OkHttp3中的代理与路由

tttmusic 8年前
   <p>路由是什么呢?路由即是网络数据包在网络中的传输路径,或者说数据包在传输过程中所经过的网络节点,比如路由器,代理服务器之类的。</p>    <p>那像OkHttp3这样的网络库对于数据包的路由需要做些什么事呢?用户可以为终端设置代理服务器,HTTP/HTTPS代理或SOCK代理。OkHttp3中的路由相关逻辑,需要从系统中获取用户设置的代理服务器的地址,将HTTP请求转换为代理协议的数据包,发给代理服务器,然后等待代理服务器帮助完成了网络请求之后,从代理服务器读取响应数据返回给用户。只有这样,用户设置的代理才能生效。如果网络库无视用户设置的代理服务器,直接进行DNS并做网络请求,则用户设置的代理服务器不生效。</p>    <p>这里就来看一下OkHttp3中路由相关的处理。</p>    <h2><strong>路由选择</strong></h2>    <p>如同Internet上的其它设备一样,每个路由节点都有自己的IP地址,加上端口号,则可以确定唯一的路由服务。以域名描述的HTTP/HTTPS代理服务器地址,可能对应于多个实际的代理服务器主机,因而一个代理服务器可能包含有多条路由。而SOCK代理服务器,则有着唯一确定的IP地址和端口号。</p>    <p>OkHttp3借助于RouteSelector来选择路由节点,并维护路由的信息。</p>    <pre>  <code class="language-java">public final class RouteSelector {    private final Address address;    private final RouteDatabase routeDatabase;      /* The most recently attempted route. */    private Proxy lastProxy;    private InetSocketAddress lastInetSocketAddress;      /* State for negotiating the next proxy to use. */    private List<Proxy> proxies = Collections.emptyList();    private int nextProxyIndex;      /* State for negotiating the next socket address to use. */    private List<InetSocketAddress> inetSocketAddresses = Collections.emptyList();    private int nextInetSocketAddressIndex;      /* State for negotiating failed routes */    private final List<Route> postponedRoutes = new ArrayList<>();      public RouteSelector(Address address, RouteDatabase routeDatabase) {      this.address = address;      this.routeDatabase = routeDatabase;        resetNextProxy(address.url(), address.proxy());    }      /**     * Returns true if there's another route to attempt. Every address has at least one route.     */    public boolean hasNext() {      return hasNextInetSocketAddress()          || hasNextProxy()          || hasNextPostponed();    }      public Route next() throws IOException {      // Compute the next route to attempt.      if (!hasNextInetSocketAddress()) {        if (!hasNextProxy()) {          if (!hasNextPostponed()) {            throw new NoSuchElementException();          }          return nextPostponed();        }        lastProxy = nextProxy();      }      lastInetSocketAddress = nextInetSocketAddress();        Route route = new Route(address, lastProxy, lastInetSocketAddress);      if (routeDatabase.shouldPostpone(route)) {        postponedRoutes.add(route);        // We will only recurse in order to skip previously failed routes. They will be tried last.        return next();      }        return route;    }      /**     * Clients should invoke this method when they encounter a connectivity failure on a connection     * returned by this route selector.     */    public void connectFailed(Route failedRoute, IOException failure) {      if (failedRoute.proxy().type() != Proxy.Type.DIRECT && address.proxySelector() != null) {        // Tell the proxy selector when we fail to connect on a fresh connection.        address.proxySelector().connectFailed(            address.url().uri(), failedRoute.proxy().address(), failure);      }        routeDatabase.failed(failedRoute);    }      /** Prepares the proxy servers to try. */    private void resetNextProxy(HttpUrl url, Proxy proxy) {      if (proxy != null) {        // If the user specifies a proxy, try that and only that.        proxies = Collections.singletonList(proxy);      } else {        // Try each of the ProxySelector choices until one connection succeeds. If none succeed        // then we'll try a direct connection below.        proxies = new ArrayList<>();        List<Proxy> selectedProxies = address.proxySelector().select(url.uri());        if (selectedProxies != null) proxies.addAll(selectedProxies);        // Finally try a direct connection. We only try it once!        proxies.removeAll(Collections.singleton(Proxy.NO_PROXY));        proxies.add(Proxy.NO_PROXY);      }      nextProxyIndex = 0;    }      /** Returns true if there's another proxy to try. */    private boolean hasNextProxy() {      return nextProxyIndex < proxies.size();    }      /** Returns the next proxy to try. May be PROXY.NO_PROXY but never null. */    private Proxy nextProxy() throws IOException {      if (!hasNextProxy()) {        throw new SocketException("No route to " + address.url().host()            + "; exhausted proxy configurations: " + proxies);      }      Proxy result = proxies.get(nextProxyIndex++);      resetNextInetSocketAddress(result);      return result;    }      /** Prepares the socket addresses to attempt for the current proxy or host. */    private void resetNextInetSocketAddress(Proxy proxy) throws IOException {      // Clear the addresses. Necessary if getAllByName() below throws!      inetSocketAddresses = new ArrayList<>();        String socketHost;      int socketPort;      if (proxy.type() == Proxy.Type.DIRECT || proxy.type() == Proxy.Type.SOCKS) {        socketHost = address.url().host();        socketPort = address.url().port();      } else {        SocketAddress proxyAddress = proxy.address();        if (!(proxyAddress instanceof InetSocketAddress)) {          throw new IllegalArgumentException(              "Proxy.address() is not an " + "InetSocketAddress: " + proxyAddress.getClass());        }        InetSocketAddress proxySocketAddress = (InetSocketAddress) proxyAddress;        socketHost = getHostString(proxySocketAddress);        socketPort = proxySocketAddress.getPort();      }        if (socketPort < 1 || socketPort > 65535) {        throw new SocketException("No route to " + socketHost + ":" + socketPort            + "; port is out of range");      }        if (proxy.type() == Proxy.Type.SOCKS) {        inetSocketAddresses.add(InetSocketAddress.createUnresolved(socketHost, socketPort));      } else {        // Try each address for best behavior in mixed IPv4/IPv6 environments.        