From 51e32e3549ad8442dfecea9cbf49c70aecac0bf3 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Tue, 26 Nov 2024 21:51:44 +0100 Subject: [PATCH 1/7] Bumped finagle with custom SslClientConfiguration --- .../java/nl/altindag/client/ClientConfig.java | 51 ++++++++++++++++++- .../altindag/client/ClientConfigShould.java | 5 +- pom.xml | 2 +- 3 files changed, 54 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/nl/altindag/client/ClientConfig.java b/client/src/main/java/nl/altindag/client/ClientConfig.java index 4a79a19..9b862db 100644 --- a/client/src/main/java/nl/altindag/client/ClientConfig.java +++ b/client/src/main/java/nl/altindag/client/ClientConfig.java @@ -27,6 +27,12 @@ import com.twitter.finagle.Service; import com.twitter.finagle.http.Request; import com.twitter.finagle.http.Response; +import com.twitter.finagle.ssl.ApplicationProtocols; +import com.twitter.finagle.ssl.CipherSuites; +import com.twitter.finagle.ssl.KeyCredentials; +import com.twitter.finagle.ssl.Protocols; +import com.twitter.finagle.ssl.TrustCredentials; +import com.twitter.finagle.ssl.client.SslClientConfiguration; import com.typesafe.config.ConfigFactory; import feign.Feign; import feign.googlehttpclient.GoogleHttpClient; @@ -68,11 +74,15 @@ import org.springframework.web.reactive.function.client.WebClient; import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; +import scala.Option; +import scala.jdk.javaapi.CollectionConverters; import javax.net.ssl.SSLException; import java.net.URI; import java.net.URISyntaxException; import java.net.http.HttpClient; +import java.util.List; +import java.util.stream.Collectors; @Component public class ClientConfig { @@ -248,8 +258,45 @@ public Service finagle(SSLFactory sslFactory) throws URISynta var uri = new URI(Constants.getServerUrl()); var client = Http.client().withNoHttp2(); if (uri.getScheme().equals("https")) { - client = client.withTransport() - .tls(sslFactory.getSslContext()); + + List excludedCiphers = List.of( + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA256", + "TLS_RSA_WITH_AES_128_CBC_SHA256", + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" + ); + + List filteredCiphers = sslFactory.getCiphers() + .stream() + .filter(cipher -> !excludedCiphers.contains(cipher)) + .collect(Collectors.toList()); + + SslClientConfiguration sslClientConfiguration = new SslClientConfiguration( + Option.empty(), + Option.empty(), + sslFactory.getKeyManagerFactory().map(KeyCredentials.KeyManagerFactory::new).orElseThrow(), + sslFactory.getTrustManagerFactory().map(TrustCredentials.TrustManagerFactory::new).orElseThrow(), + new CipherSuites.Enabled(CollectionConverters.asScala(filteredCiphers).toSeq()), + new Protocols.Enabled(CollectionConverters.asScala(sslFactory.getProtocols()).toSeq()), + ApplicationProtocols.fromString("")); + + client = client.withTransport().tls(sslClientConfiguration); } return client.newService(uri.getHost() + ":" + uri.getPort()); } diff --git a/client/src/test/java/nl/altindag/client/ClientConfigShould.java b/client/src/test/java/nl/altindag/client/ClientConfigShould.java index 1723f72..8ac969c 100644 --- a/client/src/test/java/nl/altindag/client/ClientConfigShould.java +++ b/client/src/test/java/nl/altindag/client/ClientConfigShould.java @@ -325,7 +325,10 @@ void createFinagleClientWithSecurity() throws URISyntaxException { Service service = victim.finagle(sslFactory); - verify(sslFactory, times(1)).getSslContext(); + verify(sslFactory, times(1)).getKeyManagerFactory(); + verify(sslFactory, times(1)).getTrustManagerFactory(); + verify(sslFactory, times(1)).getCiphers(); + verify(sslFactory, times(1)).getProtocols(); assertThat(service.isAvailable()).isTrue(); assertThat(service.status()).hasToString("Open"); diff --git a/pom.xml b/pom.xml index 815d745..7c534be 100644 --- a/pom.xml +++ b/pom.xml @@ -43,7 +43,7 @@ 1.44.2 3.14.5 2.11.0 - 22.1.0 + 24.2.0 10.5.3 2.8.5 1.2.0 From 0a359ad5e3ccef57027b1f1ff3f1a3f40bc081e7 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Tue, 26 Nov 2024 23:47:42 +0100 Subject: [PATCH 2/7] Converted finagle service example from java to scala --- .../java/nl/altindag/client/ClientConfig.java | 64 --------------- .../service/FinagleHttpClientService.java | 58 -------------- .../service/FinagleHttpClientService.scala | 76 ++++++++++++++++++ .../altindag/client/ClientConfigShould.java | 31 -------- .../FinagleHttpClientServiceShould.java | 77 ------------------ .../FinagleHttpClientServiceShould.scala | 79 +++++++++++++++++++ 6 files changed, 155 insertions(+), 230 deletions(-) delete mode 100644 client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.java create mode 100644 client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala delete mode 100644 client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.java create mode 100644 client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala diff --git a/client/src/main/java/nl/altindag/client/ClientConfig.java b/client/src/main/java/nl/altindag/client/ClientConfig.java index 9b862db..ab31ab8 100644 --- a/client/src/main/java/nl/altindag/client/ClientConfig.java +++ b/client/src/main/java/nl/altindag/client/ClientConfig.java @@ -23,16 +23,6 @@ import com.google.gson.GsonBuilder; import com.sun.jersey.api.client.config.DefaultClientConfig; import com.sun.jersey.client.urlconnection.HTTPSProperties; -import com.twitter.finagle.Http; -import com.twitter.finagle.Service; -import com.twitter.finagle.http.Request; -import com.twitter.finagle.http.Response; -import com.twitter.finagle.ssl.ApplicationProtocols; -import com.twitter.finagle.ssl.CipherSuites; -import com.twitter.finagle.ssl.KeyCredentials; -import com.twitter.finagle.ssl.Protocols; -import com.twitter.finagle.ssl.TrustCredentials; -import com.twitter.finagle.ssl.client.SslClientConfiguration; import com.typesafe.config.ConfigFactory; import feign.Feign; import feign.googlehttpclient.GoogleHttpClient; @@ -74,15 +64,9 @@ import org.springframework.web.reactive.function.client.WebClient; import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; -import scala.Option; -import scala.jdk.javaapi.CollectionConverters; import javax.net.ssl.SSLException; -import java.net.URI; -import java.net.URISyntaxException; import java.net.http.HttpClient; -import java.util.List; -import java.util.stream.Collectors; @Component public class ClientConfig { @@ -253,54 +237,6 @@ public Retrofit retrofit(@Qualifier("okHttpClient") OkHttpClient okHttpClient) { .build(); } - @Bean - public Service finagle(SSLFactory sslFactory) throws URISyntaxException { - var uri = new URI(Constants.getServerUrl()); - var client = Http.client().withNoHttp2(); - if (uri.getScheme().equals("https")) { - - List excludedCiphers = List.of( - "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", - "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", - "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", - "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", - "TLS_RSA_WITH_AES_256_CBC_SHA256", - "TLS_RSA_WITH_AES_128_CBC_SHA256", - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" - ); - - List filteredCiphers = sslFactory.getCiphers() - .stream() - .filter(cipher -> !excludedCiphers.contains(cipher)) - .collect(Collectors.toList()); - - SslClientConfiguration sslClientConfiguration = new SslClientConfiguration( - Option.empty(), - Option.empty(), - sslFactory.getKeyManagerFactory().map(KeyCredentials.KeyManagerFactory::new).orElseThrow(), - sslFactory.getTrustManagerFactory().map(TrustCredentials.TrustManagerFactory::new).orElseThrow(), - new