1 Reply Latest reply: Apr 29, 2013 3:24 AM by EJP RSS

    Send a request using Http(s)URLConnection through proxy issue

    1005349
      Hi all,

      Here are system environment,
      OS: Ubuntu 12.04
      Java version: 1.6.0_27
      OpenJDK Runtime Environment (IcedTea6 1.12.4) (6b27-1.12.4-1ubuntu1)
      OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

      There are 3 roles introduction as below:
      1. A https client: It can not direct connect to https server. Because it is restricted in a enclosed network environment just like intranet(ip is 10.100.11.8).The only way out is proxy server.
      2. A proxy server: Locate between https client and https server. It have two network interfaces(ip are 10.100.11.10 and 192.168.11.10)
      3. A https server: It is on extranet(ip is 192.168.11.123) and it also cannot connect to https client directly.

      The other network environment setup is: There is no DNS server on https client network environment.

      The following is part of https client code section:
              public static void main(String args[]){
                 String proxyIp ="10.100.11.10";// proxy server IP
                 testConn(proxyIp);
              }
      
              private static void testConn(String proxyIp){
          
                      String httpsURL="https://192.168.11.123:8443/httpsServices";
                      setSSLContext();// I thought this is not root cause so I do not post on
          
                      try{
          
                        InetAddress intIPAdd= InetAddress.getByAddress(convStrToByte(proxyIp));
                        InetSocketAddress proxyInetAddr = new InetSocketAddress(intIPAdd,80);
                        Proxy proxy = new Proxy(Proxy.Type.HTTP, proxyInetAddr);
          
                        URL httpsUrl = new URL(httpsURL);
      
                        HttpsURLConnection httpsCon = (HttpsURLConnection) httpsUrl.openConnection(proxy);
      
                        httpsCon.setDoOutput(true);
                        httpsCon.setDoInput(true);
                        httpsCon.setRequestMethod("POST");
                        httpsCon.setDefaultUseCaches(true);    
                        httpsCon.setUseCaches(true);
                        
                        System.out.println("Get OutPutStream start!");
                        OutputStream out = httpsCon.getOutputStream(); // or httpsCon.connect();
                        System.out.println("Get OutPutStream done!");
                        OutputStreamWriter owriter = new OutputStreamWriter(out);
                        owriter.write("<request>test</request>");
                        owriter.flush();
                        owriter.close();
                        ....
               }
      
              private static byte[]  convStrToByte(String ip){
          
              String str[] = ip.split("\\.");
              byte[] ipAry = new byte[str.length];
                for(int i=0;i<str.length;i++){
                  ipAry[i] = (byte) Integer.parseInt(str, 10);
      }
      return ipAry;
      }

      All right, my problem is, while print out "Get OutPutStream start" untill "Get OutPutStream done", it always takes about 5 secs.
      No Error or exception. It was just hanging there approx 5 secs.
      I observed the packets flow with wireshark.
      Found out that hang time is to send a multicast to ask MDNS the proxy IP. No one reply this message. It would ask 3 times and then send request to proxy.
      
      About https trust and authentication issue. I use *All Trust* solution. because https server use self-signed CA by myself.
      If need, I would update this post with code section of setSSLContext() part.
      
      I wondering to know that I create proxy object using *InetSocketAddress(InetAddress addr, int port)*, or I create proxy ip instance using *public static InetAddress getByAddress(byte[] addr)* why it would ask to MDNS for proxy ip?
      On normal concept, I give an ip address and it do not need to resolve this ip for domain name.
      
      
      Check InetAddress getByAddress(byte[] addr) of JAVA SE6 API:
      It says: 'This method doesn't block, i.e. no reverse name service lookup is performed.'
      
      What can I do to let https client don't need to ask MDNS?
      Thank you guys so much.
      
      Edited by: 1002346 on 2013/4/29 上午 12:05