Add capability to WSO2 IOT server to route HTTP/HTTPS calls through Proxy server (#1244)

* Fix IoT Server HTTP/HTTPS calls bypassing a Proxy server

Since the Feign client is not supporting proxy routing this fix has included okhttp client and pass it to the feigns okkhttp client wrapper in order to pass HTTP/HTTPS call through proxy server if the system proxy properties are set. Further this modifies the apache http client also to pick system properties.

fixes wso2/product-iots#1806

* Remove unwanted comments and commented lines

* Remove the localhost host check

* Add default non proxy hosts

Added localhost as a default non proxy host

* use the version property from parent pom

Use the version property, "github.openfeign.version" from parent pom instead of hard-coding the version range
revert-70aa11f8
Madhawa Perera 7 years ago committed by GitHub
parent 79d48bb1a8
commit b87763dba1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -72,6 +72,9 @@
javax.xml, javax.xml,
org.wso2.carbon.base, org.wso2.carbon.base,
javax.net.ssl, javax.net.ssl,
feign.okhttp; version=${github.openfeign.version},
okhttp3,
org.apache.commons.lang
</Import-Package> </Import-Package>
<Embed-Dependency> <Embed-Dependency>
jsr311-api, jsr311-api,
@ -110,6 +113,14 @@
</build> </build>
<dependencies> <dependencies>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-okhttp</artifactId>
</dependency>
<dependency> <dependency>
<groupId>org.wso2.carbon</groupId> <groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId> <artifactId>org.wso2.carbon.logging</artifactId>

@ -22,6 +22,7 @@ import feign.auth.BasicAuthRequestInterceptor;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder; import feign.gson.GsonEncoder;
import feign.jaxrs.JAXRSContract; import feign.jaxrs.JAXRSContract;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger; import feign.slf4j.Slf4jLogger;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -65,8 +66,9 @@ public class OAuthRequestInterceptor implements RequestInterceptor {
public OAuthRequestInterceptor() { public OAuthRequestInterceptor() {
String username = APIMConfigReader.getInstance().getConfig().getUsername(); String username = APIMConfigReader.getInstance().getConfig().getUsername();
String password = APIMConfigReader.getInstance().getConfig().getPassword(); String password = APIMConfigReader.getInstance().getConfig().getPassword();
dcrClient = Feign.builder().client(Utils.getSSLClient()).logger(new Slf4jLogger()).logLevel( dcrClient = Feign.builder().client(new OkHttpClient(Utils.getSSLClient())).logger(new Slf4jLogger())
Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(username, password)) .logLevel(Logger.Level.FULL).requestInterceptor(new BasicAuthRequestInterceptor(username,
password))
.contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder()) .contract(new JAXRSContract()).encoder(new GsonEncoder()).decoder(new GsonDecoder())
.target(DCRClient.class, Utils.replaceProperties( .target(DCRClient.class, Utils.replaceProperties(
APIMConfigReader.getInstance().getConfig().getDcrEndpoint())); APIMConfigReader.getInstance().getConfig().getDcrEndpoint()));

@ -22,6 +22,7 @@ import feign.Logger;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder; import feign.gson.GsonEncoder;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger; import feign.slf4j.Slf4jLogger;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -49,8 +50,9 @@ public class PublisherClient {
* *
*/ */
public PublisherClient(RequestInterceptor requestInterceptor) { public PublisherClient(RequestInterceptor requestInterceptor) {
Feign.Builder builder = Feign.builder().client( Feign.Builder builder = Feign.builder().client(new OkHttpClient(
org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient()).logger(new Slf4jLogger()) org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient())).logger(new
Slf4jLogger())
.logLevel(Logger.Level.FULL) .logLevel(Logger.Level.FULL)
.requestInterceptor(requestInterceptor).encoder(new GsonEncoder()).decoder(new GsonDecoder()); .requestInterceptor(requestInterceptor).encoder(new GsonEncoder()).decoder(new GsonDecoder());
String basePath = Utils.replaceSystemProperty(APIMConfigReader.getInstance().getConfig().getPublisherEndpoint()); String basePath = Utils.replaceSystemProperty(APIMConfigReader.getInstance().getConfig().getPublisherEndpoint());

