diff --git a/build.gradle b/build.gradle index 7d6b4dc299..c0e8befb15 100644 --- a/build.gradle +++ b/build.gradle @@ -23,7 +23,7 @@ buildscript { version_tokens = opensearch_version.tokenize('-') opensearch_build = version_tokens[0] + '.0' - common_utils_version = System.getProperty("common_utils.version", '2.1.0.0') + common_utils_version = System.getProperty("common_utils.version", '3.0.0.0-SNAPSHOT') kafka_version = '3.0.2' if (buildVersionQualifier) { @@ -296,12 +296,15 @@ dependencies { implementation 'jakarta.annotation:jakarta.annotation-api:1.3.5' implementation "org.opensearch.plugin:transport-netty4-client:${opensearch_version}" implementation "org.opensearch.client:opensearch-rest-high-level-client:${opensearch_version}" + implementation "org.apache.httpcomponents.client5:httpclient5-cache:${versions.httpclient5}" + implementation "org.apache.httpcomponents:httpclient:${versions.httpclient}" + implementation "org.apache.httpcomponents:httpcore:${versions.httpcore}" + implementation "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}" implementation 'com.google.guava:guava:30.0-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' implementation "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}" implementation 'org.ldaptive:ldaptive:1.2.3' - implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' implementation 'io.jsonwebtoken:jjwt-api:0.10.8' implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.4.5') { exclude(group: 'jakarta.activation', module: 'jakarta.activation-api') @@ -348,8 +351,6 @@ dependencies { implementation 'commons-lang:commons-lang:2.4' implementation 'commons-collections:commons-collections:3.2.2' implementation 'com.jayway.jsonpath:json-path:2.4.0' - implementation 'org.apache.httpcomponents:httpclient:4.5.13' - implementation 'org.apache.httpcomponents:httpclient:4.5.13' implementation 'net.minidev:json-smart:2.4.7' runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.8' runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.10.8' @@ -373,6 +374,7 @@ dependencies { implementation 'org.apache.commons:commons-lang3:3.4' + testImplementation "org.opensearch:common-utils:${common_utils_version}" testImplementation "org.opensearch.plugin:reindex-client:${opensearch_version}" testImplementation "org.opensearch:opensearch-ssl-config:${opensearch_version}" testImplementation "org.opensearch.plugin:percolator-client:${opensearch_version}" @@ -387,6 +389,7 @@ dependencies { testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' testImplementation 'javax.servlet:servlet-api:2.5' testImplementation 'org.apache.httpcomponents:fluent-hc:4.5.13' + testImplementation "org.apache.httpcomponents.client5:httpclient5-fluent:${versions.httpclient5}" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test" testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test" @@ -394,7 +397,6 @@ dependencies { testImplementation 'org.springframework:spring-beans:5.3.20' testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' - testImplementation "org.opensearch:common-utils:${common_utils_version}" // JUnit build requirement testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0' // Kafka test execution diff --git a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java index 30c7ed46de..d93a168341 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java @@ -12,7 +12,7 @@ package org.opensearch.security; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java index 0868431716..dafedcdf38 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java @@ -12,7 +12,7 @@ import java.util.List; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.hamcrest.Matchers; import org.junit.ClassRule; import org.junit.Test; @@ -25,8 +25,8 @@ import org.opensearch.test.framework.cluster.TestRestClient; import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse; -import static org.apache.http.HttpStatus.SC_OK; -import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; +import static org.apache.hc.core5.http.HttpStatus.SC_OK; +import static org.apache.hc.core5.http.HttpStatus.SC_UNAUTHORIZED; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsStringIgnoringCase; import static org.hamcrest.Matchers.equalTo; diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java index 3a960f0d35..4af5563e53 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java @@ -10,7 +10,7 @@ package org.opensearch.security.http; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java index 2249083ab8..5398ea77f7 100644 --- a/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java @@ -19,7 +19,7 @@ import org.opensearch.test.framework.cluster.TestRestClient; import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse; -import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; +import static org.apache.hc.core5.http.HttpStatus.SC_UNAUTHORIZED; import static org.opensearch.security.http.BasicAuthTests.TEST_USER; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.DISABLED_AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.JWT_AUTH_DOMAIN; diff --git a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index c3ea872537..9fd3765ea6 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -12,7 +12,7 @@ package org.opensearch.security.privileges; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 54e4894a78..cfb3efab7c 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -41,17 +41,22 @@ import java.util.stream.Stream; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManagerFactory; -import org.apache.http.Header; -import org.apache.http.HttpHost; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.CredentialsProvider; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.impl.client.BasicCredentialsProvider; -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; +import org.apache.hc.client5.http.auth.AuthScope; +import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; +import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; @@ -94,17 +99,32 @@ default TestRestClient getRestClient(UserCredentialsHolder user, Header... heade default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { InetSocketAddress httpAddress = getHttpAddress(); - CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user.getName(), user.getPassword())); - + BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray())); RestClientBuilder.HttpClientConfigCallback configCallback = httpClientBuilder -> { - httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider).setSSLStrategy( - new SSLIOSessionStrategy(getSSLContext(), null, null, NoopHostnameVerifier.INSTANCE)); - + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder + .create() + .setSslContext(getSSLContext()) + .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + + httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); + httpClientBuilder.setConnectionManager(cm); return httpClientBuilder; }; - RestClientBuilder builder = RestClient.builder(new HttpHost(httpAddress.getHostString(), httpAddress.getPort(), "https")) + RestClientBuilder builder = RestClient.builder(new HttpHost("https", httpAddress.getHostString(), httpAddress.getPort())) .setHttpClientConfigCallback(configCallback); diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java index 0db80ee72f..c578ca2e77 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java @@ -29,8 +29,6 @@ package org.opensearch.test.framework.cluster; import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.URI; import java.net.URISyntaxException; @@ -40,34 +38,37 @@ import java.util.Collections; import java.util.List; import java.util.Optional; +import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLContext; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.IOUtils; -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.NameValuePair; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpHead; -import org.apache.http.client.methods.HttpOptions; -import org.apache.http.client.methods.HttpPatch; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.config.SocketConfig; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.message.BasicHeader; +import org.apache.hc.client5.http.classic.methods.HttpDelete; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpHead; +import org.apache.hc.client5.http.classic.methods.HttpOptions; +import org.apache.hc.client5.http.classic.methods.HttpPatch; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.classic.methods.HttpPut; +import org.apache.hc.client5.http.classic.methods.HttpUriRequest; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.NameValuePair; +import org.apache.hc.core5.http.io.SocketConfig; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.net.URIBuilder; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -137,11 +138,7 @@ public HttpResponse putJson(String path, String body, Header... headers) { } private StringEntity toStringEntity(String body) { - try { - return new StringEntity(body); - } catch (UnsupportedEncodingException e) { - throw new RestClientException("Cannot create string entity", e); - } + return new StringEntity(body); } public HttpResponse putJson(String path, ToXContentObject body) { @@ -215,9 +212,11 @@ protected final CloseableHttpClient getHTTPClient() { final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(this.sslContext, protocols, null, NoopHostnameVerifier.INSTANCE); - hcb.setSSLSocketFactory(sslsf); - - hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); if (requestConfig != null) { hcb.setDefaultRequestConfig(requestConfig); @@ -254,9 +253,9 @@ public HttpResponse(CloseableHttpResponse inner) throws IllegalStateException, I } else { this.body = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8); } - this.header = inner.getAllHeaders(); - this.statusCode = inner.getStatusLine().getStatusCode(); - this.statusReason = inner.getStatusLine().getReasonPhrase(); + this.header = inner.getHeaders(); + this.statusCode = inner.getCode(); + this.statusReason = inner.getReasonPhrase(); inner.close(); } @@ -381,14 +380,6 @@ public void setRequestConfig(RequestConfig requestConfig) { this.requestConfig = requestConfig; } - public void setLocalAddress(InetAddress inetAddress) { - if (requestConfig == null) { - requestConfig = RequestConfig.custom().setLocalAddress(inetAddress).build(); - } else { - requestConfig = RequestConfig.copy(requestConfig).setLocalAddress(inetAddress).build(); - } - } - public boolean isSendHTTPClientCertificate() { return sendHTTPClientCertificate; } diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java index d2e14d6145..02919c186f 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java @@ -21,7 +21,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java index 21e740e04a..16cc71ffbd 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java @@ -29,7 +29,7 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.security.WeakKeyException; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java index 7731bd8084..50be122aec 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java @@ -12,22 +12,24 @@ package com.amazon.dlic.auth.http.jwt.keybyoidc; import java.io.IOException; +import java.util.concurrent.TimeUnit; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; -import org.apache.http.HttpEntity; -import org.apache.http.StatusLine; -import org.apache.http.client.cache.HttpCacheContext; -import org.apache.http.client.cache.HttpCacheStorage; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.impl.client.cache.BasicHttpCacheStorage; -import org.apache.http.impl.client.cache.CacheConfig; -import org.apache.http.impl.client.cache.CachingHttpClients; +import org.apache.hc.client5.http.cache.HttpCacheContext; +import org.apache.hc.client5.http.cache.HttpCacheStorage; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.cache.BasicHttpCacheStorage; +import org.apache.hc.client5.http.impl.cache.CacheConfig; +import org.apache.hc.client5.http.impl.cache.CachingHttpClients; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.core5.http.HttpEntity; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -70,16 +72,14 @@ public JsonWebKeys get() throws AuthenticatorUnavailableException { HttpGet httpGet = new HttpGet(uri); - RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs()) - .setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build(); + RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS) + .setConnectTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS).build(); httpGet.setConfig(requestConfig); try (CloseableHttpResponse response = httpClient.execute(httpGet)) { - StatusLine statusLine = response.getStatusLine(); - - if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) { - throw new AuthenticatorUnavailableException("Error while getting " + uri + ": " + statusLine); + if (response.getCode() < 200 || response.getCode() >= 300) { + throw new AuthenticatorUnavailableException("Error while getting " + uri + ": " + response.getReasonPhrase()); } HttpEntity httpEntity = response.getEntity(); @@ -105,8 +105,8 @@ String getJwksUri() throws AuthenticatorUnavailableException { HttpGet httpGet = new HttpGet(openIdConnectEndpoint); - RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs()) - .setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build(); + RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS) + .setConnectTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS).build(); httpGet.setConfig(requestConfig); @@ -121,11 +121,9 @@ String getJwksUri() throws AuthenticatorUnavailableException { logCacheResponseStatus(httpContext); } - StatusLine statusLine = response.getStatusLine(); - - if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) { + if (response.getCode() < 200 || response.getCode() >= 300) { throw new AuthenticatorUnavailableException( - "Error while getting " + openIdConnectEndpoint + ": " + statusLine); + "Error while getting " + openIdConnectEndpoint + ": " + response.getReasonPhrase()); } HttpEntity httpEntity = response.getEntity(); @@ -196,7 +194,11 @@ private CloseableHttpClient createHttpClient(HttpCacheStorage httpCacheStorage) builder.useSystemProperties(); if (sslConfig != null) { - builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()); + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()) + .build(); + + builder.setConnectionManager(cm); } return builder.build(); diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java index a1269a4817..ef1ede7549 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java @@ -22,7 +22,7 @@ import org.apache.http.impl.client.HttpClients; import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver; -import com.amazon.dlic.util.SettingsBasedSSLConfigurator; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; import org.opensearch.SpecialPermission; import org.opensearch.common.settings.Settings; @@ -56,9 +56,9 @@ public byte[] run() throws ResolverException { } } - private static SettingsBasedSSLConfigurator.SSLConfig getSSLConfig(Settings settings, Path configPath) + private static SettingsBasedSSLConfiguratorV4.SSLConfig getSSLConfig(Settings settings, Path configPath) throws Exception { - return new SettingsBasedSSLConfigurator(settings, configPath, "idp").buildSSLConfig(); + return new SettingsBasedSSLConfiguratorV4(settings, configPath, "idp").buildSSLConfig(); } @SuppressWarnings("removal") @@ -91,7 +91,7 @@ private static HttpClient createHttpClient0(Settings settings, Path configPath) builder.useSystemProperties(); - SettingsBasedSSLConfigurator.SSLConfig sslConfig = getSSLConfig(settings, configPath); + SettingsBasedSSLConfiguratorV4.SSLConfig sslConfig = getSSLConfig(settings, configPath); if (sslConfig != null) { builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()); diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java index dd605ef087..03800feace 100644 --- a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java @@ -11,7 +11,6 @@ package com.amazon.dlic.util; -import java.net.Socket; import java.nio.file.Path; import java.security.KeyManagementException; import java.security.KeyStore; @@ -30,18 +29,18 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import com.google.common.collect.ImmutableList; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.ssl.PrivateKeyDetails; +import org.apache.hc.core5.ssl.PrivateKeyStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -196,7 +195,7 @@ private void configureWithSettings() throws SSLConfigException, NoSuchAlgorithmE new PrivateKeyStrategy() { @Override - public String chooseAlias(Map aliases, Socket socket) { + public String chooseAlias(Map aliases, SSLParameters sslParameters) { if (aliases == null || aliases.isEmpty()) { return effectiveKeyAlias; } @@ -430,10 +429,6 @@ public HostnameVerifier getHostnameVerifier() { return hostnameVerifier; } - public SSLIOSessionStrategy toSSLIOSessionStrategy() { - return new SSLIOSessionStrategy(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); - } - public SSLConnectionSocketFactory toSSLConnectionSocketFactory() { return new SSLConnectionSocketFactory(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java new file mode 100644 index 0000000000..4f34b04499 --- /dev/null +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java @@ -0,0 +1,561 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +package com.amazon.dlic.util; + +import java.net.Socket; +import java.nio.file.Path; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import com.google.common.collect.ImmutableList; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; +import org.apache.http.ssl.PrivateKeyDetails; +import org.apache.http.ssl.PrivateKeyStrategy; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import org.opensearch.common.settings.Settings; +import org.opensearch.security.ssl.util.SSLConfigConstants; +import org.opensearch.security.support.PemKeyReader; + +public class SettingsBasedSSLConfiguratorV4 { + private static final Logger log = LogManager.getLogger(SettingsBasedSSLConfigurator.class); + + public static final String CERT_ALIAS = "cert_alias"; + public static final String CA_ALIAS = "ca_alias"; + public static final String ENABLE_SSL = "enable_ssl"; + + /** + * Shall STARTTLS shall be used? + *

+ * NOTE: The setting of this option is only reflected by the startTlsEnabled + * attribute of the returned SSLConfig object. Clients of this class need to + * take further measures to enable STARTTLS. It does not affect the + * SSLIOSessionStrategy and SSLConnectionSocketFactory objects returned from + * this class. + */ + public static final String ENABLE_START_TLS = "enable_start_tls"; + public static final String ENABLE_SSL_CLIENT_AUTH = "enable_ssl_client_auth"; + public static final String PEMKEY_FILEPATH = "pemkey_filepath"; + public static final String PEMKEY_CONTENT = "pemkey_content"; + public static final String PEMKEY_PASSWORD = "pemkey_password"; + public static final String PEMCERT_FILEPATH = "pemcert_filepath"; + public static final String PEMCERT_CONTENT = "pemcert_content"; + public static final String PEMTRUSTEDCAS_CONTENT = "pemtrustedcas_content"; + public static final String PEMTRUSTEDCAS_FILEPATH = "pemtrustedcas_filepath"; + public static final String VERIFY_HOSTNAMES = "verify_hostnames"; + public static final String TRUST_ALL = "trust_all"; + + private static final List DEFAULT_TLS_PROTOCOLS = ImmutableList.of("TLSv1.2", "TLSv1.1"); + + private SSLContextBuilder sslContextBuilder; + private final Settings settings; + private final String settingsKeyPrefix; + private final Path configPath; + private final String clientName; + + private boolean enabled; + private boolean enableSslClientAuth; + private KeyStore effectiveTruststore; + private KeyStore effectiveKeystore; + private char[] effectiveKeyPassword; + private String effectiveKeyAlias; + private List effectiveTruststoreAliases; + + public SettingsBasedSSLConfiguratorV4(Settings settings, Path configPath, String settingsKeyPrefix, + String clientName) { + this.settings = settings; + this.configPath = configPath; + this.settingsKeyPrefix = normalizeSettingsKeyPrefix(settingsKeyPrefix); + this.clientName = clientName != null ? clientName : this.settingsKeyPrefix; + } + + public SettingsBasedSSLConfiguratorV4(Settings settings, Path configPath, String settingsKeyPrefix) { + this(settings, configPath, settingsKeyPrefix, null); + } + + SSLContext buildSSLContext() throws SSLConfigException { + try { + if (isTrustAllEnabled()) { + sslContextBuilder = new OverlyTrustfulSSLContextBuilder(); + } else { + sslContextBuilder = SSLContexts.custom(); + } + + configureWithSettings(); + + if (!this.enabled) { + return null; + } + + return sslContextBuilder.build(); + + } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { + throw new SSLConfigException("Error while initializing SSL configuration for " + this.clientName, e); + } + } + + public SSLConfig buildSSLConfig() throws SSLConfigException { + SSLContext sslContext = buildSSLContext(); + + if (sslContext == null) { + // disabled + return null; + } + + return new SSLConfig(sslContext, getSupportedProtocols(), getSupportedCipherSuites(), getHostnameVerifier(), + isHostnameVerificationEnabled(), isTrustAllEnabled(), isStartTlsEnabled(), this.effectiveTruststore, + this.effectiveTruststoreAliases, this.effectiveKeystore, this.effectiveKeyPassword, + this.effectiveKeyAlias); + } + + private boolean isHostnameVerificationEnabled() { + return getSettingAsBoolean(VERIFY_HOSTNAMES, true) && !isTrustAllEnabled(); + } + + private HostnameVerifier getHostnameVerifier() { + if (isHostnameVerificationEnabled()) { + return new DefaultHostnameVerifier(); + } else { + return NoopHostnameVerifier.INSTANCE; + } + } + + private String[] getSupportedProtocols() { + return getSettingAsArray("enabled_ssl_protocols", DEFAULT_TLS_PROTOCOLS); + } + + private String[] getSupportedCipherSuites() { + return getSettingAsArray("enabled_ssl_ciphers", null); + + } + + private boolean isStartTlsEnabled() { + return getSettingAsBoolean(ENABLE_START_TLS, false); + } + + private boolean isTrustAllEnabled() { + return getSettingAsBoolean(TRUST_ALL, false); + } + + private void configureWithSettings() throws SSLConfigException, NoSuchAlgorithmException, KeyStoreException { + this.enabled = getSettingAsBoolean(ENABLE_SSL, false); + + if (!this.enabled) { + return; + } + + this.enableSslClientAuth = getSettingAsBoolean(ENABLE_SSL_CLIENT_AUTH, false); + + if (settings.get(settingsKeyPrefix + PEMTRUSTEDCAS_FILEPATH, null) != null + || settings.get(settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT, null) != null) { + initFromPem(); + } else { + initFromKeyStore(); + } + + if (effectiveTruststore != null) { + sslContextBuilder.loadTrustMaterial(effectiveTruststore, null); + } + + if (enableSslClientAuth) { + if (effectiveKeystore != null) { + try { + sslContextBuilder.loadKeyMaterial(effectiveKeystore, effectiveKeyPassword, + new PrivateKeyStrategy() { + + @Override + public String chooseAlias(Map aliases, Socket socket) { + if (aliases == null || aliases.isEmpty()) { + return effectiveKeyAlias; + } + + if (effectiveKeyAlias == null || effectiveKeyAlias.isEmpty()) { + return aliases.keySet().iterator().next(); + } + + return effectiveKeyAlias; + } + }); + } catch (UnrecoverableKeyException e) { + throw new RuntimeException(e); + } + } + } + + } + + private void initFromPem() throws SSLConfigException { + X509Certificate[] trustCertificates; + + try { + trustCertificates = PemKeyReader.loadCertificatesFromStream( + PemKeyReader.resolveStream(settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT, settings)); + } catch (Exception e) { + throw new SSLConfigException( + "Error loading PEM from " + settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT + " for " + this.clientName, + e); + } + + if (trustCertificates == null) { + String path = PemKeyReader.resolve(settingsKeyPrefix + PEMTRUSTEDCAS_FILEPATH, settings, configPath, + !isTrustAllEnabled()); + + try { + trustCertificates = PemKeyReader.loadCertificatesFromFile(path); + } catch (Exception e) { + throw new SSLConfigException("Error loading PEM from " + path + " (" + settingsKeyPrefix + + PEMTRUSTEDCAS_FILEPATH + ") for " + this.clientName, e); + } + } + + // for client authentication + X509Certificate[] authenticationCertificate; + + try { + authenticationCertificate = PemKeyReader.loadCertificatesFromStream( + PemKeyReader.resolveStream(settingsKeyPrefix + PEMCERT_CONTENT, settings)); + } catch (Exception e) { + throw new SSLConfigException( + "Error loading PEM from " + settingsKeyPrefix + PEMCERT_CONTENT + " for " + this.clientName, e); + } + + if (authenticationCertificate == null) { + String path = PemKeyReader.resolve(settingsKeyPrefix + PEMCERT_FILEPATH, settings, configPath, + enableSslClientAuth); + + try { + authenticationCertificate = PemKeyReader.loadCertificatesFromFile(path); + } catch (Exception e) { + throw new SSLConfigException("Error loading PEM from " + path + " (" + settingsKeyPrefix + + PEMCERT_FILEPATH + ") for " + this.clientName, e); + } + + } + + PrivateKey authenticationKey; + + try { + authenticationKey = PemKeyReader.loadKeyFromStream(getSetting(PEMKEY_PASSWORD), + PemKeyReader.resolveStream(settingsKeyPrefix + PEMKEY_CONTENT, settings)); + } catch (Exception e) { + throw new SSLConfigException( + "Error loading PEM from " + settingsKeyPrefix + PEMKEY_CONTENT + " for " + this.clientName, e); + } + + if (authenticationKey == null) { + String path = PemKeyReader.resolve(settingsKeyPrefix + PEMKEY_FILEPATH, settings, configPath, + enableSslClientAuth); + + try { + authenticationKey = PemKeyReader.loadKeyFromFile(getSetting(PEMKEY_PASSWORD), path); + } catch (Exception e) { + throw new SSLConfigException("Error loading PEM from " + path + " (" + settingsKeyPrefix + + PEMKEY_FILEPATH + ") for " + this.clientName, e); + } + } + + try { + effectiveKeyPassword = PemKeyReader.randomChars(12); + effectiveKeyAlias = "al"; + effectiveTruststore = PemKeyReader.toTruststore(effectiveKeyAlias, trustCertificates); + effectiveKeystore = PemKeyReader.toKeystore(effectiveKeyAlias, effectiveKeyPassword, + authenticationCertificate, authenticationKey); + } catch (Exception e) { + throw new SSLConfigException("Error initializing SSLConfig for " + this.clientName, e); + } + + } + + private void initFromKeyStore() throws SSLConfigException { + KeyStore trustStore; + KeyStore keyStore; + + try { + trustStore = PemKeyReader.loadKeyStore( + PemKeyReader.resolve(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, settings, + configPath, !isTrustAllEnabled()), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, + SSLConfigConstants.DEFAULT_STORE_PASSWORD), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_TYPE)); + } catch (Exception e) { + throw new SSLConfigException("Error loading trust store from " + + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH), e); + } + + effectiveTruststoreAliases = getSettingAsList(CA_ALIAS, null); + + // for client authentication + + try { + keyStore = PemKeyReader.loadKeyStore( + PemKeyReader.resolve(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_FILEPATH, settings, + configPath, enableSslClientAuth), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_PASSWORD, + SSLConfigConstants.DEFAULT_STORE_PASSWORD), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_TYPE)); + } catch (Exception e) { + throw new SSLConfigException("Error loading key store from " + + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_FILEPATH), e); + } + + String keyStorePassword = settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_PASSWORD, + SSLConfigConstants.DEFAULT_STORE_PASSWORD); + effectiveKeyPassword = keyStorePassword == null || keyStorePassword.isEmpty() ? null + : keyStorePassword.toCharArray(); + effectiveKeyAlias = getSetting(CERT_ALIAS); + + if (enableSslClientAuth && effectiveKeyAlias == null) { + throw new IllegalArgumentException(settingsKeyPrefix + CERT_ALIAS + " not given"); + } + + effectiveTruststore = trustStore; + effectiveKeystore = keyStore; + + } + + private String getSetting(String key) { + return settings.get(settingsKeyPrefix + key); + } + + private Boolean getSettingAsBoolean(String key, Boolean defaultValue) { + return settings.getAsBoolean(settingsKeyPrefix + key, defaultValue); + } + + private List getSettingAsList(String key, List defaultValue) { + return settings.getAsList(settingsKeyPrefix + key, defaultValue); + } + + private String[] getSettingAsArray(String key, List defaultValue) { + List list = getSettingAsList(key, defaultValue); + + if (list == null) { + return null; + } + + return list.toArray(new String[list.size()]); + } + + private static String normalizeSettingsKeyPrefix(String settingsKeyPrefix) { + if (settingsKeyPrefix == null || settingsKeyPrefix.length() == 0) { + return ""; + } else if (!settingsKeyPrefix.endsWith(".")) { + return settingsKeyPrefix + "."; + } else { + return settingsKeyPrefix; + } + } + + public static class SSLConfig { + + private final SSLContext sslContext; + private final String[] supportedProtocols; + private final String[] supportedCipherSuites; + private final HostnameVerifier hostnameVerifier; + private final boolean startTlsEnabled; + private final boolean hostnameVerificationEnabled; + private final boolean trustAll; + private final KeyStore effectiveTruststore; + private final List effectiveTruststoreAliases; + private final KeyStore effectiveKeystore; + private final char[] effectiveKeyPassword; + private final String effectiveKeyAlias; + + public SSLConfig(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, + HostnameVerifier hostnameVerifier, boolean hostnameVerificationEnabled, boolean trustAll, + boolean startTlsEnabled, KeyStore effectiveTruststore, List effectiveTruststoreAliases, + KeyStore effectiveKeystore, char[] effectiveKeyPassword, String effectiveKeyAlias) { + this.sslContext = sslContext; + this.supportedProtocols = supportedProtocols; + this.supportedCipherSuites = supportedCipherSuites; + this.hostnameVerifier = hostnameVerifier; + this.hostnameVerificationEnabled = hostnameVerificationEnabled; + this.trustAll = trustAll; + this.startTlsEnabled = startTlsEnabled; + this.effectiveTruststore = effectiveTruststore; + this.effectiveTruststoreAliases = effectiveTruststoreAliases; + this.effectiveKeystore = effectiveKeystore; + this.effectiveKeyPassword = effectiveKeyPassword; + this.effectiveKeyAlias = effectiveKeyAlias; + + if (log.isDebugEnabled()) { + log.debug("Created SSLConfig: {}", this); + } + } + + public SSLContext getSslContext() { + return sslContext; + } + + public String[] getSupportedProtocols() { + return supportedProtocols; + } + + public String[] getSupportedCipherSuites() { + return supportedCipherSuites; + } + + public HostnameVerifier getHostnameVerifier() { + return hostnameVerifier; + } + + public SSLIOSessionStrategy toSSLIOSessionStrategy() { + return new SSLIOSessionStrategy(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); + } + + public SSLConnectionSocketFactory toSSLConnectionSocketFactory() { + return new SSLConnectionSocketFactory(sslContext, supportedProtocols, supportedCipherSuites, + hostnameVerifier); + } + + public boolean isStartTlsEnabled() { + return startTlsEnabled; + } + + public boolean isHostnameVerificationEnabled() { + return hostnameVerificationEnabled; + } + + public KeyStore getEffectiveTruststore() { + return effectiveTruststore; + } + + public KeyStore getEffectiveKeystore() { + return effectiveKeystore; + } + + public char[] getEffectiveKeyPassword() { + return effectiveKeyPassword; + } + + public String getEffectiveKeyPasswordString() { + if (this.effectiveKeyPassword == null) { + return null; + } else { + return new String(this.effectiveKeyPassword); + } + } + + public String getEffectiveKeyAlias() { + return effectiveKeyAlias; + } + + public List getEffectiveTruststoreAliases() { + return effectiveTruststoreAliases; + } + + public String[] getEffectiveTruststoreAliasesArray() { + if (this.effectiveTruststoreAliases == null) { + return null; + } else { + return this.effectiveTruststoreAliases.toArray(new String[this.effectiveTruststoreAliases.size()]); + } + } + + public String[] getEffectiveKeyAliasesArray() { + if (this.effectiveKeyAlias == null) { + return null; + } else { + return new String[] { this.effectiveKeyAlias }; + } + } + + @Override + public String toString() { + return "SSLConfig [sslContext=" + sslContext + ", supportedProtocols=" + Arrays.toString(supportedProtocols) + + ", supportedCipherSuites=" + Arrays.toString(supportedCipherSuites) + ", hostnameVerifier=" + + hostnameVerifier + ", startTlsEnabled=" + startTlsEnabled + ", hostnameVerificationEnabled=" + + hostnameVerificationEnabled + ", trustAll=" + trustAll + ", effectiveTruststore=" + + effectiveTruststore + ", effectiveTruststoreAliases=" + effectiveTruststoreAliases + + ", effectiveKeystore=" + effectiveKeystore + ", effectiveKeyAlias=" + effectiveKeyAlias + "]"; + } + + public boolean isTrustAllEnabled() { + return trustAll; + } + } + + public static class SSLConfigException extends Exception { + + private static final long serialVersionUID = 5827273100470174111L; + + public SSLConfigException() { + super(); + } + + public SSLConfigException(String message, Throwable cause, boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } + + public SSLConfigException(String message, Throwable cause) { + super(message, cause); + } + + public SSLConfigException(String message) { + super(message); + } + + public SSLConfigException(Throwable cause) { + super(cause); + } + + } + + private static class OverlyTrustfulSSLContextBuilder extends SSLContextBuilder { + @Override + protected void initSSLContext(SSLContext sslContext, Collection keyManagers, + Collection trustManagers, SecureRandom secureRandom) throws KeyManagementException { + sslContext.init(!keyManagers.isEmpty() ? keyManagers.toArray(new KeyManager[keyManagers.size()]) : null, + new TrustManager[] { new OverlyTrustfulTrustManager() }, secureRandom); + } + } + + private static class OverlyTrustfulTrustManager implements X509TrustManager { + @Override + public void checkClientTrusted(final X509Certificate[] chain, final String authType) + throws CertificateException { + } + + @Override + public void checkServerTrusted(final X509Certificate[] chain, final String authType) + throws CertificateException { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + } +} diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java index 12ca085f37..88d05d0f2a 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java @@ -26,7 +26,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.commons.codec.digest.DigestUtils; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.joda.time.format.DateTimeFormat; diff --git a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java index 35479016ae..af4525fcba 100644 --- a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java +++ b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java @@ -20,21 +20,28 @@ import java.security.KeyStore; import java.security.PrivilegedAction; import java.security.cert.X509Certificate; - -import org.apache.http.HttpStatus; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.entity.ContentType; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.TrustStrategy; +import java.util.concurrent.TimeUnit; + +import javax.net.ssl.SSLContext; + +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.http.ContentType; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.io.SocketConfig; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.TrustStrategy; import org.opensearch.common.Strings; import org.opensearch.common.settings.Settings; @@ -217,7 +224,7 @@ protected boolean doGet(String url) { CloseableHttpResponse serverResponse = null; try { serverResponse = httpClient.execute(httpGet); - int responseCode = serverResponse.getStatusLine().getStatusCode(); + int responseCode = serverResponse.getCode(); if (responseCode != HttpStatus.SC_OK) { log.error("Cannot GET to webhook URL '{}', server returned status {}", webhookUrl, responseCode); return false; @@ -269,14 +276,13 @@ protected boolean doPost(String url, String payload) { HttpPost postRequest = new HttpPost(url); - StringEntity input = new StringEntity(payload, StandardCharsets.UTF_8); - input.setContentType(webhookFormat.contentType.toString()); + StringEntity input = new StringEntity(payload, webhookFormat.contentType.withCharset(StandardCharsets.UTF_8)); postRequest.setEntity(input); CloseableHttpResponse serverResponse = null; try { serverResponse = httpClient.execute(postRequest); - int responseCode = serverResponse.getStatusLine().getStatusCode(); + int responseCode = serverResponse.getCode(); if (responseCode != HttpStatus.SC_OK) { log.error("Cannot POST to webhook URL '{}', server returned status {}", webhookUrl, responseCode); return false; @@ -339,9 +345,8 @@ CloseableHttpClient getHttpClient() { int timeout = 5; RequestConfig config = RequestConfig.custom() - .setConnectTimeout(timeout * 1000) - .setConnectionRequestTimeout(timeout * 1000) - .setSocketTimeout(timeout * 1000).build(); + .setConnectTimeout(timeout, TimeUnit.SECONDS) + .setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).build(); final TrustStrategy trustAllStrategy = new TrustStrategy() { @Override @@ -352,16 +357,18 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { try { + HttpClientBuilder hcb = HttpClients.custom().setDefaultRequestConfig(config); if(!verifySSL) { - return HttpClients.custom() - .setSSLSocketFactory( - new SSLConnectionSocketFactory( - new SSLContextBuilder() - .loadTrustMaterial(trustAllStrategy) - .build(), - NoopHostnameVerifier.INSTANCE)) - .setDefaultRequestConfig(config) - .build(); + SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(trustAllStrategy).build(); + final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null, + NoopHostnameVerifier.INSTANCE); + + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(timeout, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); + return hcb.build(); } if(effectiveTruststore == null) { @@ -369,16 +376,17 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { .setDefaultRequestConfig(config) .build(); } + SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(effectiveTruststore, null).build(); + final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null, + new DefaultHostnameVerifier()); + + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(timeout, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); - return HttpClients.custom() - .setSSLSocketFactory( - new SSLConnectionSocketFactory( - new SSLContextBuilder() - .loadTrustMaterial(effectiveTruststore, null) - .build(), - new DefaultHostnameVerifier())) - .setDefaultRequestConfig(config) - .build(); + return hcb.build(); } catch(Exception ex) { diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 281235f5e0..d032ca3544 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -13,7 +13,6 @@ import java.io.Closeable; import java.io.IOException; -import java.net.Socket; import java.nio.charset.StandardCharsets; import java.security.KeyManagementException; import java.security.KeyStore; @@ -25,24 +24,32 @@ import java.util.Base64; import java.util.Map; import java.util.Objects; +import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; import com.google.common.collect.Lists; -import org.apache.http.HttpHeaders; -import org.apache.http.HttpHost; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.impl.nio.client.HttpAsyncClientBuilder; -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; +import org.apache.hc.core5.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; +import org.apache.hc.core5.ssl.PrivateKeyDetails; +import org.apache.hc.core5.ssl.PrivateKeyStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -153,7 +160,7 @@ private HttpClient(final KeyStore trustStore, final String basicCredentials, fin HttpHost[] hosts = Arrays.stream(servers) .map(s->s.split(":")) - .map(s->new HttpHost(s[0], Integer.parseInt(s[1]),ssl?"https":"http")) + .map(s->new HttpHost(ssl?"https":"http", s[0], Integer.parseInt(s[1]))) .collect(Collectors.toList()).toArray(new HttpHost[0]); @@ -223,7 +230,7 @@ private final HttpAsyncClientBuilder asyncClientBuilder(HttpAsyncClientBuilder h sslContextBuilder.loadKeyMaterial(keystore, keyPassword, new PrivateKeyStrategy() { @Override - public String chooseAlias(Map aliases, Socket socket) { + public String chooseAlias(Map aliases, SSLParameters sslParameters) { if(aliases == null || aliases.isEmpty()) { return keystoreAlias; } @@ -232,19 +239,32 @@ public String chooseAlias(Map aliases, Socket socket) return aliases.keySet().iterator().next(); } - return keystoreAlias; } + return keystoreAlias; + } }); } - final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE; + final HostnameVerifier hnv = verifyHostnames ? new DefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE; final SSLContext sslContext = sslContextBuilder.build(); - httpClientBuilder.setSSLStrategy(new SSLIOSessionStrategy( - sslContext, - supportedProtocols, - supportedCipherSuites, - hnv - )); + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() + .setSslContext(sslContext) + .setTlsVersions(supportedProtocols) + .setCiphers(supportedCipherSuites) + .setHostnameVerifier(hnv) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + httpClientBuilder.setConnectionManager(cm); } if (basicCredentials != null) { @@ -255,9 +275,8 @@ public String chooseAlias(Map aliases, Socket socket) int timeout = 5; RequestConfig config = RequestConfig.custom() - .setConnectTimeout(timeout * 1000) - .setConnectionRequestTimeout(timeout * 1000) - .setSocketTimeout(timeout * 1000).build(); + .setConnectTimeout(timeout, TimeUnit.SECONDS) + .setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).build(); httpClientBuilder.setDefaultRequestConfig(config); diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java index 57a1df8ba4..287152d9dc 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java @@ -180,13 +180,10 @@ public static final String[] getSecureSSLProtocols(Settings settings, boolean ht "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 2553a13677..4e89fd32de 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -54,6 +54,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import com.fasterxml.jackson.databind.InjectableValues; import com.fasterxml.jackson.databind.JsonNode; @@ -70,12 +71,17 @@ import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; -import org.apache.http.HttpHost; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.opensearch.ExceptionsHelper; import org.opensearch.OpenSearchException; @@ -1394,19 +1400,31 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, String[] supportedProtocols = enabledProtocols.length > 0 ? enabledProtocols : null; String[] supportedCipherSuites = enabledCiphers.length > 0 ? enabledCiphers : null; - HttpHost httpHost = new HttpHost(hostname, port, "https"); + HttpHost httpHost = new HttpHost("https", hostname, port); RestClientBuilder restClientBuilder = RestClient.builder(httpHost) - .setHttpClientConfigCallback( - builder -> builder.setSSLStrategy( - new SSLIOSessionStrategy( - sslContext, - supportedProtocols, - supportedCipherSuites, - hnv - ) - ) - ); + .setHttpClientConfigCallback( + builder -> { + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() + .setSslContext(sslContext) + .setTlsVersions(supportedProtocols) + .setCiphers(supportedCipherSuites) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + + builder.setConnectionManager(cm); + return builder; + }); return new RestHighLevelClient(restClientBuilder); } diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java index 2e4b659841..0aeb4df082 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java @@ -29,7 +29,7 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.security.Keys; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java index bdf367ead5..b30a6326b6 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java @@ -14,22 +14,24 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.net.Socket; import java.security.KeyStore; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Map; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLSession; + import com.google.common.hash.Hashing; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpCoreContext; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.http.protocol.HttpCoreContext; +import org.apache.hc.core5.ssl.PrivateKeyDetails; +import org.apache.hc.core5.ssl.PrivateKeyStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; @@ -79,13 +81,13 @@ public void clientCertTest() throws Exception { try (MockIpdServer sslMockIdpServer = new MockIpdServer(TestJwk.Jwks.ALL, SocketUtils.findAvailableTcpPort(), true) { @Override - protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { + protected void handleDiscoverRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) + throws IOException, HttpException { + - MockIpdServer.SSLTestHttpServerConnection connection = (MockIpdServer.SSLTestHttpServerConnection) ((HttpCoreContext) context) - .getConnection(); + SSLSession sslSession = ((HttpCoreContext) context).getSSLSession(); - X509Certificate peerCert = (X509Certificate) connection.getPeerCertificates()[0]; + X509Certificate peerCert = (X509Certificate) sslSession.getPeerCertificates()[0]; try { String sha256Fingerprint = Hashing.sha256().hashBytes(peerCert.getEncoded()).toString(); @@ -118,7 +120,7 @@ protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, sslContextBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray(), new PrivateKeyStrategy() { @Override - public String chooseAlias(Map aliases, Socket socket) { + public String chooseAlias(Map aliases, SSLParameters sslParameters) { return "spock"; } }); diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java index 580e2bcc17..21a9d239c3 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java @@ -16,38 +16,28 @@ import java.io.IOException; import java.io.InputStream; import java.net.Socket; -import java.nio.charset.CharsetDecoder; -import java.nio.charset.CharsetEncoder; import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.security.cert.Certificate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManagerFactory; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; -import org.apache.http.HttpConnectionFactory; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.config.ConnectionConfig; -import org.apache.http.config.MessageConstraints; -import org.apache.http.entity.ContentLengthStrategy; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.DefaultBHttpServerConnection; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.SSLServerSetupHandler; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.io.HttpMessageParserFactory; -import org.apache.http.io.HttpMessageWriterFactory; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; +import org.apache.hc.core5.function.Callback; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.config.Http1Config; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; +import org.apache.hc.core5.http.io.HttpConnectionFactory; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.http.protocol.HttpContext; import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.test.helper.network.SocketUtils; @@ -75,44 +65,31 @@ class MockIpdServer implements Closeable { this.jwks = jwks; ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port) - .registerHandler(CTX_DISCOVER, new HttpRequestHandler() { + .register(CTX_DISCOVER, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleDiscoverRequest(request, response, context); - } - }).registerHandler(CTX_KEYS, new HttpRequestHandler() { + }).register(CTX_KEYS, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleKeysRequest(request, response, context); - } }); if (ssl) { serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) - .setSslSetupHandler(new SSLServerSetupHandler() { - + .setSslSetupHandler(new Callback() { @Override - public void initialize(SSLServerSocket socket) throws SSLException { - socket.setNeedClientAuth(true); + public void execute(SSLParameters object) { + object.setNeedClientAuth(true); } }).setConnectionFactory(new HttpConnectionFactory() { - - private ConnectionConfig cconfig = ConnectionConfig.DEFAULT; - @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection( - this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), - ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), - this.cconfig.getMessageConstraints(), null, null, null, null); + final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection(ssl ? "https" : "http", Http1Config.DEFAULT); conn.bind(socket); return conn; } @@ -145,17 +122,17 @@ public int getPort() { return port; } - protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleDiscoverRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setHeader("Cache-Control", "public, max-age=31536000"); response.setEntity(new StringEntity("{\"jwks_uri\": \"" + uri + CTX_KEYS + "\",\n" + "\"issuer\": \"" + uri + "\", \"unknownPropertyToBeIgnored\": 42}")); } - protected void handleKeysRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleKeysRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setEntity(new StringEntity(toJson(jwks))); } @@ -187,20 +164,4 @@ private SSLContext createSSLContext() { throw new