List<InetAddress> addresses = address.dns().lookup(socketHost);        for (int i = 0, size = addresses.size(); i < size; i++) {          InetAddress inetAddress = addresses.get(i);          inetSocketAddresses.add(new InetSocketAddress(inetAddress, socketPort));        }      }        nextInetSocketAddressIndex = 0;    }      /**     * Obtain a "host" from an {@link InetSocketAddress}. This returns a string containing either an     * actual host name or a numeric IP address.     */    // Visible for testing    static String getHostString(InetSocketAddress socketAddress) {      InetAddress address = socketAddress.getAddress();      if (address == null) {        // The InetSocketAddress was specified with a string (either a numeric IP or a host name). If        // it is a name, all IPs for that name should be tried. If it is an IP address, only that IP        // address should be tried.        return socketAddress.getHostName();      }      // The InetSocketAddress has a specific address: we should only try that address. Therefore we      // return the address and ignore any host name that may be available.      return address.getHostAddress();    }      /** Returns true if there's another socket address to try. */    private boolean hasNextInetSocketAddress() {      return nextInetSocketAddressIndex < inetSocketAddresses.size();    }      /** Returns the next socket address to try. */    private InetSocketAddress nextInetSocketAddress() throws IOException {      if (!hasNextInetSocketAddress()) {        throw new SocketException("No route to " + address.url().host()            + "; exhausted inet socket addresses: " + inetSocketAddresses);      }      return inetSocketAddresses.get(nextInetSocketAddressIndex++);    }      /** Returns true if there is another postponed route to try. */    private boolean hasNextPostponed() {      return !postponedRoutes.isEmpty();    }      /** Returns the next postponed route to try. */    private Route nextPostponed() {      return postponedRoutes.remove(0);    }  }</code></pre>    <p>RouteSelector 主要做了这样一些事情:</p>    <ol>     <li>在 RouteSelector 对象创建时,获取并保存用户设置的所有的代理。这里主要通过 ProxySelector ,根据uri来得到系统中的所有代理,并保存在Proxy列表proxies中。</li>     <li>给调用者提供接口,来选择可用的路由。调用者通过next()可以获取 RouteSelector 中维护的下一个可用路由。调用者在连接失败时,可以再次调用这个接口来获取下一个路由。这个接口会逐个地返回每个代理的每个代理主机服务给调用者。在所有的代理的每个代理主机都被访问过了之后,还会返回曾经连接失败的路由。</li>     <li>维护路由节点的信息。 RouteDatabase 用于维护连接失败的路由的信息,以避免浪费时间去连接一些不可用的路由。 RouteDatabase 中的路由信息主要由 RouteSelector 来维护。</li>    </ol>    <p>RouteDatabase 是一个简单的容器:</p>    <pre>  <code class="language-java">package okhttp3.internal.connection;    import java.util.LinkedHashSet;  import java.util.Set;  import okhttp3.Route;    /**   * A blacklist of failed routes to avoid when creating a new connection to a target address. This is   * used so that OkHttp can learn from its mistakes: if there was a failure attempting to connect to   * a specific IP address or proxy server, that failure is remembered and alternate routes are   * preferred.   */  public final class RouteDatabase {    private final Set<Route> failedRoutes = new LinkedHashSet<>();      /** Records a failure connecting to {@code failedRoute}. */    public synchronized void failed(Route failedRoute) {      failedRoutes.add(failedRoute);    }      /** Records success connecting to {@code failedRoute}. */    public synchronized void connected(Route route) {      failedRoutes.remove(route);    }      /** Returns true if {@code route} has failed recently and should be avoided. */    public synchronized boolean shouldPostpone(Route route) {      return failedRoutes.contains(route);    }  }</code></pre>    <p>OkHttp3主要用(Address, Proxy, InetSocketAddress)的三元组来描述路由信息:</p>    <pre>  <code class="language-java">package okhttp3;    import java.net.InetSocketAddress;  import java.net.Proxy;    /**   * The concrete route used by a connection to reach an abstract origin server. When creating a   * connection the client has many options:   *   * <ul>   *     <li><strong>HTTP proxy:</strong> a proxy server may be explicitly configured for the client.   *         Otherwise the {@linkplain java.net.ProxySelector proxy selector} is used. It may return   *         multiple proxies to attempt.   *     <li><strong>IP address:</strong> whether connecting directly to an origin server or a proxy,   *         opening a socket requires an IP address. The DNS server may return multiple IP addresses   *         to attempt.   * </ul>   *   * <p>Each route is a specific selection of these options.   */  public final class Route {    final Address address;    final Proxy proxy;    final InetSocketAddress inetSocketAddress;      public Route(Address address, Proxy proxy, InetSocketAddress inetSocketAddress) {      if (address == null) {        throw new NullPointerException("address == null");      }      if (proxy == null) {        throw new NullPointerException("proxy == null");      }      if (inetSocketAddress == null) {        throw new NullPointerException("inetSocketAddress == null");      }      this.address = address;      this.proxy = proxy;      this.inetSocketAddress = inetSocketAddress;    }      public Address address() {      return address;    }      /**     * Returns the {@link Proxy} of this route.     *     * <strong>Warning:</strong> This may disagree with {@link Address#proxy} when it is null. When     * the address's proxy is null, the proxy selector is used.     */    public Proxy proxy() {      return proxy;    }      public InetSocketAddress socketAddress() {      return inetSocketAddress;    }      /**     * Returns true if this route tunnels HTTPS through an HTTP proxy. See <a     * href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817, Section 5.2</a>.     */    public boolean requiresTunnel() {      return address.sslSocketFactory != null && proxy.type() == Proxy.Type.HTTP;    }      @Override public boolean equals(Object obj) {      if (obj instanceof Route) {        Route other = (Route) obj;        return address.equals(other.address)            && proxy.equals(other.proxy)            && inetSocketAddress.equals(other.inetSocketAddress);      }      return false;    }      @Override public int hashCode() {      int result = 17;      result = 31 * result + address.hashCode();      result = 31 * result + proxy.hashCode();      result = 31 * result + inetSocketAddress.hashCode();      return result;    }  }</code></pre>    <p>在StreamAllocation中建立连接时,会通过 RouteSelector 获取可用路由。</p>    <p>在OkHttp3中, ProxySelector 对象主要由OkHttpClient维护。</p>    <pre>  <code class="language-java">public class OkHttpClient implements Cloneable, Call.Factory {  ......    final ProxySelector proxySelector;      private OkHttpClient(Builder builder) {      this.dispatcher = builder.dispatcher;      this.proxy = builder.proxy;      this.protocols = builder.protocols;      this.connectionSpecs = builder.connectionSpecs;      this.interceptors = Util.immutableList(builder.interceptors);      this.networkInterceptors = Util.immutableList(builder.networkInterceptors);      this.proxySelector = builder.proxySelector;    ......      public ProxySelector proxySelector() {      return proxySelector;    }    ......        public Builder() {        dispatcher = new Dispatcher();        protocols = DEFAULT_PROTOCOLS;        connectionSpecs = DEFAULT_CONNECTION_SPECS;        proxySelector = ProxySelector.getDefault();    ......        Builder(OkHttpClient okHttpClient) {        this.dispatcher = okHttpClient.dispatcher;        this.proxy = okHttpClient.proxy;        this.protocols = okHttpClient.protocols;        this.connectionSpecs = okHttpClient.connectionSpecs;        this.interceptors.addAll(okHttpClient.interceptors);        this.networkInterceptors.addAll(okHttpClient.networkInterceptors);        this.proxySelector = okHttpClient.proxySelector;</code></pre>    <p>在创建OkHttpClient时,可以通过为OkHttpClient.Builder设置 ProxySelector 来定制 ProxySelector 。若没有指定,则所有的为默认 ProxySelector 。OpenJDK 1.8版默认的 ProxySelector 为 sun.net.spi.DefaultProxySelector :</p>    <pre>  <code class="language-java">public abstract class ProxySelector {      /**       * The system wide proxy selector that selects the proxy server to       * use, if any, when connecting to a remote object referenced by       * an URL.       *       * @see #setDefault(ProxySelector)       */      private static ProxySelector theProxySelector;        static {          try {              Class<?> c = Class.forName("sun.net.spi.DefaultProxySelector");              if (c != null && ProxySelector.class.isAssignableFrom(c)) {                  theProxySelector = (ProxySelector) c.newInstance();              }          } catch (Exception e) {              theProxySelector = null;          }      }        /**       * Gets the system-wide proxy selector.       *       * @throws  SecurityException       *          If a security manager has been installed and it denies       * {@link NetPermission}{@code ("getProxySelector")}       * @see #setDefault(ProxySelector)       * @return the system-wide {@code ProxySelector}       * @since 1.5       */      public static ProxySelector getDefault() {          SecurityManager sm = System.getSecurityManager();          if (sm != null) {              sm.checkPermission(SecurityConstants.GET_PROXYSELECTOR_PERMISSION);          }          return theProxySelector;      }</code></pre>    <p>在Android平台上,默认 ProxySelector 所用的则是 <a href="/misc/goto?guid=4959718204922714467" rel="nofollow,noindex">另外的实现</a> :</p>    <pre>  <code class="language-java">public abstract class ProxySelector {        private static ProxySelector defaultSelector = new ProxySelectorImpl();        /**       * Returns the default proxy selector, or null if none exists.       */      public static ProxySelector getDefault() {          return defaultSelector;      }        /**       * Sets the default proxy selector. If {@code selector} is null, the current       * proxy selector will be removed.       */      public static void setDefault(ProxySelector selector) {          defaultSelector = selector;      }</code></pre>    <p>Android平台下,默认的 ProxySelector ProxySelectorImpl,其 <a href="/misc/goto?guid=4959718205008181940" rel="nofollow,noindex">实现(不同版本的Android,实现不同,这里是android-6.0.1_r61的实现)</a> 如下:</p>    <pre>  <code class="language-java">package java.net;  import java.io.IOException;  import java.util.Collections;  import java.util.List;  final class ProxySelectorImpl extends ProxySelector {      @Override public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {          if (uri == null || sa == null || ioe == null) {              throw new IllegalArgumentException();          }      }      @Override public List<Proxy> select(URI uri) {          return Collections.singletonList(selectOneProxy(uri));      }      private Proxy selectOneProxy(URI uri) {          if (uri == null) {              throw new IllegalArgumentException("uri == null");          }          String scheme = uri.getScheme();          if (scheme == null) {              throw new IllegalArgumentException("scheme == null");          }          int port = -1;          Proxy proxy = null;          String nonProxyHostsKey = null;          boolean httpProxyOkay = true;          if ("http".equalsIgnoreCase(scheme)) {              port = 80;              nonProxyHostsKey = "http.nonProxyHosts";              proxy = lookupProxy("http.proxyHost", "http.proxyPort", Proxy.Type.HTTP, port);          } else if ("https".equalsIgnoreCase(scheme)) {              port = 443;              nonProxyHostsKey = "https.nonProxyHosts"; // RI doesn't support this              proxy = lookupProxy("https.proxyHost", "https.proxyPort", Proxy.Type.HTTP, port);          } else if ("ftp".equalsIgnoreCase(scheme)) {              port = 80; // not 21 as you might guess              nonProxyHostsKey = "ftp.nonProxyHosts";              proxy = lookupProxy("ftp.proxyHost", "ftp.proxyPort", Proxy.Type.HTTP, port);          } else if ("socket".equalsIgnoreCase(scheme)) {              httpProxyOkay = false;          } else {              return Proxy.NO_PROXY;          }          if (nonProxyHostsKey != null                  && isNonProxyHost(uri.getHost(), System.getProperty(nonProxyHostsKey))) {              return Proxy.NO_PROXY;          }          if (proxy != null) {              return proxy;          }          if (httpProxyOkay) {              proxy = lookupProxy("proxyHost", "proxyPort", Proxy.Type.HTTP, port);              if (proxy != null) {                  return proxy;              }          }          proxy = lookupProxy("socksProxyHost", "socksProxyPort", Proxy.Type.SOCKS, 1080);          if (proxy != null) {              return proxy;          }          return Proxy.NO_PROXY;      }      /**       * Returns the proxy identified by the {@code hostKey} system property, or       * null.       */      private Proxy lookupProxy(String hostKey, String portKey, Proxy.Type type, int defaultPort) {          String host = System.getProperty(hostKey);          if (host == null || host.isEmpty()) {              return null;          }          int port = getSystemPropertyInt(portKey, defaultPort);          return new Proxy(type, InetSocketAddress.createUnresolved(host, port));      }      private int getSystemPropertyInt(String key, int defaultValue) {          String string = System.getProperty(key);          if (string != null) {              try {                  return Integer.parseInt(string);              } catch (NumberFormatException ignored) {              }          }          return defaultValue;      }      /**       * Returns true if the {@code nonProxyHosts} system property pattern exists       * and matches {@code host}.       */      private boolean isNonProxyHost(String host, String nonProxyHosts) {          if (host == null || nonProxyHosts == null) {              return false;          }          // construct pattern          StringBuilder patternBuilder = new StringBuilder();          for (int i = 0; i < nonProxyHosts.length(); i++) {              char c = nonProxyHosts.charAt(i);              switch (c) {              case '.':                  patternBuilder.append("\\.");                  break;              case '*':                  patternBuilder.append(".*");                  break;              default:                  patternBuilder.append(c);              }          }          // check whether the host is the nonProxyHosts.          String pattern = patternBuilder.toString();          return host.matches(pattern);      }  }</code></pre>    <p>可以看到,在Android平台上,主要是从System properties中获取的代理服务器的主机及其端口号,会过滤掉不能进行代理的主机的访问。</p>    <p>回到OkHttp中,在RetryAndFollowUpInterceptor中,创建Address对象时,从OkHttpClient对象获取ProxySelector。Address对象会被用于创建StreamAllocation对象,StreamAllocation在建立连接时,从Address对象中获取ProxySelector以选择路由。</p>    <pre>  <code class="language-java">public final class RetryAndFollowUpInterceptor implements Interceptor {  ......    private Address createAddress(HttpUrl url) {      SSLSocketFactory sslSocketFactory = null;      HostnameVerifier hostnameVerifier = null;      CertificatePinner certificatePinner = null;      if (url.isHttps()) {        sslSocketFactory = client.sslSocketFactory();        hostnameVerifier = client.hostnameVerifier();        certificatePinner = client.certificatePinner();      }        return new Address(url.host(), url.port(), client.dns(), client.socketFactory(),          sslSocketFactory, hostnameVerifier, certificatePinner, client.proxyAuthenticator(),          client.proxy(), client.protocols(), client.connectionSpecs(), client.proxySelector());    }</code></pre>    <h2><strong>代理协议</strong></h2>    <p>OkHttp3发送给HTTP代理服务器的HTTP请求,与直接发送给HTTP服务器的HTTP请求有什么样的区别呢,还是说两者其实毫无差别呢?也就是HTTP代理的协议是什么样的呢?这里我们就通过对代码进行分析来仔细地看一下。</p>    <p>如我们在 <a href="/misc/goto?guid=4959718205097160254" rel="nofollow,noindex">OkHttp3 HTTP请求执行流程分析</a> 中看到的,OkHttp3对HTTP请求是通过Interceptor链来处理的。</p>    <p>RetryAndFollowUpInterceptor 创建 StreamAllocation 对象,处理http的重定向及出错重试。对后续Interceptor的执行的影响为修改Request并创建StreamAllocation对象。</p>    <p>BridgeInterceptor 补全缺失的一些http header。对后续Interceptor的执行的影响主要为修改了Request。</p>    <p>CacheInterceptor 处理http缓存。对后续Interceptor的执行的影响为,若缓存中有所需请求的响应,则后续Interceptor不再执行。</p>    <p>ConnectInterceptor 借助于前面分配的 StreamAllocation 对象建立与服务器之间的连接,并选定交互所用的协议是HTTP 1.1还是HTTP 2。对后续Interceptor的执行的影响为,创建了HttpStream和connection。</p>    <p>CallServerInterceptor 作为Interceptor链中的最后一个Interceptor,用于处理IO,与服务器进行数据交换。</p>    <p>OkHttp3对代理的处理是在 ConnectInterceptor 和 CallServerInterceptor 中完成的。