diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-17 17:16:37 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-17 17:20:53 +0200 |
commit | e441ff217eda5e82c43b26171bd781f004f3d3a7 (patch) | |
tree | 2a55a42e8cab82327d6f6524e974aa7383d0cd06 /http-utils/src/main/java/ai | |
parent | 87a900b73f23c13b777288c2b4202b5f52e802a6 (diff) |
Simplify mechanism for overriding 'http' -> 'https'
Override using ssl socket factory for 'http' scheme. Removing the
request interceptor as it is no longer needed.
Diffstat (limited to 'http-utils/src/main/java/ai')
-rw-r--r-- | http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java | 48 |
1 files changed, 6 insertions, 42 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java index 5e7a9441fc8..4770053c3e8 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java +++ b/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java @@ -4,10 +4,6 @@ package ai.vespa.util.http; import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; -import org.apache.http.HttpRequest; -import org.apache.http.HttpRequestInterceptor; -import org.apache.http.client.methods.HttpRequestBase; -import org.apache.http.client.utils.URIBuilder; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.HttpClientConnectionManager; @@ -17,11 +13,8 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.conn.BasicHttpClientConnectionManager; -import org.apache.http.protocol.HttpContext; import javax.net.ssl.SSLParameters; -import java.net.URI; -import java.net.URISyntaxException; import java.util.logging.Level; import java.util.logging.Logger; @@ -69,7 +62,6 @@ public class VespaHttpClientBuilder { private static HttpClientBuilder createBuilder(ConnectionManagerFactory connectionManagerFactory) { var builder = HttpClientBuilder.create(); addSslSocketFactory(builder, connectionManagerFactory); - addTlsAwareRequestInterceptor(builder); return builder; } @@ -86,14 +78,6 @@ public class VespaHttpClientBuilder { }); } - private static void addTlsAwareRequestInterceptor(HttpClientBuilder builder) { - if (TransportSecurityUtils.isTransportSecurityEnabled() - && TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { - log.log(Level.FINE, "Adding request interceptor to client"); - builder.addInterceptorFirst(new HttpToHttpsRewritingRequestInterceptor()); - } - } - private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext tlsContext) { SSLParameters parameters = tlsContext.parameters(); return new SSLConnectionSocketFactory(tlsContext.context(), parameters.getProtocols(), parameters.getCipherSuites(), new NoopHostnameVerifier()); @@ -102,34 +86,14 @@ public class VespaHttpClientBuilder { private static Registry<ConnectionSocketFactory> createRegistry(SSLConnectionSocketFactory sslSocketFactory) { return RegistryBuilder.<ConnectionSocketFactory>create() .register("https", sslSocketFactory) - .register("http", PlainConnectionSocketFactory.getSocketFactory()) + .register("http", getHttpSocketFactory(sslSocketFactory)) .build(); } - static class HttpToHttpsRewritingRequestInterceptor implements HttpRequestInterceptor { - @Override - public void process(HttpRequest request, HttpContext context) { - if (request instanceof HttpRequestBase) { - HttpRequestBase httpUriRequest = (HttpRequestBase) request; - httpUriRequest.setURI(rewriteUri(httpUriRequest.getURI())); - } else { - log.log(Level.FINE, () -> "Not a HttpRequestBase - skipping URI rewriting: " + request.getClass().getName()); - } - } - - private static URI rewriteUri(URI originalUri) { - if (!originalUri.getScheme().equals("http")) { - return originalUri; - } - int port = originalUri.getPort(); - int rewrittenPort = port != -1 ? port : 80; - try { - URI rewrittenUri = new URIBuilder(originalUri).setScheme("https").setPort(rewrittenPort).build(); - log.log(Level.FINE, () -> String.format("Uri rewritten from '%s' to '%s'", originalUri, rewrittenUri)); - return rewrittenUri; - } catch (URISyntaxException e) { - throw new RuntimeException(e); - } - } + private static ConnectionSocketFactory getHttpSocketFactory(SSLConnectionSocketFactory sslSocketFactory) { + return TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER + ? sslSocketFactory + : PlainConnectionSocketFactory.getSocketFactory(); } + } |