Ignore TLS components (SSLContext, TrustManager, KeyManager) if plain…

… HTTP protocol is used for exporting (#6329)
open-telemetry · Apr 30, 2024 · 35bc345 · 35bc345
1 parent 9845ac9
commit 35bc345
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 13 deletions.
diff --git a/...ers/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java b/...ers/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java
@@ -195,6 +195,7 @@ public GrpcExporter<T> build() {
           return result;
         };
 
+    boolean isPlainHttp = "http".equals(endpoint.getScheme());
     GrpcSenderProvider grpcSenderProvider = resolveGrpcSenderProvider();
     GrpcSender<T> grpcSender =
         grpcSenderProvider.createSender(
@@ -207,8 +208,8 @@ public GrpcExporter<T> build() {
             grpcChannel,
             grpcStubFactory,
             retryPolicy,
-            tlsConfigHelper.getSslContext(),
-            tlsConfigHelper.getTrustManager());
+            isPlainHttp ? null : tlsConfigHelper.getSslContext(),
+            isPlainHttp ? null : tlsConfigHelper.getTrustManager());
     LOGGER.log(Level.FINE, "Using GrpcSender: " + grpcSender.getClass().getName());
 
     return new GrpcExporter<>(exporterName, type, grpcSender, meterProviderSupplier);

diff --git a/...ers/common/src/main/java/io/opentelemetry/exporter/internal/http/HttpExporterBuilder.java b/...ers/common/src/main/java/io/opentelemetry/exporter/internal/http/HttpExporterBuilder.java
@@ -185,6 +185,7 @@ public HttpExporter<T> build() {
           return result;
         };
 
+    boolean isPlainHttp = endpoint.startsWith("http://");
     HttpSenderProvider httpSenderProvider = resolveHttpSenderProvider();
     HttpSender httpSender =
         httpSenderProvider.createSender(
@@ -198,8 +199,8 @@ public HttpExporter<T> build() {
             proxyOptions,
             authenticator,
             retryPolicy,
-            tlsConfigHelper.getSslContext(),
-            tlsConfigHelper.getTrustManager());
+            isPlainHttp ? null : tlsConfigHelper.getSslContext(),
+            isPlainHttp ? null : tlsConfigHelper.getTrustManager());
     LOGGER.log(Level.FINE, "Using HttpSender: " + httpSender.getClass().getName());
 
     return new HttpExporter<>(exporterName, type, httpSender, meterProviderSupplier, exportAsJson);

diff --git a/...http/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java b/...http/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java
@@ -47,6 +47,7 @@
 import javax.net.ssl.X509TrustManager;
 import okhttp3.Call;
 import okhttp3.Callback;
+import okhttp3.ConnectionSpec;
 import okhttp3.HttpUrl;
 import okhttp3.OkHttpClient;
 import okhttp3.Protocol;
@@ -89,14 +90,18 @@ public OkHttpGrpcSender(
       clientBuilder.addInterceptor(
           new RetryInterceptor(retryPolicy, OkHttpGrpcSender::isRetryable));
     }
-    if (sslContext != null && trustManager != null) {
-      clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
-    }
-    if (endpoint.startsWith("http://")) {
+
+    boolean isPlainHttp = endpoint.startsWith("http://");
+    if (isPlainHttp) {
+      clientBuilder.connectionSpecs(Collections.singletonList(ConnectionSpec.CLEARTEXT));
       clientBuilder.protocols(Collections.singletonList(Protocol.H2_PRIOR_KNOWLEDGE));
     } else {
       clientBuilder.protocols(Arrays.asList(Protocol.HTTP_2, Protocol.HTTP_1_1));
+      if (sslContext != null && trustManager != null) {
+        clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+      }
     }
+
     this.client = clientBuilder.build();
     this.headersSupplier = headersSupplier;
     this.url = HttpUrl.get(endpoint);

diff --git a/...http/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java b/...http/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java
@@ -16,6 +16,7 @@
 import io.opentelemetry.sdk.common.export.RetryPolicy;
 import java.io.IOException;
 import java.time.Duration;
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.function.Consumer;
@@ -25,6 +26,7 @@
 import javax.net.ssl.X509TrustManager;
 import okhttp3.Call;
 import okhttp3.Callback;
+import okhttp3.ConnectionSpec;
 import okhttp3.HttpUrl;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
@@ -88,9 +90,14 @@ public OkHttpHttpSender(
     if (retryPolicy != null) {
       builder.addInterceptor(new RetryInterceptor(retryPolicy, OkHttpHttpSender::isRetryable));
     }
-    if (sslContext != null && trustManager != null) {
+
+    boolean isPlainHttp = endpoint.startsWith("http://");
+    if (isPlainHttp) {
+      builder.connectionSpecs(Collections.singletonList(ConnectionSpec.CLEARTEXT));
+    } else if (sslContext != null && trustManager != null) {
       builder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
     }
+
     this.client = builder.build();
     this.url = HttpUrl.get(endpoint);
     this.compressor = compressor;

diff --git a/.../java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerBuilder.java b/.../java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerBuilder.java
@@ -21,6 +21,7 @@
 import javax.annotation.Nullable;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.X509TrustManager;
+import okhttp3.ConnectionSpec;
 import okhttp3.Headers;
 import okhttp3.OkHttpClient;
 import okhttp3.Protocol;
@@ -165,14 +166,17 @@ public JaegerRemoteSampler build() {
 
     clientBuilder.callTimeout(Duration.ofNanos(TimeUnit.SECONDS.toNanos(DEFAULT_TIMEOUT_SECS)));
 
-    SSLContext sslContext = tlsConfigHelper.getSslContext();
-    X509TrustManager trustManager = tlsConfigHelper.getTrustManager();
+    String endpoint = this.endpoint.resolve(GRPC_ENDPOINT_PATH).toString();
+    boolean isPlainHttp = endpoint.startsWith("http://");
+
+    SSLContext sslContext = isPlainHttp ? null : tlsConfigHelper.getSslContext();
+    X509TrustManager trustManager = isPlainHttp ? null : tlsConfigHelper.getTrustManager();
     if (sslContext != null && trustManager != null) {
       clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
     }
 
-    String endpoint = this.endpoint.resolve(GRPC_ENDPOINT_PATH).toString();
-    if (endpoint.startsWith("http://")) {
+    if (isPlainHttp) {
+      clientBuilder.connectionSpecs(Collections.singletonList(ConnectionSpec.CLEARTEXT));
       clientBuilder.protocols(Collections.singletonList(Protocol.H2_PRIOR_KNOWLEDGE));
     } else {
       clientBuilder.protocols(Arrays.asList(Protocol.HTTP_2, Protocol.HTTP_1_1));