Skip to content

Commit

Permalink
Fix tests after Apache HttpClient5 / HttpCore5 update since those use…
Browse files Browse the repository at this point in the history
… deprecated APIs

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
  • Loading branch information
reta committed Jan 17, 2025
1 parent 36f67f0 commit fa2b456
Show file tree
Hide file tree
Showing 10 changed files with 97 additions and 99 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
Expand Down Expand Up @@ -223,7 +224,7 @@ private CloseableHttpClient createHttpClient(HttpCacheStorage httpCacheStorage)

if (sslConfig != null) {
final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory())
.setTlsSocketStrategy(new DefaultClientTlsStrategy(sslConfig.getSslContext()))
.build();

builder.setConnectionManager(cm);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,15 @@
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.io.SocketConfig;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.ssl.TrustStrategy;
import org.apache.http.HttpStatus;

import org.opensearch.common.settings.Settings;
Expand Down Expand Up @@ -368,27 +369,20 @@ CloseableHttpClient getHttpClient() {
.setConnectionRequestTimeout(timeout, TimeUnit.SECONDS)
.build();

final TrustStrategy trustAllStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) {
return true;
}
};

try {

HttpClientBuilder hcb = HttpClients.custom().setDefaultRequestConfig(config);
if (!verifySSL) {
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(trustAllStrategy).build();
final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(TrustAllStrategy.INSTANCE).build();
final DefaultClientTlsStrategy sslsf = new DefaultClientTlsStrategy(
sslContext,
null,
null,
SSLBufferMode.STATIC,
NoopHostnameVerifier.INSTANCE
);

final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslsf)
.setTlsSocketStrategy(sslsf)
.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(timeout, TimeUnit.SECONDS).build())
.build();
hcb.setConnectionManager(cm);
Expand All @@ -399,10 +393,16 @@ public boolean isTrusted(X509Certificate[] chain, String authType) {
return HttpClients.custom().setDefaultRequestConfig(config).build();
}
SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(effectiveTruststore, null).build();
final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null, new DefaultHostnameVerifier());
final DefaultClientTlsStrategy sslsf = new DefaultClientTlsStrategy(
sslContext,
null,
null,
SSLBufferMode.STATIC,
new DefaultHostnameVerifier()
);

final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create()
.setSSLSocketFactory(sslsf)
.setTlsSocketStrategy(sslsf)
.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(timeout, TimeUnit.SECONDS).build())
.build();
hcb.setConnectionManager(cm);
Expand Down
26 changes: 9 additions & 17 deletions src/main/java/org/opensearch/security/httpclient/HttpClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,21 @@
import java.util.stream.Collectors;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

import com.google.common.collect.Lists;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.nio.AsyncClientConnectionManager;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.core5.function.Factory;
import org.apache.hc.core5.http.HttpHeaders;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
import org.apache.hc.core5.reactor.ssl.TlsDetails;
import org.apache.hc.core5.reactor.ssl.SSLBufferMode;
import org.apache.hc.core5.ssl.PrivateKeyDetails;
import org.apache.hc.core5.ssl.PrivateKeyStrategy;
import org.apache.hc.core5.ssl.SSLContextBuilder;
Expand Down Expand Up @@ -280,19 +278,13 @@ public String chooseAlias(Map<String, PrivateKeyDetails> aliases, SSLParameters
final HostnameVerifier hnv = verifyHostnames ? new DefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE;

final SSLContext sslContext = sslContextBuilder.build();
TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create()
.setSslContext(sslContext)
.setTlsVersions(supportedProtocols)
.setCiphers(supportedCipherSuites)
.setHostnameVerifier(hnv)
// See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219
.setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
@Override
public TlsDetails create(final SSLEngine sslEngine) {
return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
}
})
.build();
final TlsStrategy tlsStrategy = new DefaultClientTlsStrategy(
sslContext,
supportedProtocols,
supportedCipherSuites,
SSLBufferMode.STATIC,
hnv
);

final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create().setTlsStrategy(tlsStrategy).build();
httpClientBuilder.setConnectionManager(cm);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,24 +62,27 @@ class MockIpdServer implements Closeable {
this.ssl = ssl;
this.jwks = jwks;

ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap()
.setListenerPort(port)
.register(CTX_DISCOVER, new HttpRequestHandler() {

@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleDiscoverRequest(request, response, context);
}
})
.register(CTX_KEYS, new HttpRequestHandler() {

@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleKeysRequest(request, response, context);
}
});
ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port).setRequestRouter((request, context) -> {
if (request.getRequestUri().startsWith(CTX_DISCOVER)) {
return new HttpRequestHandler() {
@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleDiscoverRequest(request, response, context);
}
};
} else if (request.getRequestUri().startsWith(CTX_KEYS)) {
return new HttpRequestHandler() {
@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleKeysRequest(request, response, context);
}
};
} else {
return null;
}
});

if (ssl) {
serverBootstrap = serverBootstrap.setSslContext(createSSLContext()).setSslSetupHandler(new Callback<SSLParameters>() {
Expand Down
57 changes: 29 additions & 28 deletions src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java
Original file line number Diff line number Diff line change
Expand Up @@ -195,34 +195,35 @@ class MockSamlIdpServer implements Closeable {

this.loadSigningKeys("saml/kirk-keystore.jks", "kirk");

ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap()
.setListenerPort(port)
.register(CTX_METADATA, new HttpRequestHandler() {

@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {

handleMetadataRequest(request, response, context);

}
})
.register(CTX_SAML_SSO, new HttpRequestHandler() {

@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleSsoRequest(request, response, context);
}
})
.register(CTX_SAML_SLO, new HttpRequestHandler() {

@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleSloRequest(request, response, context);
}
});
ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port).setRequestRouter((request, context) -> {
if (request.getRequestUri().startsWith(CTX_METADATA)) {
return new HttpRequestHandler() {
@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleMetadataRequest(request, response, context);
}
};
} else if (request.getRequestUri().startsWith(CTX_SAML_SSO)) {
return new HttpRequestHandler() {
@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleSsoRequest(request, response, context);
}
};
} else if (request.getRequestUri().startsWith(CTX_SAML_SLO)) {
return new HttpRequestHandler() {
@Override
public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException,
IOException {
handleSloRequest(request, response, context);
}
};
} else {
return null;
}
});

if (ssl) {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ public void testWhoAmIForceHttp1() throws Exception {
Response whoAmIRes = restHighLevelClient.getLowLevelClient().performRequest(new Request("GET", "/_plugins/_security/whoami"));
assertThat(200, is(whoAmIRes.getStatusLine().getStatusCode()));
// The HTTP/1.1 is forced and should be used instead
assertThat(HttpVersion.HTTP_1_1, is(whoAmIRes.getStatusLine().getProtocolVersion()));
assertThat(whoAmIRes.getStatusLine().getProtocolVersion(), is(HttpVersion.HTTP_1_1));
JsonNode whoAmIResNode = DefaultObjectMapper.objectMapper.readTree(whoAmIRes.getEntity().getContent());
String whoAmIResponsePayload = whoAmIResNode.toPrettyString();
assertThat(whoAmIResponsePayload, whoAmIResNode.get("dn").asText(), is("CN=spock,OU=client,O=client,L=Test,C=DE"));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public void testTlsConfigurationNoFallback() throws Exception {
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.setSslContext(createSSLContext())
.register("*", handler)
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ public void postGetHttpTest() throws Exception {
server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.register("*", handler)
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down Expand Up @@ -355,7 +355,7 @@ public void httpsTestWithoutTLSServer() throws Exception {
server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.register("*", handler)
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down Expand Up @@ -393,8 +393,8 @@ public void httpsTest() throws Exception {
server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.setSslContext(createSSLContext())
.register("*", handler)
.setServerSocketFactory(createSSLContext().getServerSocketFactory())
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down Expand Up @@ -481,8 +481,8 @@ public void httpsTestPemDefault() throws Exception {
server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.setSslContext(createSSLContext())
.register("*", handler)
.setServerSocketFactory(createSSLContext().getServerSocketFactory())
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down Expand Up @@ -610,8 +610,8 @@ public void httpsTestPemEndpoint() throws Exception {
server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.setSslContext(createSSLContext())
.register("*", handler)
.setServerSocketFactory(createSSLContext().getServerSocketFactory())
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down Expand Up @@ -717,8 +717,8 @@ public void httpsTestPemContentEndpoint() throws Exception {
server = ServerBootstrap.bootstrap()
.setListenerPort(port)
.setHttpProcessor(HttpProcessors.server("Test/1.1"))
.setSslContext(createSSLContext())
.register("*", handler)
.setServerSocketFactory(createSSLContext().getServerSocketFactory())
.setRequestRouter((request, context) -> handler)
.create();

server.start();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,8 @@
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import org.apache.hc.client5.http.config.TlsConfig;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.nio.AsyncClientConnectionManager;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.core5.function.Factory;
Expand Down Expand Up @@ -197,14 +197,13 @@ public TlsDetails create(final SSLEngine sslEngine) {
})
.build();

final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(tlsStrategy)
.build();
builder.setConnectionManager(cm);
final PoolingAsyncClientConnectionManagerBuilder cm = PoolingAsyncClientConnectionManagerBuilder.create()
.setTlsStrategy(tlsStrategy);

if (httpVersionPolicy != null) {
builder.setVersionPolicy(httpVersionPolicy);
cm.setDefaultTlsConfig(TlsConfig.custom().setVersionPolicy(httpVersionPolicy).build());
}
return builder;
return builder.setConnectionManager(cm.build());
});
return new RestHighLevelClient(restClientBuilder);
} catch (Exception e) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -381,7 +381,9 @@ public TlsDetails create(final SSLEngine sslEngine) {
hcb.setConnectionManager(cm);
}

final RequestConfig.Builder requestConfigBuilder = RequestConfig.custom().setResponseTimeout(Timeout.ofSeconds(60));
final RequestConfig.Builder requestConfigBuilder = RequestConfig.custom()
.setResponseTimeout(Timeout.ofSeconds(60))
.setProtocolUpgradeEnabled(false);

return hcb.setDefaultRequestConfig(requestConfigBuilder.build()).disableAutomaticRetries().build();
}
Expand Down

0 comments on commit fa2b456

Please sign in to comment.