Resolved org.apache.hc.core5.http.ParseException: Invalid protocol ve…

…rsion

Signed-off-by: Andriy Redko <[email protected]>

src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java

@@ -41,19 +41,22 @@
 import java.util.stream.Stream;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.hc.client5.http.auth.AuthScope;
 import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
 import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
 import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.nio.AsyncClientConnectionManager;
+import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
+import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.message.BasicHeader;
-import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
-import org.apache.hc.core5.http2.HttpVersionPolicy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 
 import org.opensearch.client.RestClient;
 import org.opensearch.client.RestClientBuilder;
@@ -99,16 +102,25 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) {
 		BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
 		credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray()));
 		RestClientBuilder.HttpClientConfigCallback configCallback = httpClientBuilder -> {
-			TlsStrategy tlsStrategy = new BasicClientTlsStrategy(getSSLContext());
+			TlsStrategy tlsStrategy = ClientTlsStrategyBuilder
+				.create()
+				.setSslContext(getSSLContext())
+				.setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+				// See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+				.setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+					@Override
+					public TlsDetails create(final SSLEngine sslEngine) {
+						return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+					}
+				})
+				.build();
 
 			final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
 					.setTlsStrategy(tlsStrategy)
 					.build();
 
 			httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
 			httpClientBuilder.setConnectionManager(cm);
-			// Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version
-			httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1);
 			return httpClientBuilder;
 		};
 

src/main/java/org/opensearch/security/httpclient/HttpClient.java

@@ -29,6 +29,7 @@
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 
 import com.google.common.collect.Lists;
@@ -39,11 +40,12 @@
 import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
 import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.HttpHeaders;
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.message.BasicHeader;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
-import org.apache.hc.core5.http2.HttpVersionPolicy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.apache.hc.core5.ssl.PrivateKeyDetails;
 import org.apache.hc.core5.ssl.PrivateKeyStrategy;
 import org.apache.hc.core5.ssl.SSLContextBuilder;
@@ -250,13 +252,18 @@ public String chooseAlias(Map<String, PrivateKeyDetails> aliases, SSLParameters
                     .setTlsVersions(supportedProtocols)
                     .setCiphers(supportedCipherSuites)
                     .setHostnameVerifier(hnv)
+                    // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                    .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                        @Override
+                        public TlsDetails create(final SSLEngine sslEngine) {
+                            return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                        }
+                    })
                     .build();
 
             final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
                     .setTlsStrategy(tlsStrategy)
                     .build();
-            // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version
-            httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1);
             httpClientBuilder.setConnectionManager(cm);
         }
 

src/main/java/org/opensearch/security/tools/SecurityAdmin.java

@@ -54,6 +54,7 @@
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 
 import com.fasterxml.jackson.databind.InjectableValues;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -75,9 +76,10 @@
 import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
 import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
-import org.apache.hc.core5.http2.HttpVersionPolicy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.apache.hc.core5.ssl.SSLContextBuilder;
 import org.apache.hc.core5.ssl.SSLContexts;
 
@@ -1407,14 +1409,19 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext,
                                     .setSslContext(sslContext)
                                     .setTlsVersions(supportedProtocols)
                                     .setCiphers(supportedCipherSuites)
+                                    // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                                    .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                                        @Override
+                                        public TlsDetails create(final SSLEngine sslEngine) {
+                                            return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                                        }
+                                    })
                                     .build();
 
                               final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
                                     .setTlsStrategy(tlsStrategy)
                                     .build();
 
-                              // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version
-                              builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1);
                               builder.setConnectionManager(cm);
                               return builder;
                         });

src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java

@@ -38,6 +38,7 @@
 import java.util.concurrent.atomic.AtomicLong;
 
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 
 import com.carrotsearch.randomizedtesting.RandomizedTest;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
@@ -49,11 +50,12 @@
 import org.apache.hc.client5.http.nio.AsyncClientConnectionManager;
 import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.core5.function.Factory;
 import org.apache.hc.core5.http.Header;
 import org.apache.hc.core5.http.HttpHost;
 import org.apache.hc.core5.http.message.BasicHeader;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
-import org.apache.hc.core5.http2.HttpVersionPolicy;
+import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.apache.hc.core5.ssl.SSLContextBuilder;
 import org.apache.hc.core5.ssl.SSLContexts;
 import org.apache.logging.log4j.LogManager;
@@ -168,14 +170,19 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam
                                         .setSslContext(sslContext)
                                         .setTlsVersions(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"})
                                         .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                                        // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219
+                                        .setTlsDetailsFactory(new Factory<SSLEngine, TlsDetails>() {
+                                            @Override
+                                            public TlsDetails create(final SSLEngine sslEngine) {
+                                                return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol());
+                                            }
+                                        })
                                         .build();
 
                                 final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create()
                                         .setTlsStrategy(tlsStrategy)
                                         .build();
                                 builder.setConnectionManager(cm);
-                                // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version
-                                builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1);
                                 return builder;
                             });
             return new RestHighLevelClient(restClientBuilder);