RuntimeException(e); } } - - static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection { - public SSLTestHttpServerConnection(final int buffersize, final int fragmentSizeHint, - final CharsetDecoder chardecoder, final CharsetEncoder charencoder, - final MessageConstraints constraints, final ContentLengthStrategy incomingContentStrategy, - final ContentLengthStrategy outgoingContentStrategy, - final HttpMessageParserFactory requestParserFactory, - final HttpMessageWriterFactory responseWriterFactory) { - super(buffersize, fragmentSizeHint, chardecoder, charencoder, constraints, incomingContentStrategy, - outgoingContentStrategy, requestParserFactory, responseWriterFactory); - } - - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { - return ((SSLSocket) getSocket()).getSession().getPeerCertificates(); - } - } } diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java index 9b2a2f1854..4f4a8c9640 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java @@ -30,7 +30,6 @@ import java.security.Principal; import java.security.PrivateKey; import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Arrays; @@ -43,10 +42,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManagerFactory; import javax.servlet.RequestDispatcher; import javax.servlet.ServletInputStream; @@ -65,28 +61,27 @@ import net.shibboleth.utilities.java.support.codec.Base64Support; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; -import org.apache.http.Header; -import org.apache.http.HttpConnectionFactory; -import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.config.ConnectionConfig; -import org.apache.http.config.MessageConstraints; -import org.apache.http.entity.ContentLengthStrategy; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.DefaultBHttpServerConnection; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.SSLServerSetupHandler; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.io.HttpMessageParserFactory; -import org.apache.http.io.HttpMessageWriterFactory; -import org.apache.http.message.BasicHttpRequest; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; +import org.apache.hc.core5.function.Callback; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.ContentLengthStrategy; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.NameValuePair; +import org.apache.hc.core5.http.config.Http1Config; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; +import org.apache.hc.core5.http.io.HttpConnectionFactory; +import org.apache.hc.core5.http.io.HttpMessageParserFactory; +import org.apache.hc.core5.http.io.HttpMessageWriterFactory; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.http.message.BasicHttpRequest; +import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.net.URIBuilder; import org.joda.time.DateTime; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.XMLObjectBuilderFactory; @@ -199,53 +194,41 @@ class MockSamlIdpServer implements Closeable { this.loadSigningKeys("saml/kirk-keystore.jks", "kirk"); ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port) - .registerHandler(CTX_METADATA, new HttpRequestHandler() { + .register(CTX_METADATA, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleMetadataRequest(request, response, context); } - }).registerHandler(CTX_SAML_SSO, new HttpRequestHandler() { + }).register(CTX_SAML_SSO, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleSsoRequest(request, response, context); - } - }).registerHandler(CTX_SAML_SLO, new HttpRequestHandler() { + }).register(CTX_SAML_SLO, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleSloRequest(request, response, context); - } }); if (ssl) { - serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) - .setSslSetupHandler(new SSLServerSetupHandler() { + serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) + .setSslSetupHandler(new Callback() { @Override - public void initialize(SSLServerSocket socket) throws SSLException { - socket.setNeedClientAuth(true); + public void execute(SSLParameters object) { + object.setNeedClientAuth(true); } - }).setConnectionFactory(new HttpConnectionFactory() { - - private ConnectionConfig cconfig = ConnectionConfig.DEFAULT; - + }) + .setConnectionFactory(new HttpConnectionFactory() { @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection( - this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), - ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), - this.cconfig.getMessageConstraints(), null, null, null, null); + final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection(ssl ? "https" : "http", Http1Config.DEFAULT); conn.bind(socket); return conn; } @@ -306,9 +289,9 @@ public int getPort() { return port; } - protected void handleMetadataRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleMetadataRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setHeader("Cache-Control", "public, max-age=31536000"); response.setHeader("Content-Type", "application/xml"); response.setEntity(new StringEntity(createMetadata())); @@ -317,10 +300,10 @@ protected void handleMetadataRequest(HttpRequest request, HttpResponse response, protected void handleSsoRequest(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - if ("GET".equalsIgnoreCase(request.getRequestLine().getMethod())) { + if ("GET".equalsIgnoreCase(request.getMethod())) { handleSsoGetRequestBase(request); } else { - response.setStatusCode(405); + response.setCode(405); } } @@ -328,10 +311,10 @@ protected void handleSsoRequest(HttpRequest request, HttpResponse response, Http protected void handleSloRequest(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - if ("GET".equalsIgnoreCase(request.getRequestLine().getMethod())) { + if ("GET".equalsIgnoreCase(request.getMethod())) { handleSloGetRequestBase(request); } else { - response.setStatusCode(405); + response.setCode(405); } } @@ -726,19 +709,15 @@ private String nextId() { } static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection { - public SSLTestHttpServerConnection(final int buffersize, final int fragmentSizeHint, - final CharsetDecoder chardecoder, final CharsetEncoder charencoder, - final MessageConstraints constraints, final ContentLengthStrategy incomingContentStrategy, - final ContentLengthStrategy outgoingContentStrategy, - final HttpMessageParserFactory requestParserFactory, - final HttpMessageWriterFactory responseWriterFactory) { - super(buffersize, fragmentSizeHint, chardecoder, charencoder, constraints, incomingContentStrategy, + public SSLTestHttpServerConnection(final String scheme, Http1Config http1Config, + final CharsetDecoder charDecoder, final CharsetEncoder charEncoder, + final ContentLengthStrategy incomingContentStrategy, + final ContentLengthStrategy outgoingContentStrategy, + final HttpMessageParserFactory requestParserFactory, + final HttpMessageWriterFactory responseWriterFactory) { + super(scheme, http1Config, charDecoder, charEncoder, incomingContentStrategy, outgoingContentStrategy, requestParserFactory, responseWriterFactory); } - - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { - return ((SSLSocket) getSocket()).getSession().getPeerCertificates(); - } } static class FakeHttpServletRequest implements HttpServletRequest { @@ -748,7 +727,7 @@ static class FakeHttpServletRequest implements HttpServletRequest { FakeHttpServletRequest(HttpRequest delegate) throws URISyntaxException { this.delegate = delegate; - String uri = delegate.getRequestLine().getUri(); + String uri = delegate.getRequestUri(); this.uriBuilder = new URIBuilder(uri); this.queryParams = uriBuilder.getQueryParams().stream() .collect(Collectors.toMap(NameValuePair::getName, NameValuePair::getValue)); @@ -767,8 +746,8 @@ public Enumeration getAttributeNames() { @Override public String getCharacterEncoding() { - if (delegate instanceof HttpEntityEnclosingRequest) { - return ((HttpEntityEnclosingRequest) delegate).getEntity().getContentEncoding().getValue(); + if (delegate instanceof ClassicHttpRequest) { + return ((ClassicHttpRequest) delegate).getEntity().getContentEncoding(); } else { return null; } @@ -776,8 +755,8 @@ public String getCharacterEncoding() { @Override public int getContentLength() { - if (delegate instanceof HttpEntityEnclosingRequest) { - return (int) ((HttpEntityEnclosingRequest) delegate).getEntity().getContentLength(); + if (delegate instanceof ClassicHttpRequest) { + return (int) ((ClassicHttpRequest) delegate).getEntity().getContentLength(); } else { return 0; } @@ -785,8 +764,8 @@ public int getContentLength() { @Override public String getContentType() { - if (delegate instanceof HttpEntityEnclosingRequest) { - return ((HttpEntityEnclosingRequest) delegate).getEntity().getContentType().getValue(); + if (delegate instanceof ClassicHttpRequest) { + return ((ClassicHttpRequest) delegate).getEntity().getContentType(); } else { return null; } @@ -794,8 +773,8 @@ public String getContentType() { @Override public ServletInputStream getInputStream() throws IOException { - if (delegate instanceof HttpEntityEnclosingRequest) { - final InputStream in = ((HttpEntityEnclosingRequest) delegate).getEntity().getContent(); + if (delegate instanceof ClassicHttpRequest) { + final InputStream in = ((ClassicHttpRequest) delegate).getEntity().getContent(); return new ServletInputStream() { @@ -877,8 +856,8 @@ public String getProtocol() { @Override public BufferedReader getReader() throws IOException { - if (delegate instanceof HttpEntityEnclosingRequest) { - final InputStream in = ((HttpEntityEnclosingRequest) delegate).getEntity().getContent(); + if (delegate instanceof ClassicHttpRequest) { + final InputStream in = ((ClassicHttpRequest) delegate).getEntity().getContent(); return new BufferedReader(new InputStreamReader(in)); } else { @@ -981,7 +960,7 @@ public String getHeader(String name) { @Override public Enumeration getHeaderNames() { return Collections.enumeration( - Arrays.asList(delegate.getAllHeaders()).stream().map(Header::getName).collect(Collectors.toSet())); + Arrays.asList(delegate.getHeaders()).stream().map(Header::getName).collect(Collectors.toSet())); } @SuppressWarnings("rawtypes") @@ -1010,7 +989,7 @@ public int getIntHeader(String name) { @Override public String getMethod() { - return delegate.getRequestLine().getMethod(); + return delegate.getMethod(); } @Override @@ -1025,7 +1004,7 @@ public String getPathTranslated() { @Override public String getQueryString() { - return this.delegate.getRequestLine().getUri().replaceAll("^.*\\?", ""); + return this.delegate.getRequestUri().replaceAll("^.*\\?", ""); } @Override @@ -1035,12 +1014,12 @@ public String getRemoteUser() { @Override public String getRequestURI() { - return delegate.getRequestLine().getUri(); + return delegate.getRequestUri(); } @Override public StringBuffer getRequestURL() { - return new StringBuffer(delegate.getRequestLine().getUri()); + return new StringBuffer(delegate.getRequestUri()); } @Override diff --git a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java index e5a39cf3e9..81654d4c19 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java +++ b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java @@ -11,8 +11,8 @@ package com.amazon.dlic.auth.ldap; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; diff --git a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java index 17df201599..0ce9d0c857 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java +++ b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java @@ -11,8 +11,8 @@ package com.amazon.dlic.auth.ldap2; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; diff --git a/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java b/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java index e4711bb504..3b069a2339 100644 --- a/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java +++ b/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java @@ -14,8 +14,8 @@ import java.io.File; import java.util.Arrays; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Before; diff --git a/src/test/java/org/opensearch/security/AggregationTests.java b/src/test/java/org/opensearch/security/AggregationTests.java index b003643209..c2feddd6b6 100644 --- a/src/test/java/org/opensearch/security/AggregationTests.java +++ b/src/test/java/org/opensearch/security/AggregationTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java index c88c0c99a6..cc37a6d1d4 100644 --- a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java +++ b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java index b9679c217b..5535d8a924 100644 --- a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java +++ b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java @@ -10,7 +10,7 @@ */ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/HealthTests.java b/src/test/java/org/opensearch/security/HealthTests.java index a4ff381e04..4cba4030e6 100644 --- a/src/test/java/org/opensearch/security/HealthTests.java +++ b/src/test/java/org/opensearch/security/HealthTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/HttpIntegrationTests.java b/src/test/java/org/opensearch/security/HttpIntegrationTests.java index c45d9f332c..d9ed9c34df 100644 --- a/src/test/java/org/opensearch/security/HttpIntegrationTests.java +++ b/src/test/java/org/opensearch/security/HttpIntegrationTests.java @@ -31,9 +31,9 @@ import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.FileUtils; -import org.apache.http.HttpStatus; -import org.apache.http.NoHttpResponseException; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.NoHttpResponseException; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/IndexIntegrationTests.java b/src/test/java/org/opensearch/security/IndexIntegrationTests.java index a88821078e..8f2ee960bd 100644 --- a/src/test/java/org/opensearch/security/IndexIntegrationTests.java +++ b/src/test/java/org/opensearch/security/IndexIntegrationTests.java @@ -31,7 +31,7 @@ import java.util.Date; import java.util.TimeZone; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; @@ -124,7 +124,7 @@ public void testBulkShards() throws Exception { System.out.println("############ _bulk"); HttpResponse res = rh.executePostRequest("_bulk?refresh=true&pretty=true", bulkBody, encodeBasicHeader("worf", "worf")); System.out.println(res.getBody()); - Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode()); + Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode()); Assert.assertTrue(res.getBody().contains("\"errors\" : true")); Assert.assertTrue(res.getBody().contains("\"status\" : 201")); Assert.assertTrue(res.getBody().contains("no permissions for")); diff --git a/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java b/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java index 26aec2481f..7bdbc57cf5 100644 --- a/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java +++ b/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Before; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java index 090b1ece75..ef8ef9bf86 100644 --- a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java +++ b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java @@ -30,9 +30,9 @@ import java.util.Iterator; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/IntegrationTests.java b/src/test/java/org/opensearch/security/IntegrationTests.java index 985ea826b6..226551a5ae 100644 --- a/src/test/java/org/opensearch/security/IntegrationTests.java +++ b/src/test/java/org/opensearch/security/IntegrationTests.java @@ -30,8 +30,8 @@ import com.fasterxml.jackson.databind.JsonNode; import io.netty.handler.ssl.OpenSsl; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Assume; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/PitIntegrationTests.java b/src/test/java/org/opensearch/security/PitIntegrationTests.java index b31450dcf7..baab586beb 100644 --- a/src/test/java/org/opensearch/security/PitIntegrationTests.java +++ b/src/test/java/org/opensearch/security/PitIntegrationTests.java @@ -13,7 +13,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ResolveAPITests.java b/src/test/java/org/opensearch/security/ResolveAPITests.java index 4915cec4d7..2c297e3bbe 100644 --- a/src/test/java/org/opensearch/security/ResolveAPITests.java +++ b/src/test/java/org/opensearch/security/ResolveAPITests.java @@ -15,7 +15,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.junit.Assert; diff --git a/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java b/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java index 6446e9eac7..bc5d174739 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java index f377dfa7bc..18f5c06529 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java @@ -30,7 +30,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityAdminTests.java b/src/test/java/org/opensearch/security/SecurityAdminTests.java index c2f6b9ab27..e7953c508a 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminTests.java @@ -23,7 +23,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityRolesTests.java b/src/test/java/org/opensearch/security/SecurityRolesTests.java index 4b5f45d544..ee8e1ea150 100644 --- a/src/test/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/test/java/org/opensearch/security/SecurityRolesTests.java @@ -26,8 +26,8 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SlowIntegrationTests.java b/src/test/java/org/opensearch/security/SlowIntegrationTests.java index c08e3e3fd6..6a90ef8e71 100644 --- a/src/test/java/org/opensearch/security/SlowIntegrationTests.java +++ b/src/test/java/org/opensearch/security/SlowIntegrationTests.java @@ -28,7 +28,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java index 03d1128bfe..ef7189d4b4 100644 --- a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java +++ b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java index 0bb8e26569..4e647a6324 100644 --- a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java +++ b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java @@ -27,8 +27,8 @@ package org.opensearch.security; import com.google.common.collect.Lists; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/TaskTests.java b/src/test/java/org/opensearch/security/TaskTests.java index d3ad0cd03a..0ec671af27 100644 --- a/src/test/java/org/opensearch/security/TaskTests.java +++ b/src/test/java/org/opensearch/security/TaskTests.java @@ -17,8 +17,8 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/TracingTests.java b/src/test/java/org/opensearch/security/TracingTests.java index 4c7e0472ce..10372cf73b 100644 --- a/src/test/java/org/opensearch/security/TracingTests.java +++ b/src/test/java/org/opensearch/security/TracingTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java index dc0cd8d4cb..14ae6aa81e 100644 --- a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java +++ b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java @@ -15,7 +15,7 @@ import java.util.Collection; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; +import org.apache.hc.core5.http.Header; import org.opensearch.common.settings.Settings; import org.opensearch.security.DefaultObjectMapper; diff --git a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java index 33a42ca10f..507ebc1409 100644 --- a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java +++ b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java @@ -15,7 +15,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexNameExpressionResolver; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java index 6436f9436d..6cb51ff441 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java @@ -17,8 +17,8 @@ import java.util.stream.Collectors; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java index 7d9ca05c2f..0a90f2f396 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.compliance; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java b/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java index 29a9ea9432..120232825b 100644 --- a/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java +++ b/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java @@ -11,18 +11,14 @@ package org.opensearch.security.auditlog.helper; -import java.io.IOException; - -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; - -public class ErroneousHttpHandler implements HttpRequestHandler{ +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.protocol.HttpContext; +public class ErroneousHttpHandler implements HttpRequestHandler { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(404); + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) { + response.setCode(404); } } diff --git a/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java b/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java index 69f667e8cb..d888949e46 100644 --- a/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java +++ b/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java @@ -14,15 +14,13 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; -import org.apache.http.HttpEntity; -import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.RequestLine; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; -import org.apache.http.util.EntityUtils; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.EntityUtils; +import org.apache.hc.core5.http.protocol.HttpContext; public class TestHttpHandler implements HttpRequestHandler { public String method; @@ -30,16 +28,12 @@ public class TestHttpHandler implements HttpRequestHandler { public String body; @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - RequestLine requestLine = request.getRequestLine(); - this.method = requestLine.getMethod(); - this.uri = requestLine.getUri(); + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { + this.method = request.getMethod(); + this.uri = request.getRequestUri(); - HttpEntity entity = null; - if (request instanceof HttpEntityEnclosingRequest) { - entity = ((HttpEntityEnclosingRequest) request).getEntity(); - body = EntityUtils.toString(entity, StandardCharsets.UTF_8); - } + HttpEntity entity = request.getEntity(); + body = EntityUtils.toString(entity, StandardCharsets.UTF_8); } public void reset() { diff --git a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java index 49dd3b38b2..2764ae8eb7 100644 --- a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java +++ b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.impl; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 02cde14159..ac8df9cc72 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -15,9 +15,9 @@ import java.util.List; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; @@ -132,8 +132,8 @@ public void testSSLPlainText() throws Exception { final List messages = TestAuditlogImpl.doThenWaitForMessages(() -> { final RuntimeException ex = Assert.assertThrows(RuntimeException.class, () -> nonSslRestHelper().executeGetRequest("_search", encodeBasicHeader("admin", "admin"))); - Assert.assertEquals("org.apache.http.NoHttpResponseException", ex.getCause().getClass().getName()); - }, 4); + Assert.assertEquals("org.apache.hc.core5.http.NoHttpResponseException", ex.getCause().getClass().getName()); + }, 1); // All of the messages should be the same as the http client is attempting multiple times. messages.stream().forEach((message) -> { diff --git a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java index 74e6b0f383..56fd17ddff 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.integration; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java b/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java index 2aa7c86be7..fb0f665b16 100644 --- a/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java +++ b/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java @@ -21,8 +21,9 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.HttpProcessors; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -58,7 +59,7 @@ public void testTlsConfigurationNoFallback() throws Exception { TestHttpHandler handler = new TestHttpHandler(); int port = findFreePort(); - server = ServerBootstrap.bootstrap().setListenerPort(port).setServerInfo("Test/1.1").setSslContext(createSSLContext()).registerHandler("*", handler).create(); + server = ServerBootstrap.bootstrap().setListenerPort(port).setHttpProcessor(HttpProcessors.server("Test/1.1")).setSslContext(createSSLContext()).register("*", handler).create(); server.start(); diff --git a/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java b/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java index 8446e38b44..1e327750b6 100644 --- a/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java @@ -18,15 +18,16 @@ import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.security.KeyStore; -import java.util.concurrent.TimeUnit; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import org.apache.http.entity.ContentType; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.ContentType; +import