Security Fix: Okio CVE-2023-3635 + OkHttp Jar Update

pom.xml

@@ -49,7 +49,7 @@
         <dep.slice.version>0.38</dep.slice.version>
         <dep.testing-mysql-server-5.version>0.6</dep.testing-mysql-server-5.version>
         <dep.aws-sdk.version>1.12.560</dep.aws-sdk.version>
-        <dep.okhttp.version>3.9.0</dep.okhttp.version>
+        <dep.okhttp.version>4.12.0</dep.okhttp.version>
         <dep.jdbi3.version>3.4.0</dep.jdbi3.version>
         <dep.oracle.version>19.3.0.0</dep.oracle.version>
         <dep.drift.version>1.38</dep.drift.version>
@@ -2357,6 +2357,7 @@
                                     <exclude>com.fasterxml.jackson.core:jackson-annotations</exclude>
                                     <exclude>com.fasterxml.jackson.core:jackson-core</exclude>
                                     <exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
+                                    <exclude>org.jetbrains.kotlin:kotlin-stdlib-jdk8</exclude>
                                 </excludes>
                             </requireUpperBoundDeps>
                         </rules>
@@ -2395,7 +2396,15 @@
                     <artifactId>protobuf-maven-plugin</artifactId>
                     <version>0.5.1</version>
                 </plugin>
-
+                <plugin>
+                    <groupId>org.basepom.maven</groupId>
+                    <artifactId>duplicate-finder-maven-plugin</artifactId>
+                    <configuration>
+                        <ignoredClassPatterns combine.children="append">
+                            <ignoredClassPattern>META-INF.versions.9.module-info</ignoredClassPattern>
+                        </ignoredClassPatterns>
+                    </configuration>
+                </plugin>
             </plugins>
         </pluginManagement>
 

presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java

@@ -58,6 +58,7 @@
 import static java.net.Proxy.Type.SOCKS;
 import static java.util.Collections.list;
 import static java.util.Objects.requireNonNull;
+import static okhttp3.internal.tls.OkHostnameVerifier.INSTANCE;
 
 public final class OkHttpUtil
 {
@@ -178,7 +179,7 @@ public static void setupSsl(
             OkHttpClient.Builder clientBuilder,
             Optional<String> keyStorePath,
             Optional<String> keyStorePassword,
-            Optional<String> keystoreType,
+            Optional<String> keyStoreType,
             Optional<String> trustStorePath,
             Optional<String> trustStorePassword,
             Optional<String> trustStoreType)
@@ -192,7 +193,6 @@ public static void setupSsl(
             KeyStore keyStore = null;
             KeyManager[] keyManagers = null;
             if (keyStorePath.isPresent()) {
-                checkArgument(keystoreType.isPresent(), "keystore type is not present");
                 char[] keyManagerPassword;
                 try {
                     // attempt to read the key store as a PEM file
@@ -203,7 +203,7 @@ public static void setupSsl(
                 catch (IOException | GeneralSecurityException ignored) {
                     keyManagerPassword = keyStorePassword.map(String::toCharArray).orElse(null);
 
-                    keyStore = KeyStore.getInstance(keystoreType.get());
+                    keyStore = KeyStore.getInstance(keyStoreType.get());
                     try (InputStream in = new FileInputStream(keyStorePath.get())) {
                         keyStore.load(in, keyManagerPassword);
                     }
@@ -217,7 +217,6 @@ public static void setupSsl(
             // load TrustStore if configured, otherwise use KeyStore
             KeyStore trustStore = keyStore;
             if (trustStorePath.isPresent()) {
-                checkArgument(trustStoreType.isPresent(), "truststore type is not present");
                 trustStore = loadTrustStore(new File(trustStorePath.get()), trustStorePassword, trustStoreType.get());
             }
 
@@ -237,12 +236,23 @@ public static void setupSsl(
             sslContext.init(keyManagers, new TrustManager[] {trustManager}, null);
 
             clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+            clientBuilder.hostnameVerifier(INSTANCE);
         }
         catch (GeneralSecurityException | IOException e) {
             throw new ClientException("Error setting up SSL: " + e.getMessage(), e);
         }
     }
 
+    public static void setupSsl(
+            OkHttpClient.Builder clientBuilder,
+            Optional<String> keyStorePath,
+            Optional<String> keyStorePassword,
+            Optional<String> trustStorePath,
+            Optional<String> trustStorePassword)
+    {
+        setupSsl(clientBuilder, keyStorePath, keyStorePassword, Optional.of(KeyStore.getDefaultType()), trustStorePath, trustStorePassword, Optional.of(KeyStore.getDefaultType()));
+    }
+
     private static void validateCertificates(KeyStore keyStore)
             throws GeneralSecurityException
     {