Oleg,
The ssl certification is self signen, so I'm not interessed in checking
the certification. I use EasySSLProtocolSocketFactory( you properly know
the code ) :) , the only thing that I have changed is making an internal
class (SecureManager) instead of using EasyX509TrustManager.
SecureManager does nothing. I thought that I did need to log this and
that it would be faster when doing nothing - maybee I was wrong. As you
can see I'm a newbiee when it comes to http communication, so I have
taken most of it from the web.
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import
org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import
org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* <p>
* EasySSLProtocolSocketFactory can be used to creats SSL [EMAIL PROTECTED]
Socket}s
* that accept self-signed certificates.
* </p>
* <p>
* This socket factory SHOULD NOT be used for productive systems
* due to security reasons, unless it is a concious decision and
* you are perfectly aware of security implications of accepting
* self-signed certificates
* </p>
*
* <p>
* Example of using custom protocol socket factory for a specific host:
* <pre>
* Protocol easyhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
*
* HttpClient client = new HttpClient();
* client.getHostConfiguration().setHost("localhost", 443,
easyhttps);
* // use relative url only
* GetMethod httpget = new GetMethod("/");
* client.executeMethod(httpget);
* </pre>
* </p>
* <p>
* Example of using custom protocol socket factory per default instead
of the standard one:
* <pre>
* Protocol easyhttps = new Protocol("https", new
EasySSLProtocolSocketFactory(), 443);
* Protocol.registerProtocol("https", easyhttps);
*
* HttpClient client = new HttpClient();
* GetMethod httpget = new GetMethod("https://localhost/";);
* client.executeMethod(httpget);
* </pre>
* </p>
*
* @author <a href="mailto:oleg -at- ural.ru">Oleg Kalnichevski</a>
*
* <p>
* DISCLAIMER: HttpClient developers DO NOT actively support this
component.
* The component is provided as a reference material, which may be
inappropriate
* for use without additional customization.
* </p>
*/
public class EasySSLProtocolSocketFactory implements
SecureProtocolSocketFactory {
/** Log object for this class. */
private static final Log LOG =
LogFactory.getLog(EasySSLProtocolSocketFactory.class);
private SSLContext sslcontext = null;
/**
* Constructor for EasySSLProtocolSocketFactory.
*/
public EasySSLProtocolSocketFactory() {
super();
}
private SSLContext createEasySSLContext() {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[] {new
EasySSLProtocolSocketFactory.SecureManager()}, null);
return context;
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new HttpClientError(e.toString());
}
}
private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createEasySSLContext();
}
return this.sslcontext;
}
/**
* @see
SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.I
netAddress,int)
*/
public Socket createSocket(String host, int port, InetAddress
clientHost, int clientPort) throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(host,
port, clientHost, clientPort);
}
/**
* Attempts to get a new socket connection to the given host within
the given time limit.