再来看 ConnectInterceptor 的定义:</p>    <pre>  <code class="language-java">package okhttp3.internal.connection;    import java.io.IOException;  import okhttp3.Interceptor;  import okhttp3.OkHttpClient;  import okhttp3.Request;  import okhttp3.Response;  import okhttp3.internal.http.HttpCodec;  import okhttp3.internal.http.RealInterceptorChain;    /** Opens a connection to the target server and proceeds to the next interceptor. */  public final class ConnectInterceptor implements Interceptor {    public final OkHttpClient client;      public ConnectInterceptor(OkHttpClient client) {      this.client = client;    }      @Override public Response intercept(Chain chain) throws IOException {      RealInterceptorChain realChain = (RealInterceptorChain) chain;      Request request = realChain.request();      StreamAllocation streamAllocation = realChain.streamAllocation();        // We need the network to satisfy this request. Possibly for validating a conditional GET.      boolean doExtensiveHealthChecks = !request.method().equals("GET");      HttpCodec httpCodec = streamAllocation.newStream(client, doExtensiveHealthChecks);      RealConnection connection = streamAllocation.connection();        return realChain.proceed(request, streamAllocation, httpCodec, connection);    }  }</code></pre>    <p>ConnectInterceptor 利用前面的Interceptor创建的StreamAllocation对象,创建stream HttpCodec,以及RealConnection connection。然后把这些对象传给链中后继的Interceptor,也就是 CallServerInterceptor 处理。</p>    <p>为了厘清StreamAllocation的两个操作的详细执行过程,这里再回过头来看一下 StreamAllocation 对象的创建。StreamAllocation对象在 RetryAndFollowUpInterceptor 中创建:</p>    <pre>  <code class="language-java">@Override public Response intercept(Chain chain) throws IOException {      Request request = chain.request();        streamAllocation = new StreamAllocation(          client.connectionPool(), createAddress(request.url()), callStackTrace);</code></pre>    <p>创建 StreamAllocation 对象时,传入的ConnectionPool来自于OkHttpClient,创建的Address主要用于描述HTTP服务的目标地址相关的信息。</p>    <pre>  <code class="language-java">public final class StreamAllocation {    public final Address address;    private Route route;    private final ConnectionPool connectionPool;    private final Object callStackTrace;      // State guarded by connectionPool.    private final RouteSelector routeSelector;    private int refusedStreamCount;    private RealConnection connection;    private boolean released;    private boolean canceled;    private HttpCodec codec;      public StreamAllocation(ConnectionPool connectionPool, Address address, Object callStackTrace) {      this.connectionPool = connectionPool;      this.address = address;      this.routeSelector = new RouteSelector(address, routeDatabase());      this.callStackTrace = callStackTrace;    }</code></pre>    <p>创建 StreamAllocation 对象时,除了创建 RouteSelector 之外,并没有其它特别的地方。</p>    <p>然后来看 ConnectInterceptor 中用来创建HttpCodec的newStream()方法:</p>    <pre>  <code class="language-java">public final class StreamAllocation {    ......      public HttpCodec newStream(OkHttpClient client, boolean doExtensiveHealthChecks) {      int connectTimeout = client.connectTimeoutMillis();      int readTimeout = client.readTimeoutMillis();      int writeTimeout = client.writeTimeoutMillis();      boolean connectionRetryEnabled = client.retryOnConnectionFailure();        try {        RealConnection resultConnection = findHealthyConnection(connectTimeout, readTimeout,            writeTimeout, connectionRetryEnabled, doExtensiveHealthChecks);          HttpCodec resultCodec;        if (resultConnection.http2Connection != null) {          resultCodec = new Http2Codec(client, this, resultConnection.http2Connection);        } else {          resultConnection.socket().setSoTimeout(readTimeout);          resultConnection.source.timeout().timeout(readTimeout, MILLISECONDS);          resultConnection.sink.timeout().timeout(writeTimeout, MILLISECONDS);          resultCodec = new Http1Codec(              client, this, resultConnection.source, resultConnection.sink);        }          synchronized (connectionPool) {          codec = resultCodec;          return resultCodec;        }      } catch (IOException e) {        throw new RouteException(e);      }    }</code></pre>    <p>这个方法的执行流程为:</p>    <ol>     <li>建立连接。<br> 通过调用findHealthyConnection()方法来建立连接,后面我们通过分析这个方法的实现来了解连接的具体含义。</li>     <li>用前面创建的连接来创建HttpCodec。<br> 对于HTTP/1.1创建Http1Codec,对于HTTP/2则创建Http2Codec。HttpCodec用于处理与HTTP具体协议相关的部分。比如HTTP/1.1是基于文本的协议,而HTTP/2则是基于二进制格式的协议,HttpCodec用于将请求编码为对应协议要求的传输格式,并在得到响应时,对数据进行解码。</li>    </ol>    <p>然后来看 findHealthyConnection() 中创建连接的过程:</p>    <pre>  <code class="language-java">/**     * Finds a connection and returns it if it is healthy. If it is unhealthy the process is repeated     * until a healthy connection is found.     */    private RealConnection findHealthyConnection(int connectTimeout, int readTimeout,        int writeTimeout, boolean connectionRetryEnabled, boolean doExtensiveHealthChecks)        throws IOException {      while (true) {        RealConnection candidate = findConnection(connectTimeout, readTimeout, writeTimeout,            connectionRetryEnabled);          // If this is a brand new connection, we can skip the extensive health checks.        synchronized (connectionPool) {          if (candidate.successCount == 0) {            return candidate;          }        }          // Do a (potentially slow) check to confirm that the pooled connection is still good. If it        // isn't, take it out of the pool and start again.        if (!candidate.isHealthy(doExtensiveHealthChecks)) {          noNewStreams();          continue;        }          return candidate;      }    }</code></pre>    <p>在这个方法中,是找到一个连接,然后判断其是否可用。如果可用则将找到的连接返回给调用者,否则寻找下一个连接。寻找连接可能是建立一个新的连接,也可能是复用连接池中的一个连接。</p>    <p>接着来看寻找连接的过程 findConnection() :</p>    <pre>  <code class="language-java">/**     * Returns a connection to host a new stream. This prefers the existing connection if it exists,     * then the pool, finally building a new connection.     */    private RealConnection findConnection(int connectTimeout, int readTimeout, int writeTimeout,        boolean connectionRetryEnabled) throws IOException {      Route selectedRoute;      synchronized (connectionPool) {        if (released) throw new IllegalStateException("released");        if (codec != null) throw new IllegalStateException("codec != null");        if (canceled) throw new IOException("Canceled");          RealConnection allocatedConnection = this.connection;        if (allocatedConnection != null && !allocatedConnection.noNewStreams) {          return allocatedConnection;        }          // Attempt to get a connection from the pool.        