CipherSuites.Enabled(CollectionConverters.asScala(filteredCiphers).toSeq()), - new Protocols.Enabled(CollectionConverters.asScala(sslFactory.getProtocols()).toSeq()), - ApplicationProtocols.fromString("")); - - client = client.withTransport().tls(sslClientConfiguration); - } - return client.newService(uri.getHost() + ":" + uri.getPort()); - } - @Bean public ActorSystem actorSystem() { return ActorSystem.create( diff --git a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.java b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.java deleted file mode 100644 index 5e1bc0a..0000000 --- a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2018 Thunderberry. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package nl.altindag.client.service; - -import com.twitter.finagle.http.Request; -import com.twitter.finagle.http.RequestBuilder; -import com.twitter.finagle.http.Response; -import nl.altindag.client.ClientType; -import nl.altindag.client.model.ClientResponse; -import org.springframework.stereotype.Service; - -import java.util.concurrent.TimeUnit; - -import static nl.altindag.client.ClientType.FINAGLE; -import static nl.altindag.client.Constants.HEADER_KEY_CLIENT_TYPE; - -@Service -public class FinagleHttpClientService implements RequestService { - - private static final int TIMEOUT_AMOUNT_IN_SECONDS = 5; - - private final com.twitter.finagle.Service service; - - public FinagleHttpClientService(com.twitter.finagle.Service finagleService) { - this.service = finagleService; - } - - @Override - public ClientResponse executeRequest(String url) throws Exception { - var request = new RequestBuilder<>() - .addHeader(HEADER_KEY_CLIENT_TYPE, getClientType().getValue()) - .url(url) - .buildGet(null); - - return service.apply(request) - .map(response -> new ClientResponse(response.contentString(), response.statusCode())) - .toJavaFuture() - .get(TIMEOUT_AMOUNT_IN_SECONDS, TimeUnit.SECONDS); - } - - @Override - public ClientType getClientType() { - return FINAGLE; - } -} diff --git a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala new file mode 100644 index 0000000..6b4f117 --- /dev/null +++ b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala @@ -0,0 +1,76 @@ +/* + * Copyright 2018 Thunderberry. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package nl.altindag.client.service + +import com.twitter.finagle.http.{Request, RequestBuilder, Response} +import com.twitter.finagle.ssl.client.SslClientConfiguration +import com.twitter.finagle.ssl.{KeyCredentials, TrustCredentials} +import com.twitter.finagle.{Http, Service} +import nl.altindag.client.ClientType.FINAGLE +import nl.altindag.client.Constants.HEADER_KEY_CLIENT_TYPE +import nl.altindag.client.model.ClientResponse +import nl.altindag.client.{ClientType, Constants} +import nl.altindag.ssl.SSLFactory +import org.springframework.beans.factory.annotation.Qualifier +import org.springframework.context.annotation.Bean +import org.springframework.stereotype +import org.springframework.stereotype.Component + +import java.net.URI +import java.util.concurrent.TimeUnit +import scala.jdk.javaapi.OptionConverters + +@stereotype.Service +class FinagleHttpClientService2(@Qualifier("finagleClient") service: Service[Request, Response]) extends RequestService { + + private val TIMEOUT_AMOUNT_IN_SECONDS = 5 + + override def executeRequest(url: String): ClientResponse = { + val request = RequestBuilder() + .addHeader(HEADER_KEY_CLIENT_TYPE, getClientType.getValue) + .url(url) + .buildGet() + + service.apply(request) + .map(response => new ClientResponse(response.contentString, response.statusCode)) + .toJavaFuture + .get(TIMEOUT_AMOUNT_IN_SECONDS, TimeUnit.SECONDS) + } + + override