HTTP-119 - Fix bug where default Java TrustStore was not used when no cert-related properties were used. #123
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,6 +2,7 @@ | |
|
|
||
| import java.net.http.HttpClient; | ||
| import java.net.http.HttpClient.Redirect; | ||
| import java.security.NoSuchAlgorithmException; | ||
| import java.util.ArrayList; | ||
| import java.util.List; | ||
| import java.util.Properties; | ||
|
|
@@ -24,8 +25,8 @@ | |
| public class JavaNetHttpClientFactory { | ||
|
|
||
| /** | ||
| * Creates Java's {@link HttpClient} instance that will be using default, JVM shared | ||
| * {@link java.util.concurrent.ForkJoinPool} for async calls. | ||
| * | ||
| * @param properties properties used to build {@link SSLContext} | ||
| * @return new {@link HttpClient} instance. | ||
|
|
@@ -73,7 +74,9 @@ public static HttpClient createClient(Properties properties, Executor executor) | |
| * @return new {@link SSLContext} instance. | ||
| */ | ||
| private static SSLContext getSslContext(Properties properties) { | ||
|
|
||
| String keyStorePath = | ||
| properties.getProperty(HttpConnectorConfigConstants.KEY_STORE_PATH, ""); | ||
|
|
||
| boolean selfSignedCert = Boolean.parseBoolean( | ||
| properties.getProperty(HttpConnectorConfigConstants.ALLOW_SELF_SIGNED, "false")); | ||
|
|
@@ -88,6 +91,21 @@ private static SSLContext getSslContext(Properties properties) { | |
| String clientPrivateKey = properties | ||
| .getProperty(HttpConnectorConfigConstants.CLIENT_PRIVATE_KEY, ""); | ||
|
|
||
| if (StringUtils.isNullOrWhitespaceOnly(keyStorePath) | ||
| && !selfSignedCert | ||
| && serverTrustedCerts.length == 0 | ||
| && StringUtils.isNullOrWhitespaceOnly(clientCert) | ||
| && StringUtils.isNullOrWhitespaceOnly(clientPrivateKey)) { | ||
|
|
||
| try { | ||
| return SSLContext.getDefault(); | ||
| } catch (NoSuchAlgorithmException e) { | ||
| throw new RuntimeException(e); | ||
| } | ||
| } | ||
|
|
||
| SecurityContext securityContext = createSecurityContext(properties); | ||
|
There was a problem hiding this comment. @kristoffSC Talking with our team around this, in addition to the above. It would be good to have the ability to: This would require a new config option maybe 'gid.connector.http.security.cert.server.includeDefaultCerts' with a default of true. WDYT? |
||
|
|
||
| for (String cert : serverTrustedCerts) { | ||
| if (!StringUtils.isNullOrWhitespaceOnly(cert)) { | ||
| securityContext.addCertToTrustStore(cert); | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,6 +18,24 @@ | |
|
|
||
| public class ElasticSearchLiteQueryCreatorTest { | ||
|
|
||
| @Test | ||
|
There was a problem hiding this comment. I think these new tests are not related to the issue HTTP-119? Could you please add them in a separate PR? There was a problem hiding this comment. Agreed - it would be good to have unit tests to test the various code paths around this change. There was a problem hiding this comment. The "new code" is already partially covered by existing tests, but I will try to add new ones to cover it fully. The reason why I added those new tests was that we dropped with branch coverage below 90% and while inspecting test report I have found those two. I will like to leave those tests in this PR, unless there will be a strong NO to it. The PR is small so IMO having those extra, unrelated tests is ok.
There was a problem hiding this comment. @kristoffSC fine my me too - thanks for putting this together. |
||
| public void testWithEmptyLookup() { | ||
|
|
||
| // GIVEN | ||
| LookupRow lookupRow = new LookupRow(); | ||
| lookupRow.setLookupPhysicalRowDataType(DataTypes.STRING()); | ||
|
|
||
| GenericRowData lookupDataRow = GenericRowData.of(StringData.fromString("val1")); | ||
|
|
||
| // WHEN | ||
| var queryCreator = new ElasticSearchLiteQueryCreator(lookupRow); | ||
| var createdQuery = queryCreator.createLookupQuery(lookupDataRow); | ||
|
|
||
| // THEN | ||
| assertThat(createdQuery.getLookupQuery()).isEqualTo(""); | ||
| assertThat(createdQuery.getBodyBasedUrlQueryParameters()).isEmpty(); | ||
| } | ||
|
|
||
| @Test | ||
| public void testQueryCreationForSingleQueryStringParam() { | ||
|
|
||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| package com.getindata.connectors.http.internal.table.lookup.querycreators; | ||
|
|
||
| import java.util.Collections; | ||
| import java.util.Optional; | ||
|
|
||
| import org.apache.flink.configuration.ConfigOption; | ||
| import org.apache.flink.configuration.ConfigOptions; | ||
| import org.apache.flink.configuration.Configuration; | ||
| import org.junit.jupiter.api.Test; | ||
| import static org.assertj.core.api.Assertions.assertThat; | ||
|
|
||
| class QueryFormatAwareConfigurationTest { | ||
|
|
||
| private static final ConfigOption<String> configOption = ConfigOptions.key("key") | ||
| .stringType() | ||
| .noDefaultValue(); | ||
|
|
||
| @Test | ||
| public void testWithDot() { | ||
| QueryFormatAwareConfiguration queryConfig = new QueryFormatAwareConfiguration( | ||
| "prefix.", Configuration.fromMap(Collections.singletonMap("prefix.key", "val")) | ||
| ); | ||
|
|
||
| Optional<String> optional = queryConfig.getOptional(configOption); | ||
| assertThat(optional.get()).isEqualTo("val"); | ||
| } | ||
|
|
||
| @Test | ||
| public void testWithoutDot() { | ||
| QueryFormatAwareConfiguration queryConfig = new QueryFormatAwareConfiguration( | ||
| "prefix", Configuration.fromMap(Collections.singletonMap("prefix.key", "val")) | ||
| ); | ||
|
|
||
| Optional<String> optional = queryConfig.getOptional(configOption); | ||
| assertThat(optional.get()).isEqualTo("val"); | ||
| } | ||
|
|
||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kristoffSC What happens if we only have client certs. In this case, we want the trusted public server certs and the client certs. The current fix does not deal with that combination. Can we get hold of the default public server certs and add them like
securityContext.addCertToTrustStore(cert);then process the client certs?