channel.pipeline(); ChannelPipeline pipeline = channel.pipeline();
try { try {
SslHandler sslHandler = createSslHandler(nettyHttpClientConfig, httpAddress); SslHandler sslHandler = createSslHandler(nettyHttpClientConfig, httpAddress);
logger.log(Level.FINEST, "new SslHandler created = " + sslHandler);
channel.attr(NettyHttpsClientConfig.ATTRIBUTE_KEY_SSL_HANDLER).set(sslHandler); channel.attr(NettyHttpsClientConfig.ATTRIBUTE_KEY_SSL_HANDLER).set(sslHandler);
pipeline.addLast("client-ssl-handler", sslHandler); pipeline.addLast("client-ssl-handler", sslHandler);
} catch (IOException e) { } catch (IOException e) {
@ -149,7 +149,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
ClientSecureSocketProvider clientSecureSocketProvider = null; ClientSecureSocketProvider clientSecureSocketProvider = null;
for (ClientSecureSocketProvider provider : ServiceLoader.load(ClientSecureSocketProvider.class)) { for (ClientSecureSocketProvider provider : ServiceLoader.load(ClientSecureSocketProvider.class)) {
if (logger.isLoggable(Level.FINEST)) { if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "trying secure socket provider = " + provider.name()); logger.log(Level.FINEST, "trying secure socket provider = " + provider);
} }
if (nettyHttpClientConfig.getSecureSocketProviderName().equals(provider.name())) { if (nettyHttpClientConfig.getSecureSocketProviderName().equals(provider.name())) {
sslContextBuilder.sslProvider(provider.sslProvider(httpAddress)) sslContextBuilder.sslProvider(provider.sslProvider(httpAddress))
@ -161,8 +161,7 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)); ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
} }
if (provider.securityProvider(httpAddress) != null) { if (provider.securityProvider(httpAddress) != null) {
Provider p = provider.securityProvider(httpAddress); sslContextBuilder.sslContextProvider(provider.securityProvider(httpAddress));
sslContextBuilder.sslContextProvider(p);
} }
if (nettyHttpClientConfig.getTrustManagerFactory() != null) { if (nettyHttpClientConfig.getTrustManagerFactory() != null) {
sslContextBuilder.trustManager(nettyHttpClientConfig.getTrustManagerFactory()); sslContextBuilder.trustManager(nettyHttpClientConfig.getTrustManagerFactory());
@ -178,6 +177,9 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
params.setEndpointIdentificationAlgorithm("HTTPS"); params.setEndpointIdentificationAlgorithm("HTTPS");
List<SNIServerName> sniServerNames = new ArrayList<>(); List<SNIServerName> sniServerNames = new ArrayList<>();
sniServerNames.add(new SNIHostName(httpAddress.getHost())); // only single host_name allowed sniServerNames.add(new SNIHostName(httpAddress.getHost())); // only single host_name allowed
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "SNI server names = " + sniServerNames);
}
params.setServerNames(sniServerNames); params.setServerNames(sniServerNames);
engine.setSSLParameters(params); engine.setSSLParameters(params);
switch (nettyHttpClientConfig.getClientAuthMode()) { switch (nettyHttpClientConfig.getClientAuthMode()) {
@ -196,20 +198,21 @@ public class Https1ChannelInitializer implements HttpChannelInitializer {
if (nettyHttpClientConfig.getSecureProtocolName() != null) { if (nettyHttpClientConfig.getSecureProtocolName() != null) {
String[] enabledProtocols = nettyHttpClientConfig.getSecureProtocolName(); String[] enabledProtocols = nettyHttpClientConfig.getSecureProtocolName();
engine.setEnabledProtocols(enabledProtocols); engine.setEnabledProtocols(enabledProtocols);
logger.log(Level.FINEST, "TLS: configured protocol = " + if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "configured TLS protocols = " +
Arrays.asList(nettyHttpClientConfig.getSecureProtocolName())); Arrays.asList(nettyHttpClientConfig.getSecureProtocolName()));
} }
}
sslHandler.setHandshakeTimeoutMillis(nettyHttpClientConfig.getSocketConfig().getSslHandshakeTimeoutMillis()); sslHandler.setHandshakeTimeoutMillis(nettyHttpClientConfig.getSocketConfig().getSslHandshakeTimeoutMillis());
