Add capability to WSO2 IOT server to route HTTP/HTTPS calls through Proxy server (#1244)

* Fix IoT Server HTTP/HTTPS calls bypassing a Proxy server

Since the Feign client is not supporting proxy routing this fix has included okhttp client and pass it to the feigns okkhttp client wrapper in order to pass HTTP/HTTPS call through proxy server if the system proxy properties are set. Further this modifies the apache http client also to pick system properties.

fixes wso2/product-iots#1806

* Remove unwanted comments and commented lines

* Remove the localhost host check

* Add default non proxy hosts

Added localhost as a default non proxy host

* use the version property from parent pom

Use the version property, "github.openfeign.version" from parent pom instead of hard-coding the version range
merge-requests/1/head
Madhawa Perera 7 years ago committed by GitHub
parent 79d48bb1a8
commit b87763dba1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -72,6 +72,9 @@
javax.xml,
org.wso2.carbon.base,
javax.net.ssl,
feign.okhttp; version=${github.openfeign.version},
okhttp3,
org.apache.commons.lang
</Import-Package>
<Embed-Dependency>
jsr311-api,
@ -110,6 +113,14 @@
</build>
<dependencies>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-okhttp</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>

@ -22,6 +22,7 @@ import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.jaxrs.JAXRSContract;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -65,8 +66,9 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
public OAuthRequestInterceptor() {
String username = APIMConfigReader.getInstance().getConfig().getUsername();
String password = APIMConfigReader.getInstance().getConfig().getPassword();
dcrClient = Feign.builder().client(Utils.getSSLClient()).logger(new Slf4jLogger()).logLevel(
Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(username, password))
dcrClient = Feign.builder().client(new OkHttpClient(Utils.getSSLClient())).logger(new Slf4jLogger())
.logLevel(Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(username,
password))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(DCRClient.class, Utils.replaceProperties(
APIMConfigReader.getInstance().getConfig().getDcrEndpoint()));

@ -22,6 +22,7 @@ import feign.Logger;
import feign.RequestInterceptor;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@ -49,8 +50,9 @@ public class PublisherClient {
*
*/
public PublisherClient(RequestInterceptor requestInterceptor) {
Feign.Builder builder = Feign.builder().client(
org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient()).logger(new Slf4jLogger())
Feign.Builder builder = Feign.builder().client(new OkHttpClient(
org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient())).logger(new
Slf4jLogger())
.logLevel(Logger.Level.FULL)
.requestInterceptor(requestInterceptor).encoder(new GsonEncoder()).decoder(new GsonDecoder());
String basePath = Utils.replaceSystemProperty(APIMConfigReader.getInstance().getConfig().getPublisherEndpoint());

@ -24,6 +24,7 @@ import feign.RequestInterceptor;
import feign.Retryer;
import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.integration.client.configs.APIMConfigReader;
@ -52,8 +53,9 @@ public class StoreClient {
public StoreClient(RequestInterceptor requestInterceptor) {
Feign.Builder builder = Feign.builder().client(
org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient()).logger(new Slf4jLogger())
Feign.Builder builder = Feign.builder().client(new OkHttpClient(
org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient())).logger(new
Slf4jLogger())
.logLevel(Logger.Level.FULL)
.requestInterceptor(requestInterceptor).encoder(new GsonEncoder()).decoder(new GsonDecoder());
String basePath = Utils.replaceSystemProperty(APIMConfigReader.getInstance().getConfig().getStoreEndpoint());

@ -18,24 +18,38 @@
package org.wso2.carbon.apimgt.integration.client.util;
import okhttp3.OkHttpClient;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import feign.Client;
import javax.net.ssl.*;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import feign.Logger;
import feign.Request;
import feign.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
public class Utils {
@ -73,17 +87,65 @@ public class Utils {
return text;
}
public static Client getSSLClient() {
boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
if(isIgnoreHostnameVerification) {
return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
public static OkHttpClient getSSLClient() {
boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2"
+ ".ignoreHostnameVerification"));
OkHttpClient okHttpClient;
final String proxyHost = System.getProperty("http.proxyHost");
final String proxyPort = System.getProperty("http.proxyPort");
final String nonProxyHostsValue = System.getProperty("http.nonProxyHosts");
final ProxySelector proxySelector = new ProxySelector() {
@Override
public java.util.List<Proxy> select(final URI uri) {
final List<Proxy> proxyList = new ArrayList<Proxy>(1);
final String host = uri.getHost();
if (host.startsWith("127.0.0.1") || host.startsWith("localhost") || StringUtils.contains
(nonProxyHostsValue, host)) {
proxyList.add(Proxy.NO_PROXY);
} else {
proxyList.add(new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(proxyHost, Integer.parseInt(proxyPort))));
}
});
return proxyList;
}
@Override
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
throw new UnsupportedOperationException("Not supported yet.");
}
};
X509TrustManager trustAllCerts = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
};
if(isIgnoreHostnameVerification) {
okHttpClient = new OkHttpClient.Builder()
.sslSocketFactory(getSimpleTrustedSSLSocketFactory(), trustAllCerts)
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}).proxySelector(proxySelector).build();
return okHttpClient;
}else {
return new Client.Default(getTrustedSSLSocketFactory(), null);
SSLSocketFactory trustedSSLSocketFactory = getTrustedSSLSocketFactory();
okHttpClient = new OkHttpClient.Builder().sslSocketFactory(trustedSSLSocketFactory)
.proxySelector(proxySelector).build();
return okHttpClient;
}
}

@ -97,7 +97,7 @@ public class JWTClientUtil {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).useSystemProperties().build();
} else {
httpclient = HttpClients.createDefault();
}

@ -1238,6 +1238,16 @@
<artifactId>gson</artifactId>
<version>${google.gson.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${squareup.okhttp3.version}</version>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-okhttp</artifactId>
<version>${github.openfeign.version}</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
@ -1971,6 +1981,8 @@
<commons-json.version>3.0.0.wso2v1</commons-json.version>
<json.smart.version>1.3</json.smart.version>
<google.gson.version>2.3.1</google.gson.version>
<squareup.okhttp3.version>3.8.1</squareup.okhttp3.version>
<github.openfeign.version>9.3.1</github.openfeign.version>
<jsr311.version>1.1.1</jsr311.version>
<commons.logging.version>1.2</commons.logging.version>
<apache.http.version>4.5.1</apache.http.version>

Loading…
Cancel
Save