org.apache.hc.core5.http.impl.HttpProcessors; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.util.TimeValue; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -223,8 +224,8 @@ public void postGetHttpTest() throws Exception { int port = findFreePort(); server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .register("*", handler) .create(); server.start(); @@ -318,7 +319,7 @@ public void postGetHttpTest() throws Exception { Assert.assertTrue(handler.method.equals("GET")); Assert.assertEquals(null, handler.body); assertStringContainsAllKeysAndValues(URLDecoder.decode(handler.uri, StandardCharsets.UTF_8.displayName())); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -329,8 +330,8 @@ public void httpsTestWithoutTLSServer() throws Exception { int port = findFreePort(); server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .register("*", handler) .create(); server.start(); @@ -355,7 +356,7 @@ public void httpsTestWithoutTLSServer() throws Exception { // ... so message must be stored in fallback Assert.assertEquals(1, fallback.messages.size()); Assert.assertEquals(msg, fallback.messages.get(0)); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @@ -366,9 +367,9 @@ public void httpsTest() throws Exception { int port = findFreePort(); server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -440,7 +441,7 @@ public void httpsTest() throws Exception { Assert.assertNull(handler.body); Assert.assertNull(handler.body); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -450,9 +451,9 @@ public void httpsTestPemDefault() throws Exception { server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -554,7 +555,7 @@ public void httpsTestPemDefault() throws Exception { Assert.assertNull(handler.method); Assert.assertNull(handler.body); Assert.assertNull(handler.body); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -565,9 +566,9 @@ public void httpsTestPemEndpoint() throws Exception { server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -652,7 +653,7 @@ public void httpsTestPemEndpoint() throws Exception { Assert.assertNull(handler.body); Assert.assertNull(handler.body); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -663,9 +664,9 @@ public void httpsTestPemContentEndpoint() throws Exception { server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -691,9 +692,7 @@ public void httpsTestPemContentEndpoint() throws Exception { Assert.assertTrue(handler.body.contains("{")); assertStringContainsAllKeysAndValues(handler.body); - - - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } // for TLS support on our in-memory server diff --git a/src/test/java/org/opensearch/security/cache/CachingTest.java b/src/test/java/org/opensearch/security/cache/CachingTest.java index 4288a735cf..5276196856 100644 --- a/src/test/java/org/opensearch/security/cache/CachingTest.java +++ b/src/test/java/org/opensearch/security/cache/CachingTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.cache; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Before; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java index 69141be6e6..64e73202c7 100644 --- a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java +++ b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java @@ -26,7 +26,7 @@ package org.opensearch.security.ccstest; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java index f7626ced60..0d6efe1bb9 100644 --- a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java +++ b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java @@ -26,7 +26,7 @@ package org.opensearch.security.ccstest; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java index 75655ac927..bbc7bd5479 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java @@ -13,7 +13,7 @@ import java.nio.charset.StandardCharsets; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java index 18577cefcc..9d48e0309f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java index 4a470990f5..54110e911f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java @@ -15,7 +15,7 @@ import java.util.Date; import java.util.TimeZone; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java index 441eaca870..c4105c11e9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java @@ -15,7 +15,7 @@ import java.time.ZoneId; import java.time.format.DateTimeFormatter; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java index 3fd7d0a406..4e8351d7b3 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java index bd64d0c011..a89d12770d 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java index b929a6146b..43d5ecfc5f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java index 76762269f8..b1d87734e5 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java index c863e3364b..cb2fa254b9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java index 57cae053df..40542e76b7 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java index a100fa91cb..6f00dfd348 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java index dd2f0028db..9cc5cc8b3b 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java index 001bd1858d..6df02c2e22 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java index 4af0c9104e..b177f1d346 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java index 50a19c4372..8f056c8244 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java index 22a46029ff..d4826222fa 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java @@ -13,7 +13,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java index fb652ff5da..951e786891 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java @@ -13,7 +13,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java index 73a152eca4..bbac74e6eb 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.index.IndexRequest; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java index 2a8a6a1885..ca1e297f6c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java @@ -15,7 +15,7 @@ import java.util.HashMap; import java.util.Map; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java index 011afed4cf..c31650e734 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java index 6d15d97c2e..7348b11341 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java index 6ff1ad7105..b7305ee48c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java index 59e8feb198..6e775bbc62 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java @@ -20,8 +20,8 @@ import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonMappingException; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.opensearch.common.settings.Settings; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java index c1840524c9..0b91aa35af 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java index 09efae9fbe..6323746a7f 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java @@ -13,8 +13,8 @@ import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java index 1c97d138da..3d9e2dfc66 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java @@ -17,8 +17,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java index c5e0a61d2f..450a5de83b 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java @@ -24,8 +24,8 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Streams; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Rule; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java index c6af253f95..c17e997dc3 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java index ad0a4eea14..c998bf5a19 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java index 237e75a79a..ea5e96d37e 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java @@ -12,7 +12,7 @@ package org.opensearch.security.dlic.rest.api; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java index 257732f129..c2313fe434 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java index f72375600c..ba46781e7e 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java @@ -19,8 +19,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java index 96027e6f8d..5adac7ca78 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java index 8dc18f5043..01fa5b4baf 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java @@ -14,8 +14,8 @@ import java.util.List; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; @@ -491,7 +491,7 @@ public void testRolesApiForNonSuperAdmin() throws Exception { // put hidden role String body = FileHelper.loadFile("restapi/roles_captains.json"); response = rh.executePutRequest( ENDPOINT+ "/roles/opendistro_security_internal", body, new Header[0]); - Assert.assertEquals(org.apache.http.HttpStatus.SC_NOT_FOUND, response.getStatusCode()); + Assert.assertEquals(HttpStatus.SC_NOT_FOUND, response.getStatusCode()); // Patch single hidden roles response = rh.executePatchRequest(ENDPOINT + "/roles/opendistro_security_internal", "[{ \"op\": \"replace\", \"path\": \"/description\", \"value\": \"foo\" }]", new Header[0]); diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java index 2d1f10736d..168f15dc43 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java @@ -13,8 +13,8 @@ import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java index 4e8808e811..83630c036a 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java index f5742cfecd..d717dcbf6c 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java index 54aeb6d8a1..13dc4ee885 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java index 0743cd4d95..506ea3bdd2 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java index e6864b8244..ab7e807153 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java index e81e42c25c..715c256cb7 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java @@ -14,9 +14,9 @@ import java.net.URLEncoder; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java index b5c0d98fc2..e4fca1e99b 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java @@ -16,8 +16,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java index 574a35b6a7..1a087887d8 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java +++ b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.filter; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.security.dlic.rest.api.AbstractRestApiUnitTest; diff --git a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java index 4964c940b9..7bfb5f9e87 100644 --- a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java +++ b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java @@ -14,9 +14,9 @@ import java.util.HashMap; import java.util.Map; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index 79f23037f5..ba265bcf2e 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.privileges; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java index b86055f7e9..60a19d4210 100644 --- a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java +++ b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java @@ -30,8 +30,8 @@ import java.util.Arrays; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.admin.cluster.repositories.put.PutRepositoryRequest; diff --git a/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java b/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java index 2418bd2194..c6d61bf617 100644 --- a/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java +++ b/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java @@ -16,7 +16,7 @@ import java.nio.file.Path; import java.util.Map; -import org.apache.http.HttpHost; +import org.apache.hc.core5.http.HttpHost; import org.opensearch.client.Request; import org.opensearch.client.Response; @@ -82,6 +82,7 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE // create client with passed user String userName = System.getProperty("user"); String password = System.getProperty("password"); + return new SecureRestClientBuilder(hosts, isHttps(), userName, password).setSocketTimeout(60000).build(); } else { diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index e028ac82e3..331abdc414 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -31,7 +31,7 @@ import javax.net.ssl.SSLHandshakeException; import io.netty.util.internal.PlatformDependent; -import org.apache.http.NoHttpResponseException; +import org.apache.hc.core5.http.NoHttpResponseException; import org.apache.lucene.util.Constants; import org.junit.Assert; import org.junit.Assume; diff --git a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java index d569ee0880..11bd4738e6 100644 --- a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java +++ b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java @@ -15,8 +15,8 @@ import java.util.Arrays; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.admin.cluster.repositories.put.PutRepositoryRequest; diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index b95104dd9f..592433d5e9 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -38,6 +38,7 @@ import java.util.concurrent.atomic.AtomicLong; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import com.carrotsearch.randomizedtesting.RandomizedTest; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; @@ -45,13 +46,18 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import io.netty.handler.ssl.OpenSsl; -import org.apache.http.Header; -import org.apache.http.HttpHost; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.junit.Assert; @@ -155,15 +161,30 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam sslContextBuilder.loadTrustMaterial(trustStore, null); SSLContext sslContext = sslContextBuilder.build(); - HttpHost httpHost = new HttpHost(info.httpHost, info.httpPort, "https"); + HttpHost httpHost = new HttpHost("https", info.httpHost, info.httpPort); RestClientBuilder restClientBuilder = RestClient.builder(httpHost) .setHttpClientConfigCallback( - builder -> builder.setSSLStrategy( - new SSLIOSessionStrategy(sslContext, - new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}, - null, - NoopHostnameVerifier.INSTANCE))); + builder -> { + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() + .setSslContext(sslContext) + .setTlsVersions(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}) + .