Le 10/02/16 18:16, Norbert Irmer a écrit :
>> Ok, but you can insert teh SslFilter *before* the proxyFilter. Once you
>> get the ProxyConnector instance, get the connector and do :
>
> Well, I am using a patched QuickFixJ version, in which the control flow is a
> bit different.
>
> Here is an excerpt from the code they are using:
>
>
> CompositeIoFilterChainBuilder ioFilterChainBuilder = new
> CompositeIoFilterChainBuilder(
> userIoFilterChainBuilder);
>
> boolean useProxy = proxyType != null && proxyPort > 0 &&
> socketAddresses[0] instanceof
> InetSocketAddress;
>
>
> SslFilter sslFilter = null;
> if (sslEnabled) {
> boolean autoStart = !useProxy;
> sslFilter = installSslFilter(ioFilterChainBuilder, autoStart);
> }
>
> ioFilterChainBuilder.addLast(FIXProtocolCodecFactory.FILTER_NAME,
> new ProtocolCodecFilter(new FIXProtocolCodecFactory()));
>
> if (useProxy) {
> SocketConnector socketConnector = new NioSocketConnector();
> socketConnector.setFilterChainBuilder(ioFilterChainBuilder);
> ioConnector = ProtocolFactory.createIoProxyConnector(
> socketConnector,
> (InetSocketAddress) socketAddresses[0], new
> InetSocketAddress(proxyHost,
> proxyPort), proxyType, proxyVersion,
> proxyUser, proxyPassword,
> proxyDomain, proxyWorkstation);
> } else {
> ioConnector =
> ProtocolFactory.createIoConnector(socketAddresses[0]);
> ioConnector.setFilterChainBuilder(ioFilterChainBuilder);
> }
>
> ioHandler = new InitiatorIoHandler(fixSession, sslFilter,
> networkingOptions, eventHandlingStrategy);
> }
>
> private SslFilter installSslFilter(CompositeIoFilterChainBuilder
> ioFilterChainBuilder,
> boolean autoStart)
> throws GeneralSecurityException {
> SslFilter sslFilter = new
> SslFilter(SSLContextFactory.getInstance(keyStoreName,
> keyStorePassword.toCharArray()), autoStart);
> if (enableProtocole != null)
> sslFilter.setEnabledProtocols(enableProtocole);
> if (cipherSuites != null)
> sslFilter.setEnabledCipherSuites(cipherSuites);
> sslFilter.setUseClientMode(true);
> ioFilterChainBuilder.addLast(SSLSupport.FILTER_NAME, sslFilter);
> return sslFilter;
> }
>
>
> Sure, with a lot of time, I could possibly rewrite the code, to swap the
> positions of the filters in the filterchain.
>
> But I see little sense in it, since the code is working. The only problem I
> have, is that I get this deadlock after a few minutes or so.
How can you say the code is working when you get a deadlock ?
As Jon said, having the ProcyFilter *before* the SSLFilter in the chain
is not the right thing. The reason being that you may perfectly get
fragmented TCP buffers, and the proxy might not be able to deal with
de-fragmentation when it comes to encrypted data.
I suggest that you patch teh code to first call the installSslFilter
method after the proxy has been created, and in the
installSslFiltermethod, use addFirst() instead of addLast().
Otherwise, you can also check with the latest trunk revision I built
today to see if it's any better (on http://people.apache.org/~elecharny)
