Addressing 'org.apache.hc.core5.http.ParseException: Invalid protocol…

… version' under JDK 16+ (#4827)

* Addressing 'org.apache.hc.core5.http.ParseException: Invalid protocol version' under JDK 16+

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

* Addressing code review comments

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

CHANGELOG.md

@@ -149,6 +149,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Fix decommission status update to non leader nodes ([4800](https://github.com/opensearch-project/OpenSearch/pull/4800))
 - Fix recovery path for searchable snapshots ([4813](https://github.com/opensearch-project/OpenSearch/pull/4813))
 - Fix bug in AwarenessAttributeDecommissionIT([4822](https://github.com/opensearch-project/OpenSearch/pull/4822))
+- Fix 'org.apache.hc.core5.http.ParseException: Invalid protocol version' under JDK 16+ ([#4827](https://github.com/opensearch-project/OpenSearch/pull/4827))
 
 ### Security
 - CVE-2022-25857 org.yaml:snakeyaml DOS vulnerability ([#4341](https://github.com/opensearch-project/OpenSearch/pull/4341))

client/rest/src/main/java/org/opensearch/client/RestClientBuilder.java

@@ -32,8 +32,10 @@
 
 package org.opensearch.client;
 
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.apache.hc.core5.util.Timeout;
 import org.apache.hc.client5.http.async.HttpAsyncClient;
 import org.apache.hc.client5.http.auth.CredentialsProvider;
@@ -48,6 +50,7 @@
 import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 
 import java.security.AccessController;
 import java.security.NoSuchAlgorithmException;
@@ -311,7 +314,16 @@ private CloseableHttpAsyncClient createHttpClient() {
         }
 
         try {
-            final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create().setSslContext(SSLContext.getDefault()).build();
+            final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
+                .setSslContext(SSLContext.getDefault())
+                // See https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                    @Override
+                    public TlsDetails create(final SSLEngine sslEngine) {
+                        return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                    }
+                })
+                .build();
 
             final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder.create()
                 .setMaxConnPerRoute(DEFAULT_MAX_CONN_PER_ROUTE)

client/rest/src/test/java/org/opensearch/client/documentation/RestClientDocumentation.java

@@ -40,6 +40,7 @@
 import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
 import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.ContentType;
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpEntity;
@@ -51,6 +52,7 @@
 import org.apache.hc.core5.http.message.RequestLine;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
 import org.apache.hc.core5.reactor.IOReactorConfig;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.apache.hc.core5.ssl.SSLContextBuilder;
 import org.apache.hc.core5.ssl.SSLContexts;
 import org.apache.hc.core5.util.Timeout;
@@ -67,6 +69,8 @@
 import org.opensearch.client.RestClientBuilder.HttpClientConfigCallback;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
@@ -429,6 +433,13 @@ public HttpAsyncClientBuilder customizeHttpClient(
                             HttpAsyncClientBuilder httpClientBuilder) {
                         final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
                                 .setSslContext(sslContext)
+                                // See https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                                .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                                    @Override
+                                    public TlsDetails create(final SSLEngine sslEngine) {
+                                        return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                                    }
+                                })
                                 .build();
 
                         final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder.create()
@@ -463,6 +474,13 @@ public HttpAsyncClientBuilder customizeHttpClient(
                         HttpAsyncClientBuilder httpClientBuilder) {
                         final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
                                 .setSslContext(sslContext)
+                                // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                                .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                                    @Override
+                                    public TlsDetails create(final SSLEngine sslEngine) {
+                                        return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                                    }
+                                })
                                 .build();
 
                         final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder.create()

modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexSslConfig.java

@@ -35,7 +35,9 @@
 import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
 import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.opensearch.common.settings.SecureSetting;
 import org.opensearch.common.settings.SecureString;
 import org.opensearch.common.settings.Setting;
@@ -50,6 +52,8 @@
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.nio.file.Path;
@@ -178,6 +182,13 @@ TlsStrategy getStrategy() {
             .setHostnameVerifier(hostnameVerifier)
             .setCiphers(cipherSuites)
             .setTlsVersions(protocols)
+            // See https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+            .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                @Override
+                public TlsDetails create(final SSLEngine sslEngine) {
+                    return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                }
+            })
             .build();
 
     }

test/framework/src/main/java/org/opensearch/test/rest/OpenSearchRestTestCase.java

@@ -37,12 +37,14 @@
 import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
 import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.HttpStatus;
 import org.apache.hc.core5.http.io.entity.EntityUtils;
 import org.apache.hc.core5.http.message.BasicHeader;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.apache.hc.core5.ssl.SSLContexts;
 import org.apache.hc.core5.util.Timeout;
 import org.apache.lucene.util.SetOnce;
@@ -85,6 +87,8 @@
 import org.junit.Before;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -851,7 +855,16 @@ protected static void configureClient(RestClientBuilder builder, Settings settin
                 }
                 final SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(keyStore, null).build();
                 builder.setHttpClientConfigCallback(httpClientBuilder -> {
-                    final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create().setSslContext(sslcontext).build();
+                    final TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
+                        .setSslContext(sslcontext)
+                        // See https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                        .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                            @Override
+                            public TlsDetails create(final SSLEngine sslEngine) {
+                                return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                            }
+                        })
+                        .build();
 
                     final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder.create()
                         .setTlsStrategy(tlsStrategy)