From e962344ba28b9f84028a129a24c92b40fdc076b8 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Wed, 3 Apr 2019 15:20:19 +0200 Subject: Remove TlsAwareHttpClientBuilder --- .../yahoo/security/tls/TransportSecurityUtils.java | 9 -- .../security/tls/https/TlsAwareHttpClient.java | 101 -------------------- .../tls/https/TlsAwareHttpClientBuilder.java | 97 ------------------- .../security/tls/https/TlsAwareHttpRequest.java | 103 --------------------- .../com/yahoo/security/tls/https/package-info.java | 8 -- 5 files changed, 318 deletions(-) delete mode 100644 security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClient.java delete mode 100644 security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClientBuilder.java delete mode 100644 security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpRequest.java delete mode 100644 security-utils/src/main/java/com/yahoo/security/tls/https/package-info.java (limited to 'security-utils/src/main/java') diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java index 2ea1e1efe83..f5f9182fc4e 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java @@ -1,9 +1,6 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; -import com.yahoo.security.tls.https.TlsAwareHttpClientBuilder; - -import java.net.http.HttpClient; import java.nio.file.Path; import java.nio.file.Paths; import java.util.Optional; @@ -51,12 +48,6 @@ public class TransportSecurityUtils { .map(configFile -> new ReloadingTlsContext(configFile, getInsecureAuthorizationMode())); } - public static HttpClient.Builder createHttpClientBuilder(String userAgent) { - return createTlsContext() - .map(tlsContext -> new TlsAwareHttpClientBuilder(tlsContext, userAgent)) - .orElseGet(() -> new TlsAwareHttpClientBuilder(userAgent)); - } - private static Optional getEnvironmentVariable(String environmentVariable) { return Optional.ofNullable(System.getenv(environmentVariable)) .filter(var -> !var.isEmpty()); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClient.java b/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClient.java deleted file mode 100644 index 2911b77707a..00000000000 --- a/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClient.java +++ /dev/null @@ -1,101 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls.https; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLParameters; -import java.io.IOException; -import java.net.Authenticator; -import java.net.CookieHandler; -import java.net.ProxySelector; -import java.net.http.HttpClient; -import java.net.http.HttpRequest; -import java.net.http.HttpResponse; -import java.time.Duration; -import java.util.Optional; -import java.util.concurrent.CompletableFuture; -import java.util.concurrent.Executor; - -/** - * A {@link HttpClient} that uses either http or https based on the global Vespa TLS configuration. - * - * @author bjorncs - */ -class TlsAwareHttpClient extends HttpClient { - - private final HttpClient wrappedClient; - private final String userAgent; - - TlsAwareHttpClient(HttpClient wrappedClient, String userAgent) { - this.wrappedClient = wrappedClient; - this.userAgent = userAgent; - } - - @Override - public Optional cookieHandler() { - return wrappedClient.cookieHandler(); - } - - @Override - public Optional connectTimeout() { - return wrappedClient.connectTimeout(); - } - - @Override - public Redirect followRedirects() { - return wrappedClient.followRedirects(); - } - - @Override - public Optional proxy() { - return wrappedClient.proxy(); - } - - @Override - public SSLContext sslContext() { - return wrappedClient.sslContext(); - } - - @Override - public SSLParameters sslParameters() { - return wrappedClient.sslParameters(); - } - - @Override - public Optional authenticator() { - return wrappedClient.authenticator(); - } - - @Override - public Version version() { - return wrappedClient.version(); - } - - @Override - public Optional executor() { - return wrappedClient.executor(); - } - - @Override - public HttpResponse send(HttpRequest request, HttpResponse.BodyHandler responseBodyHandler) throws IOException, InterruptedException { - return wrappedClient.send(wrapRequest(request), responseBodyHandler); - } - - @Override - public CompletableFuture> sendAsync(HttpRequest request, HttpResponse.BodyHandler responseBodyHandler) { - return wrappedClient.sendAsync(wrapRequest(request), responseBodyHandler); - } - - @Override - public CompletableFuture> sendAsync(HttpRequest request, HttpResponse.BodyHandler responseBodyHandler, HttpResponse.PushPromiseHandler pushPromiseHandler) { - return wrappedClient.sendAsync(wrapRequest(request), responseBodyHandler, pushPromiseHandler); - } - - @Override - public String toString() { - return wrappedClient.toString(); - } - - private HttpRequest wrapRequest(HttpRequest request) { - return new TlsAwareHttpRequest(request, userAgent); - } -} diff --git a/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClientBuilder.java b/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClientBuilder.java deleted file mode 100644 index 5a375cf663f..00000000000 --- a/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpClientBuilder.java +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls.https; - -import com.yahoo.security.tls.TlsContext; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLParameters; -import java.net.Authenticator; -import java.net.CookieHandler; -import java.net.ProxySelector; -import java.net.http.HttpClient; -import java.time.Duration; -import java.util.concurrent.Executor; - -/** - * A client builder for {@link HttpClient} which uses {@link TlsContext} for TLS configuration. - * Intended for internal Vespa communication only. - * - * @author bjorncs - */ -public class TlsAwareHttpClientBuilder