diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2019-07-18 15:05:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-18 15:05:45 +0200 |
commit | 32f09b9a5319288092fa28fe758354c7d4126870 (patch) | |
tree | c276204960ebf055e8dc05e24b0fdf802e02867b /http-utils/src | |
parent | 16f23d469aa87166d681e7b1ee4f673ce87b2b12 (diff) |
Revert "Simplify mechanism for overriding 'http' -> 'https'"
Diffstat (limited to 'http-utils/src')
-rw-r--r-- | http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java | 48 | ||||
-rw-r--r-- | http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java | 39 |
2 files changed, 81 insertions, 6 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java index 4770053c3e8..5e7a9441fc8 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java +++ b/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java @@ -4,6 +4,10 @@ package ai.vespa.util.http; import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; +import org.apache.http.HttpRequest; +import org.apache.http.HttpRequestInterceptor; +import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.client.utils.URIBuilder; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.HttpClientConnectionManager; @@ -13,8 +17,11 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.conn.BasicHttpClientConnectionManager; +import org.apache.http.protocol.HttpContext; import javax.net.ssl.SSLParameters; +import java.net.URI; +import java.net.URISyntaxException; import java.util.logging.Level; import java.util.logging.Logger; @@ -62,6 +69,7 @@ public class VespaHttpClientBuilder { private static HttpClientBuilder createBuilder(ConnectionManagerFactory connectionManagerFactory) { var builder = HttpClientBuilder.create(); addSslSocketFactory(builder, connectionManagerFactory); + addTlsAwareRequestInterceptor(builder); return builder; } @@ -78,6 +86,14 @@ public class VespaHttpClientBuilder { }); } + private static void addTlsAwareRequestInterceptor(HttpClientBuilder builder) { + if (TransportSecurityUtils.isTransportSecurityEnabled() + && TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { + log.log(Level.FINE, "Adding request interceptor to client"); + builder.addInterceptorFirst(new HttpToHttpsRewritingRequestInterceptor()); + } + } + private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext tlsContext) { SSLParameters parameters = tlsContext.parameters(); return new SSLConnectionSocketFactory(tlsContext.context(), parameters.getProtocols(), parameters.getCipherSuites(), new NoopHostnameVerifier()); @@ -86,14 +102,34 @@ public class VespaHttpClientBuilder { private static Registry<ConnectionSocketFactory> createRegistry(SSLConnectionSocketFactory sslSocketFactory) { return RegistryBuilder.<ConnectionSocketFactory>create() .register("https", sslSocketFactory) - .register("http", getHttpSocketFactory(sslSocketFactory)) + .register("http", PlainConnectionSocketFactory.getSocketFactory()) .build(); } - private static ConnectionSocketFactory getHttpSocketFactory(SSLConnectionSocketFactory sslSocketFactory) { - return TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER - ? sslSocketFactory - : PlainConnectionSocketFactory.getSocketFactory(); - } + static class HttpToHttpsRewritingRequestInterceptor implements HttpRequestInterceptor { + @Override + public void process(HttpRequest request, HttpContext context) { + if (request instanceof HttpRequestBase) { + HttpRequestBase httpUriRequest = (HttpRequestBase) request; + httpUriRequest.setURI(rewriteUri(httpUriRequest.getURI())); + } else { + log.log(Level.FINE, () -> "Not a HttpRequestBase - skipping URI rewriting: " + request.getClass().getName()); + } + } + private static URI rewriteUri(URI originalUri) { + if (!originalUri.getScheme().equals("http")) { + return originalUri; + } + int port = originalUri.getPort(); + int rewrittenPort = port != -1 ? port : 80; + try { + URI rewrittenUri = new URIBuilder(originalUri).setScheme("https").setPort(rewrittenPort).build(); + log.log(Level.FINE, () -> String.format("Uri rewritten from '%s' to '%s'", originalUri, rewrittenUri)); + return rewrittenUri; + } catch (URISyntaxException e) { + throw new RuntimeException(e); + } + } + } } diff --git a/http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java b/http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java new file mode 100644 index 00000000000..7ffd0e459b0 --- /dev/null +++ b/http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java @@ -0,0 +1,39 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package ai.vespa.util.http; + +import ai.vespa.util.http.VespaHttpClientBuilder.HttpToHttpsRewritingRequestInterceptor; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.protocol.BasicHttpContext; +import org.junit.Test; + +import java.net.URI; + +import static org.assertj.core.api.AssertionsForClassTypes.assertThat; + +/** + * @author bjorncs + */ +public class VespaHttpClientBuilderTest { + + @Test + public void request_interceptor_modifies_scheme_of_requests() { + verifyProcessedUriMatchesExpectedOutput("http://dummyhostname:8080/a/path/to/resource?query=value", + "https://dummyhostname:8080/a/path/to/resource?query=value"); + } + + @Test + public void request_interceptor_add_handles_implicit_http_port() { + verifyProcessedUriMatchesExpectedOutput("http://dummyhostname/a/path/to/resource?query=value", + "https://dummyhostname:80/a/path/to/resource?query=value"); + } + + private static void verifyProcessedUriMatchesExpectedOutput(String inputUri, String expectedOutputUri) { + var interceptor = new HttpToHttpsRewritingRequestInterceptor(); + HttpGet request = new HttpGet(inputUri); + interceptor.process(request, new BasicHttpContext()); + URI modifiedUri = request.getURI(); + URI expectedUri = URI.create(expectedOutputUri); + assertThat(modifiedUri).isEqualTo(expectedUri); + } + +}
\ No newline at end of file |