Simplify mechanism for overriding 'http' -> 'https'

Override using ssl socket factory for 'http' scheme. Removing the request interceptor as it is no longer needed.
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-17 17:16:37 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-17 17:20:53 +0200
commit: e441ff217eda5e82c43b26171bd781f004f3d3a7 (patch)
tree: 2a55a42e8cab82327d6f6524e974aa7383d0cd06 /http-utils
parent: 87a900b73f23c13b777288c2b4202b5f52e802a6 (diff)
2 files changed, 6 insertions, 81 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java
index 5e7a9441fc8..4770053c3e8 100644
--- a/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java
+++ b/http-utils/src/main/java/ai/vespa/util/http/VespaHttpClientBuilder.java
@@ -4,10 +4,6 @@ package ai.vespa.util.http;
 import com.yahoo.security.tls.MixedMode;
 import com.yahoo.security.tls.TlsContext;
 import com.yahoo.security.tls.TransportSecurityUtils;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpRequestInterceptor;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.config.Registry;
 import org.apache.http.config.RegistryBuilder;
 import org.apache.http.conn.HttpClientConnectionManager;
@@ -17,11 +13,8 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
-import org.apache.http.protocol.HttpContext;
 
 import javax.net.ssl.SSLParameters;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -69,7 +62,6 @@ public class VespaHttpClientBuilder {
     private static HttpClientBuilder createBuilder(ConnectionManagerFactory connectionManagerFactory) {
         var builder = HttpClientBuilder.create();
         addSslSocketFactory(builder, connectionManagerFactory);
-        addTlsAwareRequestInterceptor(builder);
         return builder;
     }
 
@@ -86,14 +78,6 @@ public class VespaHttpClientBuilder {
                 });
     }
 
-    private static void addTlsAwareRequestInterceptor(HttpClientBuilder builder) {
-        if (TransportSecurityUtils.isTransportSecurityEnabled()
-                && TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
-            log.log(Level.FINE, "Adding request interceptor to client");
-            builder.addInterceptorFirst(new HttpToHttpsRewritingRequestInterceptor());
-        }
-    }
-
     private static SSLConnectionSocketFactory createSslSocketFactory(TlsContext tlsContext) {
         SSLParameters parameters = tlsContext.parameters();
         return new SSLConnectionSocketFactory(tlsContext.context(), parameters.getProtocols(), parameters.getCipherSuites(), new NoopHostnameVerifier());
@@ -102,34 +86,14 @@ public class VespaHttpClientBuilder {
     private static Registry<ConnectionSocketFactory> createRegistry(SSLConnectionSocketFactory sslSocketFactory) {
         return RegistryBuilder.<ConnectionSocketFactory>create()
                 .register("https", sslSocketFactory)
-                .register("http", PlainConnectionSocketFactory.getSocketFactory())
+                .register("http", getHttpSocketFactory(sslSocketFactory))
                 .build();
     }
 
-    static class HttpToHttpsRewritingRequestInterceptor implements HttpRequestInterceptor {
-        @Override
-        public void process(HttpRequest request, HttpContext context) {
-            if (request instanceof HttpRequestBase) {
-                HttpRequestBase httpUriRequest = (HttpRequestBase) request;
-                httpUriRequest.setURI(rewriteUri(httpUriRequest.getURI()));
-            } else {
-                log.log(Level.FINE, () -> "Not a HttpRequestBase - skipping URI rewriting: " + request.getClass().getName());
-            }
-        }
-
-        private static URI rewriteUri(URI originalUri) {
-            if (!originalUri.getScheme().equals("http")) {
-                return originalUri;
-            }
-            int port = originalUri.getPort();
-            int rewrittenPort = port != -1 ? port : 80;
-            try {
-                URI rewrittenUri = new URIBuilder(originalUri).setScheme("https").setPort(rewrittenPort).build();
-                log.log(Level.FINE, () -> String.format("Uri rewritten from '%s' to '%s'", originalUri, rewrittenUri));
-                return rewrittenUri;
-            } catch (URISyntaxException e) {
-                throw new RuntimeException(e);
-            }
-        }
+    private static ConnectionSocketFactory getHttpSocketFactory(SSLConnectionSocketFactory sslSocketFactory) {
+        return TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER
+                ? sslSocketFactory
+                : PlainConnectionSocketFactory.getSocketFactory();
     }
+
 }
diff --git a/http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java b/http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java
deleted file mode 100644
index 7ffd0e459b0..00000000000
--- a/http-utils/src/test/java/ai/vespa/util/http/VespaHttpClientBuilderTest.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package ai.vespa.util.http;
-
-import ai.vespa.util.http.VespaHttpClientBuilder.HttpToHttpsRewritingRequestInterceptor;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.protocol.BasicHttpContext;
-import org.junit.Test;
-
-import java.net.URI;
-
-import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
-
-/**
- * @author bjorncs
- */
-public class VespaHttpClientBuilderTest {
-
-    @Test
-    public void request_interceptor_modifies_scheme_of_requests() {
-        verifyProcessedUriMatchesExpectedOutput("http://dummyhostname:8080/a/path/to/resource?query=value",
-                                                "https://dummyhostname:8080/a/path/to/resource?query=value");
-    }
-
-    @Test
-    public void request_interceptor_add_handles_implicit_http_port() {
-        verifyProcessedUriMatchesExpectedOutput("http://dummyhostname/a/path/to/resource?query=value",
-                                                "https://dummyhostname:80/a/path/to/resource?query=value");
-    }
-
-    private static void verifyProcessedUriMatchesExpectedOutput(String inputUri, String expectedOutputUri) {
-        var interceptor = new HttpToHttpsRewritingRequestInterceptor();
-        HttpGet request = new HttpGet(inputUri);
-        interceptor.process(request, new BasicHttpContext());
-        URI modifiedUri = request.getURI();
-        URI expectedUri = URI.create(expectedOutputUri);
-        assertThat(modifiedUri).isEqualTo(expectedUri);
-    }
-
-}
-\ No newline at end of file
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-17 17:16:37 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-17 17:20:53 +0200
commit	e441ff217eda5e82c43b26171bd781f004f3d3a7 (patch)
tree	2a55a42e8cab82327d6f6524e974aa7383d0cd06 /http-utils
parent	87a900b73f23c13b777288c2b4202b5f52e802a6 (diff)