def getClientType: ClientType = FINAGLE +} + +@Component +class FinagleHttpClientConfiguration { + + @Bean(name = Array("finagleClient")) + def createFinagle(sslFactory: SSLFactory): Service[Request, Response] = { + val uri = new URI(Constants.getServerUrl) + var client = Http.client.withNoHttp2 + + if (uri.getScheme == "https") { + val sslClientConfiguration = SslClientConfiguration( + keyCredentials = OptionConverters.toScala(sslFactory.getKeyManagerFactory).map(kmf => KeyCredentials.KeyManagerFactory(kmf)).getOrElse(KeyCredentials.Unspecified), + trustCredentials = OptionConverters.toScala(sslFactory.getTrustManagerFactory).map(tmf => TrustCredentials.TrustManagerFactory(tmf)).getOrElse(TrustCredentials.Unspecified) + ) + + client = client.withTransport.tls(sslClientConfiguration) + } + + client.newService(uri.getHost + ":" + uri.getPort) + } + +} diff --git a/client/src/test/java/nl/altindag/client/ClientConfigShould.java b/client/src/test/java/nl/altindag/client/ClientConfigShould.java index 8ac969c..c88d46d 100644 --- a/client/src/test/java/nl/altindag/client/ClientConfigShould.java +++ b/client/src/test/java/nl/altindag/client/ClientConfigShould.java @@ -306,37 +306,6 @@ void createRetrofitWithProvidedOkHttpClient() { assertThat(retrofit.converterFactories()).has(GSON_CONVERTER_FACTORY); } - @Test - void createFinagleClientWithoutSecurity() throws URISyntaxException { - System.setProperty("url", TestConstants.HTTP_URL); - Service service = victim.finagle(null); - - assertThat(service.isAvailable()).isTrue(); - assertThat(service.status()).hasToString("Open"); - - service.close(); - System.clearProperty("url"); - } - - @Test - void createFinagleClientWithSecurity() throws URISyntaxException { - System.setProperty("url", TestConstants.HTTPS_URL); - SSLFactory sslFactory = createSSLFactory(false, true); - - Service service = victim.finagle(sslFactory); - - verify(sslFactory, times(1)).getKeyManagerFactory(); - verify(sslFactory, times(1)).getTrustManagerFactory(); - verify(sslFactory, times(1)).getCiphers(); - verify(sslFactory, times(1)).getProtocols(); - - assertThat(service.isAvailable()).isTrue(); - assertThat(service.status()).hasToString("Open"); - - service.close(); - System.clearProperty("url"); - } - @Test void createAkkaHttpClient() { SSLFactory sslFactory = createSSLFactory(false, true); diff --git a/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.java b/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.java deleted file mode 100644 index 95b0dce..0000000 --- a/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2018 Thunderberry. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package nl.altindag.client.service; - -import static nl.altindag.client.Constants.HEADER_KEY_CLIENT_TYPE; -import static nl.altindag.client.TestConstants.HTTP_URL; -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -import java.net.URI; - -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.ArgumentCaptor; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; - -import com.twitter.finagle.Service; -import com.twitter.finagle.http.Method; -import com.twitter.finagle.http.Request; -import com.twitter.finagle.http.Response; -import com.twitter.util.Future; - -import nl.altindag.client.ClientType; -import nl.altindag.client.model.ClientResponse; -import org.mockito.junit.jupiter.MockitoExtension; -import scala.Tuple2; - -@ExtendWith(MockitoExtension.class) -class FinagleHttpClientServiceShould { - - @InjectMocks - private FinagleHttpClientService victim; - @Mock - private Service finagleService; - - @Test - void executeRequest() throws Exception { - Response response = mock(Response.class); - - when(finagleService.apply(Mockito.any(Request.class))).thenReturn(Future.value(response)); - when(response.statusCode()).thenReturn(200); - when(response.contentString()).thenReturn("Hello"); - - ArgumentCaptor requestArgumentCaptor = ArgumentCaptor.forClass(Request.class); - ClientResponse clientResponse = victim.executeRequest(HTTP_URL); - - assertThat(clientResponse.getStatusCode()).isEqualTo(200); - assertThat(clientResponse.getResponseBody()).isEqualTo("Hello"); - - verify(finagleService, times(1)).apply(requestArgumentCaptor.capture()); - assertThat(requestArgumentCaptor.getValue().method()).isEqualTo(Method.Get()); - assertThat(requestArgumentCaptor.getValue().uri()).isEqualTo(URI.create(HTTP_URL).getPath()); - - URI uri = URI.create(HTTP_URL); - assertThat(requestArgumentCaptor.getValue().headerMap().toSet().contains(Tuple2.apply("Host", uri.getHost() + ":" + uri.getPort()))).isTrue(); - assertThat(requestArgumentCaptor.getValue().headerMap().toSet().contains(Tuple2.apply(HEADER_KEY_CLIENT_TYPE, ClientType.FINAGLE.getValue()))).isTrue(); - } - -} diff --git a/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala b/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala new file mode 100644 index 0000000..148f831 --- /dev/null +++ b/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala @@ -0,0 +1,79 @@ +/* + * Copyright 2018 Thunderberry. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package nl.altindag.client.service + +import com.twitter.finagle.Service +import com.twitter.finagle.http.{Request, Response} +import com.twitter.util.Future +import nl.altindag.client.TestConstants +import nl.altindag.client.TestConstants.HTTP_URL +import nl.altindag.client.util.SSLFactoryTestHelper +import org.assertj.core.api.Assertions.assertThat +import org.mockito.scalatest.MockitoSugar +import org.scalatest.funspec.AnyFunSpec + +class FinagleHttpClientServiceShould extends AnyFunSpec with MockitoSugar { + + describe("execute request") { + val finagleService = mock[Service[Request, Response]] + val response = mock[Response] + + when(finagleService.apply(any[Request])).thenReturn(Future.value(response)) + when(response.statusCode).thenReturn(200) + when(response.contentString).thenReturn("Hello") + + val victim = new FinagleHttpClientService2(finagleService) + val clientResponse = victim.executeRequest(HTTP_URL) + + assertThat(clientResponse.getStatusCode).isEqualTo(200) + assertThat(clientResponse.getResponseBody).isEqualTo("Hello") + } + + describe("create finagle without ssl material when url is http and sslFactory is present") { + System.setProperty("url", TestConstants.HTTP_URL) + + val sslFactory = SSLFactoryTestHelper.createSSLFactory(true, true) + val client = new FinagleHttpClientConfiguration() + .createFinagle(sslFactory) + + assertThat(client).isNotNull + verify(sslFactory, times(0)).getKeyManagerFactory + verify(sslFactory, times(0)).getTrustManagerFactory + assertThat(client.isAvailable).isTrue + assertThat(client.status).hasToString("Open") + + client.close(); + System.clearProperty("url"); + } + + describe("create finagle http client with ssl") { + System.setProperty("url", TestConstants.HTTPS_URL) + + val sslFactory = SSLFactoryTestHelper.createSSLFactory(true, true) + val client = new FinagleHttpClientConfiguration() + .createFinagle(sslFactory) + + assertThat(client).isNotNull + verify(sslFactory, times(1)).getKeyManagerFactory + verify(sslFactory, times(1)).getTrustManagerFactory + assertThat(client.isAvailable).isTrue + assertThat(client.status).hasToString("Open") + + client.close() + System.clearProperty("url") + } + +} From ac049b973ddeab22638c51c31eb028750bc362bc Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Tue, 26 Nov 2024 23:51:55 +0100 Subject: [PATCH 3/7] Removed unused imports --- .../test/java/nl/altindag/client/ClientConfigShould.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/client/src/test/java/nl/altindag/client/ClientConfigShould.java b/client/src/test/java/nl/altindag/client/ClientConfigShould.java index c88d46d..0c40e15 100644 --- a/client/src/test/java/nl/altindag/client/ClientConfigShould.java +++ b/client/src/test/java/nl/altindag/client/ClientConfigShould.java @@ -19,9 +19,6 @@ import akka.http.javadsl.Http; import com.github.mizosoft.methanol.Methanol; import com.google.api.client.http.HttpTransport; -import com.twitter.finagle.Service; -import com.twitter.finagle.http.Request; -import com.twitter.finagle.http.Response; import feign.Feign; import jakarta.ws.rs.client.Client; import kong.unirest.Unirest; @@ -40,7 +37,6 @@ import javax.net.ssl.SSLException; import java.io.IOException; import java.net.ConnectException; -import java.net.URISyntaxException; import java.net.http.HttpClient; import static nl.altindag.client.util.AssertJCustomConditions.GSON_CONVERTER_FACTORY; @@ -48,7 +44,9 @@ import static nl.altindag.client.util.SSLFactoryTestHelper.createSSLFactory; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; @ExtendWith(MockitoExtension.class) class ClientConfigShould { From fc94fabc1890878fd78ad8c71d1ebbae0efb05f1 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Tue, 26 Nov 2024 23:54:59 +0100 Subject: [PATCH 4/7] Reformatted option --- .../client/service/FinagleHttpClientService.scala | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala index 6b4f117..6a4ba67 100644 --- a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala +++ b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala @@ -63,8 +63,12 @@ class FinagleHttpClientConfiguration { if (uri.getScheme == "https") { val sslClientConfiguration = SslClientConfiguration( - keyCredentials = OptionConverters.toScala(sslFactory.getKeyManagerFactory).map(kmf => KeyCredentials.KeyManagerFactory(kmf)).getOrElse(KeyCredentials.Unspecified), - trustCredentials = OptionConverters.toScala(sslFactory.getTrustManagerFactory).map(tmf => TrustCredentials.TrustManagerFactory(tmf)).getOrElse(TrustCredentials.Unspecified) + keyCredentials = OptionConverters.toScala(sslFactory.getKeyManagerFactory) + .map(kmf => KeyCredentials.KeyManagerFactory(kmf)) + .getOrElse(KeyCredentials.Unspecified), + trustCredentials = OptionConverters.toScala(sslFactory.getTrustManagerFactory) + .map(tmf => TrustCredentials.TrustManagerFactory(tmf)) + .getOrElse(TrustCredentials.Unspecified) ) client = client.withTransport.tls(sslClientConfiguration) From d6be44eef16b89ba2da55a7d09b5d642d2e0df98 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Wed, 27 Nov 2024 00:00:01 +0100 Subject: [PATCH 5/7] Corrected if statement --- .../nl/altindag/client/service/FinagleHttpClientService.scala | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala index 6a4ba67..907335a 100644 --- a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala +++ b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala @@ -59,9 +59,9 @@ class FinagleHttpClientConfiguration { @Bean(name = Array("finagleClient")) def createFinagle(sslFactory: SSLFactory): Service[Request, Response] = { val uri = new URI(Constants.getServerUrl) - var client = Http.client.withNoHttp2 + var client = Http.client - if (uri.getScheme == "https") { + if ("https".equals(uri.getScheme)) { val sslClientConfiguration = SslClientConfiguration( keyCredentials = OptionConverters.toScala(sslFactory.getKeyManagerFactory) .map(kmf => KeyCredentials.KeyManagerFactory(kmf)) From 3ad34abf10a4308fd97900b57c7e1a6a9bbc52b1 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Wed, 27 Nov 2024 00:06:50 +0100 Subject: [PATCH 6/7] fixed name --- .../nl/altindag/client/service/FinagleHttpClientService.scala | 2 +- .../client/service/FinagleHttpClientServiceShould.scala | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala index 907335a..b7e8235 100644 --- a/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala +++ b/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.scala @@ -34,7 +34,7 @@ import java.util.concurrent.TimeUnit import scala.jdk.javaapi.OptionConverters @stereotype.Service -class FinagleHttpClientService2(@Qualifier("finagleClient") service: Service[Request, Response]) extends RequestService { +class FinagleHttpClientService(@Qualifier("finagleClient") service: Service[Request, Response]) extends RequestService { private val TIMEOUT_AMOUNT_IN_SECONDS = 5 diff --git a/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala b/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala index 148f831..0a24533 100644 --- a/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala +++ b/client/src/test/java/nl/altindag/client/service/FinagleHttpClientServiceShould.scala @@ -35,7 +35,7 @@ class FinagleHttpClientServiceShould extends AnyFunSpec with MockitoSugar { when(response.statusCode).thenReturn(200) when(response.contentString).thenReturn("Hello") - val victim = new FinagleHttpClientService2(finagleService) + val victim = new FinagleHttpClientService(finagleService) val clientResponse = victim.executeRequest(HTTP_URL) assertThat(clientResponse.getStatusCode).isEqualTo(200) From 99708df13e0d21f2d99ebd581197c694e20ba6a7 Mon Sep 17 00:00:00 2001 From: Hakky54 Date: Fri, 29 Nov 2024 10:09:45 +0100 Subject: [PATCH 7/7] Adjusted reference to finagle --- README.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.MD b/README.MD index f3dbdde..8ee1797 100644 --- a/README.MD +++ b/README.MD @@ -401,7 +401,7 @@ All client examples use the same base ssl configuration created within the [SSLC * [Ktor with Okhttp engine](https://github.com/ktorio/ktor) -> [Client Configuration](https://github.com/Hakky54/mutual-tls-ssl/blob/master/client/src/main/java/nl/altindag/client/service/KtorOkHttpClientService.kt) | [Example request](https://github.com/Hakky54/mutual-tls-ssl/blob/master/client/src/main/java/nl/altindag/client/service/KtorHttpClientService.kt) **Scala** -* [Twitter Finagle](https://github.com/twitter/finagle) -> [Client Configuration](https://github.com/Hakky54/mutual-tls-ssl/blob/35cba2f3a2dcd73b01fa323b99eec7777f7429bb/client/src/main/java/nl/altindag/client/ClientConfig.java#L233) | [Example request](https://github.com/Hakky54/mutual-tls-ssl/blob/master/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.java) +* [Twitter Finagle](https://github.com/twitter/finagle) -> [Client Configuration & Example request](https://github.com/Hakky54/mutual-tls-ssl/blob/master/client/src/main/java/nl/altindag/client/service/FinagleHttpClientService.java) * [Twitter Finagle Featherbed](https://github.com/finagle/featherbed) -> [Client Configuration & Example request](https://github.com/Hakky54/mutual-tls-ssl/blob/d78e4e81b8b775d3ff09c11b0a7c1532a741199e/client/src/main/java/nl/altindag/client/service/FeatherbedRequestService.scala#L19) * [Akka Http Client](https://github.com/akka/akka-http) -> [Client Configuration](https://github.com/Hakky54/mutual-tls-ssl/blob/35cba2f3a2dcd73b01fa323b99eec7777f7429bb/client/src/main/java/nl/altindag/client/ClientConfig.java#L253) | [Example request](https://github.com/Hakky54/mutual-tls-ssl/blob/master/client/src/main/java/nl/altindag/client/service/AkkaHttpClientService.java) * [Dispatch Reboot](https://github.com/dispatch/reboot) -> [Client Configuration & Example request](https://github.com/Hakky54/mutual-tls-ssl/blob/master/client/src/main/java/nl/altindag/client/service/DispatchRebootService.scala)