implements HttpClient.Builder { - - private final HttpClient.Builder wrappedBuilder; - private final String userAgent; - - public TlsAwareHttpClientBuilder(String userAgent) { - this(null, userAgent); - } - - public TlsAwareHttpClientBuilder(TlsContext tlsContext, String userAgent) { - this.wrappedBuilder = tlsContext != null ? - HttpClient.newBuilder().sslContext(tlsContext.context()).sslParameters(tlsContext.parameters()) : - HttpClient.newBuilder(); - this.userAgent = userAgent; - } - - @Override - public HttpClient.Builder cookieHandler(CookieHandler cookieHandler) { - throw new UnsupportedOperationException(); - } - - @Override - public HttpClient.Builder connectTimeout(Duration duration) { - wrappedBuilder.connectTimeout(duration); - return this; - } - - @Override - public HttpClient.Builder sslContext(SSLContext sslContext) { - throw new UnsupportedOperationException("SSLContext is given from tls context"); - } - - @Override - public HttpClient.Builder sslParameters(SSLParameters sslParameters) { - throw new UnsupportedOperationException("SSLParameters is given from tls context"); - } - - @Override - public HttpClient.Builder executor(Executor executor) { - wrappedBuilder.executor(executor); - return this; - } - - @Override - public HttpClient.Builder followRedirects(HttpClient.Redirect policy) { - wrappedBuilder.followRedirects(policy); - return this; - } - - @Override - public HttpClient.Builder version(HttpClient.Version version) { - wrappedBuilder.version(version); - return this; - } - - @Override - public HttpClient.Builder priority(int priority) { - wrappedBuilder.priority(priority); - return this; - } - - @Override - public HttpClient.Builder proxy(ProxySelector proxySelector) { - throw new UnsupportedOperationException(); - } - - @Override - public HttpClient.Builder authenticator(Authenticator authenticator) { - throw new UnsupportedOperationException(); - } - - @Override - public HttpClient build() { - // TODO Stop wrapping the client once TLS is mandatory - return new TlsAwareHttpClient(wrappedBuilder.build(), userAgent); - } -} diff --git a/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpRequest.java b/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpRequest.java deleted file mode 100644 index bbdd8af791f..00000000000 --- a/security-utils/src/main/java/com/yahoo/security/tls/https/TlsAwareHttpRequest.java +++ /dev/null @@ -1,103 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls.https; - -import com.yahoo.security.tls.MixedMode; -import com.yahoo.security.tls.TransportSecurityUtils; - -import java.net.URI; -import java.net.URISyntaxException; -import java.net.http.HttpClient; -import java.net.http.HttpHeaders; -import java.net.http.HttpRequest; -import java.time.Duration; -import java.util.HashMap; -import java.util.List; -import java.util.Optional; - -/** - * A {@link HttpRequest} where the scheme is either http or https based on the global Vespa TLS configuration. - * - * @author bjorncs - */ -class TlsAwareHttpRequest extends HttpRequest { - - private final URI rewrittenUri; - private final HttpRequest wrappedRequest; - private final HttpHeaders rewrittenHeaders; - - TlsAwareHttpRequest(HttpRequest wrappedRequest, String userAgent) { - this.wrappedRequest = wrappedRequest; - this.rewrittenUri = rewriteUri(wrappedRequest.uri()); - this.rewrittenHeaders = rewriteHeaders(wrappedRequest, userAgent); - } - - @Override - public Optional bodyPublisher() { - return wrappedRequest.bodyPublisher(); - } - - @Override - public String method() { - return wrappedRequest.method(); - } - - @Override - public Optional timeout() { - return wrappedRequest.timeout(); - } - - @Override - public boolean expectContinue() { - return wrappedRequest.expectContinue(); - } - - @Override - public URI uri() { - return rewrittenUri; - } - - @Override - public Optional version() { - return wrappedRequest.version(); - } - - @Override - public HttpHeaders headers() { - return rewrittenHeaders; - } - - private static URI rewriteUri(URI uri) { - if (!uri.getScheme().equals("http")) { - return uri; - } - String rewrittenScheme = - TransportSecurityUtils.getConfigFile().isPresent() && TransportSecurityUtils.getInsecureMixedMode() != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER ? - "https" : - "http"; - int port = uri.getPort(); - int rewrittenPort = port != -1 ? port : (rewrittenScheme.equals("http") ? 80 : 443); - try { - return new URI(rewrittenScheme, uri.getUserInfo(), uri.getHost(), rewrittenPort, uri.getPath(), uri.getQuery(), uri.getFragment()); - } catch (URISyntaxException e) { - throw new RuntimeException(e); - } - } - - private static HttpHeaders rewriteHeaders(HttpRequest request, String userAgent) { - HttpHeaders headers = request.headers(); - if (headers.firstValue("User-Agent").isPresent()) { - return headers; - } - HashMap> rewrittenHeaders = new HashMap<>(headers.map()); - rewrittenHeaders.put("User-Agent", List.of(userAgent)); - return HttpHeaders.of(rewrittenHeaders, (ignored1, ignored2) -> true); - } - - @Override - public String toString() { - return "TlsAwareHttpRequest{" + - "rewrittenUri=" + rewrittenUri + - ", wrappedRequest=" + wrappedRequest + - '}'; - } -} diff --git a/security-utils/src/main/java/com/yahoo/security/tls/https/package-info.java b/security-utils/src/main/java/com/yahoo/security/tls/https/package-info.java deleted file mode 100644 index 43067705fa3..00000000000 --- a/security-utils/src/main/java/com/yahoo/security/tls/https/package-info.java +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -/** - * @author bjorncs - */ -@ExportPackage -package com.yahoo.security.tls.https; - -import com.yahoo.osgi.annotation.ExportPackage; \ No newline at end of file -- cgit v1.2.3