RealConnection pooledConnection = Internal.instance.get(connectionPool, address, this);        if (pooledConnection != null) {          this.connection = pooledConnection;          return pooledConnection;        }          selectedRoute = route;      }        if (selectedRoute == null) {        selectedRoute = routeSelector.next();        synchronized (connectionPool) {          route = selectedRoute;          refusedStreamCount = 0;        }      }      RealConnection newConnection = new RealConnection(selectedRoute);        synchronized (connectionPool) {        acquire(newConnection);        Internal.instance.put(connectionPool, newConnection);        this.connection = newConnection;        if (canceled) throw new IOException("Canceled");      }        newConnection.connect(connectTimeout, readTimeout, writeTimeout, address.connectionSpecs(),          connectionRetryEnabled);      routeDatabase().connected(newConnection.route());        return newConnection;    }</code></pre>    <p>这个过程大体为:</p>    <ol>     <li>检查上次分配的连接是否可用,若可用则,则将上次分配的连接返回给调用者。</li>     <li>上次分配的连接不存在,或不可用,则从连接池中查找一个连接,查找的依据就是Address,也就是连接的对端地址,以及路由等信息。Internal.instance指向OkHttpClient的一个内部类的对象,Internal.instance.get()实际会通过ConnectionPool的 get(Address address, StreamAllocation streamAllocation) 方法来尝试获取RealConnection。<br> 若能从连接池中找到所需要的连接,则将连接返回给调用者。</li>     <li>从连接池中没有找到所需要的连接,则会首先选择路由。</li>     <li>然后创建新的连接RealConnection对象。</li>     <li>acquire新创建的连接RealConnection对象,并将它放进连接池。不太确定这个地方的synchronized是不是太长了。貌似只有Internal.instance.put(connectionPool, newConnection)涉及到了全局对象的访问,而其它操作并没有。</li>     <li>调用newConnection.connect()建立连接。</li>    </ol>    <p>这里再来看一下在ConnectionPool的get()操作执行的过程:</p>    <pre>  <code class="language-java">private final Deque<RealConnection> connections = new ArrayDeque<>();    final RouteDatabase routeDatabase = new RouteDatabase();    boolean cleanupRunning;      /** Returns a recycled connection to {@code address}, or null if no such connection exists. */    RealConnection get(Address address, StreamAllocation streamAllocation) {      assert (Thread.holdsLock(this));      for (RealConnection connection : connections) {        if (connection.allocations.size() < connection.allocationLimit            && address.equals(connection.route().address)            && !connection.noNewStreams) {          streamAllocation.acquire(connection);          return connection;        }      }      return null;    }</code></pre>    <p>ConnectionPool连接池是连接的容器,这里用了一个Deque来保存所有的连接RealConnection。而get的过程就是,遍历保存的所有连接来匹配address。同时connection.allocations.size()要满足connection.allocationLimit的限制。</p>    <p>在找到了所需要的连接之后,会acquire该连接。</p>    <p>acquire连接的过程又是什么样的呢?</p>    <pre>  <code class="language-java">public final class StreamAllocation {    ......      /**     * Use this allocation to hold {@code connection}. Each call to this must be paired with a call to     * {@link #release} on the same connection.     */    public void acquire(RealConnection connection) {      assert (Thread.holdsLock(connectionPool));      connection.allocations.add(new StreamAllocationReference(this, callStackTrace));    }</code></pre>    <p>基本上就是给RealConnection的allocations添加一个到该StreamAllocation的引用。这样看来,同一个连接RealConnection似乎同时可以为多个HTTP请求服务。而我们知道,多个HTTP/1.1请求是不能在同一个连接上交叉处理的。那这又是怎么回事呢?</p>    <p>我们来看connection.allocationLimit的更新设置。RealConnection中如下的两个地方会设置这个值:</p>    <pre>  <code class="language-java">public final class RealConnection extends Http2Connection.Listener implements Connection {    ......      private void establishProtocol(int readTimeout, int writeTimeout,        ConnectionSpecSelector connectionSpecSelector) throws IOException {      if (route.address().sslSocketFactory() != null) {        connectTls(readTimeout, writeTimeout, connectionSpecSelector);      } else {        protocol = Protocol.HTTP_1_1;        socket = rawSocket;      }        if (protocol == Protocol.HTTP_2) {        socket.setSoTimeout(0); // Framed connection timeouts are set per-stream.          Http2Connection http2Connection = new Http2Connection.Builder(true)            .socket(socket, route.address().url().host(), source, sink)            .listener(this)            .build();        http2Connection.start();          // Only assign the framed connection once the preface has been sent successfully.        this.allocationLimit = http2Connection.maxConcurrentStreams();        this.http2Connection = http2Connection;      } else {        this.allocationLimit = 1;      }    }      /** When settings are received, adjust the allocation limit. */    @Override public void onSettings(Http2Connection connection) {      allocationLimit = connection.maxConcurrentStreams();    }</code></pre>    <p>可以看到,若不是HTTP/2的连接,则allocationLimit的值总是1。由此可见,StreamAllocation以及RealConnection的allocations/allocationLimit这样的设计,主要是为了实现HTTP/2 multi stream的特性。否则的话,大概为RealConnection用一个inUse标记就可以了。</p>    <p>那</p>    <p>回到StreamAllocation的 findConnection() ,来看新创建的RealConnection对象建立连接的过程,即RealConnection的connect():</p>    <pre>  <code class="language-java">public final class RealConnection extends Http2Connection.Listener implements Connection {    private final Route route;      /** The low-level TCP socket. */    private Socket rawSocket;      /**     * The application layer socket. Either an {@link SSLSocket} layered over {@link #rawSocket}, or     * {@link #rawSocket} itself if this connection does not use SSL.     */    public Socket socket;    private Handshake handshake;    private Protocol protocol;    public volatile Http2Connection http2Connection;    public int successCount;    public BufferedSource source;    public BufferedSink sink;    public int allocationLimit;    public final List<Reference<StreamAllocation>> allocations = new ArrayList<>();    public boolean noNewStreams;    public long idleAtNanos = Long.MAX_VALUE;      public RealConnection(Route route) {      this.route = route;    }      public void connect(int connectTimeout, int readTimeout, int writeTimeout,        List<ConnectionSpec> connectionSpecs, boolean connectionRetryEnabled) {      if (protocol != null) throw new IllegalStateException("already connected");        RouteException routeException = null;      ConnectionSpecSelector connectionSpecSelector = new ConnectionSpecSelector(connectionSpecs);        if (route.address().sslSocketFactory() == null) {        if (!connectionSpecs.contains(ConnectionSpec.CLEARTEXT)) {          throw new RouteException(new UnknownServiceException(              "CLEARTEXT communication not enabled for client"));        }        String host = route.address().url().host();        if (!Platform.get().isCleartextTrafficPermitted(host)) {          throw new RouteException(new UnknownServiceException(              "CLEARTEXT communication to " + host + " not permitted by network security policy"));        }      }        while (protocol == null) {        try {          if (route.requiresTunnel()) {            buildTunneledConnection(connectTimeout, readTimeout, writeTimeout,                connectionSpecSelector);          } else {            buildConnection(connectTimeout, readTimeout, writeTimeout, connectionSpecSelector);          }        } catch (IOException e) {          closeQuietly(socket);          closeQuietly(rawSocket);          socket = null;          rawSocket = null;          source = null;          sink = null;          handshake = null;          protocol = null;            if (routeException == null) {            routeException = new RouteException(e);          } else {            routeException.addConnectException(e);          }            if (!connectionRetryEnabled || !connectionSpecSelector.connectionFailed(e)) {            throw routeException;          }        }      }    }</code></pre>    <p>根据路由的类型,来执行不同的创建连接的过程。对于需要创建隧道连接的路由,执行buildTunneledConnection(),而对于普通连接,则执行buildConnection()。</p>    <p>如何判断是否要建立隧道连接呢?来看</p>    <pre>  <code class="language-java">/**     * Returns true if this route tunnels HTTPS through an HTTP proxy. See <a     * href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817, Section 5.2</a>.     */    public boolean requiresTunnel() {      return address.sslSocketFactory != null && proxy.type() == Proxy.Type.HTTP;    }</code></pre>    <p>可以看到,通过代理服务器,来做https请求的连接(http/1.1的https和http2)需要建立隧道连接,而其它的连接则不需要建立隧道连接。</p>    <p>用于建立隧道连接的buildTunneledConnection()的过程:</p>    <pre>  <code class="language-java">/**     * Does all the work to build an HTTPS connection over a proxy tunnel. The catch here is that a     * proxy server can issue an auth challenge and then close the connection.     */    private void buildTunneledConnection(int connectTimeout, int readTimeout, int writeTimeout,        ConnectionSpecSelector connectionSpecSelector) throws IOException {      Request tunnelRequest = createTunnelRequest();      HttpUrl url = tunnelRequest.url();      int attemptedConnections = 0;      int maxAttempts = 21;      while (true) {        if (++attemptedConnections > maxAttempts) {          throw new ProtocolException("Too many tunnel connections attempted: " + maxAttempts);        }          connectSocket(connectTimeout, readTimeout);        tunnelRequest = createTunnel(readTimeout, writeTimeout, tunnelRequest, url);          if (tunnelRequest == null) break; // Tunnel successfully created.          // The proxy decided to close the connection after an auth challenge. We need to create a new        // connection, but this time with the auth credentials.        closeQuietly(rawSocket);        rawSocket = null;        sink = null;        source = null;      }        establishProtocol(readTimeout, writeTimeout, connectionSpecSelector);    }</code></pre>    <p>基本上是两个过程:</p>    <ol>     <li>建立隧道连接。</li>     <li>建立Protocol。</li>    </ol>    <p>建立隧道连接的过程,又分为了几个过程:</p>    <ul>     <li>创建隧道请求</li>     <li>建立Socket连接</li>     <li>发送请求建立隧道</li>    </ul>    <p>隧道请求是一个常规的HTTP请求,只是请求的内容有点特殊。初始的隧道请求如:</p>    <pre>  <code class="language-java">/**     * Returns a request that creates a TLS tunnel via an HTTP proxy. Everything in the tunnel request     * is sent unencrypted to the proxy server, so tunnels include only the minimum set of headers.     * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.     */    private Request createTunnelRequest() {      return new Request.Builder()          .url(route.address().url())          .header("Host", Util.hostHeader(route.address().url(), true))          .header("Proxy-Connection", "Keep-Alive")          .header("User-Agent", Version.userAgent()) // For HTTP/1.0 proxies like Squid.          .build();    }</code></pre>    <p>建立socket连接的过程如下:</p>    <pre>  <code class="language-java">private void connectSocket(int connectTimeout, int readTimeout) throws IOException {      Proxy proxy = route.proxy();      Address address = route.address();        rawSocket = proxy.type() == Proxy.Type.DIRECT || proxy.type() == Proxy.Type.HTTP          ? address.socketFactory().createSocket()          : new Socket(proxy);        rawSocket.setSoTimeout(readTimeout);      try {        Platform.get().connectSocket(rawSocket, route.socketAddress(), connectTimeout);      } catch (ConnectException e) {        throw new ConnectException("Failed to connect to " + route.socketAddress());      }      source = Okio.buffer(Okio.source(rawSocket));      sink = Okio.buffer(Okio.sink(rawSocket));    }</code></pre>    <p>主要是创建一个到代理服务器或HTTP服务器的Socket连接。