From 0d78ccf0f926a28d25fd54b7e70c4a368ed2b53e Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Tue, 18 Oct 2022 11:37:39 -0400 Subject: [PATCH] Resolved org.apache.hc.core5.http.ParseException: Invalid protocol version Signed-off-by: Andriy Redko --- .../cluster/OpenSearchClientProvider.java | 22 ++++++++++++++----- .../security/httpclient/HttpClient.java | 13 ++++++++--- .../security/tools/SecurityAdmin.java | 13 ++++++++--- .../test/AbstractSecurityUnitTest.java | 13 ++++++++--- 4 files changed, 47 insertions(+), 14 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 83c00a0993..cfb3efab7c 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -41,6 +41,7 @@ import java.util.stream.Stream; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManagerFactory; import org.apache.hc.client5.http.auth.AuthScope; @@ -48,12 +49,14 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; -import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; @@ -99,7 +102,18 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray())); RestClientBuilder.HttpClientConfigCallback configCallback = httpClientBuilder -> { - TlsStrategy tlsStrategy = new BasicClientTlsStrategy(getSSLContext()); + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder + .create() + .setSslContext(getSSLContext()) + .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) + .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) @@ -107,8 +121,6 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); httpClientBuilder.setConnectionManager(cm); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); return httpClientBuilder; }; diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 3e6121bdf3..d032ca3544 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -29,6 +29,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import com.google.common.collect.Lists; @@ -39,11 +40,12 @@ import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.apache.hc.core5.ssl.PrivateKeyDetails; import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; @@ -250,13 +252,18 @@ public String chooseAlias(Map aliases, SSLParameters .setTlsVersions(supportedProtocols) .setCiphers(supportedCipherSuites) .setHostnameVerifier(hnv) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); httpClientBuilder.setConnectionManager(cm); } diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index efd239f20c..4e89fd32de 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -54,6 +54,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import com.fasterxml.jackson.databind.InjectableValues; import com.fasterxml.jackson.databind.JsonNode; @@ -75,9 +76,10 @@ import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; @@ -1407,14 +1409,19 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, .setSslContext(sslContext) .setTlsVersions(supportedProtocols) .setCiphers(supportedCipherSuites) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); builder.setConnectionManager(cm); return builder; }); diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index 0996f1292d..592433d5e9 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -38,6 +38,7 @@ import java.util.concurrent.atomic.AtomicLong; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import com.carrotsearch.randomizedtesting.RandomizedTest; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; @@ -49,11 +50,12 @@ import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; @@ -168,14 +170,19 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam .setSslContext(sslContext) .setTlsVersions(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}) .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); builder.setConnectionManager(cm); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); return builder; }); return new RestHighLevelClient(restClientBuilder);