Skip to content

Commit

Permalink
Upgrade okhttp to version 4.12.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mariamalmesfer
Mariamalmesfer authored and Mariam Almesfer committed Oct 13, 2024
1 parent fd2615e commit 4bd3bc1
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 5 deletions.
12 changes: 11 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
<dep.slice.version>0.38</dep.slice.version>
<dep.testing-mysql-server-5.version>0.6</dep.testing-mysql-server-5.version>
<dep.aws-sdk.version>1.12.560</dep.aws-sdk.version>
<dep.okhttp.version>3.9.0</dep.okhttp.version>
<dep.okhttp.version>4.12.0</dep.okhttp.version>
<dep.jdbi3.version>3.4.0</dep.jdbi3.version>
<dep.oracle.version>19.3.0.0</dep.oracle.version>
<dep.drift.version>1.38</dep.drift.version>
Expand Down Expand Up @@ -2350,6 +2350,7 @@
<exclude>com.fasterxml.jackson.core:jackson-annotations</exclude>
<exclude>com.fasterxml.jackson.core:jackson-core</exclude>
<exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
<exclude>org.jetbrains.kotlin:kotlin-stdlib-jdk8</exclude>
</excludes>
</requireUpperBoundDeps>
</rules>
Expand Down Expand Up @@ -2507,6 +2508,15 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.basepom.maven</groupId>
<artifactId>duplicate-finder-maven-plugin</artifactId>
<configuration>
<ignoredClassPatterns combine.children="append">
<ignoredClassPattern>META-INF.versions.9.module-info</ignoredClassPattern>
</ignoredClassPatterns>
</configuration>
</plugin>
</plugins>
</build>

Expand Down
54 changes: 50 additions & 4 deletions presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
import java.net.Proxy;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
Expand All @@ -57,6 +58,7 @@
import static java.net.Proxy.Type.SOCKS;
import static java.util.Collections.list;
import static java.util.Objects.requireNonNull;
import static okhttp3.internal.tls.OkHostnameVerifier.INSTANCE;

public final class OkHttpUtil
{
Expand Down Expand Up @@ -138,11 +140,46 @@ private static InetSocketAddress toUnresolvedAddress(HostAndPort address)
return InetSocketAddress.createUnresolved(address.getHost(), address.getPort());
}

public static void setupInsecureSsl(OkHttpClient.Builder clientBuilder)
{
try {
X509TrustManager trustAllCerts = new X509TrustManager()
{
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
{
throw new UnsupportedOperationException("checkClientTrusted should not be called");
}

@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
{
// skip validation of server certificate
}

@Override
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[0];
}
};

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] {trustAllCerts}, new SecureRandom());

clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustAllCerts);
clientBuilder.hostnameVerifier((hostname, session) -> true);
}
catch (GeneralSecurityException e) {
throw new ClientException("Error setting up SSL: " + e.getMessage(), e);
}
}

public static void setupSsl(
OkHttpClient.Builder clientBuilder,
Optional<String> keyStorePath,
Optional<String> keyStorePassword,
Optional<String> keystoreType,
Optional<String> keyStoreType,
Optional<String> trustStorePath,
Optional<String> trustStorePassword,
Optional<String> trustStoreType)
Expand All @@ -156,7 +193,6 @@ public static void setupSsl(
KeyStore keyStore = null;
KeyManager[] keyManagers = null;
if (keyStorePath.isPresent()) {
checkArgument(keystoreType.isPresent(), "keystore type is not present");
char[] keyManagerPassword;
try {
// attempt to read the key store as a PEM file
Expand All @@ -167,7 +203,7 @@ public static void setupSsl(
catch (IOException | GeneralSecurityException ignored) {
keyManagerPassword = keyStorePassword.map(String::toCharArray).orElse(null);

keyStore = KeyStore.getInstance(keystoreType.get());
keyStore = KeyStore.getInstance(keyStoreType.get());
try (InputStream in = new FileInputStream(keyStorePath.get())) {
keyStore.load(in, keyManagerPassword);
}
Expand All @@ -181,7 +217,6 @@ public static void setupSsl(
// load TrustStore if configured, otherwise use KeyStore
KeyStore trustStore = keyStore;
if (trustStorePath.isPresent()) {
checkArgument(trustStoreType.isPresent(), "truststore type is not present");
trustStore = loadTrustStore(new File(trustStorePath.get()), trustStorePassword, trustStoreType.get());
}

Expand All @@ -201,12 +236,23 @@ public static void setupSsl(
sslContext.init(keyManagers, new TrustManager[] {trustManager}, null);

clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
clientBuilder.hostnameVerifier(INSTANCE);
}
catch (GeneralSecurityException | IOException e) {
throw new ClientException("Error setting up SSL: " + e.getMessage(), e);
}
}

public static void setupSsl(
OkHttpClient.Builder clientBuilder,
Optional<String> keyStorePath,
Optional<String> keyStorePassword,
Optional<String> trustStorePath,
Optional<String> trustStorePassword)
{
setupSsl(clientBuilder, keyStorePath, keyStorePassword, Optional.of(KeyStore.getDefaultType()), trustStorePath, trustStorePassword, Optional.of(KeyStore.getDefaultType()));
}

private static void validateCertificates(KeyStore keyStore)
throws GeneralSecurityException
{
Expand Down

0 comments on commit 4bd3bc1

Please sign in to comment.