001/* 002 * Copyright 2023-2024 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2023-2024 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2023-2024 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util; 037 038 039 040import java.net.InetSocketAddress; 041import java.net.Proxy; 042import javax.net.ssl.SSLSocketFactory; 043 044 045 046/** 047 * This class provides an implementation of a socket factory that can be used 048 * to forward traffic through an HTTP proxy server. Because of limitations in 049 * the Java support for HTTP proxy servers, the following constraints will be 050 * imposed: 051 * <UL> 052 * <LI> 053 * Communication with the proxy server itself cannot be encrypted. However, 054 * it is possible to encrypt all communication through the proxy server to 055 * the actual target server using TLS (by providing an 056 * {@code SSLSocketFactory} instance when creating the 057 * {@code HTTPProxySocketFactory}), in which case the data will still be 058 * protected from the client to that target server, and anyone observing the 059 * communication between the client and the HTTP proxy, or between the 060 * HTTP proxy and the target server, would not be able to decipher that 061 * communication. 062 * </LI> 063 * <LI> 064 * This implementation only provides direct support for proxy servers that 065 * do not require authentication. Although it may potentially be possible 066 * to configure authentication using Java system properties, this 067 * implementation does not provide any direct support for authentication. 068 * </LI> 069 * </UL> 070 * <BR><BR> 071 * <H2>Example</H2> 072 * The following example demonstrates the process for establishing an LDAPS 073 * connection through a HTTP proxy server: 074 * <PRE> 075 * final String httpProxyServerAddress = "http-proxy.example.com"; 076 * final int httpProxyServerPort = 3128; 077 * final int connectTimeoutMillis = 10_000; 078 * 079 * final SSLUtil sslUtil = 080 * new SSLUtil(new TrustStoreTrustManager("/path/to/trust/store")); 081 * final SSLSocketFactory ldapsSocketFactory = 082 * sslUtil.createSSLSocketFactory(); 083 * 084 * final HTTPProxySocketFactory httpProxySocketFactory = 085 * new HTTPProxySocketFactory(httpProxyServerAddress, 086 * httpProxyServerPort, connectTimeoutMillis, 087 * ldapsSocketFactory); 088 * 089 * final String ldapsServerAddress = "ds.example.com"; 090 * final int ldapsServerPort = 636; 091 * 092 * try (LDAPConnection conn = new LDAPConnection(httpProxySocketFactory, 093 * ldapsServerAddress, ldapsServerPort)) 094 * { 095 * // Do something with the connection here. 096 * } 097 * </PRE> 098 */ 099@NotMutable() 100@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 101public final class HTTPProxySocketFactory 102 extends ProxySocketFactory 103{ 104 /** 105 * Creates a new instance of this HTTP socket factory with the provided 106 * settings. The resulting socket factory will provide support for 107 * unencrypted LDAP communication. 108 * 109 * @param httpProxyHost The address of the HTTP proxy server. It 110 * must not be {@code null}. 111 * @param httpProxyPort The port on which the HTTP proxy is 112 * listening for new connections. 113 * @param connectTimeoutMillis The maximum length of time in milliseconds to 114 * wait for a connection to be established. A 115 * value that is less than or equal to zero 116 * indicates that no explicit timeout will be 117 * imposed. 118 */ 119 public HTTPProxySocketFactory(@NotNull final String httpProxyHost, 120 final int httpProxyPort, 121 final int connectTimeoutMillis) 122 { 123 this(httpProxyHost, httpProxyPort, connectTimeoutMillis, null); 124 } 125 126 127 128 /** 129 * Creates a new instance of this HTTP socket factory with the provided 130 * settings. The resulting socket factory may provide support for either 131 * unencrypted LDAP communication (if the provided {@code sslSocketFactory} 132 * value is {@code null}) or encrypted LDAPS communication (if the provided 133 * {@code sslSocketFactory} value is non-{@code null}). 134 * 135 * @param httpProxyHost The address of the HTTP proxy server. It 136 * must not be {@code null}. 137 * @param httpProxyPort The port on which the HTTP proxy is 138 * listening for new connections. 139 * @param connectTimeoutMillis The maximum length of time in milliseconds to 140 * wait for a connection to be established. A 141 * value that is less than or equal to zero 142 * indicates that no explicit timeout will be 143 * imposed. 144 * @param sslSocketFactory An SSL socket factory that should be used if 145 * communication with the target LDAP server 146 * should be encrypted with TLS. It must be 147 * {@code null} if communication should not be 148 * encrypted, and it must not be {@code null} if 149 * communication should be encrypted with TLS. 150 */ 151 public HTTPProxySocketFactory(@NotNull final String httpProxyHost, 152 final int httpProxyPort, 153 final int connectTimeoutMillis, 154 @Nullable final SSLSocketFactory sslSocketFactory) 155 { 156 super(new Proxy(Proxy.Type.HTTP, 157 new InetSocketAddress(httpProxyHost, httpProxyPort)), 158 connectTimeoutMillis, sslSocketFactory); 159 } 160}