* <p>
* To circumvent the limitations of older JREs that do not support
connect timeout a
* controller thread is executed. The controller thread attempts to
create a new socket
* within the given limit of time. If socket constructor does not
return until the
* timeout expires, the controller terminates and throws an [EMAIL
PROTECTED]
ConnectTimeoutException}
* </p>
*
* @param host the host name/IP
* @param port the port on the host
* @param clientHost the local host name/IP to bind the socket to
* @param clientPort the port on the local machine
* @param params [EMAIL PROTECTED] HttpConnectionParams Http connection
parameters}
*
* @return Socket a new socket
*
* @throws IOException if an I/O error occurs while creating the
socket
* @throws UnknownHostException if the IP address of the host cannot
be
* determined
*/
public Socket createSocket( final String host, final int port, final
InetAddress localAddress, final int localPort, final
HttpConnectionParams params) throws IOException, UnknownHostException,
ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be
null");
}
int timeout = params.getConnectionTimeout();
if (timeout == 0) {
return createSocket(host, port, localAddress, localPort);
} else {
// To be eventually deprecated when migrated to Java 1.4 or
above
return ControllerThreadSocketFactory.createSocket(
this, host, port, localAddress, localPort, timeout);
}
}
/**
* @see
SecureProtocolSocketFactory#createSocket(java.lang.String,int)
*/
public Socket createSocket(String host, int port) throws
IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket( host,
port );
}
/**
* @see
SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.Strin
g,int,boolean)
*/
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket( socket,
host, port, autoClose );
}
public boolean equals(Object obj) {
return ((obj != null) &&
obj.getClass().equals(EasySSLProtocolSocketFactory.class));
}
public int hashCode() {
return EasySSLProtocolSocketFactory.class.hashCode();
}
//Inner class
class SecureManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted( X509Certificate[] certs, String
authType) {}
public void checkServerTrusted(X509Certificate[] certs, String
authType) {}
}
}
-----Oprindelig meddelelse-----
Fra: Oleg Kalnichevski [mailto:[EMAIL PROTECTED]
Sendt: 5. januar 2006 13:29
Til: [email protected]
Emne: Re: SV: Slow to open connection after an hour or so
On Thu, Jan 05, 2006 at 08:38:11AM +0100, Kim B. Andersen wrote:
> Hi
>
> hope it's readable
>
> First hour
>
> 2006/01/03 14:46:49:926 CET [DEBUG] HttpConnection - Open connection
to fastnetselvbetjening.tdconline.dk:443
> 2006/01/03 14:46:50:038 CET [DEBUG] header - >> "GET
/Krump/Alivetest.do?ws HTTP/1.1[\r][\n]"
>
> After the first hour
>
> 2006/01/04 07:58:50:230 CET [DEBUG] HttpConnection - Open connection
to fastnetselvbetjening.tdconline.dk:443
> 2006/01/04 07:58:59:230 CET [DEBUG] header - >> "GET
/Krump/Alivetest/alivetester1.html HTTP/1.1[\r][\n]"
>
Kim,
Apparently the 9sec delay is caused by the SSL related stuff. Most
likely for some reason the SSL handshake takes some time. How do you
configure the SSL context on the clietn side?
Oleg
> Kim Andersen
> -----Oprindelig meddelelse-----
> Fra: Ortwin Gl?ck [mailto:[EMAIL PROTECTED]
> Sendt: 4. januar 2006 17:19
> Til: HttpClient Project
> Emne: Re: Slow to open connection after an hour or so
>
>
> My ideas:
> * Anything in the logs?
> * Is there a chance that you are exhausting the connection pool by
never
> returning your connections? New connection requests would then block
> until one gets available
> * Maybe attach a debugger / profiler or use jconsole
>
> Hell, it would be nice if HttpClient had some JMX beans to provide
> information about pools etc. at runtime. I'll add that as a
requirement
> for 4.0.
>
> Odi
>
> Kim B. Andersen wrote:
> > Hi
> >
> > I'm devolping a program which grabs webpage every 5min and measure
the
> > time it takes. I have succesful used httpclient to get the pages and
it
> > works fine:). The problem is opening of connection in httpclient get
> > very slow after and hour or so.The first hour opening a connection
takes
> > 50ms at max and after an hour it takes 10 seconds. Opening of
connection
> > gets fast if I restarte the program. Any Ideas what the problem
could
> > be?
> >
> > I have tried the following/uses:
> >
> > jvm version: 1.5.0_6/1.4.2_05
> > httpclient: 3.0 rc4/ 3.0 rc4
> > I have tried both with proxy and out
> > I have tried both MultiThreadedHttpConnectionManager and simple
> >
> > Hope you can help me
> >
> > /Kim Andersen
> >
>
> --
> [web] http://www.odi.ch/
> [blog] http://www.odi.ch/weblog/
> [pgp] key 0x81CF3416
> finger print F2B1 B21F F056 D53E 5D79 A5AF 02BE 70F5 81CF 3416
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
