diff options
Diffstat (limited to 'http-utils')
3 files changed, 22 insertions, 68 deletions
diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java index 8275098cb8d..962e6b32947 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlanner.java @@ -4,6 +4,7 @@ package ai.vespa.util.http.hc5; import org.apache.hc.client5.http.HttpRoute; import org.apache.hc.client5.http.protocol.HttpClientContext; import org.apache.hc.client5.http.routing.HttpRoutePlanner; +import org.apache.hc.core5.http.HttpException; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.protocol.HttpContext; @@ -15,9 +16,8 @@ import org.apache.hc.core5.http.protocol.HttpContext; */ class HttpToHttpsRoutePlanner implements HttpRoutePlanner { - @SuppressWarnings("deprecation") @Override - public HttpRoute determineRoute(HttpHost target, HttpContext context) { + public HttpRoute determineRoute(HttpHost target, HttpContext context) throws HttpException { if ( ! target.getSchemeName().equals("http") && ! target.getSchemeName().equals("https")) throw new IllegalArgumentException("Scheme must be 'http' or 'https' when using HttpToHttpsRoutePlanner, was '" + target.getSchemeName() + "'"); diff --git a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java index 4f2bdfb213e..a33c4c119c2 100644 --- a/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java +++ b/http-utils/src/main/java/ai/vespa/util/http/hc5/VespaHttpClientBuilder.java @@ -1,23 +1,18 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package ai.vespa.util.http.hc5; -import org.apache.hc.client5.http.config.ConnectionConfig; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; import org.apache.hc.client5.http.socket.ConnectionSocketFactory; import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.http.config.Registry; import org.apache.hc.core5.http.config.RegistryBuilder; -import org.apache.hc.core5.util.TimeValue; -import org.apache.hc.core5.util.Timeout; import javax.net.ssl.HostnameVerifier; -import java.util.concurrent.TimeUnit; - import static com.yahoo.security.tls.MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER; import static com.yahoo.security.tls.TransportSecurityUtils.getInsecureMixedMode; import static com.yahoo.security.tls.TransportSecurityUtils.getSystemTlsContext; @@ -25,65 +20,36 @@ import static com.yahoo.security.tls.TransportSecurityUtils.isTransportSecurityE /** * Sync HTTP client builder <em>for internal Vespa communications over http/https.</em> + * * Configures Vespa mTLS and handles TLS mixed mode automatically. - * Custom connection managers must be configured through {@link #connectionManagerFactory(HttpClientConnectionManagerFactory)}. + * Custom connection managers must be configured through {@link #create(HttpClientConnectionManagerFactory)}. * * @author jonmv */ public class VespaHttpClientBuilder { - private HttpClientConnectionManagerFactory connectionManagerFactory = PoolingHttpClientConnectionManager::new; - private HostnameVerifier hostnameVerifier = new NoopHostnameVerifier(); - private boolean rewriteHttpToHttps = true; - private final ConnectionConfig.Builder connectionConfigBuilder = ConnectionConfig.custom(); public interface HttpClientConnectionManagerFactory { - PoolingHttpClientConnectionManager create(Registry<ConnectionSocketFactory> socketFactories); + HttpClientConnectionManager create(Registry<ConnectionSocketFactory> socketFactories); } - private VespaHttpClientBuilder() { + public static HttpClientBuilder create() { + return create(PoolingHttpClientConnectionManager::new); } - public static VespaHttpClientBuilder custom() { - return new VespaHttpClientBuilder(); + public static HttpClientBuilder create(HttpClientConnectionManagerFactory connectionManagerFactory) { + return create(connectionManagerFactory, new NoopHostnameVerifier()); } - public VespaHttpClientBuilder connectionManagerFactory(HttpClientConnectionManagerFactory connectionManagerFactory) { - this.connectionManagerFactory = connectionManagerFactory; - return this; + public static HttpClientBuilder create(HttpClientConnectionManagerFactory connectionManagerFactory, + HostnameVerifier hostnameVerifier) { + return create(connectionManagerFactory, hostnameVerifier, true); } - public