socketFactory最终来自于OkHttpClient,对于OpenJDK 8而言,默认为DefaultSocketFactory:</p>    <pre>  <code class="language-java">/**       * Returns a copy of the environment's default socket factory.       *       * @return the default <code>SocketFactory</code>       */      public static SocketFactory getDefault()      {          synchronized (SocketFactory.class) {              if (theFactory == null) {                  //                  // Different implementations of this method SHOULD                  // work rather differently.  For example, driving                  // this from a system property, or using a different                  // implementation than JavaSoft's.                  //                  theFactory = new DefaultSocketFactory();              }          }            return theFactory;      }</code></pre>    <p>创建隧道的过程是这样子的:</p>    <pre>  <code class="language-java">/**     * To make an HTTPS connection over an HTTP proxy, send an unencrypted CONNECT request to create     * the proxy connection. This may need to be retried if the proxy requires authorization.     */    private Request createTunnel(int readTimeout, int writeTimeout, Request tunnelRequest,        HttpUrl url) throws IOException {      // Make an SSL Tunnel on the first message pair of each SSL + proxy connection.      String requestLine = "CONNECT " + Util.hostHeader(url, true) + " HTTP/1.1";      while (true) {        Http1Codec tunnelConnection = new Http1Codec(null, null, source, sink);        source.timeout().timeout(readTimeout, MILLISECONDS);        sink.timeout().timeout(writeTimeout, MILLISECONDS);        tunnelConnection.writeRequest(tunnelRequest.headers(), requestLine);        tunnelConnection.finishRequest();        Response response = tunnelConnection.readResponse().request(tunnelRequest).build();        // The response body from a CONNECT should be empty, but if it is not then we should consume        // it before proceeding.        long contentLength = HttpHeaders.contentLength(response);        if (contentLength == -1L) {          contentLength = 0L;        }        Source body = tunnelConnection.newFixedLengthSource(contentLength);        Util.skipAll(body, Integer.MAX_VALUE, TimeUnit.MILLISECONDS);        body.close();          switch (response.code()) {          case HTTP_OK:            // Assume the server won't send a TLS ServerHello until we send a TLS ClientHello. If            // that happens, then we will have buffered bytes that are needed by the SSLSocket!            // This check is imperfect: it doesn't tell us whether a handshake will succeed, just            // that it will almost certainly fail because the proxy has sent unexpected data.            if (!source.buffer().exhausted() || !sink.buffer().exhausted()) {              throw new IOException("TLS tunnel buffered too many bytes!");            }            return null;            case HTTP_PROXY_AUTH:            tunnelRequest = route.address().proxyAuthenticator().authenticate(route, response);            if (tunnelRequest == null) throw new IOException("Failed to authenticate with proxy");              if ("close".equalsIgnoreCase(response.header("Connection"))) {              return tunnelRequest;            }            break;            default:            throw new IOException(                "Unexpected response code for CONNECT: " + response.code());        }      }    }</code></pre>    <p>主要HTTP 的 CONNECT 方法建立隧道。</p>    <p>而建立常规的连接的过程则为:</p>    <pre>  <code class="language-java">/** Does all the work necessary to build a full HTTP or HTTPS connection on a raw socket. */    private void buildConnection(int connectTimeout, int readTimeout, int writeTimeout,        ConnectionSpecSelector connectionSpecSelector) throws IOException {      connectSocket(connectTimeout, readTimeout);      establishProtocol(readTimeout, writeTimeout, connectionSpecSelector);    }</code></pre>    <p>建立socket连接,然后建立Protocol。建立Protocol的过程为:</p>    <pre>  <code class="language-java">private void establishProtocol(int readTimeout, int writeTimeout,        ConnectionSpecSelector connectionSpecSelector) throws IOException {      if (route.address().sslSocketFactory() != null) {        connectTls(readTimeout, writeTimeout, connectionSpecSelector);      } else {        protocol = Protocol.HTTP_1_1;        socket = rawSocket;      }        if (protocol == Protocol.HTTP_2) {        socket.setSoTimeout(0); // Framed connection timeouts are set per-stream.          Http2Connection http2Connection = new Http2Connection.Builder(true)            .socket(socket, route.address().url().host(), source, sink)            .listener(this)            .build();        http2Connection.start();          // Only assign the framed connection once the preface has been sent successfully.        this.allocationLimit = http2Connection.maxConcurrentStreams();        this.http2Connection = http2Connection;      } else {        this.allocationLimit = 1;      }    }</code></pre>    <p>HTTP/2协议的协商过程在connectTls()的过程中完成。</p>    <p>总结一下OkHttp3的连接RealConnection的含义,或者说是ConnectInterceptor从StreamAllocation中获取的RealConnection对象的状态:</p>    <ol>     <li>对于不使用HTTP代理的HTTP请求,为一个到HTTP服务器的Socket连接。后续直接向该Socket连接中写入常规的HTTP请求,并从中读取常规的HTTP响应。</li>     <li>对于不使用代理的https请求,为一个到https服务器的Socket连接,但经过了TLS握手,协议协商等过程。后续直接向该Socket连接中写入常规的请求,并从中读取常规的响应。</li>     <li>对于使用HTTP代理的HTTP请求,为一个到HTTP代理服务器的Socket连接。后续直接向该Socket连接中写入常规的HTTP请求,并从中读取常规的HTTP响应。</li>     <li>对于使用代理的https请求,为一个到代理服务器的隧道连接,但经过了TLS握手,协议协商等过程。后续直接向该Socket连接中写入常规的请求,并从中读取常规的响应。</li>    </ol>    <p> </p>    <p> </p>    <p>来自:http://www.jianshu.com/p/5c98999bc34f</p>    <p> </p>