if (logger.isLoggable(Level.FINEST)) { if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "TLS: selected secure socket provider = " + logger.log(Level.FINEST, "TLS: selected secure socket provider = " +
(clientSecureSocketProvider != null ? clientSecureSocketProvider.name() : "<none>")); (clientSecureSocketProvider != null ? clientSecureSocketProvider.name() : "<none>") +
logger.log(Level.FINEST, "TLS:" +
" enabled protocols = " + Arrays.asList(engine.getEnabledProtocols()) + " enabled protocols = " + Arrays.asList(engine.getEnabledProtocols()) +
" supported protocols = " + Arrays.asList(engine.getSupportedProtocols()) + " supported protocols = " + Arrays.asList(engine.getSupportedProtocols()) +
" application protocol = " + engine.getApplicationProtocol() + " application protocol = " + engine.getApplicationProtocol() +
" handshake application protocol = " + engine.getHandshakeApplicationProtocol()); " handshake application protocol = " + engine.getHandshakeApplicationProtocol() +
logger.log(Level.FINEST, "TLS: client need auth = " + " client need auth = " + engine.getNeedClientAuth() +
engine.getNeedClientAuth() + " client want auth = " + engine.getWantClientAuth()); " client want auth = " + engine.getWantClientAuth());
} }
return sslHandler; return sslHandler;
} }

View file

@ -37,8 +37,6 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
private final AtomicBoolean closed; private final AtomicBoolean closed;
private HttpChannelInitializer httpChannelInitializer;
private Pool pool; private Pool pool;
private final List<Interaction> interactions; private final List<Interaction> interactions;
@ -50,7 +48,6 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
this.eventLoopGroup = eventLoopGroup; this.eventLoopGroup = eventLoopGroup;
this.bootstrap = bootstrap; this.bootstrap = bootstrap;
this.closed = new AtomicBoolean(false); this.closed = new AtomicBoolean(false);
this.httpChannelInitializer = builder.httpChannelInitializer;
createBoundedPool(builder.nettyHttpClientConfig, bootstrap); createBoundedPool(builder.nettyHttpClientConfig, bootstrap);
this.interactions = new CopyOnWriteArrayList<>(); this.interactions = new CopyOnWriteArrayList<>();
} }
@ -171,8 +168,7 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
if (closed.compareAndSet(false, true)) { if (closed.compareAndSet(false, true)) {
try { try {
for (Interaction interaction : interactions) { for (Interaction interaction : interactions) {
logger.log(Level.FINER, "waiting for unfinshed interaction " + interaction); logger.log(Level.FINER, "waiting for unfinished interaction " + interaction);
//interaction.get();
interaction.close(); interaction.close();
} }
if (hasPooledNodes()) { if (hasPooledNodes()) {
@ -207,18 +203,16 @@ public class NettyHttpClient implements HttpClient<HttpRequest, HttpResponse>, C
/** /**
* Always create a new channel initializer because the HTTP address is implanted into
* a possible SSL handler for DNS subject alternative name resolution.
* The lookup here needs to be thread-safe. * The lookup here needs to be thread-safe.
* @param httpAddress the HTTP address for the channel initializer to look up. * @param httpAddress the HTTP address for the channel initializer to look up.
* @return the channel initializer * @return the channel initializer
*/ */
private HttpChannelInitializer lookupChannelInitializer(HttpAddress httpAddress) { private HttpChannelInitializer lookupChannelInitializer(HttpAddress httpAddress) {
if (httpChannelInitializer != null || httpAddress == null) {
return httpChannelInitializer;
}
synchronized (this) { synchronized (this) {
for (HttpChannelInitializer initializer : ServiceLoader.load(HttpChannelInitializer.class)) { for (HttpChannelInitializer initializer : ServiceLoader.load(HttpChannelInitializer.class)) {
if (initializer.supports(httpAddress)) { if (initializer.supports(httpAddress)) {
httpChannelInitializer = initializer;
return initializer; return initializer;
} }
} }