Merge pull request #25457 from vespa-engine/bjorncs/semgrep

Bjorncs/semgrep
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2023-01-09 14:30:34 +0100
committer: GitHub <noreply@github.com> 2023-01-09 14:30:34 +0100
commit: fec888a941770cad8cd79db5b1694ad7c0fa0960 (patch)
tree: 1e09b190c62b9d48584a99cc9e277825e75e481e /controller-server
parent: 3fe64417b5c48f81543a23750cbf5caff8e45304 (diff)
parent: 2c3dbf36ce449a7ebdc59ff0102e9f79e508780e (diff)
3 files changed, 10 insertions, 14 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java
index 4f4e21d9f25..a2611fe3f9d 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.controller.proxy;
 
+import ai.vespa.util.http.hc4.SslConnectionSocketFactory;
 import com.yahoo.component.AbstractComponent;
 import com.yahoo.component.annotation.Inject;
 import com.yahoo.jdisc.http.HttpRequest.Method;
@@ -69,9 +70,9 @@ public class ConfigServerRestExecutorImpl extends AbstractComponent implements C
 
     @Inject
     public ConfigServerRestExecutorImpl(ZoneRegistry zoneRegistry, ControllerIdentityProvider identityProvider) {
-        this(new SSLConnectionSocketFactory(identityProvider.getConfigServerSslSocketFactory(), new ControllerOrConfigserverHostnameVerifier(zoneRegistry)),
-                Sleeper.DEFAULT,
-                new ConnectionReuseStrategy(zoneRegistry));
+        this(SslConnectionSocketFactory.of(identityProvider.getConfigServerSslSocketFactory(), new ControllerOrConfigserverHostnameVerifier(zoneRegistry)),
+             Sleeper.DEFAULT, // Specify
+             new ConnectionReuseStrategy(zoneRegistry));
     }
 
     ConfigServerRestExecutorImpl(SSLConnectionSocketFactory connectionSocketFactory,
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java
index 4a208aa3794..6327a6262ba 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java
@@ -1,6 +1,7 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.controller.restapi.systemflags;
 
+import ai.vespa.util.http.hc4.SslConnectionSocketFactory;
 import ai.vespa.util.http.hc4.retry.DelayedConnectionLevelRetryHandler;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -22,7 +23,6 @@ import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPut;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.client.utils.URIBuilder;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.CloseableHttpClient;
@@ -100,12 +100,11 @@ class FlagsClient {
         DelayedConnectionLevelRetryHandler retryHandler = DelayedConnectionLevelRetryHandler.Builder
                 .withExponentialBackoff(Duration.ofSeconds(1), Duration.ofSeconds(20), 5)
                 .build();
-        SSLConnectionSocketFactory connectionSocketFactory = new SSLConnectionSocketFactory(
-                identityProvider.getConfigServerSslSocketFactory(), new FlagTargetsHostnameVerifier(targets));
 
         return HttpClientBuilder.create()
                 .setUserAgent("controller-flags-v1-client")
-                .setSSLSocketFactory(connectionSocketFactory)
+                .setSSLSocketFactory(SslConnectionSocketFactory.of(
+                        identityProvider.getConfigServerSslSocketFactory(), new FlagTargetsHostnameVerifier(targets)))
                 .setDefaultRequestConfig(RequestConfig.custom()
                                                  .setConnectTimeout((int) Duration.ofSeconds(10).toMillis())
                                                  .setConnectionRequestTimeout((int) Duration.ofSeconds(10).toMillis())
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java
index 5214ded0904..210e32db4c3 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java
@@ -2,18 +2,17 @@
 package com.yahoo.vespa.hosted.controller.proxy;
 
 import ai.vespa.http.HttpURL.Path;
+import ai.vespa.util.http.hc4.SslConnectionSocketFactory;
 import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
 import com.github.tomakehurst.wiremock.stubbing.Scenario;
 import com.yahoo.container.jdisc.HttpRequest;
 import com.yahoo.container.jdisc.HttpResponse;
 import com.yahoo.yolean.concurrent.Sleeper;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.protocol.HttpCoreContext;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
-import javax.net.ssl.SSLContext;
 import java.io.ByteArrayOutputStream;
 import java.net.URI;
 import java.util.HashMap;
@@ -38,8 +37,7 @@ public class ConfigServerRestExecutorImplTest {
     @Test
     void proxy_with_retries() throws Exception {
         var connectionReuseStrategy = new CountingConnectionReuseStrategy(Set.of("127.0.0.1"));
-        var proxy = new ConfigServerRestExecutorImpl(new SSLConnectionSocketFactory(SSLContext.getDefault()),
-                Sleeper.NOOP, connectionReuseStrategy);
+        var proxy = new ConfigServerRestExecutorImpl(SslConnectionSocketFactory.of(), Sleeper.NOOP, connectionReuseStrategy);
 
         URI url = url();
         String path = url.getPath();
@@ -63,9 +61,7 @@ public class ConfigServerRestExecutorImplTest {
     @Test
     void proxy_without_connection_reuse() throws Exception {
         var connectionReuseStrategy = new CountingConnectionReuseStrategy(Set.of());
-        var proxy = new ConfigServerRestExecutorImpl(new SSLConnectionSocketFactory(SSLContext.getDefault()),
-                Sleeper.NOOP, connectionReuseStrategy);
-
+        var proxy = new ConfigServerRestExecutorImpl(SslConnectionSocketFactory.of(), Sleeper.NOOP, connectionReuseStrategy);
         URI url = url();
         String path = url.getPath();
         stubRequests(path);
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2023-01-09 14:30:34 +0100
committer	GitHub <noreply@github.com>	2023-01-09 14:30:34 +0100
commit	fec888a941770cad8cd79db5b1694ad7c0fa0960 (patch)
tree	1e09b190c62b9d48584a99cc9e277825e75e481e /controller-server
parent	3fe64417b5c48f81543a23750cbf5caff8e45304 (diff)
parent	2c3dbf36ce449a7ebdc59ff0102e9f79e508780e (diff)