stackoom
  简体   繁体   中英

Java HttpClient with TLS/SSLContext through proxy

 原文  2020-11-25 09:35:32       java/ tls1.2/ http-proxy/ java-http-client

Question

I want to make a HTTP call to server that uses TLS to authenticate. Moreover server needs my IP to be whitelisted, so with AWS Lambda I need to use proxy. What I want to achieve is HTTP POST request with TLS that goes through proxy.

To achieve TLS protocol I use KeyStore with loaded certs and private key. Making a call without proxy (locally from whitelisted IP) works, so I assume keyStore is configured correctly.

Here is how I build httpClient (it's java.net.http.HttpClient ):

var keyManagerFactory = KeyManagerFactory.getInstance("PKIX");
keyManagerFactory.init(keyStore, null);

var trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init(keyStore, null);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

URI proxyUri = config.getProxyUri(); // this is injected object with preloaded config parameters

HttpClient httpClient = HttpClient.newBuilder()
    .sslContext(sslContext)
    .proxy(
      ProxySelector.of(
        InetSocketAddress.createUnresolved(proxyUri.getHost(), proxyUri.getPort())))
    .build();

Now making a request:

String body = createRequestBody(); // creates string with JSON

HttpRequest request = HttpRequest.newBuilder()
    .uri(config.getServiceUri()) // same config as in example above
    .header("Content-Type", "application/json")
    .POST(BodyPublishers.ofString(body))
    .build();

HttpResponse<String> response = httpClient.send(request, BodyHandlers.ofString());

Calling .send(...) causes

java.io.IOException: Tunnel failed, got: 403
# java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source)
# java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source)
# (method we are in above example)

Proxy doesn't need any authentication and in other AWS Lambda I've seen this proxy working with builder using only .proxy(...) method just like in the example above. So the only thing that is different is this .sslContext(...) .

Do I need some more sslContext configuration? I've been searching for some examples with TLS through proxy, but I've not managed to find anything. HttpClient.Builder Docs doesn't say anything about proxy with sslContext either.

Thanks for help!

1 answers

solution1
 0 ACCPTED  2020-12-15 15:06:20

As daniel wrote in a comment

It would seem that you have insufficient permission to access the service you're trying to use

It turned out to be proxy config that was blocking traffic to that specific host and port. There is nothing wrong with the code above. After a change in proxy settings to it works as expected.

Thanks for help!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can the core Java HttpClient proxy through a TLS Proxy? Is it possible to build a Java 11 HttpClient that uses SSL/TLS JAVA_OPTS as its SSLContext? Java 8 cannot force TLS for sslcontext creation? Creating a TLS connection through an HTTP proxy in Java Java HttpClient - Post with file through Proxy Reloading a java.net.http.HttpClient's SSLContext How to configure apache httpclient 4.5+ SSLContext to use mutual TLS authentication with a self signed certificate? Java communication fails through web proxy using Apache HttpClient SSLContext.getInstance("TLS") vulnerability Java Apache HttpClient - Proxy not responding
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM