Re: Using HttpClientContext to get a server proxy's certificates

2016-12-18 Thread Oleg Kalnichevski 
On Sat, 2016-12-17 at 18:05 -0500, Qiang Cao wrote:
> Hi Everyone,
> 
> I'm running my client to talk to a service that is behind a proxy. The
> channel between the client and the server proxy is established through SSL.
> I wish to retain the certificates of the proxy.
> 
> Client --- SSL socket (HTTPS) ---> SSL PROXY --- Plain socket (HTTP) --->
> Server
> 
> The way I do it is to create a context for each request and grab the SSL
> session info from the context after each request is executed.
> 
> ..
> HttpClientContext clientContext = HttpClientContext.create();
> CloseableHttpResponse response = httpclient.execute(target, httppost,
> clientContext);
> ManagedHttpClientConnection conn = clientContext.getConnection(
> ManagedHttpClientConnection.class);
> 
> if(conn.isOpen()) {
>   SSLSession sslsession = conn.getSSLSession();
>X509Certificate[] peerCertChain = sslsession.getPeerCertificateChain();
> }
> 
> The code works fine when there is no proxy and the server runs SSL. In that
> case, I'm able to get the server certificates.  However, with the SSL proxy
> in the middle, the connection (ManagedHttpClientConnection) I got from the
> context is always NOT open. With that, I sort of ran out of ideas to get
> the SSL session for the request.  Any thoughts?
> 
> Thanks in advance!
> 
> -Qiang

Hi Qiang

Connection socket factory should be a better injection point for any
custom SSL logic 

---
CloseableHttpClient client = HttpClientBuilder.create()
.setSSLSocketFactory(new 
SSLConnectionSocketFactory(SSLContexts.createSystemDefault()) {

@Override
public Socket createLayeredSocket(
final Socket socket,
final String target,
final int port,
final HttpContext context) throws IOException {
final SSLSocket layeredSocket = (SSLSocket) 
super.createLayeredSocket(socket, target, port, context);
SSLSession sslsession = layeredSocket.getSession();
X509Certificate[] peerCertChain = 
sslsession.getPeerCertificateChain();
return layeredSocket;
}
})
.build();
---

Hope this helps

Oleg


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Using HttpClientContext to get a server proxy's certificates

2016-12-17 Thread Qiang Cao 
Hi Everyone,

I'm running my client to talk to a service that is behind a proxy. The
channel between the client and the server proxy is established through SSL.
I wish to retain the certificates of the proxy.

Client --- SSL socket (HTTPS) ---> SSL PROXY --- Plain socket (HTTP) --->
Server

The way I do it is to create a context for each request and grab the SSL
session info from the context after each request is executed.

..
HttpClientContext clientContext = HttpClientContext.create();
CloseableHttpResponse response = httpclient.execute(target, httppost,
clientContext);
ManagedHttpClientConnection conn = clientContext.getConnection(
ManagedHttpClientConnection.class);

if(conn.isOpen()) {
  SSLSession sslsession = conn.getSSLSession();
   X509Certificate[] peerCertChain = sslsession.getPeerCertificateChain();
}

The code works fine when there is no proxy and the server runs SSL. In that
case, I'm able to get the server certificates.  However, with the SSL proxy
in the middle, the connection (ManagedHttpClientConnection) I got from the
context is always NOT open. With that, I sort of ran out of ideas to get
the SSL session for the request.  Any thoughts?

Thanks in advance!

-Qiang