Add host and port to SSLEngine, close AsyncHttpClient#527, close AsyncHttpClient#513

Author: Stephane Landelle

providers/netty/src/main/java/org/asynchttpclient/providers/netty/channel/Channels.java

@@ -15,11 +15,11 @@
  */
 package org.asynchttpclient.providers.netty.channel;
 
+import static org.asynchttpclient.providers.netty.handler.Processor.newHttpProcessor;
+import static org.asynchttpclient.providers.netty.handler.Processor.newWsProcessor;
 import static org.asynchttpclient.providers.netty.util.HttpUtil.WEBSOCKET;
 import static org.asynchttpclient.providers.netty.util.HttpUtil.isSecure;
 import static org.asynchttpclient.providers.netty.util.HttpUtil.isWebSocket;
-import static org.asynchttpclient.providers.netty.handler.Processor.newHttpProcessor;
-import static org.asynchttpclient.providers.netty.handler.Processor.newWsProcessor;
 
 import org.asynchttpclient.AsyncHandler;
 import org.asynchttpclient.AsyncHttpClientConfig;
@@ -202,20 +202,26 @@ private Timer newNettyTimer() {
         return nettyTimer;
     }
 
-    private SSLEngine createSSLEngine() throws IOException, GeneralSecurityException {
+    public SslHandler createSslHandler(String peerHost, int peerPort) throws IOException, GeneralSecurityException {
 
+        SSLEngine sslEngine = null;
         if (nettyProviderConfig.getSslEngineFactory() != null) {
-            return nettyProviderConfig.getSslEngineFactory().newSSLEngine();
+            sslEngine = nettyProviderConfig.getSslEngineFactory().newSSLEngine();
 
         } else {
             SSLContext sslContext = config.getSSLContext();
             if (sslContext == null)
                 sslContext = SslUtils.getInstance().getSSLContext(config.isAcceptAnyCertificate());
 
-            SSLEngine sslEngine = sslContext.createSSLEngine();
+            sslEngine = sslContext.createSSLEngine(peerHost, peerPort);
             sslEngine.setUseClientMode(true);
-            return sslEngine;
         }
+        
+        SslHandler sslHandler = new SslHandler(sslEngine);
+        if (handshakeTimeoutInMillis > 0)
+            sslHandler.setHandshakeTimeoutMillis(handshakeTimeoutInMillis);
+        
+        return sslHandler;
     }
 
     public void configureProcessor(NettyRequestSender requestSender, AtomicBoolean closed) {
@@ -258,13 +264,8 @@ protected void initChannel(Channel ch) throws Exception {
             @Override
             protected void initChannel(Channel ch) throws Exception {
 
-                SSLEngine sslEngine = createSSLEngine();
-                SslHandler sslHandler = new SslHandler(sslEngine);
-                if (handshakeTimeoutInMillis > 0)
-                    sslHandler.setHandshakeTimeoutMillis(handshakeTimeoutInMillis);
-
                 ChannelPipeline pipeline = ch.pipeline()//
-                        .addLast(SSL_HANDLER, sslHandler)//
+                        .addLast(SSL_HANDLER, new SslInitializer(Channels.this))
                         .addLast(HTTP_HANDLER, newHttpClientCodec());
 
                 if (config.isCompressionEnabled()) {
@@ -284,7 +285,7 @@ protected void initChannel(Channel ch) throws Exception {
             @Override
             protected void initChannel(Channel ch) throws Exception {
                 ch.pipeline()//
-                        .addLast(SSL_HANDLER, new SslHandler(createSSLEngine()))//
+                        .addLast(SSL_HANDLER, new SslInitializer(Channels.this))//
                         .addLast(HTTP_HANDLER, newHttpClientCodec())//
                         .addLast(WS_PROCESSOR, wsProcessor);
 
@@ -330,7 +331,7 @@ public void verifyChannelPipeline(ChannelPipeline pipeline, String scheme) throw
                 pipeline.remove(SSL_HANDLER);
 
         } else if (isSecure)
-            pipeline.addFirst(SSL_HANDLER, new SslHandler(createSSLEngine()));
+            pipeline.addFirst(SSL_HANDLER, new SslInitializer(Channels.this));
     }
 
     protected HttpClientCodec newHttpClientCodec() {
@@ -346,15 +347,15 @@ protected HttpClientCodec newHttpClientCodec() {
         }
     }
 
-    public void upgradeProtocol(ChannelPipeline p, String scheme) throws IOException, GeneralSecurityException {
+    public void upgradeProtocol(ChannelPipeline p, String scheme, String host, int port) throws IOException, GeneralSecurityException {
         if (p.get(HTTP_HANDLER) != null) {
             p.remove(HTTP_HANDLER);
         }
 
         if (isSecure(scheme)) {
             if (p.get(SSL_HANDLER) == null) {
                 p.addFirst(HTTP_HANDLER, newHttpClientCodec());
-                p.addFirst(SSL_HANDLER, new SslHandler(createSSLEngine()));
+                p.addFirst(SSL_HANDLER, createSslHandler(host, port));
             } else {
                 p.addAfter(SSL_HANDLER, HTTP_HANDLER, newHttpClientCodec());
             }

providers/netty/src/main/java/org/asynchttpclient/providers/netty/channel/SslInitializer.java

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2014 AsyncHttpClient Project.
+ *
+ * Ning licenses this file to you under the Apache License, version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at:
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.asynchttpclient.providers.netty.channel;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.ChannelOutboundHandlerAdapter;
+import io.netty.channel.ChannelPromise;
+import io.netty.handler.ssl.SslHandler;
+
+import java.net.InetSocketAddress;
+import java.net.SocketAddress;
+
+/**
+ * On connect, replaces itself with a SslHandler that has a SSLEngine configured with the remote host and port.
+ * 
+ * @author slandelle
+ */
+public class SslInitializer extends ChannelOutboundHandlerAdapter {
+
+    private final Channels channels;
+
+    public SslInitializer(Channels channels) {
+        this.channels = channels;
+        new Exception().printStackTrace();
+    }
+
+    @Override
+    public void connect(ChannelHandlerContext ctx, SocketAddress remoteAddress, SocketAddress localAddress, ChannelPromise promise)
+            throws Exception {
+
+        InetSocketAddress remoteInetSocketAddress = (InetSocketAddress) remoteAddress;
+        String peerHost = remoteInetSocketAddress.getHostName();
+        int peerPort = remoteInetSocketAddress.getPort();
+
+        SslHandler sslHandler = channels.createSslHandler(peerHost, peerPort);
+
+        ctx.pipeline().replace(Channels.SSL_HANDLER, Channels.SSL_HANDLER, sslHandler);
+
+        ctx.connect(remoteAddress, localAddress, promise);
+    }
+}

providers/netty/src/main/java/org/asynchttpclient/providers/netty/handler/HttpProtocol.java

@@ -347,7 +347,13 @@ private boolean handleConnectOKAndExit(int statusCode, Realm realm, final Reques
 
             try {
                 LOGGER.debug("Connecting to proxy {} for scheme {}", proxyServer, request.getUrl());
-                channels.upgradeProtocol(channel.pipeline(), request.getURI().getScheme());
+                
+                URI requestURI = request.getURI();
+                String scheme = requestURI.getScheme();
+                String host = AsyncHttpProviderUtils.getHost(requestURI);
+                int port = AsyncHttpProviderUtils.getPort(requestURI);
+                
+                channels.upgradeProtocol(channel.pipeline(), scheme, host, port);
             } catch (Throwable ex) {
                 channels.abort(future, ex);
             }