@ -24,6 +24,7 @@ import feign.RequestInterceptor;
import feign.Retryer; import feign.Retryer;
import feign.gson.GsonDecoder; import feign.gson.GsonDecoder;
import feign.gson.GsonEncoder; import feign.gson.GsonEncoder;
import feign.okhttp.OkHttpClient;
import feign.slf4j.Slf4jLogger; import feign.slf4j.Slf4jLogger;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.integration.client.configs.APIMConfigReader; import org.wso2.carbon.apimgt.integration.client.configs.APIMConfigReader;
@ -52,8 +53,9 @@ public class StoreClient {
public StoreClient(RequestInterceptor requestInterceptor) { public StoreClient(RequestInterceptor requestInterceptor) {
Feign.Builder builder = Feign.builder().client( Feign.Builder builder = Feign.builder().client(new OkHttpClient(
org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient()).logger(new Slf4jLogger()) org.wso2.carbon.apimgt.integration.client.util.Utils.getSSLClient())).logger(new
Slf4jLogger())
.logLevel(Logger.Level.FULL) .logLevel(Logger.Level.FULL)
.requestInterceptor(requestInterceptor).encoder(new GsonEncoder()).decoder(new GsonDecoder()); .requestInterceptor(requestInterceptor).encoder(new GsonEncoder()).decoder(new GsonDecoder());
String basePath = Utils.replaceSystemProperty(APIMConfigReader.getInstance().getConfig().getStoreEndpoint()); String basePath = Utils.replaceSystemProperty(APIMConfigReader.getInstance().getConfig().getStoreEndpoint());

@ -18,24 +18,38 @@
package org.wso2.carbon.apimgt.integration.client.util; package org.wso2.carbon.apimgt.integration.client.util;
import okhttp3.OkHttpClient;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import feign.Client; import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.*; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.FileInputStream; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.*; import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import feign.Logger;
import feign.Request;
import feign.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
public class Utils { public class Utils {
@ -73,17 +87,65 @@ public class Utils {
return text; return text;
} }
public static Client getSSLClient() { public static OkHttpClient getSSLClient() {
boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2.ignoreHostnameVerification"));
if(isIgnoreHostnameVerification) { boolean isIgnoreHostnameVerification = Boolean.parseBoolean(System.getProperty("org.wso2"
return new Client.Default(getSimpleTrustedSSLSocketFactory(), new HostnameVerifier() { + ".ignoreHostnameVerification"));
@Override OkHttpClient okHttpClient;
public boolean verify(String s, SSLSession sslSession) { final String proxyHost = System.getProperty("http.proxyHost");
return true; final String proxyPort = System.getProperty("http.proxyPort");
final String nonProxyHostsValue = System.getProperty("http.nonProxyHosts");
final ProxySelector proxySelector = new ProxySelector() {
@Override
public java.util.List<Proxy> select(final URI uri) {
final List<Proxy> proxyList = new ArrayList<Proxy>(1);
final String host = uri.getHost();
if (host.startsWith("127.0.0.1") || host.startsWith("localhost") || StringUtils.contains
(nonProxyHostsValue, host)) {
proxyList.add(Proxy.NO_PROXY);
} else {
proxyList.add(new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(proxyHost, Integer.parseInt(proxyPort))));
} }
});
return proxyList;
}
@Override
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
throw new UnsupportedOperationException("Not supported yet.");
}
};
X509TrustManager trustAllCerts = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
};
if(isIgnoreHostnameVerification) {
okHttpClient = new OkHttpClient.Builder()
.sslSocketFactory(getSimpleTrustedSSLSocketFactory(), trustAllCerts)
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}).proxySelector(proxySelector).build();
return okHttpClient;
}else { }else {
return new Client.Default(getTrustedSSLSocketFactory(), null); SSLSocketFactory trustedSSLSocketFactory = getTrustedSSLSocketFactory();
okHttpClient = new OkHttpClient.Builder().sslSocketFactory(trustedSSLSocketFactory)
.proxySelector(proxySelector).build();
return okHttpClient;
} }
} }

@ -97,7 +97,7 @@ public class JWTClientUtil {
SSLContextBuilder builder = new SSLContextBuilder(); SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build());
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build(); httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).useSystemProperties().build();
} else { } else {
httpclient = HttpClients.createDefault(); httpclient = HttpClients.createDefault();
} }

@ -1238,6 +1238,16 @@
<artifactId>gson</artifactId> <artifactId>gson</artifactId>
<version>${google.gson.version}</version> <version>${google.gson.version}</version>
</dependency> </dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${squareup.okhttp3.version}</version>
</dependency>
<dependency>
<groupId>io.github.openfeign</groupId>
<artifactId>feign-okhttp</artifactId>
<version>${github.openfeign.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId> <groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId> <artifactId>httpclient</artifactId>
@ -1971,6 +1981,8 @@
<commons-json.version>3.0.0.wso2v1</commons-json.version> <commons-json.version>3.0.0.wso2v1</commons-json.version>
<json.smart.version>1.3</json.smart.version> <json.smart.version>1.3</json.smart.version>
<google.gson.version>2.3.1</google.gson.version> <google.gson.version>2.3.1</google.gson.version>
<squareup.okhttp3.version>3.8.1</squareup.okhttp3.version>
<github.openfeign.version>9.3.1</github.openfeign.version>
<jsr311.version>1.1.1</jsr311.version> <jsr311.version>1.1.1</jsr311.version>
<commons.logging.version>1.2</commons.logging.version> <commons.logging.version>1.2</commons.logging.version>
<apache.http.version>4.5.1</apache.http.version> <apache.http.version>4.5.1</apache.http.version>

Loading…
Cancel
Save