diff options
Diffstat (limited to 'http-utils')
3 files changed, 18 insertions, 67 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java index 8275098cb8d..cce73cf3b05 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java @@ -2,6 +2,7 @@ package ai.vespa.util.http.hc5; import org.apache.hc.client5.http.HttpRoute; +import org.apache.hc.client5.http.impl.DefaultSchemePortResolver; import org.apache.hc.client5.http.protocol.HttpClientContext; import org.apache.hc.client5.http.routing.HttpRoutePlanner; import org.apache.hc.core5.http.HttpHost; @@ -15,19 +16,16 @@ import org.apache.hc.core5.http.protocol.HttpContext; */ class HttpToHttpsRoutePlanner implements HttpRoutePlanner { - @SuppressWarnings("deprecation") @Override public HttpRoute determineRoute(HttpHost target, HttpContext context) { if ( ! target.getSchemeName().equals("http") && ! target.getSchemeName().equals("https")) throw new IllegalArgumentException("Scheme must be 'http' or 'https' when using HttpToHttpsRoutePlanner, was '" + target.getSchemeName() + "'"); - if (target.getPort() == -1) - throw new IllegalArgumentException("Port must be set when using HttpToHttpsRoutePlanner"); - if (HttpClientContext.adapt(context).getRequestConfig().getProxy() != null) throw new IllegalArgumentException("Proxies are not supported with HttpToHttpsRoutePlanner"); - return new HttpRoute(new HttpHost("https", target.getAddress(), target.getHostName(), target.getPort())); + int port = DefaultSchemePortResolver.INSTANCE.resolve(target); + return new HttpRoute(new HttpHost("https", target.getAddress(), target.getHostName(), port)); } } diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java index 4f2bdfb213e..a33c4c119c2 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java @@ -1,23 +1,18 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package ai.vespa.util.http.hc5; -import org.apache.hc.client5.http.config.ConnectionConfig; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; import org.apache.hc.client5.http.socket.ConnectionSocketFactory; import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.http.config.Registry; import org.apache.hc.core5.http.config.RegistryBuilder; -import org.apache.hc.core5.util.TimeValue; -import org.apache.hc.core5.util.Timeout; import javax.net.ssl.HostnameVerifier; -import java.util.concurrent.TimeUnit; - import static com.yahoo.security.tls.MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER; import static com.yahoo.security.tls.TransportSecurityUtils.getInsecureMixedMode; import static com.yahoo.security.tls.TransportSecurityUtils.getSystemTlsContext; @@ -25,65 +20,36 @@ import static com.yahoo.security.tls.TransportSecurityUtils.isTransportSecurityE /** * Sync HTTP client builder <em>for internal Vespa communications over http/https.</em> + * * Configures Vespa mTLS and handles TLS mixed mode automatically. - * Custom connection managers must be configured through {@link #connectionManagerFactory(HttpClientConnectionManagerFactory)}. + * Custom connection managers must be configured through {@link #create(HttpClientConnectionManagerFactory)}. * * @author jonmv */ public class VespaHttpClientBuilder { - private HttpClientConnectionManagerFactory connectionManagerFactory = PoolingHttpClientConnectionManager::new; - private HostnameVerifier hostnameVerifier = new NoopHostnameVerifier(); - private boolean rewriteHttpToHttps = true; - private final ConnectionConfig.Builder connectionConfigBuilder = ConnectionConfig.custom(); public interface HttpClientConnectionManagerFactory { - PoolingHttpClientConnectionManager create(Registry<ConnectionSocketFactory> socketFactories); + HttpClientConnectionManager create(Registry<ConnectionSocketFactory> socketFactories); } - private VespaHttpClientBuilder() { + public static HttpClientBuilder create() { + return create(PoolingHttpClientConnectionManager::new); } - public static VespaHttpClientBuilder custom() { - return new VespaHttpClientBuilder(); + public static HttpClientBuilder create(HttpClientConnectionManagerFactory connectionManagerFactory) { + return create(connectionManagerFactory, new NoopHostnameVerifier()); } - public VespaHttpClientBuilder connectionManagerFactory(HttpClientConnectionManagerFactory connectionManagerFactory) { - this.connectionManagerFactory = connectionManagerFactory; - return this; + public static HttpClientBuilder create(HttpClientConnectionManagerFactory connectionManagerFactory, + HostnameVerifier hostnameVerifier) { + return create(connectionManagerFactory, hostnameVerifier, true); } - public VespaHttpClientBuilder hostnameVerifier(HostnameVerifier hostnameVerifier) { - this.hostnameVerifier = hostnameVerifier; - return this; - } - public VespaHttpClientBuilder rewriteHttpToHttps(boolean enable) { - this.rewriteHttpToHttps = enable; - return this; - } - public VespaHttpClientBuilder connectTimeout(long connectTimeout, TimeUnit timeUnit) { - connectionConfigBuilder.setConnectTimeout(connectTimeout, timeUnit); - return this; - } - public VespaHttpClientBuilder connectTimeout(Timeout connectTimeout) { - connectionConfigBuilder.setConnectTimeout(connectTimeout); - return this; - } - public VespaHttpClientBuilder socketTimeout(long connectTimeout, TimeUnit timeUnit) { - connectionConfigBuilder.setConnectTimeout(connectTimeout, timeUnit); - return this; - } - public VespaHttpClientBuilder validateAfterInactivity(TimeValue validateAfterInactivity) { - connectionConfigBuilder.setValidateAfterInactivity(validateAfterInactivity); - return this; - } - public VespaHttpClientBuilder socketTimeout(Timeout connectTimeout) { - connectionConfigBuilder.setConnectTimeout(connectTimeout); - return this; - } - - public HttpClientBuilder apacheBuilder() { + public static HttpClientBuilder create(HttpClientConnectionManagerFactory connectionManagerFactory, + HostnameVerifier hostnameVerifier, + boolean rewriteHttpToHttps) { HttpClientBuilder builder = HttpClientBuilder.create(); - addSslSocketFactory(builder, new HttpClientConnectionManagerFactoryProxy(), hostnameVerifier); + addSslSocketFactory(builder, connectionManagerFactory, hostnameVerifier); if (rewriteHttpToHttps) addHttpsRewritingRoutePlanner(builder); @@ -94,18 +60,6 @@ public class VespaHttpClientBuilder { return builder; } - public CloseableHttpClient buildClient() { - return apacheBuilder().build(); - } - - private class HttpClientConnectionManagerFactoryProxy implements HttpClientConnectionManagerFactory { - @Override - public PoolingHttpClientConnectionManager create(Registry<ConnectionSocketFactory> socketFactories) { - PoolingHttpClientConnectionManager manager = connectionManagerFactory.create(socketFactories); - manager.setDefaultConnectionConfig(connectionConfigBuilder.build()); - return manager; - } - } private static void addSslSocketFactory(HttpClientBuilder builder, HttpClientConnectionManagerFactory connectionManagerFactory, HostnameVerifier hostnameVerifier) { diff --git a/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java b/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java index 9f56f7ebc09..6dbfb0a2312 100644 --- a/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java +++ b/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java @@ -38,7 +38,6 @@ public class HttpToHttpsRoutePlannerTest { @Test - @SuppressWarnings("deprecation") void verifyProxyIsDisallowed() { HttpClientContext context = new HttpClientContext(); context.setRequestConfig(RequestConfig.custom().setProxy(new HttpHost("proxy")).build()); |