VespaHttpClientBuilder hostnameVerifier(HostnameVerifier hostnameVerifier) { - this.hostnameVerifier = hostnameVerifier; - return this; - } - public VespaHttpClientBuilder rewriteHttpToHttps(boolean enable) { - this.rewriteHttpToHttps = enable; - return this; - } - public VespaHttpClientBuilder connectTimeout(long connectTimeout, TimeUnit timeUnit) { - connectionConfigBuilder.setConnectTimeout(connectTimeout, timeUnit); - return this; - } - public VespaHttpClientBuilder connectTimeout(Timeout connectTimeout) { - connectionConfigBuilder.setConnectTimeout(connectTimeout); - return this; - } - public VespaHttpClientBuilder socketTimeout(long connectTimeout, TimeUnit timeUnit) { - connectionConfigBuilder.setConnectTimeout(connectTimeout, timeUnit); - return this; - } - public VespaHttpClientBuilder validateAfterInactivity(TimeValue validateAfterInactivity) { - connectionConfigBuilder.setValidateAfterInactivity(validateAfterInactivity); - return this; - } - public VespaHttpClientBuilder socketTimeout(Timeout connectTimeout) { - connectionConfigBuilder.setConnectTimeout(connectTimeout); - return this; - } - - public HttpClientBuilder apacheBuilder() { + public static HttpClientBuilder create(HttpClientConnectionManagerFactory connectionManagerFactory, + HostnameVerifier hostnameVerifier, + boolean rewriteHttpToHttps) { HttpClientBuilder builder = HttpClientBuilder.create(); - addSslSocketFactory(builder, new HttpClientConnectionManagerFactoryProxy(), hostnameVerifier); + addSslSocketFactory(builder, connectionManagerFactory, hostnameVerifier); if (rewriteHttpToHttps) addHttpsRewritingRoutePlanner(builder); @@ -94,18 +60,6 @@ public class VespaHttpClientBuilder { return builder; } - public CloseableHttpClient buildClient() { - return apacheBuilder().build(); - } - - private class HttpClientConnectionManagerFactoryProxy implements HttpClientConnectionManagerFactory { - @Override - public PoolingHttpClientConnectionManager create(Registry<ConnectionSocketFactory> socketFactories) { - PoolingHttpClientConnectionManager manager = connectionManagerFactory.create(socketFactories); - manager.setDefaultConnectionConfig(connectionConfigBuilder.build()); - return manager; - } - } private static void addSslSocketFactory(HttpClientBuilder builder, HttpClientConnectionManagerFactory connectionManagerFactory, HostnameVerifier hostnameVerifier) { diff --git a/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java b/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java index 9f56f7ebc09..b20d801e39c 100644 --- a/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java +++ b/http-utils/src/test/java/ai/vespa/util/http/hc5/HttpToHttpsRoutePlannerTest.java @@ -4,6 +4,7 @@ package ai.vespa.util.http.hc5; import org.apache.hc.client5.http.HttpRoute; import org.apache.hc.client5.http.config.RequestConfig; import org.apache.hc.client5.http.protocol.HttpClientContext; +import org.apache.hc.core5.http.HttpException; import org.apache.hc.core5.http.HttpHost; import org.junit.jupiter.api.Test; @@ -17,7 +18,7 @@ public class HttpToHttpsRoutePlannerTest { final HttpToHttpsRoutePlanner planner = new HttpToHttpsRoutePlanner(); @Test - void verifySchemeMustBeHttp() { + void verifySchemeMustBeHttp() throws HttpException { try { planner.determineRoute(new HttpHost("https", "host", 1), new HttpClientContext()); } @@ -27,7 +28,7 @@ public class HttpToHttpsRoutePlannerTest { } @Test - void verifyPortMustBeSet() { + void verifyPortMustBeSet() throws HttpException { try { planner.determineRoute(new HttpHost("http", "host", -1), new HttpClientContext()); } @@ -38,8 +39,7 @@ public class HttpToHttpsRoutePlannerTest { @Test - @SuppressWarnings("deprecation") - void verifyProxyIsDisallowed() { + void verifyProxyIsDisallowed() throws HttpException { HttpClientContext context = new HttpClientContext(); context.setRequestConfig(RequestConfig.custom().setProxy(new HttpHost("proxy")).build()); try { @@ -51,7 +51,7 @@ public class HttpToHttpsRoutePlannerTest { } @Test - void verifySchemeIsRewritten() { + void verifySchemeIsRewritten() throws HttpException { assertEquals(new HttpRoute(new HttpHost("https", "host", 1)), planner.determineRoute(new HttpHost("http", "host", 1), new HttpClientContext())); } |