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + builder.setConnectionManager(cm); + return builder; + }); return new RestHighLevelClient(restClientBuilder); } catch (Exception e) { log.error("Cannot create client", e); diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 49d498833e..30b549dfa1 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -28,7 +28,6 @@ import java.io.FileInputStream; import java.io.IOException; -import java.io.UnsupportedEncodingException; import java.nio.charset.StandardCharsets; import java.security.KeyStore; import java.util.Arrays; @@ -38,6 +37,7 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -45,32 +45,33 @@ import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.IOUtils; -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.HttpHeaders; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.CredentialsProvider; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpHead; -import org.apache.http.client.methods.HttpOptions; -import org.apache.http.client.methods.HttpPatch; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.methods.RequestBuilder; -import org.apache.http.config.SocketConfig; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.BasicCredentialsProvider; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.commons.lang3.StringUtils; +import org.apache.hc.client5.http.auth.AuthScope; +import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; +import org.apache.hc.client5.http.classic.methods.HttpDelete; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpHead; +import org.apache.hc.client5.http.classic.methods.HttpOptions; +import org.apache.hc.client5.http.classic.methods.HttpPatch; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.classic.methods.HttpPut; +import org.apache.hc.client5.http.classic.methods.HttpUriRequest; +import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.HttpHeaders; +import org.apache.hc.core5.http.io.SocketConfig; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -109,12 +110,13 @@ public String executeSimpleRequest(final String request) throws Exception { CloseableHttpClient httpClient = null; CloseableHttpResponse response = null; + try { httpClient = getHTTPClient(); - response = httpClient.execute(new HttpGet(getHttpServerUri() + "/" + request)); + response = httpClient.execute(new HttpGet(getRequestUri(request))); - if (response.getStatusLine().getStatusCode() >= 300) { - throw new Exception("Statuscode " + response.getStatusLine().getStatusCode()); + if (response.getCode() >= 300) { + throw new Exception("Statuscode " + response.getCode()); } return IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8); @@ -143,27 +145,26 @@ public HttpResponse[] executeMultipleAsyncPutRequest(final int numOfRequests, fi } public HttpResponse executeGetRequest(final String request, Header... header) { - return executeRequest(new HttpGet(getHttpServerUri() + "/" + request), header); + return executeRequest(new HttpGet(getRequestUri(request)), header); } public HttpResponse executeGetRequest(final String request, String body, Header... header) { - HttpUriRequest uriRequest = RequestBuilder.get(getHttpServerUri() + "/" + request) - .setEntity(createStringEntity(body)) - .setHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .build(); - return executeRequest(uriRequest, header); + HttpGet getRequest = new HttpGet(getRequestUri(request)); + getRequest.setEntity(createStringEntity(body)); + getRequest.addHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + return executeRequest(getRequest, header); } public HttpResponse executeHeadRequest(final String request, Header... header) { - return executeRequest(new HttpHead(getHttpServerUri() + "/" + request), header); + return executeRequest(new HttpHead(getRequestUri(request)), header); } public HttpResponse executeOptionsRequest(final String request) { - return executeRequest(new HttpOptions(getHttpServerUri() + "/" + request)); + return executeRequest(new HttpOptions(getRequestUri(request))); } public HttpResponse executePutRequest(final String request, String body, Header... header) { - HttpPut uriRequest = new HttpPut(getHttpServerUri() + "/" + request); + HttpPut uriRequest = new HttpPut(getRequestUri(request)); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -171,20 +172,19 @@ public HttpResponse executePutRequest(final String request, String body, Header. } public HttpResponse executeDeleteRequest(final String request, Header... header) { - return executeRequest(new HttpDelete(getHttpServerUri() + "/" + request), header); + return executeRequest(new HttpDelete(getRequestUri(request)), header); } public HttpResponse executeDeleteRequest(final String request, String body, Header... header) { - HttpUriRequest uriRequest = RequestBuilder.delete(getHttpServerUri() + "/" + request) - .setEntity(createStringEntity(body)) - .setHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .build(); - return executeRequest(uriRequest, header); + HttpDelete delRequest = new HttpDelete(getRequestUri(request)); + delRequest.setEntity(createStringEntity(body)); + delRequest.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + return executeRequest(delRequest, header); } public HttpResponse executePostRequest(final String request, String body, Header... header) { - HttpPost uriRequest = new HttpPost(getHttpServerUri() + "/" + request); + HttpPost uriRequest = new HttpPost(getRequestUri(request)); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -193,7 +193,7 @@ public HttpResponse executePostRequest(final String request, String body, Header } public HttpResponse executePatchRequest(final String request, String body, Header... header) { - HttpPatch uriRequest = new HttpPatch(getHttpServerUri() + "/" + request); + HttpPatch uriRequest = new HttpPatch(getRequestUri(request)); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -234,12 +234,8 @@ public HttpResponse executeRequest(HttpUriRequest uriRequest, Header... header) } } - private StringEntity createStringEntity(String body) { - try { - return new StringEntity(body); - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); - } + private HttpEntity createStringEntity(String body) { + return new StringEntity(body); } protected final String getHttpServerUri() { @@ -247,16 +243,20 @@ protected final String getHttpServerUri() { log.debug("Connect to {}", address); return address; } + + protected final String getRequestUri(String request) { + return getHttpServerUri() + "/" + StringUtils.strip(request, "/"); + } protected final CloseableHttpClient getHTTPClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (sendHTTPClientCredentials) { - CredentialsProvider provider = new BasicCredentialsProvider(); - UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("sarek", "sarek"); - provider.setCredentials(AuthScope.ANY, credentials); - hcb.setDefaultCredentialsProvider(provider); + UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("sarek", "sarek".toCharArray()); + BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials(new AuthScope(null, -1), credentials); + hcb.setDefaultCredentialsProvider(credentialsProvider); } if (enableHTTPClientSSL) { @@ -296,17 +296,16 @@ protected final CloseableHttpClient getHTTPClient() throws Exception { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } - final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( - sslContext, - protocols, - null, + final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, NoopHostnameVerifier.INSTANCE); - hcb.setSSLSocketFactory(sslsf); + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); } - hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); - return hcb.build(); } @@ -327,9 +326,9 @@ public HttpResponse(CloseableHttpResponse inner) throws IllegalStateException, I } else { this.body = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8); } - this.header = inner.getAllHeaders(); - this.statusCode = inner.getStatusLine().getStatusCode(); - this.statusReason = inner.getStatusLine().getReasonPhrase(); + this.header = inner.getHeaders(); + this.statusCode = inner.getCode(); + this.statusReason = inner.getReasonPhrase(); inner.close(); } diff --git a/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java b/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4Test.java similarity index 94% rename from src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java rename to src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4Test.java index 377809023d..afcd9549a3 100644 --- a/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java +++ b/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4Test.java @@ -63,8 +63,8 @@ import org.junit.Test; import org.junit.rules.ExpectedException; -import com.amazon.dlic.util.SettingsBasedSSLConfigurator; -import com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4.SSLConfig; import org.opensearch.common.settings.Settings; import org.opensearch.security.ssl.util.SSLConfigConstants; @@ -74,7 +74,7 @@ import static org.hamcrest.CoreMatchers.either; import static org.hamcrest.CoreMatchers.instanceOf; -public class SettingsBasedSSLConfiguratorTest { +public class SettingsBasedSSLConfiguratorV4Test { @Rule public ExpectedException thrown = ExpectedException.none(); @@ -93,7 +93,7 @@ public void testPemTrust() throws Exception { .put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -120,7 +120,7 @@ public void testPemWrongTrust() throws Exception { .put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -151,7 +151,7 @@ public void testPemClientAuth() throws Exception { .put("prefix.pemkey_filepath", "kirk.key").put("prefix.pemkey_password", "secret").build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -181,7 +181,7 @@ public void testPemClientAuthFailure() throws Exception { .build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -215,7 +215,7 @@ public void testPemHostnameVerificationFailure() throws Exception { .put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -244,7 +244,7 @@ public void testPemHostnameVerificationOff() throws Exception { .put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -271,7 +271,7 @@ public void testJksTrust() throws Exception { .put("path.home", rootCaJksPath.getParent().toString()).build(); Path configPath = rootCaJksPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -299,7 +299,7 @@ public void testJksWrongTrust() throws Exception { .put("path.home", rootCaJksPath.getParent().toString()).build(); Path configPath = rootCaJksPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -325,7 +325,7 @@ public void testTrustAll() throws Exception { .put("path.home", rootCaJksPath.getParent().toString()).build(); Path configPath = rootCaJksPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig();