From b113a1179189f020a1035d570b2e4e88ae03951d Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Oct 2022 18:16:57 -0400 Subject: [PATCH 01/36] Migrate to Apache HttpClient / Core 5.x Signed-off-by: Craig Perkins --- build.gradle | 1 + .../auth/http/jwt/HTTPJwtAuthenticator.java | 2 +- .../http/jwt/keybyoidc/KeySetRetriever.java | 53 +++++++------- .../util/SettingsBasedSSLConfigurator.java | 20 +++--- .../security/auditlog/sink/WebhookSink.java | 71 +++++++++---------- .../security/httpclient/HttpClient.java | 47 ++++++------ .../security/tools/SecurityAdmin.java | 35 ++++----- 7 files changed, 114 insertions(+), 115 deletions(-) diff --git a/build.gradle b/build.gradle index 7d6b4dc299..22ff363920 100644 --- a/build.gradle +++ b/build.gradle @@ -296,6 +296,7 @@ dependencies { implementation 'jakarta.annotation:jakarta.annotation-api:1.3.5' implementation "org.opensearch.plugin:transport-netty4-client:${opensearch_version}" implementation "org.opensearch.client:opensearch-rest-high-level-client:${opensearch_version}" + implementation "org.apache.httpcomponents.client5:httpclient5-cache:${versions.httpclient5}" implementation 'com.google.guava:guava:30.0-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java index 21e740e04a..16cc71ffbd 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java @@ -29,7 +29,7 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.io.Decoders; import io.jsonwebtoken.security.WeakKeyException; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java index 7731bd8084..0ae0ff6cfc 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java @@ -12,22 +12,22 @@ package com.amazon.dlic.auth.http.jwt.keybyoidc; import java.io.IOException; +import java.util.concurrent.TimeUnit; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; -import org.apache.http.HttpEntity; -import org.apache.http.StatusLine; -import org.apache.http.client.cache.HttpCacheContext; -import org.apache.http.client.cache.HttpCacheStorage; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.impl.client.cache.BasicHttpCacheStorage; -import org.apache.http.impl.client.cache.CacheConfig; -import org.apache.http.impl.client.cache.CachingHttpClients; +import org.apache.hc.client5.http.cache.HttpCacheContext; +import org.apache.hc.client5.http.cache.HttpCacheStorage; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.cache.BasicHttpCacheStorage; +import org.apache.hc.client5.http.impl.cache.CacheConfig; +import org.apache.hc.client5.http.impl.cache.CachingHttpClients; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.core5.http.HttpEntity; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -70,16 +70,14 @@ public JsonWebKeys get() throws AuthenticatorUnavailableException { HttpGet httpGet = new HttpGet(uri); - RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs()) - .setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build(); + RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS) + .setConnectTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS).build(); httpGet.setConfig(requestConfig); try (CloseableHttpResponse response = httpClient.execute(httpGet)) { - StatusLine statusLine = response.getStatusLine(); - - if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) { - throw new AuthenticatorUnavailableException("Error while getting " + uri + ": " + statusLine); + if (response.getCode() < 200 || response.getCode() >= 300) { + throw new AuthenticatorUnavailableException("Error while getting " + uri + ": " + response.getReasonPhrase()); } HttpEntity httpEntity = response.getEntity(); @@ -105,8 +103,8 @@ String getJwksUri() throws AuthenticatorUnavailableException { HttpGet httpGet = new HttpGet(openIdConnectEndpoint); - RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs()) - .setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build(); + RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS) + .setConnectTimeout(getRequestTimeoutMs(), TimeUnit.MILLISECONDS).build(); httpGet.setConfig(requestConfig); @@ -121,11 +119,9 @@ String getJwksUri() throws AuthenticatorUnavailableException { logCacheResponseStatus(httpContext); } - StatusLine statusLine = response.getStatusLine(); - - if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) { + if (response.getCode() < 200 || response.getCode() >= 300) { throw new AuthenticatorUnavailableException( - "Error while getting " + openIdConnectEndpoint + ": " + statusLine); + "Error while getting " + openIdConnectEndpoint + ": " + response.getReasonPhrase()); } HttpEntity httpEntity = response.getEntity(); @@ -195,9 +191,10 @@ private CloseableHttpClient createHttpClient(HttpCacheStorage httpCacheStorage) builder.useSystemProperties(); - if (sslConfig != null) { - builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()); - } + // TODO what to replace this with? +// if (sslConfig != null) { +// builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()); +// } return builder.build(); } diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java index dd605ef087..390ed100fc 100644 --- a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java @@ -11,7 +11,6 @@ package com.amazon.dlic.util; -import java.net.Socket; import java.nio.file.Path; import java.security.KeyManagementException; import java.security.KeyStore; @@ -30,18 +29,18 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import com.google.common.collect.ImmutableList; +import org.apache.hc.core5.ssl.PrivateKeyDetails; +import org.apache.hc.core5.ssl.PrivateKeyStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.http.conn.ssl.DefaultHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -196,7 +195,7 @@ private void configureWithSettings() throws SSLConfigException, NoSuchAlgorithmE new PrivateKeyStrategy() { @Override - public String chooseAlias(Map aliases, Socket socket) { + public String chooseAlias(Map aliases, SSLParameters sslParameters) { if (aliases == null || aliases.isEmpty()) { return effectiveKeyAlias; } @@ -430,9 +429,10 @@ public HostnameVerifier getHostnameVerifier() { return hostnameVerifier; } - public SSLIOSessionStrategy toSSLIOSessionStrategy() { - return new SSLIOSessionStrategy(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); - } + // TODO Can this be removed? +// public SSLIOSessionStrategy toSSLIOSessionStrategy() { +// return new SSLIOSessionStrategy(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); +// } public SSLConnectionSocketFactory toSSLConnectionSocketFactory() { return new SSLConnectionSocketFactory(sslContext, supportedProtocols, supportedCipherSuites, diff --git a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java index 35479016ae..6072c07f14 100644 --- a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java +++ b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java @@ -14,27 +14,23 @@ import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; -import java.nio.charset.StandardCharsets; import java.nio.file.Path; import java.security.AccessController; import java.security.KeyStore; import java.security.PrivilegedAction; import java.security.cert.X509Certificate; - -import org.apache.http.HttpStatus; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.entity.ContentType; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.TrustStrategy; +import java.util.concurrent.TimeUnit; + +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.core5.http.ContentType; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.ssl.TrustStrategy; import org.opensearch.common.Strings; import org.opensearch.common.settings.Settings; @@ -217,7 +213,7 @@ protected boolean doGet(String url) { CloseableHttpResponse serverResponse = null; try { serverResponse = httpClient.execute(httpGet); - int responseCode = serverResponse.getStatusLine().getStatusCode(); + int responseCode = serverResponse.getCode(); if (responseCode != HttpStatus.SC_OK) { log.error("Cannot GET to webhook URL '{}', server returned status {}", webhookUrl, responseCode); return false; @@ -269,14 +265,13 @@ protected boolean doPost(String url, String payload) { HttpPost postRequest = new HttpPost(url); - StringEntity input = new StringEntity(payload, StandardCharsets.UTF_8); - input.setContentType(webhookFormat.contentType.toString()); + StringEntity input = new StringEntity(payload, webhookFormat.contentType); postRequest.setEntity(input); CloseableHttpResponse serverResponse = null; try { serverResponse = httpClient.execute(postRequest); - int responseCode = serverResponse.getStatusLine().getStatusCode(); + int responseCode = serverResponse.getCode(); if (responseCode != HttpStatus.SC_OK) { log.error("Cannot POST to webhook URL '{}', server returned status {}", webhookUrl, responseCode); return false; @@ -339,9 +334,8 @@ CloseableHttpClient getHttpClient() { int timeout = 5; RequestConfig config = RequestConfig.custom() - .setConnectTimeout(timeout * 1000) - .setConnectionRequestTimeout(timeout * 1000) - .setSocketTimeout(timeout * 1000).build(); + .setConnectTimeout(timeout, TimeUnit.SECONDS) + .setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).build(); final TrustStrategy trustAllStrategy = new TrustStrategy() { @Override @@ -353,13 +347,16 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { try { if(!verifySSL) { + /** + * Removing this from the chain below until its figured out how to replace this in client5 + * .setSSLSocketFactory( + * new SSLConnectionSocketFactory( + * new SSLContextBuilder() + * .loadTrustMaterial(trustAllStrategy) + * .build(), + * NoopHostnameVerifier.INSTANCE)) + */ return HttpClients.custom() - .setSSLSocketFactory( - new SSLConnectionSocketFactory( - new SSLContextBuilder() - .loadTrustMaterial(trustAllStrategy) - .build(), - NoopHostnameVerifier.INSTANCE)) .setDefaultRequestConfig(config) .build(); } @@ -370,13 +367,15 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { .build(); } - return HttpClients.custom() - .setSSLSocketFactory( - new SSLConnectionSocketFactory( - new SSLContextBuilder() - .loadTrustMaterial(effectiveTruststore, null) - .build(), - new DefaultHostnameVerifier())) + /** + * .setSSLSocketFactory( + * new SSLConnectionSocketFactory( + * new SSLContextBuilder() + * .loadTrustMaterial(effectiveTruststore, null) + * .build(), + * new DefaultHostnameVerifier())) + */ + return HttpClients.custom() .setDefaultRequestConfig(config) .build(); diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 281235f5e0..5bde9a65c1 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -13,7 +13,6 @@ import java.io.Closeable; import java.io.IOException; -import java.net.Socket; import java.nio.charset.StandardCharsets; import java.security.KeyManagementException; import java.security.KeyStore; @@ -25,24 +24,25 @@ import java.util.Base64; import java.util.Map; import java.util.Objects; +import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import com.google.common.collect.Lists; -import org.apache.http.HttpHeaders; -import org.apache.http.HttpHost; -import org.apache.http.client.config.RequestConfig; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder; +import org.apache.hc.core5.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.ssl.PrivateKeyDetails; +import org.apache.hc.core5.ssl.PrivateKeyStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.http.conn.ssl.DefaultHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.impl.nio.client.HttpAsyncClientBuilder; -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -153,7 +153,7 @@ private HttpClient(final KeyStore trustStore, final String basicCredentials, fin HttpHost[] hosts = Arrays.stream(servers) .map(s->s.split(":")) - .map(s->new HttpHost(s[0], Integer.parseInt(s[1]),ssl?"https":"http")) + .map(s->new HttpHost(ssl?"https":"http", s[0], Integer.parseInt(s[1]))) .collect(Collectors.toList()).toArray(new HttpHost[0]); @@ -223,7 +223,7 @@ private final HttpAsyncClientBuilder asyncClientBuilder(HttpAsyncClientBuilder h sslContextBuilder.loadKeyMaterial(keystore, keyPassword, new PrivateKeyStrategy() { @Override - public String chooseAlias(Map aliases, Socket socket) { + public String chooseAlias(Map aliases, SSLParameters sslParameters) { if(aliases == null || aliases.isEmpty()) { return keystoreAlias; } @@ -232,19 +232,21 @@ public String chooseAlias(Map aliases, Socket socket) return aliases.keySet().iterator().next(); } - return keystoreAlias; } + return keystoreAlias; + } }); } final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE; final SSLContext sslContext = sslContextBuilder.build(); - httpClientBuilder.setSSLStrategy(new SSLIOSessionStrategy( - sslContext, - supportedProtocols, - supportedCipherSuites, - hnv - )); + // TODO how to do this with org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder +// httpClientBuilder.setSSLStrategy(new SSLIOSessionStrategy( +// sslContext, +// supportedProtocols, +// supportedCipherSuites, +// hnv +// )); } if (basicCredentials != null) { @@ -255,9 +257,8 @@ public String chooseAlias(Map aliases, Socket socket) int timeout = 5; RequestConfig config = RequestConfig.custom() - .setConnectTimeout(timeout * 1000) - .setConnectionRequestTimeout(timeout * 1000) - .setSocketTimeout(timeout * 1000).build(); + .setConnectTimeout(timeout, TimeUnit.SECONDS) + .setConnectionRequestTimeout(timeout, TimeUnit.SECONDS).build(); httpClientBuilder.setDefaultRequestConfig(config); diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 2553a13677..c3746f8020 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -70,12 +70,11 @@ import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; -import org.apache.http.HttpHost; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.http.conn.ssl.DefaultHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; import org.opensearch.ExceptionsHelper; import org.opensearch.OpenSearchException; @@ -1394,19 +1393,21 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, String[] supportedProtocols = enabledProtocols.length > 0 ? enabledProtocols : null; String[] supportedCipherSuites = enabledCiphers.length > 0 ? enabledCiphers : null; - HttpHost httpHost = new HttpHost(hostname, port, "https"); - - RestClientBuilder restClientBuilder = RestClient.builder(httpHost) - .setHttpClientConfigCallback( - builder -> builder.setSSLStrategy( - new SSLIOSessionStrategy( - sslContext, - supportedProtocols, - supportedCipherSuites, - hnv - ) - ) - ); + HttpHost httpHost = new HttpHost("https", hostname, port); + + RestClientBuilder restClientBuilder = RestClient.builder(httpHost); + /** TODO Figure out what to replace this with in client5 + * .setHttpClientConfigCallback( + * builder -> builder.setSSLStrategy( + * new SSLIOSessionStrategy( + * sslContext, + * supportedProtocols, + * supportedCipherSuites, + * hnv + * ) + * ) + * ); + */ return new RestHighLevelClient(restClientBuilder); } From 98285f0e6725f22a95d5bf6e94699ef83778454e Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Wed, 12 Oct 2022 18:26:17 -0400 Subject: [PATCH 02/36] Update import in AbstractHTTPJwtAuthenticator Signed-off-by: Craig Perkins --- .../amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java index d2e14d6145..02919c186f 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java @@ -21,7 +21,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; From 0ea54cb5fe76de056987dd26eef06276bc55c3fd Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 09:54:30 -0400 Subject: [PATCH 03/36] Continue moving to Apache Client5 / Core5 Signed-off-by: Craig Perkins --- build.gradle | 1 + .../cluster/OpenSearchClientProvider.java | 43 ++++++---- .../framework/cluster/TestRestClient.java | 84 +++++++++---------- .../security/PitIntegrationTests.java | 2 +- 4 files changed, 71 insertions(+), 59 deletions(-) diff --git a/build.gradle b/build.gradle index 22ff363920..034acceaef 100644 --- a/build.gradle +++ b/build.gradle @@ -297,6 +297,7 @@ dependencies { implementation "org.opensearch.plugin:transport-netty4-client:${opensearch_version}" implementation "org.opensearch.client:opensearch-rest-high-level-client:${opensearch_version}" implementation "org.apache.httpcomponents.client5:httpclient5-cache:${versions.httpclient5}" + implementation "org.apache.httpcomponents:httpcore:${versions.httpcore}" implementation 'com.google.guava:guava:30.0-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 54e4894a78..959afddebb 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -37,22 +37,29 @@ import java.util.Base64; import java.util.List; import java.util.Objects; +import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; import java.util.stream.Stream; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import org.apache.http.Header; -import org.apache.http.HttpHost; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.CredentialsProvider; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.impl.client.BasicCredentialsProvider; -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; - +import com.onelogin.saml2.Auth; +import org.apache.hc.client5.http.auth.AuthScope; +import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; +import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.io.SocketConfig; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; import org.opensearch.client.RestHighLevelClient; @@ -94,17 +101,21 @@ default TestRestClient getRestClient(UserCredentialsHolder user, Header... heade default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { InetSocketAddress httpAddress = getHttpAddress(); - CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user.getName(), user.getPassword())); - + BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + final HttpHost httpHost = new HttpHost(httpAddress.getHostString(), httpAddress.getPort()); + credentialsProvider.setCredentials(new AuthScope(httpHost, null, "Basic"), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray())); RestClientBuilder.HttpClientConfigCallback configCallback = httpClientBuilder -> { - httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider).setSSLStrategy( - new SSLIOSessionStrategy(getSSLContext(), null, null, NoopHostnameVerifier.INSTANCE)); + TlsStrategy tlsStrategy = new BasicClientTlsStrategy(getSSLContext()); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + httpClientBuilder.setConnectionManager(cm); return httpClientBuilder; }; - RestClientBuilder builder = RestClient.builder(new HttpHost(httpAddress.getHostString(), httpAddress.getPort(), "https")) + RestClientBuilder builder = RestClient.builder(new HttpHost("https", httpAddress.getHostString(), httpAddress.getPort())) .setHttpClientConfigCallback(configCallback); diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java index 0db80ee72f..7a79363030 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java @@ -29,8 +29,6 @@ package org.opensearch.test.framework.cluster; import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.URI; import java.net.URISyntaxException; @@ -40,34 +38,37 @@ import java.util.Collections; import java.util.List; import java.util.Optional; +import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLContext; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.IOUtils; -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.NameValuePair; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpHead; -import org.apache.http.client.methods.HttpOptions; -import org.apache.http.client.methods.HttpPatch; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.config.SocketConfig; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.message.BasicHeader; +import org.apache.hc.client5.http.classic.methods.HttpDelete; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpHead; +import org.apache.hc.client5.http.classic.methods.HttpOptions; +import org.apache.hc.client5.http.classic.methods.HttpPatch; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.classic.methods.HttpPut; +import org.apache.hc.client5.http.classic.methods.HttpUriRequest; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.NameValuePair; +import org.apache.hc.core5.http.io.SocketConfig; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.net.URIBuilder; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -137,11 +138,7 @@ public HttpResponse putJson(String path, String body, Header... headers) { } private StringEntity toStringEntity(String body) { - try { - return new StringEntity(body); - } catch (UnsupportedEncodingException e) { - throw new RestClientException("Cannot create string entity", e); - } + return new StringEntity(body); } public HttpResponse putJson(String path, ToXContentObject body) { @@ -215,9 +212,11 @@ protected final CloseableHttpClient getHTTPClient() { final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(this.sslContext, protocols, null, NoopHostnameVerifier.INSTANCE); - hcb.setSSLSocketFactory(sslsf); - - hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); if (requestConfig != null) { hcb.setDefaultRequestConfig(requestConfig); @@ -254,9 +253,9 @@ public HttpResponse(CloseableHttpResponse inner) throws IllegalStateException, I } else { this.body = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8); } - this.header = inner.getAllHeaders(); - this.statusCode = inner.getStatusLine().getStatusCode(); - this.statusReason = inner.getStatusLine().getReasonPhrase(); + this.header = inner.getHeaders(); + this.statusCode = inner.getCode(); + this.statusReason = inner.getReasonPhrase(); inner.close(); } @@ -381,13 +380,14 @@ public void setRequestConfig(RequestConfig requestConfig) { this.requestConfig = requestConfig; } - public void setLocalAddress(InetAddress inetAddress) { - if (requestConfig == null) { - requestConfig = RequestConfig.custom().setLocalAddress(inetAddress).build(); - } else { - requestConfig = RequestConfig.copy(requestConfig).setLocalAddress(inetAddress).build(); - } - } + // TODO Can this be removed? +// public void setLocalAddress(InetAddress inetAddress) { +// if (requestConfig == null) { +// requestConfig = RequestConfig.custom().setLocalAddress(inetAddress).build(); +// } else { +// requestConfig = RequestConfig.copy(requestConfig).setLocalAddress(inetAddress).build(); +// } +// } public boolean isSendHTTPClientCertificate() { return sendHTTPClientCertificate; diff --git a/src/test/java/org/opensearch/security/PitIntegrationTests.java b/src/test/java/org/opensearch/security/PitIntegrationTests.java index b31450dcf7..baab586beb 100644 --- a/src/test/java/org/opensearch/security/PitIntegrationTests.java +++ b/src/test/java/org/opensearch/security/PitIntegrationTests.java @@ -13,7 +13,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; From 621cfb951393670effe25932017f96c04cfdee0e Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 09:55:57 -0400 Subject: [PATCH 04/36] Run spotlessApply Signed-off-by: Craig Perkins --- .../test/framework/cluster/OpenSearchClientProvider.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 959afddebb..a794a40330 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -60,6 +60,7 @@ import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; + import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; import org.opensearch.client.RestHighLevelClient; From 91a51886cc3fb16816ac7cb7c84411de8fc07fb9 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 09:57:38 -0400 Subject: [PATCH 05/36] Remove unused imports Signed-off-by: Craig Perkins --- .../test/framework/cluster/OpenSearchClientProvider.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index a794a40330..4f498ecefd 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -37,26 +37,19 @@ import java.util.Base64; import java.util.List; import java.util.Objects; -import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; import java.util.stream.Stream; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import com.onelogin.saml2.Auth; import org.apache.hc.client5.http.auth.AuthScope; import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; -import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; -import org.apache.hc.client5.http.io.HttpClientConnectionManager; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; -import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; -import org.apache.hc.core5.http.io.SocketConfig; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; From 6af3a373b72c1493e0a927bff218b3cf03838487 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 10:14:04 -0400 Subject: [PATCH 06/36] Use apache client5 in AbstractSecurityUnitTests Signed-off-by: Craig Perkins --- .../security/tools/SecurityAdmin.java | 34 +++++++++++------- .../test/AbstractSecurityUnitTest.java | 36 ++++++++++++------- 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index c3746f8020..b2fbb085c6 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -70,7 +70,12 @@ import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; import org.apache.http.conn.ssl.DefaultHostnameVerifier; @@ -1395,19 +1400,22 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, HttpHost httpHost = new HttpHost("https", hostname, port); - RestClientBuilder restClientBuilder = RestClient.builder(httpHost); - /** TODO Figure out what to replace this with in client5 - * .setHttpClientConfigCallback( - * builder -> builder.setSSLStrategy( - * new SSLIOSessionStrategy( - * sslContext, - * supportedProtocols, - * supportedCipherSuites, - * hnv - * ) - * ) - * ); - */ + RestClientBuilder restClientBuilder = RestClient.builder(httpHost) + .setHttpClientConfigCallback( + builder -> { + // TODO how to set protocols + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() + .setSslContext(sslContext) + .setCiphers(supportedCipherSuites) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + + builder.setConnectionManager(cm); + return builder; + }); return new RestHighLevelClient(restClientBuilder); } diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index b95104dd9f..be0fa6d057 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -45,13 +45,16 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import io.netty.handler.ssl.OpenSsl; -import org.apache.http.Header; -import org.apache.http.HttpHost; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.message.BasicHeader; -import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.junit.Assert; @@ -155,15 +158,22 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam sslContextBuilder.loadTrustMaterial(trustStore, null); SSLContext sslContext = sslContextBuilder.build(); - HttpHost httpHost = new HttpHost(info.httpHost, info.httpPort, "https"); + HttpHost httpHost = new HttpHost("https", info.httpHost, info.httpPort); RestClientBuilder restClientBuilder = RestClient.builder(httpHost) .setHttpClientConfigCallback( - builder -> builder.setSSLStrategy( - new SSLIOSessionStrategy(sslContext, - new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}, - null, - NoopHostnameVerifier.INSTANCE))); + builder -> { + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() + .setSslContext(sslContext) + .setTlsVersions(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}) + .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + return builder; + }); return new RestHighLevelClient(restClientBuilder); } catch (Exception e) { log.error("Cannot create client", e); From 8857f23436f13c7433f44e7e745b00ea738c0f1a Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 11:02:24 -0400 Subject: [PATCH 07/36] Keep SettingsBasedSSLConfigurator working with apache client4 which is needed by OpenSAML Signed-off-by: Craig Perkins --- build.gradle | 3 + .../http/jwt/keybyoidc/KeySetRetriever.java | 17 +- .../http/saml/SamlHTTPMetadataResolver.java | 7 +- .../util/SettingsBasedSSLConfigurator.java | 6 +- .../util/SettingsBasedSSLConfiguratorV4.java | 561 ++++++++++++++++++ .../SettingsBasedSSLConfiguratorTest.java | 22 +- 6 files changed, 595 insertions(+), 21 deletions(-) create mode 100644 src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java diff --git a/build.gradle b/build.gradle index 034acceaef..16a0ef712c 100644 --- a/build.gradle +++ b/build.gradle @@ -297,7 +297,10 @@ dependencies { implementation "org.opensearch.plugin:transport-netty4-client:${opensearch_version}" implementation "org.opensearch.client:opensearch-rest-high-level-client:${opensearch_version}" implementation "org.apache.httpcomponents.client5:httpclient5-cache:${versions.httpclient5}" + implementation "org.apache.httpcomponents:httpclient:${versions.httpclient}" implementation "org.apache.httpcomponents:httpcore:${versions.httpcore}" + implementation "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}" + implementation "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}" implementation 'com.google.guava:guava:30.0-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java index 0ae0ff6cfc..b512e997ae 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java @@ -27,7 +27,13 @@ import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -191,10 +197,13 @@ private CloseableHttpClient createHttpClient(HttpCacheStorage httpCacheStorage) builder.useSystemProperties(); - // TODO what to replace this with? -// if (sslConfig != null) { -// builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()); -// } + if (sslConfig != null) { + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()) + .build(); + + builder.setConnectionManager(cm); + } return builder.build(); } diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java index a1269a4817..7d7d4abdb2 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java @@ -16,6 +16,7 @@ import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; import net.shibboleth.utilities.java.support.resolver.ResolverException; import org.apache.http.client.HttpClient; import org.apache.http.impl.client.HttpClientBuilder; @@ -56,9 +57,9 @@ public byte[] run() throws ResolverException { } } - private static SettingsBasedSSLConfigurator.SSLConfig getSSLConfig(Settings settings, Path configPath) + private static SettingsBasedSSLConfiguratorV4.SSLConfig getSSLConfig(Settings settings, Path configPath) throws Exception { - return new SettingsBasedSSLConfigurator(settings, configPath, "idp").buildSSLConfig(); + return new SettingsBasedSSLConfiguratorV4(settings, configPath, "idp").buildSSLConfig(); } @SuppressWarnings("removal") @@ -91,7 +92,7 @@ private static HttpClient createHttpClient0(Settings settings, Path configPath) builder.useSystemProperties(); - SettingsBasedSSLConfigurator.SSLConfig sslConfig = getSSLConfig(settings, configPath); + SettingsBasedSSLConfiguratorV4.SSLConfig sslConfig = getSSLConfig(settings, configPath); if (sslConfig != null) { builder.setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()); diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java index 390ed100fc..240888a576 100644 --- a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java @@ -34,13 +34,13 @@ import javax.net.ssl.X509TrustManager; import com.google.common.collect.ImmutableList; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.ssl.PrivateKeyDetails; import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java new file mode 100644 index 0000000000..6c7b7b68ed --- /dev/null +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java @@ -0,0 +1,561 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +package com.amazon.dlic.util; + +import java.net.Socket; +import java.nio.file.Path; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import com.google.common.collect.ImmutableList; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy; +import org.apache.http.ssl.PrivateKeyDetails; +import org.apache.http.ssl.PrivateKeyStrategy; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import org.opensearch.common.settings.Settings; +import org.opensearch.security.ssl.util.SSLConfigConstants; +import org.opensearch.security.support.PemKeyReader; + +public class SettingsBasedSSLConfiguratorV4 { + private static final Logger log = LogManager.getLogger(SettingsBasedSSLConfigurator.class); + + public static final String CERT_ALIAS = "cert_alias"; + public static final String CA_ALIAS = "ca_alias"; + public static final String ENABLE_SSL = "enable_ssl"; + + /** + * Shall STARTTLS shall be used? + *

+ * NOTE: The setting of this option is only reflected by the startTlsEnabled + * attribute of the returned SSLConfig object. Clients of this class need to + * take further measures to enable STARTTLS. It does not affect the + * SSLIOSessionStrategy and SSLConnectionSocketFactory objects returned from + * this class. + */ + public static final String ENABLE_START_TLS = "enable_start_tls"; + public static final String ENABLE_SSL_CLIENT_AUTH = "enable_ssl_client_auth"; + public static final String PEMKEY_FILEPATH = "pemkey_filepath"; + public static final String PEMKEY_CONTENT = "pemkey_content"; + public static final String PEMKEY_PASSWORD = "pemkey_password"; + public static final String PEMCERT_FILEPATH = "pemcert_filepath"; + public static final String PEMCERT_CONTENT = "pemcert_content"; + public static final String PEMTRUSTEDCAS_CONTENT = "pemtrustedcas_content"; + public static final String PEMTRUSTEDCAS_FILEPATH = "pemtrustedcas_filepath"; + public static final String VERIFY_HOSTNAMES = "verify_hostnames"; + public static final String TRUST_ALL = "trust_all"; + + private static final List DEFAULT_TLS_PROTOCOLS = ImmutableList.of("TLSv1.2", "TLSv1.1"); + + private SSLContextBuilder sslContextBuilder; + private final Settings settings; + private final String settingsKeyPrefix; + private final Path configPath; + private final String clientName; + + private boolean enabled; + private boolean enableSslClientAuth; + private KeyStore effectiveTruststore; + private KeyStore effectiveKeystore; + private char[] effectiveKeyPassword; + private String effectiveKeyAlias; + private List effectiveTruststoreAliases; + + public SettingsBasedSSLConfiguratorV4(Settings settings, Path configPath, String settingsKeyPrefix, + String clientName) { + this.settings = settings; + this.configPath = configPath; + this.settingsKeyPrefix = normalizeSettingsKeyPrefix(settingsKeyPrefix); + this.clientName = clientName != null ? clientName : this.settingsKeyPrefix; + } + + public SettingsBasedSSLConfiguratorV4(Settings settings, Path configPath, String settingsKeyPrefix) { + this(settings, configPath, settingsKeyPrefix, null); + } + + SSLContext buildSSLContext() throws SSLConfigException { + try { + if (isTrustAllEnabled()) { + sslContextBuilder = new OverlyTrustfulSSLContextBuilder(); + } else { + sslContextBuilder = SSLContexts.custom(); + } + + configureWithSettings(); + + if (!this.enabled) { + return null; + } + + return sslContextBuilder.build(); + + } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { + throw new SSLConfigException("Error while initializing SSL configuration for " + this.clientName, e); + } + } + + public SSLConfig buildSSLConfig() throws SSLConfigException { + SSLContext sslContext = buildSSLContext(); + + if (sslContext == null) { + // disabled + return null; + } + + return new SSLConfig(sslContext, getSupportedProtocols(), getSupportedCipherSuites(), getHostnameVerifier(), + isHostnameVerificationEnabled(), isTrustAllEnabled(), isStartTlsEnabled(), this.effectiveTruststore, + this.effectiveTruststoreAliases, this.effectiveKeystore, this.effectiveKeyPassword, + this.effectiveKeyAlias); + } + + private boolean isHostnameVerificationEnabled() { + return getSettingAsBoolean(VERIFY_HOSTNAMES, true) && !isTrustAllEnabled(); + } + + private HostnameVerifier getHostnameVerifier() { + if (isHostnameVerificationEnabled()) { + return new DefaultHostnameVerifier(); + } else { + return NoopHostnameVerifier.INSTANCE; + } + } + + private String[] getSupportedProtocols() { + return getSettingAsArray("enabled_ssl_protocols", DEFAULT_TLS_PROTOCOLS); + } + + private String[] getSupportedCipherSuites() { + return getSettingAsArray("enabled_ssl_ciphers", null); + + } + + private boolean isStartTlsEnabled() { + return getSettingAsBoolean(ENABLE_START_TLS, false); + } + + private boolean isTrustAllEnabled() { + return getSettingAsBoolean(TRUST_ALL, false); + } + + private void configureWithSettings() throws SSLConfigException, NoSuchAlgorithmException, KeyStoreException { + this.enabled = getSettingAsBoolean(ENABLE_SSL, false); + + if (!this.enabled) { + return; + } + + this.enableSslClientAuth = getSettingAsBoolean(ENABLE_SSL_CLIENT_AUTH, false); + + if (settings.get(settingsKeyPrefix + PEMTRUSTEDCAS_FILEPATH, null) != null + || settings.get(settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT, null) != null) { + initFromPem(); + } else { + initFromKeyStore(); + } + + if (effectiveTruststore != null) { + sslContextBuilder.loadTrustMaterial(effectiveTruststore, null); + } + + if (enableSslClientAuth) { + if (effectiveKeystore != null) { + try { + sslContextBuilder.loadKeyMaterial(effectiveKeystore, effectiveKeyPassword, + new PrivateKeyStrategy() { + + @Override + public String chooseAlias(Map aliases, Socket socket) { + if (aliases == null || aliases.isEmpty()) { + return effectiveKeyAlias; + } + + if (effectiveKeyAlias == null || effectiveKeyAlias.isEmpty()) { + return aliases.keySet().iterator().next(); + } + + return effectiveKeyAlias; + } + }); + } catch (UnrecoverableKeyException e) { + throw new RuntimeException(e); + } + } + } + + } + + private void initFromPem() throws SSLConfigException { + X509Certificate[] trustCertificates; + + try { + trustCertificates = PemKeyReader.loadCertificatesFromStream( + PemKeyReader.resolveStream(settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT, settings)); + } catch (Exception e) { + throw new SSLConfigException( + "Error loading PEM from " + settingsKeyPrefix + PEMTRUSTEDCAS_CONTENT + " for " + this.clientName, + e); + } + + if (trustCertificates == null) { + String path = PemKeyReader.resolve(settingsKeyPrefix + PEMTRUSTEDCAS_FILEPATH, settings, configPath, + !isTrustAllEnabled()); + + try { + trustCertificates = PemKeyReader.loadCertificatesFromFile(path); + } catch (Exception e) { + throw new SSLConfigException("Error loading PEM from " + path + " (" + settingsKeyPrefix + + PEMTRUSTEDCAS_FILEPATH + ") for " + this.clientName, e); + } + } + + // for client authentication + X509Certificate[] authenticationCertificate; + + try { + authenticationCertificate = PemKeyReader.loadCertificatesFromStream( + PemKeyReader.resolveStream(settingsKeyPrefix + PEMCERT_CONTENT, settings)); + } catch (Exception e) { + throw new SSLConfigException( + "Error loading PEM from " + settingsKeyPrefix + PEMCERT_CONTENT + " for " + this.clientName, e); + } + + if (authenticationCertificate == null) { + String path = PemKeyReader.resolve(settingsKeyPrefix + PEMCERT_FILEPATH, settings, configPath, + enableSslClientAuth); + + try { + authenticationCertificate = PemKeyReader.loadCertificatesFromFile(path); + } catch (Exception e) { + throw new SSLConfigException("Error loading PEM from " + path + " (" + settingsKeyPrefix + + PEMCERT_FILEPATH + ") for " + this.clientName, e); + } + + } + + PrivateKey authenticationKey; + + try { + authenticationKey = PemKeyReader.loadKeyFromStream(getSetting(PEMKEY_PASSWORD), + PemKeyReader.resolveStream(settingsKeyPrefix + PEMKEY_CONTENT, settings)); + } catch (Exception e) { + throw new SSLConfigException( + "Error loading PEM from " + settingsKeyPrefix + PEMKEY_CONTENT + " for " + this.clientName, e); + } + + if (authenticationKey == null) { + String path = PemKeyReader.resolve(settingsKeyPrefix + PEMKEY_FILEPATH, settings, configPath, + enableSslClientAuth); + + try { + authenticationKey = PemKeyReader.loadKeyFromFile(getSetting(PEMKEY_PASSWORD), path); + } catch (Exception e) { + throw new SSLConfigException("Error loading PEM from " + path + " (" + settingsKeyPrefix + + PEMKEY_FILEPATH + ") for " + this.clientName, e); + } + } + + try { + effectiveKeyPassword = PemKeyReader.randomChars(12); + effectiveKeyAlias = "al"; + effectiveTruststore = PemKeyReader.toTruststore(effectiveKeyAlias, trustCertificates); + effectiveKeystore = PemKeyReader.toKeystore(effectiveKeyAlias, effectiveKeyPassword, + authenticationCertificate, authenticationKey); + } catch (Exception e) { + throw new SSLConfigException("Error initializing SSLConfig for " + this.clientName, e); + } + + } + + private void initFromKeyStore() throws SSLConfigException { + KeyStore trustStore; + KeyStore keyStore; + + try { + trustStore = PemKeyReader.loadKeyStore( + PemKeyReader.resolve(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, settings, + configPath, !isTrustAllEnabled()), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, + SSLConfigConstants.DEFAULT_STORE_PASSWORD), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_TYPE)); + } catch (Exception e) { + throw new SSLConfigException("Error loading trust store from " + + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH), e); + } + + effectiveTruststoreAliases = getSettingAsList(CA_ALIAS, null); + + // for client authentication + + try { + keyStore = PemKeyReader.loadKeyStore( + PemKeyReader.resolve(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_FILEPATH, settings, + configPath, enableSslClientAuth), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_PASSWORD, + SSLConfigConstants.DEFAULT_STORE_PASSWORD), + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_TYPE)); + } catch (Exception e) { + throw new SSLConfigException("Error loading key store from " + + settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_FILEPATH), e); + } + + String keyStorePassword = settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_KEYSTORE_PASSWORD, + SSLConfigConstants.DEFAULT_STORE_PASSWORD); + effectiveKeyPassword = keyStorePassword == null || keyStorePassword.isEmpty() ? null + : keyStorePassword.toCharArray(); + effectiveKeyAlias = getSetting(CERT_ALIAS); + + if (enableSslClientAuth && effectiveKeyAlias == null) { + throw new IllegalArgumentException(settingsKeyPrefix + CERT_ALIAS + " not given"); + } + + effectiveTruststore = trustStore; + effectiveKeystore = keyStore; + + } + + private String getSetting(String key) { + return settings.get(settingsKeyPrefix + key); + } + + private Boolean getSettingAsBoolean(String key, Boolean defaultValue) { + return settings.getAsBoolean(settingsKeyPrefix + key, defaultValue); + } + + private List getSettingAsList(String key, List defaultValue) { + return settings.getAsList(settingsKeyPrefix + key, defaultValue); + } + + private String[] getSettingAsArray(String key, List defaultValue) { + List list = getSettingAsList(key, defaultValue); + + if (list == null) { + return null; + } + + return list.toArray(new String[list.size()]); + } + + private static String normalizeSettingsKeyPrefix(String settingsKeyPrefix) { + if (settingsKeyPrefix == null || settingsKeyPrefix.length() == 0) { + return ""; + } else if (!settingsKeyPrefix.endsWith(".")) { + return settingsKeyPrefix + "."; + } else { + return settingsKeyPrefix; + } + } + + public static class SSLConfig { + + private final SSLContext sslContext; + private final String[] supportedProtocols; + private final String[] supportedCipherSuites; + private final HostnameVerifier hostnameVerifier; + private final boolean startTlsEnabled; + private final boolean hostnameVerificationEnabled; + private final boolean trustAll; + private final KeyStore effectiveTruststore; + private final List effectiveTruststoreAliases; + private final KeyStore effectiveKeystore; + private final char[] effectiveKeyPassword; + private final String effectiveKeyAlias; + + public SSLConfig(SSLContext sslContext, String[] supportedProtocols, String[] supportedCipherSuites, + HostnameVerifier hostnameVerifier, boolean hostnameVerificationEnabled, boolean trustAll, + boolean startTlsEnabled, KeyStore effectiveTruststore, List effectiveTruststoreAliases, + KeyStore effectiveKeystore, char[] effectiveKeyPassword, String effectiveKeyAlias) { + this.sslContext = sslContext; + this.supportedProtocols = supportedProtocols; + this.supportedCipherSuites = supportedCipherSuites; + this.hostnameVerifier = hostnameVerifier; + this.hostnameVerificationEnabled = hostnameVerificationEnabled; + this.trustAll = trustAll; + this.startTlsEnabled = startTlsEnabled; + this.effectiveTruststore = effectiveTruststore; + this.effectiveTruststoreAliases = effectiveTruststoreAliases; + this.effectiveKeystore = effectiveKeystore; + this.effectiveKeyPassword = effectiveKeyPassword; + this.effectiveKeyAlias = effectiveKeyAlias; + + if (log.isDebugEnabled()) { + log.debug("Created SSLConfig: {}", this); + } + } + + public SSLContext getSslContext() { + return sslContext; + } + + public String[] getSupportedProtocols() { + return supportedProtocols; + } + + public String[] getSupportedCipherSuites() { + return supportedCipherSuites; + } + + public HostnameVerifier getHostnameVerifier() { + return hostnameVerifier; + } + + public SSLIOSessionStrategy toSSLIOSessionStrategy() { + return new SSLIOSessionStrategy(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); + } + + public SSLConnectionSocketFactory toSSLConnectionSocketFactory() { + return new SSLConnectionSocketFactory(sslContext, supportedProtocols, supportedCipherSuites, + hostnameVerifier); + } + + public boolean isStartTlsEnabled() { + return startTlsEnabled; + } + + public boolean isHostnameVerificationEnabled() { + return hostnameVerificationEnabled; + } + + public KeyStore getEffectiveTruststore() { + return effectiveTruststore; + } + + public KeyStore getEffectiveKeystore() { + return effectiveKeystore; + } + + public char[] getEffectiveKeyPassword() { + return effectiveKeyPassword; + } + + public String getEffectiveKeyPasswordString() { + if (this.effectiveKeyPassword == null) { + return null; + } else { + return new String(this.effectiveKeyPassword); + } + } + + public String getEffectiveKeyAlias() { + return effectiveKeyAlias; + } + + public List getEffectiveTruststoreAliases() { + return effectiveTruststoreAliases; + } + + public String[] getEffectiveTruststoreAliasesArray() { + if (this.effectiveTruststoreAliases == null) { + return null; + } else { + return this.effectiveTruststoreAliases.toArray(new String[this.effectiveTruststoreAliases.size()]); + } + } + + public String[] getEffectiveKeyAliasesArray() { + if (this.effectiveKeyAlias == null) { + return null; + } else { + return new String[] { this.effectiveKeyAlias }; + } + } + + @Override + public String toString() { + return "SSLConfig [sslContext=" + sslContext + ", supportedProtocols=" + Arrays.toString(supportedProtocols) + + ", supportedCipherSuites=" + Arrays.toString(supportedCipherSuites) + ", hostnameVerifier=" + + hostnameVerifier + ", startTlsEnabled=" + startTlsEnabled + ", hostnameVerificationEnabled=" + + hostnameVerificationEnabled + ", trustAll=" + trustAll + ", effectiveTruststore=" + + effectiveTruststore + ", effectiveTruststoreAliases=" + effectiveTruststoreAliases + + ", effectiveKeystore=" + effectiveKeystore + ", effectiveKeyAlias=" + effectiveKeyAlias + "]"; + } + + public boolean isTrustAllEnabled() { + return trustAll; + } + } + + public static class SSLConfigException extends Exception { + + private static final long serialVersionUID = 5827273100470174111L; + + public SSLConfigException() { + super(); + } + + public SSLConfigException(String message, Throwable cause, boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } + + public SSLConfigException(String message, Throwable cause) { + super(message, cause); + } + + public SSLConfigException(String message) { + super(message); + } + + public SSLConfigException(Throwable cause) { + super(cause); + } + + } + + private static class OverlyTrustfulSSLContextBuilder extends SSLContextBuilder { + @Override + protected void initSSLContext(SSLContext sslContext, Collection keyManagers, + Collection trustManagers, SecureRandom secureRandom) throws KeyManagementException { + sslContext.init(!keyManagers.isEmpty() ? keyManagers.toArray(new KeyManager[keyManagers.size()]) : null, + new TrustManager[] { new OverlyTrustfulTrustManager() }, secureRandom); + } + } + + private static class OverlyTrustfulTrustManager implements X509TrustManager { + @Override + public void checkClientTrusted(final X509Certificate[] chain, final String authType) + throws CertificateException { + } + + @Override + public void checkServerTrusted(final X509Certificate[] chain, final String authType) + throws CertificateException { + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + } +} \ No newline at end of file diff --git a/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java b/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java index 377809023d..cb1ebcf9fd 100644 --- a/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java +++ b/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java @@ -34,6 +34,7 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; import org.apache.http.HttpConnectionFactory; import org.apache.http.HttpException; import org.apache.http.HttpRequest; @@ -63,8 +64,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; -import com.amazon.dlic.util.SettingsBasedSSLConfigurator; -import com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4.SSLConfig; import org.opensearch.common.settings.Settings; import org.opensearch.security.ssl.util.SSLConfigConstants; @@ -93,7 +93,7 @@ public void testPemTrust() throws Exception { .put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -120,7 +120,7 @@ public void testPemWrongTrust() throws Exception { .put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -151,7 +151,7 @@ public void testPemClientAuth() throws Exception { .put("prefix.pemkey_filepath", "kirk.key").put("prefix.pemkey_password", "secret").build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -181,7 +181,7 @@ public void testPemClientAuthFailure() throws Exception { .build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -215,7 +215,7 @@ public void testPemHostnameVerificationFailure() throws Exception { .put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -244,7 +244,7 @@ public void testPemHostnameVerificationOff() throws Exception { .put("path.home", rootCaPemPath.getParent().toString()).build(); Path configPath = rootCaPemPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -271,7 +271,7 @@ public void testJksTrust() throws Exception { .put("path.home", rootCaJksPath.getParent().toString()).build(); Path configPath = rootCaJksPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -299,7 +299,7 @@ public void testJksWrongTrust() throws Exception { .put("path.home", rootCaJksPath.getParent().toString()).build(); Path configPath = rootCaJksPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); @@ -325,7 +325,7 @@ public void testTrustAll() throws Exception { .put("path.home", rootCaJksPath.getParent().toString()).build(); Path configPath = rootCaJksPath.getParent(); - SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix"); + SettingsBasedSSLConfiguratorV4 sbsc = new SettingsBasedSSLConfiguratorV4(settings, configPath, "prefix"); SSLConfig sslConfig = sbsc.buildSSLConfig(); From fa3f62f1cdc4a4c93f814053c1ab03829614b4b0 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 11:29:16 -0400 Subject: [PATCH 08/36] Refactor RestHelper for apache http client5 Signed-off-by: Craig Perkins --- .../http/saml/SamlHTTPMetadataResolver.java | 2 - .../security/test/helper/rest/RestHelper.java | 111 +++++++++--------- 2 files changed, 54 insertions(+), 59 deletions(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java index 7d7d4abdb2..29d6e74482 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java @@ -23,8 +23,6 @@ import org.apache.http.impl.client.HttpClients; import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver; -import com.amazon.dlic.util.SettingsBasedSSLConfigurator; - import org.opensearch.SpecialPermission; import org.opensearch.common.settings.Settings; diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 49d498833e..0ac4495833 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -28,7 +28,6 @@ import java.io.FileInputStream; import java.io.IOException; -import java.io.UnsupportedEncodingException; import java.nio.charset.StandardCharsets; import java.security.KeyStore; import java.util.Arrays; @@ -38,6 +37,7 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -45,32 +45,34 @@ import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.IOUtils; -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.HttpHeaders; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.client.CredentialsProvider; -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpDelete; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpHead; -import org.apache.http.client.methods.HttpOptions; -import org.apache.http.client.methods.HttpPatch; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpPut; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.methods.RequestBuilder; -import org.apache.http.config.SocketConfig; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.entity.StringEntity; -import org.apache.http.impl.client.BasicCredentialsProvider; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.auth.AuthScope; +import org.apache.hc.client5.http.auth.CredentialsProvider; +import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; +import org.apache.hc.client5.http.classic.methods.HttpDelete; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpHead; +import org.apache.hc.client5.http.classic.methods.HttpOptions; +import org.apache.hc.client5.http.classic.methods.HttpPatch; +import org.apache.hc.client5.http.classic.methods.HttpPost; +import org.apache.hc.client5.http.classic.methods.HttpPut; +import org.apache.hc.client5.http.classic.methods.HttpUriRequest; +import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.io.SocketConfig; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -113,8 +115,8 @@ public String executeSimpleRequest(final String request) throws Exception { httpClient = getHTTPClient(); response = httpClient.execute(new HttpGet(getHttpServerUri() + "/" + request)); - if (response.getStatusLine().getStatusCode() >= 300) { - throw new Exception("Statuscode " + response.getStatusLine().getStatusCode()); + if (response.getCode() >= 300) { + throw new Exception("Statuscode " + response.getCode()); } return IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8); @@ -147,11 +149,10 @@ public HttpResponse executeGetRequest(final String request, Header... header) { } public HttpResponse executeGetRequest(final String request, String body, Header... header) { - HttpUriRequest uriRequest = RequestBuilder.get(getHttpServerUri() + "/" + request) - .setEntity(createStringEntity(body)) - .setHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .build(); - return executeRequest(uriRequest, header); + HttpGet getRequest = new HttpGet(getHttpServerUri() + "/" + request); + getRequest.setEntity(createStringEntity(body)); + getRequest.addHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + return executeRequest(getRequest, header); } public HttpResponse executeHeadRequest(final String request, Header... header) { @@ -175,11 +176,10 @@ public HttpResponse executeDeleteRequest(final String request, Header... header) } public HttpResponse executeDeleteRequest(final String request, String body, Header... header) { - HttpUriRequest uriRequest = RequestBuilder.delete(getHttpServerUri() + "/" + request) - .setEntity(createStringEntity(body)) - .setHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .build(); - return executeRequest(uriRequest, header); + HttpDelete delRequest = new HttpDelete(getHttpServerUri() + "/" + request); + delRequest.setEntity(createStringEntity(body)); + delRequest.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); + return executeRequest(delRequest, header); } @@ -234,12 +234,8 @@ public HttpResponse executeRequest(HttpUriRequest uriRequest, Header... header) } } - private StringEntity createStringEntity(String body) { - try { - return new StringEntity(body); - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); - } + private HttpEntity createStringEntity(String body) { + return new StringEntity(body); } protected final String getHttpServerUri() { @@ -254,8 +250,10 @@ protected final CloseableHttpClient getHTTPClient() throws Exception { if (sendHTTPClientCredentials) { CredentialsProvider provider = new BasicCredentialsProvider(); - UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("sarek", "sarek"); - provider.setCredentials(AuthScope.ANY, credentials); + UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("sarek", "sarek".toCharArray()); + BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + final HttpHost httpHost = new HttpHost("localhost", 9200); + credentialsProvider.setCredentials(new AuthScope(httpHost, null, "Basic"), new UsernamePasswordCredentials("sarek", "sarek".toCharArray())); hcb.setDefaultCredentialsProvider(provider); } @@ -296,17 +294,16 @@ protected final CloseableHttpClient getHTTPClient() throws Exception { protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" }; } - final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory( - sslContext, - protocols, - null, + final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, protocols, null, NoopHostnameVerifier.INSTANCE); - hcb.setSSLSocketFactory(sslsf); + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); } - hcb.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60 * 1000).build()); - return hcb.build(); } @@ -327,9 +324,9 @@ public HttpResponse(CloseableHttpResponse inner) throws IllegalStateException, I } else { this.body = IOUtils.toString(entity.getContent(), StandardCharsets.UTF_8); } - this.header = inner.getAllHeaders(); - this.statusCode = inner.getStatusLine().getStatusCode(); - this.statusReason = inner.getStatusLine().getReasonPhrase(); + this.header = inner.getHeaders(); + this.statusCode = inner.getCode(); + this.statusReason = inner.getReasonPhrase(); inner.close(); } From 79fe1296d6c93b9dfd2fc78ae20efcaa6b660bf2 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 11:34:57 -0400 Subject: [PATCH 09/36] Run spotlessApply, update IntegrationTests.java and rename SettingsBasedSSLConfiguratorTest to v4 Signed-off-by: Craig Perkins --- .../amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java | 3 ++- src/test/java/org/opensearch/security/IntegrationTests.java | 4 ++-- ...ratorTest.java => SettingsBasedSSLConfiguratorV4Test.java} | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) rename src/test/java/org/opensearch/security/util/{SettingsBasedSSLConfiguratorTest.java => SettingsBasedSSLConfiguratorV4Test.java} (99%) diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java index 29d6e74482..ef1ede7549 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlHTTPMetadataResolver.java @@ -16,13 +16,14 @@ import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; -import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; import net.shibboleth.utilities.java.support.resolver.ResolverException; import org.apache.http.client.HttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; import org.opensaml.saml.metadata.resolver.impl.HTTPMetadataResolver; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; + import org.opensearch.SpecialPermission; import org.opensearch.common.settings.Settings; diff --git a/src/test/java/org/opensearch/security/IntegrationTests.java b/src/test/java/org/opensearch/security/IntegrationTests.java index 985ea826b6..226551a5ae 100644 --- a/src/test/java/org/opensearch/security/IntegrationTests.java +++ b/src/test/java/org/opensearch/security/IntegrationTests.java @@ -30,8 +30,8 @@ import com.fasterxml.jackson.databind.JsonNode; import io.netty.handler.ssl.OpenSsl; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Assume; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java b/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4Test.java similarity index 99% rename from src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java rename to src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4Test.java index cb1ebcf9fd..afcd9549a3 100644 --- a/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorTest.java +++ b/src/test/java/org/opensearch/security/util/SettingsBasedSSLConfiguratorV4Test.java @@ -34,7 +34,6 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; -import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; import org.apache.http.HttpConnectionFactory; import org.apache.http.HttpException; import org.apache.http.HttpRequest; @@ -64,6 +63,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; +import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4; import com.amazon.dlic.util.SettingsBasedSSLConfiguratorV4.SSLConfig; import org.opensearch.common.settings.Settings; @@ -74,7 +74,7 @@ import static org.hamcrest.CoreMatchers.either; import static org.hamcrest.CoreMatchers.instanceOf; -public class SettingsBasedSSLConfiguratorTest { +public class SettingsBasedSSLConfiguratorV4Test { @Rule public ExpectedException thrown = ExpectedException.none(); From 669b4bc7d5417498e03de3e24caf493d51cb645e Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 11:46:13 -0400 Subject: [PATCH 10/36] Remove todos after finding v5 analog Signed-off-by: Craig Perkins --- .../security/auditlog/sink/WebhookSink.java | 28 +++++++++++++------ .../security/httpclient/HttpClient.java | 22 ++++++++++----- .../security/tools/SecurityAdmin.java | 2 +- 3 files changed, 35 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java index 6072c07f14..e5c83e65a4 100644 --- a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java +++ b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java @@ -26,10 +26,17 @@ import org.apache.hc.client5.http.config.RequestConfig; import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.apache.hc.client5.http.impl.classic.HttpClients; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.http.ContentType; import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.io.SocketConfig; import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.TrustStrategy; import org.opensearch.common.Strings; @@ -39,6 +46,8 @@ import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.support.PemKeyReader; +import javax.net.ssl.SSLContext; + public class WebhookSink extends AuditLogSink { /* HttpClient is thread safe */ @@ -347,15 +356,16 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { try { if(!verifySSL) { - /** - * Removing this from the chain below until its figured out how to replace this in client5 - * .setSSLSocketFactory( - * new SSLConnectionSocketFactory( - * new SSLContextBuilder() - * .loadTrustMaterial(trustAllStrategy) - * .build(), - * NoopHostnameVerifier.INSTANCE)) - */ + HttpClientBuilder hcb = HttpClients.custom().setDefaultRequestConfig(config); + SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(trustAllStrategy).build(); + final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null, + NoopHostnameVerifier.INSTANCE); + + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); return HttpClients.custom() .setDefaultRequestConfig(config) .build(); diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 5bde9a65c1..ccb5301925 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -34,9 +34,13 @@ import com.google.common.collect.Lists; import org.apache.hc.client5.http.config.RequestConfig; import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder; +import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; +import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; +import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.ssl.PrivateKeyDetails; import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; @@ -240,13 +244,17 @@ public String chooseAlias(Map aliases, SSLParameters final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE; final SSLContext sslContext = sslContextBuilder.build(); - // TODO how to do this with org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder -// httpClientBuilder.setSSLStrategy(new SSLIOSessionStrategy( -// sslContext, -// supportedProtocols, -// supportedCipherSuites, -// hnv -// )); + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() + .setSslContext(sslContext) + .setTlsVersions(supportedProtocols) + .setCiphers(supportedCipherSuites) + .setHostnameVerifier(hnv) + .build(); + + final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() + .setTlsStrategy(tlsStrategy) + .build(); + httpClientBuilder.setConnectionManager(cm); } if (basicCredentials != null) { diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index b2fbb085c6..40b72de4c4 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -1403,9 +1403,9 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, RestClientBuilder restClientBuilder = RestClient.builder(httpHost) .setHttpClientConfigCallback( builder -> { - // TODO how to set protocols TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() .setSslContext(sslContext) + .setTlsVersions(supportedProtocols) .setCiphers(supportedCipherSuites) .build(); From 4ebea9f7fe7c1ba1a727db8c571581a5376bbf73 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 11:50:50 -0400 Subject: [PATCH 11/36] Update with new analogs in apache http v5 Signed-off-by: Craig Perkins --- .../security/auditlog/sink/WebhookSink.java | 28 +++++++++---------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java index e5c83e65a4..566d096ea8 100644 --- a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java +++ b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java @@ -30,6 +30,7 @@ import org.apache.hc.client5.http.impl.classic.HttpClients; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; import org.apache.hc.client5.http.io.HttpClientConnectionManager; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.core5.http.ContentType; @@ -355,8 +356,8 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { try { + HttpClientBuilder hcb = HttpClients.custom().setDefaultRequestConfig(config); if(!verifySSL) { - HttpClientBuilder hcb = HttpClients.custom().setDefaultRequestConfig(config); SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(trustAllStrategy).build(); final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null, NoopHostnameVerifier.INSTANCE); @@ -366,9 +367,7 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) .build(); hcb.setConnectionManager(cm); - return HttpClients.custom() - .setDefaultRequestConfig(config) - .build(); + return hcb.build(); } if(effectiveTruststore == null) { @@ -376,18 +375,17 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { .setDefaultRequestConfig(config) .build(); } + SSLContext sslContext = SSLContextBuilder.create().loadTrustMaterial(effectiveTruststore, null).build(); + final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null, + new DefaultHostnameVerifier()); + + final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(sslsf) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .build(); + hcb.setConnectionManager(cm); - /** - * .setSSLSocketFactory( - * new SSLConnectionSocketFactory( - * new SSLContextBuilder() - * .loadTrustMaterial(effectiveTruststore, null) - * .build(), - * new DefaultHostnameVerifier())) - */ - return HttpClients.custom() - .setDefaultRequestConfig(config) - .build(); + return hcb.build(); } catch(Exception ex) { From 034492efed27c173e3261f5b89b92aab506e3943 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 11:51:34 -0400 Subject: [PATCH 12/36] Run spotlessApply Signed-off-by: Craig Perkins --- .../org/opensearch/security/auditlog/sink/WebhookSink.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java index 566d096ea8..d841ab5075 100644 --- a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java +++ b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java @@ -21,6 +21,8 @@ import java.security.cert.X509Certificate; import java.util.concurrent.TimeUnit; +import javax.net.ssl.SSLContext; + import org.apache.hc.client5.http.classic.methods.HttpGet; import org.apache.hc.client5.http.classic.methods.HttpPost; import org.apache.hc.client5.http.config.RequestConfig; @@ -47,8 +49,6 @@ import org.opensearch.security.support.ConfigConstants; import org.opensearch.security.support.PemKeyReader; -import javax.net.ssl.SSLContext; - public class WebhookSink extends AuditLogSink { /* HttpClient is thread safe */ From f5eb1cd102a681538bab0bdcf9f1ce93c4995598 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 12:14:32 -0400 Subject: [PATCH 13/36] Update Apache Client5 imports in tests Signed-off-by: Craig Perkins --- .../dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java | 4 ---- .../java/org/opensearch/security/tools/SecurityAdmin.java | 1 - .../opensearch/security/AdvancedSecurityMigrationTests.java | 4 ++-- .../opensearch/security/InitializationIntegrationTests.java | 6 +++--- .../security/auditlog/AbstractAuditlogiUnitTest.java | 2 +- .../auditlog/compliance/ComplianceAuditlogTest.java | 4 ++-- .../security/auditlog/integration/BasicAuditlogTest.java | 6 +++--- .../opensearch/security/dlic/dlsfls/FlsIndexingTests.java | 4 ++-- .../security/dlic/rest/api/AbstractRestApiUnitTest.java | 4 ++-- .../opensearch/security/dlic/rest/api/AccountApiTest.java | 4 ++-- .../security/dlic/rest/api/ActionGroupsApiTest.java | 4 ++-- .../opensearch/security/dlic/rest/api/AllowlistApiTest.java | 4 ++-- .../security/dlic/rest/api/AuditApiActionTest.java | 4 ++-- .../security/dlic/rest/api/FlushCacheApiTest.java | 4 ++-- .../opensearch/security/dlic/rest/api/IndexMissingTest.java | 4 ++-- .../opensearch/security/dlic/rest/api/NodesDnApiTest.java | 4 ++-- .../org/opensearch/security/dlic/rest/api/RolesApiTest.java | 4 ++-- .../security/dlic/rest/api/RolesMappingApiTest.java | 4 ++-- .../security/dlic/rest/api/SecurityConfigApiTest.java | 4 ++-- .../security/dlic/rest/api/TenantInfoActionTest.java | 4 ++-- .../org/opensearch/security/dlic/rest/api/UserApiTest.java | 6 +++--- .../opensearch/security/dlic/rest/api/WhitelistApiTest.java | 4 ++-- .../opensearch/security/filter/SecurityRestFilterTest.java | 4 ++-- .../security/multitenancy/test/MultitenancyTests.java | 6 +++--- .../security/privileges/PrivilegesEvaluatorTest.java | 4 ++-- .../security/protected_indices/ProtectedIndicesTests.java | 4 ++-- .../security/system_indices/SystemIndicesTests.java | 4 ++-- 27 files changed, 53 insertions(+), 58 deletions(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java index b512e997ae..50be122aec 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java @@ -28,12 +28,8 @@ import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; import org.apache.hc.client5.http.impl.classic.HttpClients; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; -import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.io.HttpClientConnectionManager; -import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.core5.http.HttpEntity; -import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; -import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 40b72de4c4..a7b3a625c5 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -74,7 +74,6 @@ import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.core5.http.HttpHost; -import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; diff --git a/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java b/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java index e4711bb504..3b069a2339 100644 --- a/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java +++ b/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java @@ -14,8 +14,8 @@ import java.io.File; import java.util.Arrays; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Before; diff --git a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java index 090b1ece75..ef8ef9bf86 100644 --- a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java +++ b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java @@ -30,9 +30,9 @@ import java.util.Iterator; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java index dc0cd8d4cb..40b1baf558 100644 --- a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java +++ b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java @@ -15,8 +15,8 @@ import java.util.Collection; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; +import org.apache.hc.core5.http.Header; import org.opensearch.common.settings.Settings; import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.auditlog.config.AuditConfig; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java index 6436f9436d..6cb51ff441 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java @@ -17,8 +17,8 @@ import java.util.stream.Collectors; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 02cde14159..fdb5a2e4c4 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -15,9 +15,9 @@ import java.util.List; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java index 73a152eca4..bbac74e6eb 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.index.IndexRequest; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java index 59e8feb198..6e775bbc62 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java @@ -20,8 +20,8 @@ import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonMappingException; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.opensearch.common.settings.Settings; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java index c1840524c9..0b91aa35af 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java index 09efae9fbe..6323746a7f 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java @@ -13,8 +13,8 @@ import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java index 1c97d138da..3d9e2dfc66 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java @@ -17,8 +17,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java index c5e0a61d2f..450a5de83b 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java @@ -24,8 +24,8 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Streams; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Rule; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java index ad0a4eea14..c998bf5a19 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java index 257732f129..c2313fe434 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java index f72375600c..ba46781e7e 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java @@ -19,8 +19,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java index 8dc18f5043..ed5ee12804 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java @@ -14,8 +14,8 @@ import java.util.List; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java index 2d1f10736d..168f15dc43 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java @@ -13,8 +13,8 @@ import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java index f5742cfecd..d717dcbf6c 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java index e6864b8244..ab7e807153 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java index e81e42c25c..715c256cb7 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java @@ -14,9 +14,9 @@ import java.net.URLEncoder; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java index b5c0d98fc2..e4fca1e99b 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java @@ -16,8 +16,8 @@ import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java index 574a35b6a7..1a087887d8 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java +++ b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.filter; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.security.dlic.rest.api.AbstractRestApiUnitTest; diff --git a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java index 4964c940b9..7bfb5f9e87 100644 --- a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java +++ b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java @@ -14,9 +14,9 @@ import java.util.HashMap; import java.util.Map; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index 79f23037f5..ba265bcf2e 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.privileges; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java index b86055f7e9..60a19d4210 100644 --- a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java +++ b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java @@ -30,8 +30,8 @@ import java.util.Arrays; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.admin.cluster.repositories.put.PutRepositoryRequest; diff --git a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java index d569ee0880..11bd4738e6 100644 --- a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java +++ b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java @@ -15,8 +15,8 @@ import java.util.Arrays; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.admin.cluster.repositories.put.PutRepositoryRequest; From 28d201c36194a9167ba8d20ff50662a4122cbc6f Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 12:34:17 -0400 Subject: [PATCH 14/36] Update imports for HttpStatus Signed-off-by: Craig Perkins --- .../java/org/opensearch/security/SecurityRolesTests.java | 2 +- .../java/org/opensearch/security/http/BasicAuthTests.java | 4 ++-- .../opensearch/security/http/DisabledBasicAuthTests.java | 2 +- .../security/privileges/PrivilegesEvaluatorTest.java | 2 +- .../amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java | 2 +- .../com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java | 4 ++-- .../com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java | 4 ++-- src/test/java/org/opensearch/security/AggregationTests.java | 2 +- .../org/opensearch/security/DataStreamIntegrationTests.java | 2 +- .../security/EncryptionInTransitMigrationTests.java | 2 +- src/test/java/org/opensearch/security/HealthTests.java | 2 +- .../java/org/opensearch/security/HttpIntegrationTests.java | 6 +++--- .../java/org/opensearch/security/IndexIntegrationTests.java | 4 ++-- .../security/IndexTemplateClusterPermissionsCheckTest.java | 2 +- src/test/java/org/opensearch/security/ResolveAPITests.java | 2 +- .../opensearch/security/SecurityAdminIEndpointsTests.java | 2 +- .../security/SecurityAdminInvalidConfigsTests.java | 2 +- .../java/org/opensearch/security/SecurityAdminTests.java | 2 +- .../java/org/opensearch/security/SecurityRolesTests.java | 4 ++-- .../java/org/opensearch/security/SlowIntegrationTests.java | 2 +- .../java/org/opensearch/security/SnapshotRestoreTests.java | 2 +- .../org/opensearch/security/SystemIntegratorsTests.java | 4 ++-- src/test/java/org/opensearch/security/TaskTests.java | 4 ++-- src/test/java/org/opensearch/security/TracingTests.java | 2 +- .../org/opensearch/security/auditlog/AuditTestUtils.java | 2 +- .../auditlog/compliance/RestApiComplianceAuditlogTest.java | 2 +- .../org/opensearch/security/auditlog/impl/TracingTests.java | 2 +- .../security/auditlog/integration/SSLAuditlogTest.java | 2 +- .../java/org/opensearch/security/cache/CachingTest.java | 4 ++-- .../security/ccstest/CrossClusterSearchTests.java | 2 +- .../org/opensearch/security/ccstest/RemoteReindexTests.java | 2 +- .../dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java | 2 +- .../security/dlic/dlsfls/CustomFieldMaskedTest.java | 2 +- .../org/opensearch/security/dlic/dlsfls/DateMathTest.java | 2 +- .../opensearch/security/dlic/dlsfls/DlsDateMathTest.java | 2 +- .../security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java | 2 +- .../org/opensearch/security/dlic/dlsfls/DlsNestedTest.java | 2 +- .../security/dlic/dlsfls/DlsPropsReplaceTest.java | 2 +- .../org/opensearch/security/dlic/dlsfls/DlsScrollTest.java | 2 +- .../java/org/opensearch/security/dlic/dlsfls/DlsTest.java | 2 +- .../opensearch/security/dlic/dlsfls/FieldMaskedTest.java | 2 +- .../org/opensearch/security/dlic/dlsfls/Fls983Test.java | 2 +- .../org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java | 2 +- .../security/dlic/dlsfls/FlsDlsTestForbiddenField.java | 2 +- .../opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java | 2 +- .../security/dlic/dlsfls/FlsExistsFieldsTest.java | 2 +- .../org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java | 2 +- .../opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java | 2 +- .../org/opensearch/security/dlic/dlsfls/FlsPerfTest.java | 2 +- .../java/org/opensearch/security/dlic/dlsfls/FlsTest.java | 2 +- .../opensearch/security/dlic/dlsfls/IndexPatternTest.java | 2 +- .../java/org/opensearch/security/dlic/dlsfls/MFlsTest.java | 2 +- .../security/dlic/rest/api/DashboardsInfoActionTest.java | 2 +- .../security/dlic/rest/api/GetConfigurationApiTest.java | 2 +- .../security/dlic/rest/api/RoleBasedAccessTest.java | 2 +- .../org/opensearch/security/dlic/rest/api/RolesApiTest.java | 2 +- .../security/dlic/rest/api/SecurityApiAccessTest.java | 2 +- .../security/dlic/rest/api/SecurityHealthActionTest.java | 2 +- .../security/dlic/rest/api/SecurityInfoActionTest.java | 2 +- 59 files changed, 69 insertions(+), 69 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java index 30c7ed46de..d93a168341 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java @@ -12,7 +12,7 @@ package org.opensearch.security; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java index 0868431716..6402d6963e 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java @@ -25,8 +25,8 @@ import org.opensearch.test.framework.cluster.TestRestClient; import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse; -import static org.apache.http.HttpStatus.SC_OK; -import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; +import static org.apache.hc.core5.http.HttpStatus.SC_OK; +import static org.apache.hc.core5.http.HttpStatus.SC_UNAUTHORIZED; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsStringIgnoringCase; import static org.hamcrest.Matchers.equalTo; diff --git a/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java index 2249083ab8..5398ea77f7 100644 --- a/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/DisabledBasicAuthTests.java @@ -19,7 +19,7 @@ import org.opensearch.test.framework.cluster.TestRestClient; import org.opensearch.test.framework.cluster.TestRestClient.HttpResponse; -import static org.apache.http.HttpStatus.SC_UNAUTHORIZED; +import static org.apache.hc.core5.http.HttpStatus.SC_UNAUTHORIZED; import static org.opensearch.security.http.BasicAuthTests.TEST_USER; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.DISABLED_AUTHC_HTTPBASIC_INTERNAL; import static org.opensearch.test.framework.TestSecurityConfig.AuthcDomain.JWT_AUTH_DOMAIN; diff --git a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index c3ea872537..9fd3765ea6 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -12,7 +12,7 @@ package org.opensearch.security.privileges; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java index 6c7b7b68ed..4f34b04499 100644 --- a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfiguratorV4.java @@ -558,4 +558,4 @@ public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } -} \ No newline at end of file +} diff --git a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java index e5a39cf3e9..81654d4c19 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java +++ b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java @@ -11,8 +11,8 @@ package com.amazon.dlic.auth.ldap; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; diff --git a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java index 17df201599..0ce9d0c857 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java +++ b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java @@ -11,8 +11,8 @@ package com.amazon.dlic.auth.ldap2; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; diff --git a/src/test/java/org/opensearch/security/AggregationTests.java b/src/test/java/org/opensearch/security/AggregationTests.java index b003643209..c2feddd6b6 100644 --- a/src/test/java/org/opensearch/security/AggregationTests.java +++ b/src/test/java/org/opensearch/security/AggregationTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java index c88c0c99a6..cc37a6d1d4 100644 --- a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java +++ b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java index b9679c217b..5535d8a924 100644 --- a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java +++ b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java @@ -10,7 +10,7 @@ */ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/HealthTests.java b/src/test/java/org/opensearch/security/HealthTests.java index a4ff381e04..4cba4030e6 100644 --- a/src/test/java/org/opensearch/security/HealthTests.java +++ b/src/test/java/org/opensearch/security/HealthTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/HttpIntegrationTests.java b/src/test/java/org/opensearch/security/HttpIntegrationTests.java index c45d9f332c..d9ed9c34df 100644 --- a/src/test/java/org/opensearch/security/HttpIntegrationTests.java +++ b/src/test/java/org/opensearch/security/HttpIntegrationTests.java @@ -31,9 +31,9 @@ import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.FileUtils; -import org.apache.http.HttpStatus; -import org.apache.http.NoHttpResponseException; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.NoHttpResponseException; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/IndexIntegrationTests.java b/src/test/java/org/opensearch/security/IndexIntegrationTests.java index a88821078e..8f2ee960bd 100644 --- a/src/test/java/org/opensearch/security/IndexIntegrationTests.java +++ b/src/test/java/org/opensearch/security/IndexIntegrationTests.java @@ -31,7 +31,7 @@ import java.util.Date; import java.util.TimeZone; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; @@ -124,7 +124,7 @@ public void testBulkShards() throws Exception { System.out.println("############ _bulk"); HttpResponse res = rh.executePostRequest("_bulk?refresh=true&pretty=true", bulkBody, encodeBasicHeader("worf", "worf")); System.out.println(res.getBody()); - Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode()); + Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode()); Assert.assertTrue(res.getBody().contains("\"errors\" : true")); Assert.assertTrue(res.getBody().contains("\"status\" : 201")); Assert.assertTrue(res.getBody().contains("no permissions for")); diff --git a/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java b/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java index 26aec2481f..7bdbc57cf5 100644 --- a/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java +++ b/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Before; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ResolveAPITests.java b/src/test/java/org/opensearch/security/ResolveAPITests.java index 4915cec4d7..2c297e3bbe 100644 --- a/src/test/java/org/opensearch/security/ResolveAPITests.java +++ b/src/test/java/org/opensearch/security/ResolveAPITests.java @@ -15,7 +15,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.junit.Assert; diff --git a/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java b/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java index 6446e9eac7..bc5d174739 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java index f377dfa7bc..18f5c06529 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java @@ -30,7 +30,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityAdminTests.java b/src/test/java/org/opensearch/security/SecurityAdminTests.java index c2f6b9ab27..e7953c508a 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminTests.java @@ -23,7 +23,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityRolesTests.java b/src/test/java/org/opensearch/security/SecurityRolesTests.java index 4b5f45d544..ee8e1ea150 100644 --- a/src/test/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/test/java/org/opensearch/security/SecurityRolesTests.java @@ -26,8 +26,8 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SlowIntegrationTests.java b/src/test/java/org/opensearch/security/SlowIntegrationTests.java index c08e3e3fd6..6a90ef8e71 100644 --- a/src/test/java/org/opensearch/security/SlowIntegrationTests.java +++ b/src/test/java/org/opensearch/security/SlowIntegrationTests.java @@ -28,7 +28,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java index 03d1128bfe..ef7189d4b4 100644 --- a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java +++ b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java index 0bb8e26569..4e647a6324 100644 --- a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java +++ b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java @@ -27,8 +27,8 @@ package org.opensearch.security; import com.google.common.collect.Lists; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/TaskTests.java b/src/test/java/org/opensearch/security/TaskTests.java index d3ad0cd03a..0ec671af27 100644 --- a/src/test/java/org/opensearch/security/TaskTests.java +++ b/src/test/java/org/opensearch/security/TaskTests.java @@ -17,8 +17,8 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/TracingTests.java b/src/test/java/org/opensearch/security/TracingTests.java index 4c7e0472ce..10372cf73b 100644 --- a/src/test/java/org/opensearch/security/TracingTests.java +++ b/src/test/java/org/opensearch/security/TracingTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java index 33a42ca10f..8e054dbb68 100644 --- a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java +++ b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java @@ -15,8 +15,8 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexNameExpressionResolver; import org.opensearch.cluster.service.ClusterService; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java index 7d9ca05c2f..0a90f2f396 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.compliance; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java index 49dd3b38b2..2764ae8eb7 100644 --- a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java +++ b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.impl; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java index 74e6b0f383..56fd17ddff 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.integration; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/cache/CachingTest.java b/src/test/java/org/opensearch/security/cache/CachingTest.java index 4288a735cf..5276196856 100644 --- a/src/test/java/org/opensearch/security/cache/CachingTest.java +++ b/src/test/java/org/opensearch/security/cache/CachingTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.cache; -import org.apache.http.HttpStatus; -import org.apache.http.message.BasicHeader; +import org.apache.hc.core5.http.HttpStatus; +import org.apache.hc.core5.http.message.BasicHeader; import org.junit.Assert; import org.junit.Before; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java index 69141be6e6..64e73202c7 100644 --- a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java +++ b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java @@ -26,7 +26,7 @@ package org.opensearch.security.ccstest; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java index f7626ced60..0d6efe1bb9 100644 --- a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java +++ b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java @@ -26,7 +26,7 @@ package org.opensearch.security.ccstest; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java index 75655ac927..bbc7bd5479 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java @@ -13,7 +13,7 @@ import java.nio.charset.StandardCharsets; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java index 18577cefcc..9d48e0309f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java index 4a470990f5..54110e911f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java @@ -15,7 +15,7 @@ import java.util.Date; import java.util.TimeZone; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java index 441eaca870..c4105c11e9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java @@ -15,7 +15,7 @@ import java.time.ZoneId; import java.time.format.DateTimeFormatter; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java index 3fd7d0a406..4e8351d7b3 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java index bd64d0c011..a89d12770d 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java index b929a6146b..43d5ecfc5f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java index 76762269f8..b1d87734e5 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java index c863e3364b..cb2fa254b9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java index 57cae053df..40542e76b7 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java index a100fa91cb..6f00dfd348 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java index dd2f0028db..9cc5cc8b3b 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java index 001bd1858d..6df02c2e22 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java index 4af0c9104e..b177f1d346 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java index 50a19c4372..8f056c8244 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java index 22a46029ff..d4826222fa 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java @@ -13,7 +13,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java index fb652ff5da..951e786891 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java @@ -13,7 +13,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java index 2a8a6a1885..ca1e297f6c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java @@ -15,7 +15,7 @@ import java.util.HashMap; import java.util.Map; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java index 011afed4cf..c31650e734 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java index 6d15d97c2e..7348b11341 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java index 6ff1ad7105..b7305ee48c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java index c6af253f95..c17e997dc3 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java index 237e75a79a..ea5e96d37e 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java @@ -12,7 +12,7 @@ package org.opensearch.security.dlic.rest.api; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java index 96027e6f8d..5adac7ca78 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java index ed5ee12804..01fa5b4baf 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java @@ -491,7 +491,7 @@ public void testRolesApiForNonSuperAdmin() throws Exception { // put hidden role String body = FileHelper.loadFile("restapi/roles_captains.json"); response = rh.executePutRequest( ENDPOINT+ "/roles/opendistro_security_internal", body, new Header[0]); - Assert.assertEquals(org.apache.http.HttpStatus.SC_NOT_FOUND, response.getStatusCode()); + Assert.assertEquals(HttpStatus.SC_NOT_FOUND, response.getStatusCode()); // Patch single hidden roles response = rh.executePatchRequest(ENDPOINT + "/roles/opendistro_security_internal", "[{ \"op\": \"replace\", \"path\": \"/description\", \"value\": \"foo\" }]", new Header[0]); diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java index 4e8808e811..83630c036a 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java index 54aeb6d8a1..13dc4ee885 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java index 0743cd4d95..506ea3bdd2 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; From 74efa202bc45ff682b7d9d135045075d6fdf8982 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 12:56:45 -0400 Subject: [PATCH 15/36] Update import in SecurityRestTestCase Signed-off-by: Craig Perkins --- .../security/sanity/tests/SecurityRestTestCase.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java b/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java index 2418bd2194..8db893027e 100644 --- a/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java +++ b/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java @@ -16,8 +16,7 @@ import java.nio.file.Path; import java.util.Map; -import org.apache.http.HttpHost; - +import org.apache.hc.core5.http.HttpHost; import org.opensearch.client.Request; import org.opensearch.client.Response; import org.opensearch.client.RestClient; @@ -82,6 +81,7 @@ protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOE // create client with passed user String userName = System.getProperty("user"); String password = System.getProperty("password"); + return new SecureRestClientBuilder(hosts, isHttps(), userName, password).setSocketTimeout(60000).build(); } else { From 13418783a3da21ce7cbf88fbc34137415aae409a Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 12:59:23 -0400 Subject: [PATCH 16/36] Sync common utils and opensearch versions Signed-off-by: Craig Perkins --- build.gradle | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 16a0ef712c..1827b3a8f5 100644 --- a/build.gradle +++ b/build.gradle @@ -23,7 +23,6 @@ buildscript { version_tokens = opensearch_version.tokenize('-') opensearch_build = version_tokens[0] + '.0' - common_utils_version = System.getProperty("common_utils.version", '2.1.0.0') kafka_version = '3.0.2' if (buildVersionQualifier) { @@ -399,7 +398,7 @@ dependencies { testImplementation 'org.springframework:spring-beans:5.3.20' testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' - testImplementation "org.opensearch:common-utils:${common_utils_version}" + testImplementation "org.opensearch:common-utils:${opensearch_version}" // JUnit build requirement testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0' // Kafka test execution From 0bbd92e246b0a2007d5dd70a3a28abd7557b731c Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 13:02:22 -0400 Subject: [PATCH 17/36] Run spotlessApply Signed-off-by: Craig Perkins --- .../opensearch/security/auditlog/AbstractAuditlogiUnitTest.java | 2 +- .../java/org/opensearch/security/auditlog/AuditTestUtils.java | 2 +- .../opensearch/security/sanity/tests/SecurityRestTestCase.java | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java index 40b1baf558..14ae6aa81e 100644 --- a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java +++ b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java @@ -15,8 +15,8 @@ import java.util.Collection; import com.fasterxml.jackson.databind.JsonNode; - import org.apache.hc.core5.http.Header; + import org.opensearch.common.settings.Settings; import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.auditlog.config.AuditConfig; diff --git a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java index 8e054dbb68..507ebc1409 100644 --- a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java +++ b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java @@ -15,8 +15,8 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; - import org.apache.hc.core5.http.HttpStatus; + import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexNameExpressionResolver; import org.opensearch.cluster.service.ClusterService; diff --git a/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java b/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java index 8db893027e..c6d61bf617 100644 --- a/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java +++ b/src/test/java/org/opensearch/security/sanity/tests/SecurityRestTestCase.java @@ -17,6 +17,7 @@ import java.util.Map; import org.apache.hc.core5.http.HttpHost; + import org.opensearch.client.Request; import org.opensearch.client.Response; import org.opensearch.client.RestClient; From 39ba151e4fa4b3b3a3742b60c19285b36667e1b2 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 14:04:16 -0400 Subject: [PATCH 18/36] Remove now unused gradle dependencies Signed-off-by: Craig Perkins --- build.gradle | 4 ---- 1 file changed, 4 deletions(-) diff --git a/build.gradle b/build.gradle index 1827b3a8f5..227c94a3cf 100644 --- a/build.gradle +++ b/build.gradle @@ -299,13 +299,11 @@ dependencies { implementation "org.apache.httpcomponents:httpclient:${versions.httpclient}" implementation "org.apache.httpcomponents:httpcore:${versions.httpcore}" implementation "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}" - implementation "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}" implementation 'com.google.guava:guava:30.0-jre' implementation 'org.greenrobot:eventbus:3.2.0' implementation 'commons-cli:commons-cli:1.3.1' implementation "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}" implementation 'org.ldaptive:ldaptive:1.2.3' - implementation 'org.apache.httpcomponents:httpclient-cache:4.5.13' implementation 'io.jsonwebtoken:jjwt-api:0.10.8' implementation('org.apache.cxf:cxf-rt-rs-security-jose:3.4.5') { exclude(group: 'jakarta.activation', module: 'jakarta.activation-api') @@ -352,8 +350,6 @@ dependencies { implementation 'commons-lang:commons-lang:2.4' implementation 'commons-collections:commons-collections:3.2.2' implementation 'com.jayway.jsonpath:json-path:2.4.0' - implementation 'org.apache.httpcomponents:httpclient:4.5.13' - implementation 'org.apache.httpcomponents:httpclient:4.5.13' implementation 'net.minidev:json-smart:2.4.7' runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.8' runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.10.8' From 81eb84aaf714ccd96c0aab69ab2344c189cabc22 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura Date: Thu, 13 Oct 2022 14:10:43 -0400 Subject: [PATCH 19/36] Changes tests to use Http 5.x client Signed-off-by: Darshit Chanpura --- .../security/SecurityRolesTests.java | 2 +- .../privileges/PrivilegesEvaluatorTest.java | 2 +- .../security/auditlog/impl/AuditMessage.java | 2 +- .../security/httpclient/HttpClient.java | 6 +- .../security/tools/SecurityAdmin.java | 4 +- .../http/jwt/HTTPJwtAuthenticatorTest.java | 2 +- .../jwt/keybyoidc/KeySetRetrieverTest.java | 7 +- .../http/jwt/keybyoidc/MockIpdServer.java | 34 ++--- .../auth/http/saml/MockSamlIdpServer.java | 122 +++++++++--------- .../dlic/auth/ldap/LdapBackendIntegTest.java | 2 +- .../auth/ldap2/LdapBackendIntegTest2.java | 2 +- .../AdvancedSecurityMigrationTests.java | 4 +- .../opensearch/security/AggregationTests.java | 2 +- .../security/DataStreamIntegrationTests.java | 2 +- .../EncryptionInTransitMigrationTests.java | 2 +- .../org/opensearch/security/HealthTests.java | 2 +- .../security/HttpIntegrationTests.java | 2 +- .../security/IndexIntegrationTests.java | 2 +- ...exTemplateClusterPermissionsCheckTest.java | 2 +- .../InitializationIntegrationTests.java | 6 +- .../opensearch/security/ResolveAPITests.java | 2 +- .../SecurityAdminIEndpointsTests.java | 2 +- .../SecurityAdminInvalidConfigsTests.java | 2 +- .../security/SecurityAdminTests.java | 2 +- .../security/SecurityRolesTests.java | 2 +- .../security/SlowIntegrationTests.java | 2 +- .../security/SnapshotRestoreTests.java | 2 +- .../security/SystemIntegratorsTests.java | 2 +- .../org/opensearch/security/TaskTests.java | 2 +- .../org/opensearch/security/TracingTests.java | 2 +- .../auditlog/AbstractAuditlogiUnitTest.java | 2 +- .../security/auditlog/AuditTestUtils.java | 2 +- .../compliance/ComplianceAuditlogTest.java | 3 +- .../RestApiComplianceAuditlogTest.java | 2 +- .../security/auditlog/impl/TracingTests.java | 2 +- .../integration/BasicAuditlogTest.java | 3 +- .../auditlog/integration/SSLAuditlogTest.java | 2 +- .../security/cache/CachingTest.java | 2 +- .../ccstest/CrossClusterSearchTests.java | 2 +- .../security/ccstest/RemoteReindexTests.java | 2 +- .../CustomFieldMaskedComplexMappingTest.java | 2 +- .../dlic/dlsfls/CustomFieldMaskedTest.java | 2 +- .../security/dlic/dlsfls/DateMathTest.java | 2 +- .../security/dlic/dlsfls/DlsDateMathTest.java | 2 +- .../dlsfls/DlsFlsCrossClusterSearchTest.java | 2 +- .../security/dlic/dlsfls/DlsNestedTest.java | 2 +- .../dlic/dlsfls/DlsPropsReplaceTest.java | 2 +- .../security/dlic/dlsfls/DlsScrollTest.java | 2 +- .../security/dlic/dlsfls/DlsTest.java | 2 +- .../security/dlic/dlsfls/FieldMaskedTest.java | 2 +- .../security/dlic/dlsfls/Fls983Test.java | 2 +- .../security/dlic/dlsfls/FlsDlsTestAB.java | 2 +- .../dlic/dlsfls/FlsDlsTestForbiddenField.java | 2 +- .../security/dlic/dlsfls/FlsDlsTestMulti.java | 2 +- .../dlic/dlsfls/FlsExistsFieldsTest.java | 2 +- .../security/dlic/dlsfls/FlsFieldsTest.java | 2 +- .../security/dlic/dlsfls/FlsFieldsWcTest.java | 2 +- .../dlic/dlsfls/FlsIndexingTests.java | 3 +- .../security/dlic/dlsfls/FlsPerfTest.java | 2 +- .../security/dlic/dlsfls/FlsTest.java | 2 +- .../dlic/dlsfls/IndexPatternTest.java | 2 +- .../security/dlic/dlsfls/MFlsTest.java | 2 +- .../rest/api/AbstractRestApiUnitTest.java | 3 +- .../dlic/rest/api/AccountApiTest.java | 3 +- .../dlic/rest/api/ActionGroupsApiTest.java | 3 +- .../dlic/rest/api/AllowlistApiTest.java | 3 +- .../dlic/rest/api/AuditApiActionTest.java | 3 +- .../rest/api/DashboardsInfoActionTest.java | 2 +- .../dlic/rest/api/FlushCacheApiTest.java | 3 +- .../rest/api/GetConfigurationApiTest.java | 2 +- .../dlic/rest/api/IndexMissingTest.java | 3 +- .../dlic/rest/api/NodesDnApiTest.java | 3 +- .../dlic/rest/api/RoleBasedAccessTest.java | 2 +- .../security/dlic/rest/api/RolesApiTest.java | 3 +- .../dlic/rest/api/RolesMappingApiTest.java | 3 +- .../dlic/rest/api/SecurityApiAccessTest.java | 2 +- .../dlic/rest/api/SecurityConfigApiTest.java | 3 +- .../rest/api/SecurityHealthActionTest.java | 2 +- .../dlic/rest/api/SecurityInfoActionTest.java | 2 +- .../dlic/rest/api/TenantInfoActionTest.java | 3 +- .../security/dlic/rest/api/UserApiTest.java | 3 +- .../dlic/rest/api/WhitelistApiTest.java | 3 +- .../filter/SecurityRestFilterTest.java | 4 +- .../multitenancy/test/MultitenancyTests.java | 3 +- .../privileges/PrivilegesEvaluatorTest.java | 4 +- .../ProtectedIndicesTests.java | 3 +- .../org/opensearch/security/ssl/SSLTest.java | 2 +- .../system_indices/SystemIndicesTests.java | 3 +- 88 files changed, 168 insertions(+), 201 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java index 30c7ed46de..d93a168341 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityRolesTests.java @@ -12,7 +12,7 @@ package org.opensearch.security; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index c3ea872537..9fd3765ea6 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -12,7 +12,7 @@ package org.opensearch.security.privileges; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java index 12ca085f37..88d05d0f2a 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java @@ -26,7 +26,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.commons.codec.digest.DigestUtils; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.joda.time.format.DateTimeFormat; diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index ccb5301925..9a919cf9af 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -37,6 +37,8 @@ import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; @@ -45,8 +47,6 @@ import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -241,7 +241,7 @@ public String chooseAlias(Map aliases, SSLParameters }); } - final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE; + final HostnameVerifier hnv = verifyHostnames ? new DefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE; final SSLContext sslContext = sslContextBuilder.build(); TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 40b72de4c4..74bb820b2e 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -73,13 +73,13 @@ import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.opensearch.ExceptionsHelper; import org.opensearch.OpenSearchException; diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java index 2e4b659841..0aeb4df082 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java @@ -29,7 +29,7 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.security.Keys; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java index bdf367ead5..5f70334127 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java @@ -25,11 +25,6 @@ import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpCoreContext; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; @@ -80,7 +75,7 @@ public void clientCertTest() throws Exception { true) { @Override protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { + throws IOException, HttpException { MockIpdServer.SSLTestHttpServerConnection connection = (MockIpdServer.SSLTestHttpServerConnection) ((HttpCoreContext) context) .getConnection(); diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java index 580e2bcc17..1c80eeaf5b 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java @@ -31,23 +31,20 @@ import javax.net.ssl.TrustManagerFactory; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; -import org.apache.http.HttpConnectionFactory; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; +import org.apache.hc.core5.http.io.HttpConnectionFactory; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.http.config.ConnectionConfig; -import org.apache.http.config.MessageConstraints; -import org.apache.http.entity.ContentLengthStrategy; -import org.apache.http.entity.StringEntity; import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.DefaultBHttpServerConnection; -import org.apache.http.impl.bootstrap.HttpServer; import org.apache.http.impl.bootstrap.SSLServerSetupHandler; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.io.HttpMessageParserFactory; -import org.apache.http.io.HttpMessageWriterFactory; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.test.helper.network.SocketUtils; @@ -75,7 +72,7 @@ class MockIpdServer implements Closeable { this.jwks = jwks; ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port) - .registerHandler(CTX_DISCOVER, new HttpRequestHandler() { + .register(CTX_DISCOVER, new HttpRequestHandler() { @Override public void handle(HttpRequest request, HttpResponse response, HttpContext context) @@ -84,14 +81,11 @@ public void handle(HttpRequest request, HttpResponse response, HttpContext conte handleDiscoverRequest(request, response, context); } - }).registerHandler(CTX_KEYS, new HttpRequestHandler() { + }).register(CTX_KEYS, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleKeysRequest(request, response, context); - } }); diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java index 9b2a2f1854..578d696bf3 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java @@ -44,6 +44,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; @@ -65,28 +66,32 @@ import net.shibboleth.utilities.java.support.codec.Base64Support; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; -import org.apache.http.Header; -import org.apache.http.HttpConnectionFactory; +import org.apache.hc.core5.function.Callback; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.ContentLengthStrategy; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.NameValuePair; +import org.apache.hc.core5.http.config.Http1Config; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; +import org.apache.hc.core5.http.io.HttpConnectionFactory; +import org.apache.hc.core5.http.io.HttpMessageParserFactory; +import org.apache.hc.core5.http.io.HttpMessageWriterFactory; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.http.message.BasicHttpRequest; +import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.net.URIBuilder; import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.client.utils.URIBuilder; import org.apache.http.config.ConnectionConfig; import org.apache.http.config.MessageConstraints; -import org.apache.http.entity.ContentLengthStrategy; -import org.apache.http.entity.StringEntity; import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.DefaultBHttpServerConnection; -import org.apache.http.impl.bootstrap.HttpServer; import org.apache.http.impl.bootstrap.SSLServerSetupHandler; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.io.HttpMessageParserFactory; -import org.apache.http.io.HttpMessageWriterFactory; -import org.apache.http.message.BasicHttpRequest; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; import org.joda.time.DateTime; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.XMLObjectBuilderFactory; @@ -199,53 +204,50 @@ class MockSamlIdpServer implements Closeable { this.loadSigningKeys("saml/kirk-keystore.jks", "kirk"); ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port) - .registerHandler(CTX_METADATA, new HttpRequestHandler() { + .register(CTX_METADATA, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleMetadataRequest(request, response, context); } - }).registerHandler(CTX_SAML_SSO, new HttpRequestHandler() { + }).register(CTX_SAML_SSO, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleSsoRequest(request, response, context); - } - }).registerHandler(CTX_SAML_SLO, new HttpRequestHandler() { + }).register(CTX_SAML_SLO, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleSloRequest(request, response, context); - } }); if (ssl) { - serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) - .setSslSetupHandler(new SSLServerSetupHandler() { + serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) + .setSslSetupHandler(new Callback() { @Override - public void initialize(SSLServerSocket socket) throws SSLException { - socket.setNeedClientAuth(true); + public void execute(SSLParameters object) { + object.setNeedClientAuth(true); } - }).setConnectionFactory(new HttpConnectionFactory() { + }) + .setConnectionFactory(new HttpConnectionFactory() { private ConnectionConfig cconfig = ConnectionConfig.DEFAULT; + private Http1Config http1Config = Http1Config.custom() + .setBufferSize(this.cconfig.getBufferSize()).setChunkSizeHint(this.cconfig.getFragmentSizeHint()).build(); + @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection( - this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), - ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), - this.cconfig.getMessageConstraints(), null, null, null, null); + final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection("http", + http1Config, + ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig) + , null, null, null, null); conn.bind(socket); return conn; } @@ -306,9 +308,9 @@ public int getPort() { return port; } - protected void handleMetadataRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleMetadataRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setHeader("Cache-Control", "public, max-age=31536000"); response.setHeader("Content-Type", "application/xml"); response.setEntity(new StringEntity(createMetadata())); @@ -317,10 +319,10 @@ protected void handleMetadataRequest(HttpRequest request, HttpResponse response, protected void handleSsoRequest(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - if ("GET".equalsIgnoreCase(request.getRequestLine().getMethod())) { + if ("GET".equalsIgnoreCase(request.getMethod())) { handleSsoGetRequestBase(request); } else { - response.setStatusCode(405); + response.setCode(405); } } @@ -328,10 +330,10 @@ protected void handleSsoRequest(HttpRequest request, HttpResponse response, Http protected void handleSloRequest(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - if ("GET".equalsIgnoreCase(request.getRequestLine().getMethod())) { + if ("GET".equalsIgnoreCase(request.getMethod())) { handleSloGetRequestBase(request); } else { - response.setStatusCode(405); + response.setCode(405); } } @@ -726,19 +728,15 @@ private String nextId() { } static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection { - public SSLTestHttpServerConnection(final int buffersize, final int fragmentSizeHint, - final CharsetDecoder chardecoder, final CharsetEncoder charencoder, - final MessageConstraints constraints, final ContentLengthStrategy incomingContentStrategy, - final ContentLengthStrategy outgoingContentStrategy, - final HttpMessageParserFactory requestParserFactory, - final HttpMessageWriterFactory responseWriterFactory) { - super(buffersize, fragmentSizeHint, chardecoder, charencoder, constraints, incomingContentStrategy, + public SSLTestHttpServerConnection(final String scheme, Http1Config http1Config, + final CharsetDecoder charDecoder, final CharsetEncoder charEncoder, + final ContentLengthStrategy incomingContentStrategy, + final ContentLengthStrategy outgoingContentStrategy, + final HttpMessageParserFactory requestParserFactory, + final HttpMessageWriterFactory responseWriterFactory) { + super(scheme, http1Config, charDecoder, charEncoder, incomingContentStrategy, outgoingContentStrategy, requestParserFactory, responseWriterFactory); } - - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { - return ((SSLSocket) getSocket()).getSession().getPeerCertificates(); - } } static class FakeHttpServletRequest implements HttpServletRequest { @@ -748,7 +746,7 @@ static class FakeHttpServletRequest implements HttpServletRequest { FakeHttpServletRequest(HttpRequest delegate) throws URISyntaxException { this.delegate = delegate; - String uri = delegate.getRequestLine().getUri(); + String uri = delegate.getRequestUri(); this.uriBuilder = new URIBuilder(uri); this.queryParams = uriBuilder.getQueryParams().stream() .collect(Collectors.toMap(NameValuePair::getName, NameValuePair::getValue)); @@ -981,7 +979,7 @@ public String getHeader(String name) { @Override public Enumeration getHeaderNames() { return Collections.enumeration( - Arrays.asList(delegate.getAllHeaders()).stream().map(Header::getName).collect(Collectors.toSet())); + Arrays.asList(delegate.getHeaders()).stream().map(Header::getName).collect(Collectors.toSet())); } @SuppressWarnings("rawtypes") @@ -1010,7 +1008,7 @@ public int getIntHeader(String name) { @Override public String getMethod() { - return delegate.getRequestLine().getMethod(); + return delegate.getMethod(); } @Override @@ -1025,7 +1023,7 @@ public String getPathTranslated() { @Override public String getQueryString() { - return this.delegate.getRequestLine().getUri().replaceAll("^.*\\?", ""); + return this.delegate.getRequestUri().replaceAll("^.*\\?", ""); } @Override @@ -1035,12 +1033,12 @@ public String getRemoteUser() { @Override public String getRequestURI() { - return delegate.getRequestLine().getUri(); + return delegate.getRequestUri(); } @Override public StringBuffer getRequestURL() { - return new StringBuffer(delegate.getRequestLine().getUri()); + return new StringBuffer(delegate.getRequestUri()); } @Override diff --git a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java index e5a39cf3e9..497d0c863f 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java +++ b/src/test/java/com/amazon/dlic/auth/ldap/LdapBackendIntegTest.java @@ -11,7 +11,7 @@ package com.amazon.dlic.auth.ldap; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Assert; diff --git a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java index 17df201599..95b14a3caf 100644 --- a/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java +++ b/src/test/java/com/amazon/dlic/auth/ldap2/LdapBackendIntegTest2.java @@ -11,7 +11,7 @@ package com.amazon.dlic.auth.ldap2; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.AfterClass; import org.junit.Assert; diff --git a/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java b/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java index e4711bb504..3b069a2339 100644 --- a/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java +++ b/src/test/java/org/opensearch/security/AdvancedSecurityMigrationTests.java @@ -14,8 +14,8 @@ import java.io.File; import java.util.Arrays; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Before; diff --git a/src/test/java/org/opensearch/security/AggregationTests.java b/src/test/java/org/opensearch/security/AggregationTests.java index b003643209..c2feddd6b6 100644 --- a/src/test/java/org/opensearch/security/AggregationTests.java +++ b/src/test/java/org/opensearch/security/AggregationTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java index c88c0c99a6..cc37a6d1d4 100644 --- a/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java +++ b/src/test/java/org/opensearch/security/DataStreamIntegrationTests.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java index b9679c217b..5535d8a924 100644 --- a/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java +++ b/src/test/java/org/opensearch/security/EncryptionInTransitMigrationTests.java @@ -10,7 +10,7 @@ */ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/HealthTests.java b/src/test/java/org/opensearch/security/HealthTests.java index a4ff381e04..4cba4030e6 100644 --- a/src/test/java/org/opensearch/security/HealthTests.java +++ b/src/test/java/org/opensearch/security/HealthTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/HttpIntegrationTests.java b/src/test/java/org/opensearch/security/HttpIntegrationTests.java index c45d9f332c..7a7f6ccadb 100644 --- a/src/test/java/org/opensearch/security/HttpIntegrationTests.java +++ b/src/test/java/org/opensearch/security/HttpIntegrationTests.java @@ -31,7 +31,7 @@ import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.FileUtils; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.NoHttpResponseException; import org.apache.http.message.BasicHeader; import org.junit.Assert; diff --git a/src/test/java/org/opensearch/security/IndexIntegrationTests.java b/src/test/java/org/opensearch/security/IndexIntegrationTests.java index a88821078e..87428fd2b5 100644 --- a/src/test/java/org/opensearch/security/IndexIntegrationTests.java +++ b/src/test/java/org/opensearch/security/IndexIntegrationTests.java @@ -31,7 +31,7 @@ import java.util.Date; import java.util.TimeZone; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java b/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java index 26aec2481f..7bdbc57cf5 100644 --- a/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java +++ b/src/test/java/org/opensearch/security/IndexTemplateClusterPermissionsCheckTest.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Before; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java index 090b1ece75..ef8ef9bf86 100644 --- a/src/test/java/org/opensearch/security/InitializationIntegrationTests.java +++ b/src/test/java/org/opensearch/security/InitializationIntegrationTests.java @@ -30,9 +30,9 @@ import java.util.Iterator; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; -import org.apache.http.HttpStatus; -import org.apache.http.client.methods.HttpGet; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ResolveAPITests.java b/src/test/java/org/opensearch/security/ResolveAPITests.java index 4915cec4d7..2c297e3bbe 100644 --- a/src/test/java/org/opensearch/security/ResolveAPITests.java +++ b/src/test/java/org/opensearch/security/ResolveAPITests.java @@ -15,7 +15,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.junit.Assert; diff --git a/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java b/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java index 6446e9eac7..bc5d174739 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminIEndpointsTests.java @@ -11,7 +11,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java index f377dfa7bc..18f5c06529 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminInvalidConfigsTests.java @@ -30,7 +30,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityAdminTests.java b/src/test/java/org/opensearch/security/SecurityAdminTests.java index c2f6b9ab27..e7953c508a 100644 --- a/src/test/java/org/opensearch/security/SecurityAdminTests.java +++ b/src/test/java/org/opensearch/security/SecurityAdminTests.java @@ -23,7 +23,7 @@ import java.util.ArrayList; import java.util.List; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SecurityRolesTests.java b/src/test/java/org/opensearch/security/SecurityRolesTests.java index 4b5f45d544..3645f7e8c1 100644 --- a/src/test/java/org/opensearch/security/SecurityRolesTests.java +++ b/src/test/java/org/opensearch/security/SecurityRolesTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SlowIntegrationTests.java b/src/test/java/org/opensearch/security/SlowIntegrationTests.java index c08e3e3fd6..6a90ef8e71 100644 --- a/src/test/java/org/opensearch/security/SlowIntegrationTests.java +++ b/src/test/java/org/opensearch/security/SlowIntegrationTests.java @@ -28,7 +28,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java index 03d1128bfe..ef7189d4b4 100644 --- a/src/test/java/org/opensearch/security/SnapshotRestoreTests.java +++ b/src/test/java/org/opensearch/security/SnapshotRestoreTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java index 0bb8e26569..0e506d2aa0 100644 --- a/src/test/java/org/opensearch/security/SystemIntegratorsTests.java +++ b/src/test/java/org/opensearch/security/SystemIntegratorsTests.java @@ -27,7 +27,7 @@ package org.opensearch.security; import com.google.common.collect.Lists; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/TaskTests.java b/src/test/java/org/opensearch/security/TaskTests.java index d3ad0cd03a..19fc6c3c67 100644 --- a/src/test/java/org/opensearch/security/TaskTests.java +++ b/src/test/java/org/opensearch/security/TaskTests.java @@ -17,7 +17,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/TracingTests.java b/src/test/java/org/opensearch/security/TracingTests.java index 4c7e0472ce..10372cf73b 100644 --- a/src/test/java/org/opensearch/security/TracingTests.java +++ b/src/test/java/org/opensearch/security/TracingTests.java @@ -26,7 +26,7 @@ package org.opensearch.security; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java index dc0cd8d4cb..ac5b0de3b7 100644 --- a/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java +++ b/src/test/java/org/opensearch/security/auditlog/AbstractAuditlogiUnitTest.java @@ -15,7 +15,7 @@ import java.util.Collection; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.opensearch.common.settings.Settings; import org.opensearch.security.DefaultObjectMapper; diff --git a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java index 33a42ca10f..507ebc1409 100644 --- a/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java +++ b/src/test/java/org/opensearch/security/auditlog/AuditTestUtils.java @@ -15,7 +15,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexNameExpressionResolver; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java index 6436f9436d..fcaf768a2e 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/ComplianceAuditlogTest.java @@ -17,8 +17,7 @@ import java.util.stream.Collectors; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java index 7d9ca05c2f..0a90f2f396 100644 --- a/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/compliance/RestApiComplianceAuditlogTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.compliance; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java index 49dd3b38b2..2764ae8eb7 100644 --- a/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java +++ b/src/test/java/org/opensearch/security/auditlog/impl/TracingTests.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.impl; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 02cde14159..7ecf1389cb 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -15,8 +15,7 @@ import java.util.List; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java index 74e6b0f383..56fd17ddff 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/SSLAuditlogTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.auditlog.integration; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/cache/CachingTest.java b/src/test/java/org/opensearch/security/cache/CachingTest.java index 4288a735cf..e004f82b1b 100644 --- a/src/test/java/org/opensearch/security/cache/CachingTest.java +++ b/src/test/java/org/opensearch/security/cache/CachingTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.cache; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Before; diff --git a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java index 69141be6e6..64e73202c7 100644 --- a/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java +++ b/src/test/java/org/opensearch/security/ccstest/CrossClusterSearchTests.java @@ -26,7 +26,7 @@ package org.opensearch.security.ccstest; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java index f7626ced60..0d6efe1bb9 100644 --- a/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java +++ b/src/test/java/org/opensearch/security/ccstest/RemoteReindexTests.java @@ -26,7 +26,7 @@ package org.opensearch.security.ccstest; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java index 75655ac927..bbc7bd5479 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedComplexMappingTest.java @@ -13,7 +13,7 @@ import java.nio.charset.StandardCharsets; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java index 18577cefcc..9d48e0309f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/CustomFieldMaskedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java index 4a470990f5..54110e911f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DateMathTest.java @@ -15,7 +15,7 @@ import java.util.Date; import java.util.TimeZone; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java index 441eaca870..c4105c11e9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsDateMathTest.java @@ -15,7 +15,7 @@ import java.time.ZoneId; import java.time.format.DateTimeFormatter; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java index 3fd7d0a406..4e8351d7b3 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsFlsCrossClusterSearchTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java index bd64d0c011..a89d12770d 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsNestedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java index b929a6146b..43d5ecfc5f 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsPropsReplaceTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java index 76762269f8..b1d87734e5 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsScrollTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java index c863e3364b..cb2fa254b9 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/DlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java index 57cae053df..40542e76b7 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java index a100fa91cb..6f00dfd348 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/Fls983Test.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java index dd2f0028db..9cc5cc8b3b 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestAB.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java index 001bd1858d..6df02c2e22 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestForbiddenField.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java index 4af0c9104e..b177f1d346 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsDlsTestMulti.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java index 50a19c4372..8f056c8244 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsExistsFieldsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java index 22a46029ff..d4826222fa 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsTest.java @@ -13,7 +13,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java index fb652ff5da..951e786891 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsFieldsWcTest.java @@ -13,7 +13,7 @@ import java.io.IOException; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java index 73a152eca4..7640c15aef 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsIndexingTests.java @@ -11,8 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.index.IndexRequest; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java index 2a8a6a1885..ca1e297f6c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsPerfTest.java @@ -15,7 +15,7 @@ import java.util.HashMap; import java.util.Map; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java index 011afed4cf..c31650e734 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java index 6d15d97c2e..7348b11341 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/IndexPatternTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java index 6ff1ad7105..b7305ee48c 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/MFlsTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.dlsfls; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java index 59e8feb198..0dbe9ca001 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AbstractRestApiUnitTest.java @@ -20,8 +20,7 @@ import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonMappingException; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.opensearch.common.settings.Settings; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java index c1840524c9..f18b7c14d6 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AccountApiTest.java @@ -11,8 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java index 09efae9fbe..349922d34d 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/ActionGroupsApiTest.java @@ -13,8 +13,7 @@ import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java index 1c97d138da..b935c98ab3 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AllowlistApiTest.java @@ -17,8 +17,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java index c5e0a61d2f..5c9e6ae126 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/AuditApiActionTest.java @@ -24,8 +24,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Streams; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.After; import org.junit.Rule; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java index c6af253f95..c17e997dc3 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/DashboardsInfoActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java index ad0a4eea14..e94e735a39 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/FlushCacheApiTest.java @@ -11,8 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java index 237e75a79a..ea5e96d37e 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/GetConfigurationApiTest.java @@ -12,7 +12,7 @@ package org.opensearch.security.dlic.rest.api; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java index 257732f129..ae7d0e382c 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/IndexMissingTest.java @@ -11,8 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java index f72375600c..33f0764fb2 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/NodesDnApiTest.java @@ -19,8 +19,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java index 96027e6f8d..5adac7ca78 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java index 8dc18f5043..2b523aab02 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesApiTest.java @@ -14,8 +14,7 @@ import java.util.List; import com.fasterxml.jackson.databind.JsonNode; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java index 2d1f10736d..bb2427b2be 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RolesMappingApiTest.java @@ -13,8 +13,7 @@ import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java index 4e8808e811..83630c036a 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityApiAccessTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java index f5742cfecd..621dae87bb 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityConfigApiTest.java @@ -11,8 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java index 54aeb6d8a1..13dc4ee885 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityHealthActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java index 0743cd4d95..506ea3bdd2 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/SecurityInfoActionTest.java @@ -11,7 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java index e6864b8244..418766dacb 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/TenantInfoActionTest.java @@ -11,8 +11,7 @@ package org.opensearch.security.dlic.rest.api; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java index e81e42c25c..e12813b96a 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/UserApiTest.java @@ -14,8 +14,7 @@ import java.net.URLEncoder; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java index b5c0d98fc2..00cedf7725 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/WhitelistApiTest.java @@ -16,8 +16,7 @@ import com.fasterxml.jackson.databind.JsonNode; import com.google.common.collect.ImmutableMap; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java index 574a35b6a7..1a087887d8 100644 --- a/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java +++ b/src/test/java/org/opensearch/security/filter/SecurityRestFilterTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.filter; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.security.dlic.rest.api.AbstractRestApiUnitTest; diff --git a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java index 4964c940b9..f1e55bc643 100644 --- a/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java +++ b/src/test/java/org/opensearch/security/multitenancy/test/MultitenancyTests.java @@ -14,8 +14,7 @@ import java.util.HashMap; import java.util.Map; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.apache.http.message.BasicHeader; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java index 79f23037f5..ba265bcf2e 100644 --- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java +++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java @@ -11,8 +11,8 @@ package org.opensearch.security.privileges; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java index b86055f7e9..c45df85bd3 100644 --- a/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java +++ b/src/test/java/org/opensearch/security/protected_indices/ProtectedIndicesTests.java @@ -30,8 +30,7 @@ import java.util.Arrays; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.admin.cluster.repositories.put.PutRepositoryRequest; diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index e028ac82e3..331abdc414 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -31,7 +31,7 @@ import javax.net.ssl.SSLHandshakeException; import io.netty.util.internal.PlatformDependent; -import org.apache.http.NoHttpResponseException; +import org.apache.hc.core5.http.NoHttpResponseException; import org.apache.lucene.util.Constants; import org.junit.Assert; import org.junit.Assume; diff --git a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java index d569ee0880..9e413ac4c9 100644 --- a/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java +++ b/src/test/java/org/opensearch/security/system_indices/SystemIndicesTests.java @@ -15,8 +15,7 @@ import java.util.Arrays; import java.util.List; -import org.apache.http.Header; -import org.apache.http.HttpStatus; +import org.apache.hc.core5.http.HttpStatus; import org.junit.Test; import org.opensearch.action.admin.cluster.repositories.put.PutRepositoryRequest; From e83550cb9a31a11c1dfb05aea9c8318a5b8599fd Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 14:17:57 -0400 Subject: [PATCH 20/36] Update AuthScope to be equivalent for AuthScope.ANY from v4 Signed-off-by: Craig Perkins --- .../test/framework/cluster/OpenSearchClientProvider.java | 3 +-- .../org/opensearch/security/test/helper/rest/RestHelper.java | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 4f498ecefd..9e2bf4bb10 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -96,8 +96,7 @@ default TestRestClient getRestClient(UserCredentialsHolder user, Header... heade default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { InetSocketAddress httpAddress = getHttpAddress(); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - final HttpHost httpHost = new HttpHost(httpAddress.getHostString(), httpAddress.getPort()); - credentialsProvider.setCredentials(new AuthScope(httpHost, null, "Basic"), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray())); + credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray())); RestClientBuilder.HttpClientConfigCallback configCallback = httpClientBuilder -> { TlsStrategy tlsStrategy = new BasicClientTlsStrategy(getSSLContext()); diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 0ac4495833..2268650840 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -252,8 +252,7 @@ protected final CloseableHttpClient getHTTPClient() throws Exception { CredentialsProvider provider = new BasicCredentialsProvider(); UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("sarek", "sarek".toCharArray()); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - final HttpHost httpHost = new HttpHost("localhost", 9200); - credentialsProvider.setCredentials(new AuthScope(httpHost, null, "Basic"), new UsernamePasswordCredentials("sarek", "sarek".toCharArray())); + credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials("sarek", "sarek".toCharArray())); hcb.setDefaultCredentialsProvider(provider); } From 5ea3dcda8cab1f42036834cf766c36386afe38d7 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 16:32:02 -0400 Subject: [PATCH 21/36] Remove more references to org.apache.http Signed-off-by: Craig Perkins --- build.gradle | 1 + .../security/http/BasicAuthTests.java | 2 +- .../http/BasicAuthWithoutChallengeTests.java | 2 +- .../jwt/keybyoidc/KeySetRetrieverTest.java | 27 +++++---- .../http/jwt/keybyoidc/MockIpdServer.java | 59 ++++--------------- .../auth/http/saml/MockSamlIdpServer.java | 41 ++++--------- .../auditlog/helper/ErroneousHttpHandler.java | 18 +++--- .../auditlog/helper/TestHttpHandler.java | 30 ++++------ .../integration/BasicAuditlogTest.java | 2 +- .../auditlog/sink/SinkProviderTLSTest.java | 7 ++- .../auditlog/sink/WebhookAuditLogTest.java | 55 +++++++++-------- 11 files changed, 95 insertions(+), 149 deletions(-) diff --git a/build.gradle b/build.gradle index 227c94a3cf..a8fef86c60 100644 --- a/build.gradle +++ b/build.gradle @@ -387,6 +387,7 @@ dependencies { testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9' testImplementation 'javax.servlet:servlet-api:2.5' testImplementation 'org.apache.httpcomponents:fluent-hc:4.5.13' + testImplementation "org.apache.httpcomponents.client5:httpclient5-fluent:${versions.httpclient5}" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}" testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test" testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test" diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java index 6402d6963e..dafedcdf38 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthTests.java @@ -12,7 +12,7 @@ import java.util.List; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.hamcrest.Matchers; import org.junit.ClassRule; import org.junit.Test; diff --git a/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java b/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java index 3a960f0d35..4af5563e53 100644 --- a/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java +++ b/src/integrationTest/java/org/opensearch/security/http/BasicAuthWithoutChallengeTests.java @@ -10,7 +10,7 @@ package org.opensearch.security.http; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java index 5f70334127..b30a6326b6 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java @@ -14,17 +14,24 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.net.Socket; import java.security.KeyStore; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Map; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLSession; + import com.google.common.hash.Hashing; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.protocol.HttpContext; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.http.protocol.HttpCoreContext; +import org.apache.hc.core5.ssl.PrivateKeyDetails; +import org.apache.hc.core5.ssl.PrivateKeyStrategy; +import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.SSLContexts; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; @@ -74,13 +81,13 @@ public void clientCertTest() throws Exception { try (MockIpdServer sslMockIdpServer = new MockIpdServer(TestJwk.Jwks.ALL, SocketUtils.findAvailableTcpPort(), true) { @Override - protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleDiscoverRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws IOException, HttpException { - MockIpdServer.SSLTestHttpServerConnection connection = (MockIpdServer.SSLTestHttpServerConnection) ((HttpCoreContext) context) - .getConnection(); - X509Certificate peerCert = (X509Certificate) connection.getPeerCertificates()[0]; + SSLSession sslSession = ((HttpCoreContext) context).getSSLSession(); + + X509Certificate peerCert = (X509Certificate) sslSession.getPeerCertificates()[0]; try { String sha256Fingerprint = Hashing.sha256().hashBytes(peerCert.getEncoded()).toString(); @@ -113,7 +120,7 @@ protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, sslContextBuilder.loadKeyMaterial(keyStore, "changeit".toCharArray(), new PrivateKeyStrategy() { @Override - public String chooseAlias(Map aliases, Socket socket) { + public String chooseAlias(Map aliases, SSLParameters sslParameters) { return "spock"; } }); diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java index 1c80eeaf5b..3089bb2823 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java @@ -16,35 +16,28 @@ import java.io.IOException; import java.io.InputStream; import java.net.Socket; -import java.nio.charset.CharsetDecoder; -import java.nio.charset.CharsetEncoder; import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.security.cert.Certificate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManagerFactory; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; +import org.apache.hc.core5.function.Callback; import org.apache.hc.core5.http.ClassicHttpRequest; import org.apache.hc.core5.http.ClassicHttpResponse; import org.apache.hc.core5.http.HttpException; import org.apache.hc.core5.http.HttpRequest; -import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.config.Http1Config; import org.apache.hc.core5.http.impl.bootstrap.HttpServer; import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; import org.apache.hc.core5.http.io.HttpConnectionFactory; import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.StringEntity; import org.apache.hc.core5.http.protocol.HttpContext; -import org.apache.http.config.ConnectionConfig; -import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.bootstrap.SSLServerSetupHandler; import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.test.helper.network.SocketUtils; @@ -75,11 +68,8 @@ class MockIpdServer implements Closeable { .register(CTX_DISCOVER, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleDiscoverRequest(request, response, context); - } }).register(CTX_KEYS, new HttpRequestHandler() { @@ -91,22 +81,15 @@ public void handle(ClassicHttpRequest request, ClassicHttpResponse response, Htt if (ssl) { serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) - .setSslSetupHandler(new SSLServerSetupHandler() { - + .setSslSetupHandler(new Callback() { @Override - public void initialize(SSLServerSocket socket) throws SSLException { - socket.setNeedClientAuth(true); + public void execute(SSLParameters object) { + object.setNeedClientAuth(true); } }).setConnectionFactory(new HttpConnectionFactory() { - - private ConnectionConfig cconfig = ConnectionConfig.DEFAULT; - @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection( - this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), - ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), - this.cconfig.getMessageConstraints(), null, null, null, null); + final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection("https", Http1Config.DEFAULT); conn.bind(socket); return conn; } @@ -139,17 +122,17 @@ public int getPort() { return port; } - protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleDiscoverRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setHeader("Cache-Control", "public, max-age=31536000"); response.setEntity(new StringEntity("{\"jwks_uri\": \"" + uri + CTX_KEYS + "\",\n" + "\"issuer\": \"" + uri + "\", \"unknownPropertyToBeIgnored\": 42}")); } - protected void handleKeysRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleKeysRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setEntity(new StringEntity(toJson(jwks))); } @@ -181,20 +164,4 @@ private SSLContext createSSLContext() { throw new RuntimeException(e); } } - - static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection { - public SSLTestHttpServerConnection(final int buffersize, final int fragmentSizeHint, - final CharsetDecoder chardecoder, final CharsetEncoder charencoder, - final MessageConstraints constraints, final ContentLengthStrategy incomingContentStrategy, - final ContentLengthStrategy outgoingContentStrategy, - final HttpMessageParserFactory requestParserFactory, - final HttpMessageWriterFactory responseWriterFactory) { - super(buffersize, fragmentSizeHint, chardecoder, charencoder, constraints, incomingContentStrategy, - outgoingContentStrategy, requestParserFactory, responseWriterFactory); - } - - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { - return ((SSLSocket) getSocket()).getSession().getPeerCertificates(); - } - } } diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java index 578d696bf3..0f282c37bb 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java @@ -30,7 +30,6 @@ import java.security.Principal; import java.security.PrivateKey; import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Arrays; @@ -43,11 +42,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; import javax.net.ssl.SSLParameters; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; import javax.servlet.RequestDispatcher; import javax.servlet.ServletInputStream; @@ -87,11 +82,6 @@ import org.apache.hc.core5.http.message.BasicHttpRequest; import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.hc.core5.net.URIBuilder; -import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.config.ConnectionConfig; -import org.apache.http.config.MessageConstraints; -import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.bootstrap.SSLServerSetupHandler; import org.joda.time.DateTime; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.XMLObjectBuilderFactory; @@ -236,18 +226,9 @@ public void execute(SSLParameters object) { } }) .setConnectionFactory(new HttpConnectionFactory() { - - private ConnectionConfig cconfig = ConnectionConfig.DEFAULT; - - private Http1Config http1Config = Http1Config.custom() - .setBufferSize(this.cconfig.getBufferSize()).setChunkSizeHint(this.cconfig.getFragmentSizeHint()).build(); - @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection("http", - http1Config, - ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig) - , null, null, null, null); + final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection("https", Http1Config.DEFAULT); conn.bind(socket); return conn; } @@ -765,8 +746,8 @@ public Enumeration getAttributeNames() { @Override public String getCharacterEncoding() { - if (delegate instanceof HttpEntityEnclosingRequest) { - return ((HttpEntityEnclosingRequest) delegate).getEntity().getContentEncoding().getValue(); + if (delegate instanceof ClassicHttpRequest) { + return ((ClassicHttpRequest) delegate).getEntity().getContentEncoding(); } else { return null; } @@ -774,8 +755,8 @@ public String getCharacterEncoding() { @Override public int getContentLength() { - if (delegate instanceof HttpEntityEnclosingRequest) { - return (int) ((HttpEntityEnclosingRequest) delegate).getEntity().getContentLength(); + if (delegate instanceof ClassicHttpRequest) { + return (int) ((ClassicHttpRequest) delegate).getEntity().getContentLength(); } else { return 0; } @@ -783,8 +764,8 @@ public int getContentLength() { @Override public String getContentType() { - if (delegate instanceof HttpEntityEnclosingRequest) { - return ((HttpEntityEnclosingRequest) delegate).getEntity().getContentType().getValue(); + if (delegate instanceof ClassicHttpRequest) { + return ((ClassicHttpRequest) delegate).getEntity().getContentType(); } else { return null; } @@ -792,8 +773,8 @@ public String getContentType() { @Override public ServletInputStream getInputStream() throws IOException { - if (delegate instanceof HttpEntityEnclosingRequest) { - final InputStream in = ((HttpEntityEnclosingRequest) delegate).getEntity().getContent(); + if (delegate instanceof ClassicHttpRequest) { + final InputStream in = ((ClassicHttpRequest) delegate).getEntity().getContent(); return new ServletInputStream() { @@ -875,8 +856,8 @@ public String getProtocol() { @Override public BufferedReader getReader() throws IOException { - if (delegate instanceof HttpEntityEnclosingRequest) { - final InputStream in = ((HttpEntityEnclosingRequest) delegate).getEntity().getContent(); + if (delegate instanceof ClassicHttpRequest) { + final InputStream in = ((ClassicHttpRequest) delegate).getEntity().getContent(); return new BufferedReader(new InputStreamReader(in)); } else { diff --git a/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java b/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java index 29a9ea9432..120232825b 100644 --- a/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java +++ b/src/test/java/org/opensearch/security/auditlog/helper/ErroneousHttpHandler.java @@ -11,18 +11,14 @@ package org.opensearch.security.auditlog.helper; -import java.io.IOException; - -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; - -public class ErroneousHttpHandler implements HttpRequestHandler{ +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.protocol.HttpContext; +public class ErroneousHttpHandler implements HttpRequestHandler { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(404); + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) { + response.setCode(404); } } diff --git a/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java b/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java index 69f667e8cb..d888949e46 100644 --- a/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java +++ b/src/test/java/org/opensearch/security/auditlog/helper/TestHttpHandler.java @@ -14,15 +14,13 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; -import org.apache.http.HttpEntity; -import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.RequestLine; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; -import org.apache.http.util.EntityUtils; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpEntity; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.EntityUtils; +import org.apache.hc.core5.http.protocol.HttpContext; public class TestHttpHandler implements HttpRequestHandler { public String method; @@ -30,16 +28,12 @@ public class TestHttpHandler implements HttpRequestHandler { public String body; @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - RequestLine requestLine = request.getRequestLine(); - this.method = requestLine.getMethod(); - this.uri = requestLine.getUri(); + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { + this.method = request.getMethod(); + this.uri = request.getRequestUri(); - HttpEntity entity = null; - if (request instanceof HttpEntityEnclosingRequest) { - entity = ((HttpEntityEnclosingRequest) request).getEntity(); - body = EntityUtils.toString(entity, StandardCharsets.UTF_8); - } + HttpEntity entity = request.getEntity(); + body = EntityUtils.toString(entity, StandardCharsets.UTF_8); } public void reset() { diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index fdb5a2e4c4..8b3ff35b4a 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -132,7 +132,7 @@ public void testSSLPlainText() throws Exception { final List messages = TestAuditlogImpl.doThenWaitForMessages(() -> { final RuntimeException ex = Assert.assertThrows(RuntimeException.class, () -> nonSslRestHelper().executeGetRequest("_search", encodeBasicHeader("admin", "admin"))); - Assert.assertEquals("org.apache.http.NoHttpResponseException", ex.getCause().getClass().getName()); + Assert.assertEquals("org.apache.hc.core5.http.NoHttpResponseException", ex.getCause().getClass().getName()); }, 4); // All of the messages should be the same as the http client is attempting multiple times. diff --git a/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java b/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java index 2aa7c86be7..fb0f665b16 100644 --- a/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java +++ b/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTLSTest.java @@ -21,8 +21,9 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.HttpProcessors; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -58,7 +59,7 @@ public void testTlsConfigurationNoFallback() throws Exception { TestHttpHandler handler = new TestHttpHandler(); int port = findFreePort(); - server = ServerBootstrap.bootstrap().setListenerPort(port).setServerInfo("Test/1.1").setSslContext(createSSLContext()).registerHandler("*", handler).create(); + server = ServerBootstrap.bootstrap().setListenerPort(port).setHttpProcessor(HttpProcessors.server("Test/1.1")).setSslContext(createSSLContext()).register("*", handler).create(); server.start(); diff --git a/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java b/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java index 8446e38b44..1e327750b6 100644 --- a/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/sink/WebhookAuditLogTest.java @@ -18,15 +18,16 @@ import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.security.KeyStore; -import java.util.concurrent.TimeUnit; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import org.apache.http.entity.ContentType; -import org.apache.http.impl.bootstrap.HttpServer; -import org.apache.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.ContentType; +import org.apache.hc.core5.http.impl.HttpProcessors; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.util.TimeValue; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -223,8 +224,8 @@ public void postGetHttpTest() throws Exception { int port = findFreePort(); server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .register("*", handler) .create(); server.start(); @@ -318,7 +319,7 @@ public void postGetHttpTest() throws Exception { Assert.assertTrue(handler.method.equals("GET")); Assert.assertEquals(null, handler.body); assertStringContainsAllKeysAndValues(URLDecoder.decode(handler.uri, StandardCharsets.UTF_8.displayName())); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -329,8 +330,8 @@ public void httpsTestWithoutTLSServer() throws Exception { int port = findFreePort(); server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .register("*", handler) .create(); server.start(); @@ -355,7 +356,7 @@ public void httpsTestWithoutTLSServer() throws Exception { // ... so message must be stored in fallback Assert.assertEquals(1, fallback.messages.size()); Assert.assertEquals(msg, fallback.messages.get(0)); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @@ -366,9 +367,9 @@ public void httpsTest() throws Exception { int port = findFreePort(); server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -440,7 +441,7 @@ public void httpsTest() throws Exception { Assert.assertNull(handler.body); Assert.assertNull(handler.body); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -450,9 +451,9 @@ public void httpsTestPemDefault() throws Exception { server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -554,7 +555,7 @@ public void httpsTestPemDefault() throws Exception { Assert.assertNull(handler.method); Assert.assertNull(handler.body); Assert.assertNull(handler.body); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -565,9 +566,9 @@ public void httpsTestPemEndpoint() throws Exception { server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -652,7 +653,7 @@ public void httpsTestPemEndpoint() throws Exception { Assert.assertNull(handler.body); Assert.assertNull(handler.body); - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } @Test @@ -663,9 +664,9 @@ public void httpsTestPemContentEndpoint() throws Exception { server = ServerBootstrap.bootstrap() .setListenerPort(port) - .setServerInfo("Test/1.1") - .setSslContext(createSSLContext()) - .registerHandler("*", handler) + .setHttpProcessor(HttpProcessors.server("Test/1.1")) + .setSslContext(createSSLContext()) + .register("*", handler) .create(); server.start(); @@ -691,9 +692,7 @@ public void httpsTestPemContentEndpoint() throws Exception { Assert.assertTrue(handler.body.contains("{")); assertStringContainsAllKeysAndValues(handler.body); - - - server.shutdown(3l, TimeUnit.SECONDS); + server.awaitTermination(TimeValue.ofSeconds(3)); } // for TLS support on our in-memory server From c74f8959dbe25eafa8d6d62787b822ff00bff83c Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 13 Oct 2022 18:40:17 -0400 Subject: [PATCH 22/36] Fix various test failures Signed-off-by: Craig Perkins --- .../http/jwt/keybyoidc/MockIpdServer.java | 2 +- .../auth/http/saml/MockSamlIdpServer.java | 2 +- .../security/test/helper/rest/RestHelper.java | 30 +++++++++++++++---- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java index 3089bb2823..21a9d239c3 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java @@ -89,7 +89,7 @@ public void execute(SSLParameters object) { }).setConnectionFactory(new HttpConnectionFactory() { @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection("https", Http1Config.DEFAULT); + final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection(ssl ? "https" : "http", Http1Config.DEFAULT); conn.bind(socket); return conn; } diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java index 0f282c37bb..4f4a8c9640 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java @@ -228,7 +228,7 @@ public void execute(SSLParameters object) { .setConnectionFactory(new HttpConnectionFactory() { @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection("https", Http1Config.DEFAULT); + final DefaultBHttpServerConnection conn = new DefaultBHttpServerConnection(ssl ? "https" : "http", Http1Config.DEFAULT); conn.bind(socket); return conn; } diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 2268650840..e034aa3a56 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -145,7 +145,10 @@ public HttpResponse[] executeMultipleAsyncPutRequest(final int numOfRequests, fi } public HttpResponse executeGetRequest(final String request, Header... header) { - return executeRequest(new HttpGet(getHttpServerUri() + "/" + request), header); + String requestUri = getHttpServerUri().endsWith("/") + ? getHttpServerUri() + request + : getHttpServerUri() + "/" + request; + return executeRequest(new HttpGet(requestUri), header); } public HttpResponse executeGetRequest(final String request, String body, Header... header) { @@ -156,11 +159,17 @@ public HttpResponse executeGetRequest(final String request, String body, Header. } public HttpResponse executeHeadRequest(final String request, Header... header) { - return executeRequest(new HttpHead(getHttpServerUri() + "/" + request), header); + String requestUri = getHttpServerUri().endsWith("/") + ? getHttpServerUri() + request + : getHttpServerUri() + "/" + request; + return executeRequest(new HttpHead(requestUri), header); } public HttpResponse executeOptionsRequest(final String request) { - return executeRequest(new HttpOptions(getHttpServerUri() + "/" + request)); + String requestUri = getHttpServerUri().endsWith("/") + ? getHttpServerUri() + request + : getHttpServerUri() + "/" + request; + return executeRequest(new HttpOptions(requestUri)); } public HttpResponse executePutRequest(final String request, String body, Header... header) { @@ -172,7 +181,10 @@ public HttpResponse executePutRequest(final String request, String body, Header. } public HttpResponse executeDeleteRequest(final String request, Header... header) { - return executeRequest(new HttpDelete(getHttpServerUri() + "/" + request), header); + String requestUri = getHttpServerUri().endsWith("/") + ? getHttpServerUri() + request + : getHttpServerUri() + "/" + request; + return executeRequest(new HttpDelete(requestUri), header); } public HttpResponse executeDeleteRequest(final String request, String body, Header... header) { @@ -184,7 +196,10 @@ public HttpResponse executeDeleteRequest(final String request, String body, Head public HttpResponse executePostRequest(final String request, String body, Header... header) { - HttpPost uriRequest = new HttpPost(getHttpServerUri() + "/" + request); + String requestUri = getHttpServerUri().endsWith("/") + ? getHttpServerUri() + request + : getHttpServerUri() + "/" + request; + HttpPost uriRequest = new HttpPost(requestUri); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -193,7 +208,10 @@ public HttpResponse executePostRequest(final String request, String body, Header } public HttpResponse executePatchRequest(final String request, String body, Header... header) { - HttpPatch uriRequest = new HttpPatch(getHttpServerUri() + "/" + request); + String requestUri = getHttpServerUri().endsWith("/") + ? getHttpServerUri() + request + : getHttpServerUri() + "/" + request; + HttpPatch uriRequest = new HttpPatch(requestUri); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } From 426f7a937f9aa47ea5ecd5a27f5d073d13cc67b7 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Fri, 14 Oct 2022 09:25:12 -0400 Subject: [PATCH 23/36] Strip extract / in request uri Signed-off-by: Craig Perkins --- build.gradle | 2 +- .../security/test/helper/rest/RestHelper.java | 44 +++++++------------ 2 files changed, 17 insertions(+), 29 deletions(-) diff --git a/build.gradle b/build.gradle index a8fef86c60..3d601f4659 100644 --- a/build.gradle +++ b/build.gradle @@ -395,7 +395,7 @@ dependencies { testImplementation 'org.springframework:spring-beans:5.3.20' testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' - testImplementation "org.opensearch:common-utils:${opensearch_version}" + testImplementation "org.opensearch:common-utils:${opensearch_build}" // JUnit build requirement testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0' // Kafka test execution diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index e034aa3a56..27d1fbda88 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -45,6 +45,7 @@ import com.fasterxml.jackson.databind.JsonNode; import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.hc.client5.http.auth.AuthScope; import org.apache.hc.client5.http.auth.CredentialsProvider; import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; @@ -111,9 +112,10 @@ public String executeSimpleRequest(final String request) throws Exception { CloseableHttpClient httpClient = null; CloseableHttpResponse response = null; + try { httpClient = getHTTPClient(); - response = httpClient.execute(new HttpGet(getHttpServerUri() + "/" + request)); + response = httpClient.execute(new HttpGet(getRequestUri(request))); if (response.getCode() >= 300) { throw new Exception("Statuscode " + response.getCode()); @@ -145,35 +147,26 @@ public HttpResponse[] executeMultipleAsyncPutRequest(final int numOfRequests, fi } public HttpResponse executeGetRequest(final String request, Header... header) { - String requestUri = getHttpServerUri().endsWith("/") - ? getHttpServerUri() + request - : getHttpServerUri() + "/" + request; - return executeRequest(new HttpGet(requestUri), header); + return executeRequest(new HttpGet(getRequestUri(request)), header); } public HttpResponse executeGetRequest(final String request, String body, Header... header) { - HttpGet getRequest = new HttpGet(getHttpServerUri() + "/" + request); + HttpGet getRequest = new HttpGet(getRequestUri(request)); getRequest.setEntity(createStringEntity(body)); getRequest.addHeader(HttpHeaders.CONTENT_TYPE, "application/json"); return executeRequest(getRequest, header); } public HttpResponse executeHeadRequest(final String request, Header... header) { - String requestUri = getHttpServerUri().endsWith("/") - ? getHttpServerUri() + request - : getHttpServerUri() + "/" + request; - return executeRequest(new HttpHead(requestUri), header); + return executeRequest(new HttpHead(getRequestUri(request)), header); } public HttpResponse executeOptionsRequest(final String request) { - String requestUri = getHttpServerUri().endsWith("/") - ? getHttpServerUri() + request - : getHttpServerUri() + "/" + request; - return executeRequest(new HttpOptions(requestUri)); + return executeRequest(new HttpOptions(getRequestUri(request))); } public HttpResponse executePutRequest(final String request, String body, Header... header) { - HttpPut uriRequest = new HttpPut(getHttpServerUri() + "/" + request); + HttpPut uriRequest = new HttpPut(getRequestUri(request)); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -181,14 +174,11 @@ public HttpResponse executePutRequest(final String request, String body, Header. } public HttpResponse executeDeleteRequest(final String request, Header... header) { - String requestUri = getHttpServerUri().endsWith("/") - ? getHttpServerUri() + request - : getHttpServerUri() + "/" + request; - return executeRequest(new HttpDelete(requestUri), header); + return executeRequest(new HttpDelete(getRequestUri(request)), header); } public HttpResponse executeDeleteRequest(final String request, String body, Header... header) { - HttpDelete delRequest = new HttpDelete(getHttpServerUri() + "/" + request); + HttpDelete delRequest = new HttpDelete(getRequestUri(request)); delRequest.setEntity(createStringEntity(body)); delRequest.setHeader(HttpHeaders.CONTENT_TYPE, "application/json"); return executeRequest(delRequest, header); @@ -196,10 +186,7 @@ public HttpResponse executeDeleteRequest(final String request, String body, Head public HttpResponse executePostRequest(final String request, String body, Header... header) { - String requestUri = getHttpServerUri().endsWith("/") - ? getHttpServerUri() + request - : getHttpServerUri() + "/" + request; - HttpPost uriRequest = new HttpPost(requestUri); + HttpPost uriRequest = new HttpPost(getRequestUri(request)); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -208,10 +195,7 @@ public HttpResponse executePostRequest(final String request, String body, Header } public HttpResponse executePatchRequest(final String request, String body, Header... header) { - String requestUri = getHttpServerUri().endsWith("/") - ? getHttpServerUri() + request - : getHttpServerUri() + "/" + request; - HttpPatch uriRequest = new HttpPatch(requestUri); + HttpPatch uriRequest = new HttpPatch(getRequestUri(request)); if (body != null && !body.isEmpty()) { uriRequest.setEntity(createStringEntity(body)); } @@ -261,6 +245,10 @@ protected final String getHttpServerUri() { log.debug("Connect to {}", address); return address; } + + protected final String getRequestUri(String request) { + return getHttpServerUri() + "/" + StringUtils.strip(request, "/"); + } protected final CloseableHttpClient getHTTPClient() throws Exception { From 1e8818c91982e8e1a7197a7e1e8cc6a8bf8ea2ac Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 13:50:23 -0400 Subject: [PATCH 24/36] Change placement of common-utils in build.gradle Signed-off-by: Craig Perkins --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3d601f4659..28e13d4ea8 100644 --- a/build.gradle +++ b/build.gradle @@ -373,6 +373,7 @@ dependencies { implementation 'org.apache.commons:commons-lang3:3.4' + testImplementation "org.opensearch:common-utils:${opensearch_build}" testImplementation "org.opensearch.plugin:reindex-client:${opensearch_version}" testImplementation "org.opensearch:opensearch-ssl-config:${opensearch_version}" testImplementation "org.opensearch.plugin:percolator-client:${opensearch_version}" @@ -395,7 +396,6 @@ dependencies { testImplementation 'org.springframework:spring-beans:5.3.20' testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2' testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2' - testImplementation "org.opensearch:common-utils:${opensearch_build}" // JUnit build requirement testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0' // Kafka test execution From 4d83258fc6d7d075418795e51220c271b856042f Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 14:02:37 -0400 Subject: [PATCH 25/36] Specify common_utils_version Signed-off-by: Craig Perkins --- build.gradle | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 28e13d4ea8..c0e8befb15 100644 --- a/build.gradle +++ b/build.gradle @@ -23,6 +23,7 @@ buildscript { version_tokens = opensearch_version.tokenize('-') opensearch_build = version_tokens[0] + '.0' + common_utils_version = System.getProperty("common_utils.version", '3.0.0.0-SNAPSHOT') kafka_version = '3.0.2' if (buildVersionQualifier) { @@ -373,7 +374,7 @@ dependencies { implementation 'org.apache.commons:commons-lang3:3.4' - testImplementation "org.opensearch:common-utils:${opensearch_build}" + testImplementation "org.opensearch:common-utils:${common_utils_version}" testImplementation "org.opensearch.plugin:reindex-client:${opensearch_version}" testImplementation "org.opensearch:opensearch-ssl-config:${opensearch_version}" testImplementation "org.opensearch.plugin:percolator-client:${opensearch_version}" From a4337a4483532d7711616030a5749fe641447331 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 14:08:37 -0400 Subject: [PATCH 26/36] Remove unused import in RestHelper Signed-off-by: Craig Perkins --- .../org/opensearch/security/test/helper/rest/RestHelper.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 27d1fbda88..f889bdb187 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -69,7 +69,6 @@ import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpEntity; import org.apache.hc.core5.http.HttpHeaders; -import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.io.SocketConfig; import org.apache.hc.core5.http.io.entity.StringEntity; import org.apache.hc.core5.ssl.SSLContextBuilder; From b53fb744bbfab51a45be7021ab036a29494a80b0 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 16:50:47 -0400 Subject: [PATCH 27/36] Set connection manager Signed-off-by: Craig Perkins --- .../org/opensearch/security/test/AbstractSecurityUnitTest.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index be0fa6d057..a5b574fb89 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -172,6 +172,7 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); + builder.setConnectionManager(cm); return builder; }); return new RestHighLevelClient(restClientBuilder); From 5901d169fd12046c95dbb54bbb7cc499ea3f7caa Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 17:52:07 -0400 Subject: [PATCH 28/36] Attempt to resolve Invalid protocol version test failure Signed-off-by: Craig Perkins --- .../test/framework/cluster/OpenSearchClientProvider.java | 3 +++ .../java/org/opensearch/security/httpclient/HttpClient.java | 3 +++ src/main/java/org/opensearch/security/tools/SecurityAdmin.java | 3 +++ .../org/opensearch/security/test/AbstractSecurityUnitTest.java | 3 +++ 4 files changed, 12 insertions(+) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 9e2bf4bb10..ca79e4f83f 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -54,6 +54,7 @@ import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.http2.HttpVersionPolicy; import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; import org.opensearch.client.RestHighLevelClient; @@ -105,6 +106,8 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { .build(); httpClientBuilder.setConnectionManager(cm); + // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version + httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); return httpClientBuilder; }; diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 9a919cf9af..3e6121bdf3 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -43,6 +43,7 @@ import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.http2.HttpVersionPolicy; import org.apache.hc.core5.ssl.PrivateKeyDetails; import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; @@ -254,6 +255,8 @@ public String chooseAlias(Map aliases, SSLParameters final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); + // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version + httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); httpClientBuilder.setConnectionManager(cm); } diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index d14ecbf6b2..efd239f20c 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -77,6 +77,7 @@ import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.http2.HttpVersionPolicy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; @@ -1412,6 +1413,8 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, .setTlsStrategy(tlsStrategy) .build(); + // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version + builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); builder.setConnectionManager(cm); return builder; }); diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index a5b574fb89..0996f1292d 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -53,6 +53,7 @@ import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; +import org.apache.hc.core5.http2.HttpVersionPolicy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; @@ -173,6 +174,8 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam .setTlsStrategy(tlsStrategy) .build(); builder.setConnectionManager(cm); + // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version + builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); return builder; }); return new RestHighLevelClient(restClientBuilder); From e937d09705465a818d6efe50fe21b16a7c1f8aeb Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 17:56:48 -0400 Subject: [PATCH 29/36] Run spotlessApply Signed-off-by: Craig Perkins --- .../test/framework/cluster/OpenSearchClientProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index ca79e4f83f..ef49ce5c10 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -53,8 +53,8 @@ import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; - import org.apache.hc.core5.http2.HttpVersionPolicy; + import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; import org.opensearch.client.RestHighLevelClient; From 6db8ffd89897242fb69293690169b5abc0fa1cdf Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 20:44:56 -0400 Subject: [PATCH 30/36] Fix issue passing credentials in RestHelper Signed-off-by: Craig Perkins --- .../org/opensearch/security/test/helper/rest/RestHelper.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index f889bdb187..61fd5acc4e 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -254,11 +254,10 @@ protected final CloseableHttpClient getHTTPClient() throws Exception { final HttpClientBuilder hcb = HttpClients.custom(); if (sendHTTPClientCredentials) { - CredentialsProvider provider = new BasicCredentialsProvider(); UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("sarek", "sarek".toCharArray()); BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials("sarek", "sarek".toCharArray())); - hcb.setDefaultCredentialsProvider(provider); + credentialsProvider.setCredentials(new AuthScope(null, -1), credentials); + hcb.setDefaultCredentialsProvider(credentialsProvider); } if (enableHTTPClientSSL) { From 2c23df494a7a895a4f88a1dd58d005810852f8de Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 21:14:16 -0400 Subject: [PATCH 31/36] Remove unused import Signed-off-by: Craig Perkins --- .../org/opensearch/security/test/helper/rest/RestHelper.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 61fd5acc4e..30b549dfa1 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -47,7 +47,6 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.apache.hc.client5.http.auth.AuthScope; -import org.apache.hc.client5.http.auth.CredentialsProvider; import org.apache.hc.client5.http.auth.UsernamePasswordCredentials; import org.apache.hc.client5.http.classic.methods.HttpDelete; import org.apache.hc.client5.http.classic.methods.HttpGet; From 17344c3050776dbb135fe7ad9f7cb6eb74f91a7e Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 21:58:51 -0400 Subject: [PATCH 32/36] Change expected count in BasicAuditlogTest from before doThenWaitForMessages Signed-off-by: Craig Perkins --- .../security/auditlog/integration/BasicAuditlogTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java index 8b3ff35b4a..ac8df9cc72 100644 --- a/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java +++ b/src/test/java/org/opensearch/security/auditlog/integration/BasicAuditlogTest.java @@ -133,7 +133,7 @@ public void testSSLPlainText() throws Exception { final RuntimeException ex = Assert.assertThrows(RuntimeException.class, () -> nonSslRestHelper().executeGetRequest("_search", encodeBasicHeader("admin", "admin"))); Assert.assertEquals("org.apache.hc.core5.http.NoHttpResponseException", ex.getCause().getClass().getName()); - }, 4); + }, 1); // All of the messages should be the same as the http client is attempting multiple times. messages.stream().forEach((message) -> { From adb110010619d536a4a4159d40a1ac487ae0b16d Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 17 Oct 2022 22:57:16 -0400 Subject: [PATCH 33/36] Make sure to setDefaultCredentialsProvider Signed-off-by: Craig Perkins --- .../test/framework/cluster/OpenSearchClientProvider.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index ef49ce5c10..83c00a0993 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -105,6 +105,7 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { .setTlsStrategy(tlsStrategy) .build(); + httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); httpClientBuilder.setConnectionManager(cm); // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); From 7b0e3cdef226ba4f07eb2d732be8e4ab6ae2eca3 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Tue, 18 Oct 2022 09:22:32 -0400 Subject: [PATCH 34/36] Remove unused code, use variable for so timeout and set charset in WebhookSink Signed-off-by: Craig Perkins --- .../test/framework/cluster/TestRestClient.java | 9 --------- .../amazon/dlic/util/SettingsBasedSSLConfigurator.java | 5 ----- .../opensearch/security/auditlog/sink/WebhookSink.java | 7 ++++--- 3 files changed, 4 insertions(+), 17 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java index 7a79363030..c578ca2e77 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/TestRestClient.java @@ -380,15 +380,6 @@ public void setRequestConfig(RequestConfig requestConfig) { this.requestConfig = requestConfig; } - // TODO Can this be removed? -// public void setLocalAddress(InetAddress inetAddress) { -// if (requestConfig == null) { -// requestConfig = RequestConfig.custom().setLocalAddress(inetAddress).build(); -// } else { -// requestConfig = RequestConfig.copy(requestConfig).setLocalAddress(inetAddress).build(); -// } -// } - public boolean isSendHTTPClientCertificate() { return sendHTTPClientCertificate; } diff --git a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java index 240888a576..03800feace 100644 --- a/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java +++ b/src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java @@ -429,11 +429,6 @@ public HostnameVerifier getHostnameVerifier() { return hostnameVerifier; } - // TODO Can this be removed? -// public SSLIOSessionStrategy toSSLIOSessionStrategy() { -// return new SSLIOSessionStrategy(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); -// } - public SSLConnectionSocketFactory toSSLConnectionSocketFactory() { return new SSLConnectionSocketFactory(sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier); diff --git a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java index d841ab5075..af4525fcba 100644 --- a/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java +++ b/src/main/java/org/opensearch/security/auditlog/sink/WebhookSink.java @@ -14,6 +14,7 @@ import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; +import java.nio.charset.StandardCharsets; import java.nio.file.Path; import java.security.AccessController; import java.security.KeyStore; @@ -275,7 +276,7 @@ protected boolean doPost(String url, String payload) { HttpPost postRequest = new HttpPost(url); - StringEntity input = new StringEntity(payload, webhookFormat.contentType); + StringEntity input = new StringEntity(payload, webhookFormat.contentType.withCharset(StandardCharsets.UTF_8)); postRequest.setEntity(input); CloseableHttpResponse serverResponse = null; @@ -364,7 +365,7 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() .setSSLSocketFactory(sslsf) - .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(timeout, TimeUnit.SECONDS).build()) .build(); hcb.setConnectionManager(cm); return hcb.build(); @@ -381,7 +382,7 @@ public boolean isTrusted(X509Certificate[] chain, String authType) { final HttpClientConnectionManager cm = PoolingHttpClientConnectionManagerBuilder.create() .setSSLSocketFactory(sslsf) - .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(60, TimeUnit.SECONDS).build()) + .setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(timeout, TimeUnit.SECONDS).build()) .build(); hcb.setConnectionManager(cm); From 0d78ccf0f926a28d25fd54b7e70c4a368ed2b53e Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Tue, 18 Oct 2022 11:37:39 -0400 Subject: [PATCH 35/36] Resolved org.apache.hc.core5.http.ParseException: Invalid protocol version Signed-off-by: Andriy Redko --- .../cluster/OpenSearchClientProvider.java | 22 ++++++++++++++----- .../security/httpclient/HttpClient.java | 13 ++++++++--- .../security/tools/SecurityAdmin.java | 13 ++++++++--- .../test/AbstractSecurityUnitTest.java | 13 ++++++++--- 4 files changed, 47 insertions(+), 14 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java index 83c00a0993..cfb3efab7c 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java +++ b/src/integrationTest/java/org/opensearch/test/framework/cluster/OpenSearchClientProvider.java @@ -41,6 +41,7 @@ import java.util.stream.Stream; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.TrustManagerFactory; import org.apache.hc.client5.http.auth.AuthScope; @@ -48,12 +49,14 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider; import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; +import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; -import org.apache.hc.core5.http.nio.ssl.BasicClientTlsStrategy; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.opensearch.client.RestClient; import org.opensearch.client.RestClientBuilder; @@ -99,7 +102,18 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials(new AuthScope(null, -1), new UsernamePasswordCredentials(user.getName(), user.getPassword().toCharArray())); RestClientBuilder.HttpClientConfigCallback configCallback = httpClientBuilder -> { - TlsStrategy tlsStrategy = new BasicClientTlsStrategy(getSSLContext()); + TlsStrategy tlsStrategy = ClientTlsStrategyBuilder + .create() + .setSslContext(getSSLContext()) + .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) + .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) @@ -107,8 +121,6 @@ default RestHighLevelClient getRestHighLevelClient(UserCredentialsHolder user) { httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); httpClientBuilder.setConnectionManager(cm); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); return httpClientBuilder; }; diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 3e6121bdf3..d032ca3544 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -29,6 +29,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import com.google.common.collect.Lists; @@ -39,11 +40,12 @@ import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.apache.hc.core5.ssl.PrivateKeyDetails; import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; @@ -250,13 +252,18 @@ public String chooseAlias(Map aliases, SSLParameters .setTlsVersions(supportedProtocols) .setCiphers(supportedCipherSuites) .setHostnameVerifier(hnv) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - httpClientBuilder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); httpClientBuilder.setConnectionManager(cm); } diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index efd239f20c..4e89fd32de 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -54,6 +54,7 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import com.fasterxml.jackson.databind.InjectableValues; import com.fasterxml.jackson.databind.JsonNode; @@ -75,9 +76,10 @@ import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; @@ -1407,14 +1409,19 @@ private static RestHighLevelClient getRestHighLevelClient(SSLContext sslContext, .setSslContext(sslContext) .setTlsVersions(supportedProtocols) .setCiphers(supportedCipherSuites) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); builder.setConnectionManager(cm); return builder; }); diff --git a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java index 0996f1292d..592433d5e9 100644 --- a/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java +++ b/src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java @@ -38,6 +38,7 @@ import java.util.concurrent.atomic.AtomicLong; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; import com.carrotsearch.randomizedtesting.RandomizedTest; import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope; @@ -49,11 +50,12 @@ import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; +import org.apache.hc.core5.function.Factory; import org.apache.hc.core5.http.Header; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; -import org.apache.hc.core5.http2.HttpVersionPolicy; +import org.apache.hc.core5.reactor.ssl.TlsDetails; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; @@ -168,14 +170,19 @@ protected RestHighLevelClient getRestClient(ClusterInfo info, String keyStoreNam .setSslContext(sslContext) .setTlsVersions(new String[] { "TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"}) .setHostnameVerifier(NoopHostnameVerifier.INSTANCE) + // See please https://issues.apache.org/jira/browse/HTTPCLIENT-2219 + .setTlsDetailsFactory(new Factory() { + @Override + public TlsDetails create(final SSLEngine sslEngine) { + return new TlsDetails(sslEngine.getSession(), sslEngine.getApplicationProtocol()); + } + }) .build(); final AsyncClientConnectionManager cm = PoolingAsyncClientConnectionManagerBuilder.create() .setTlsStrategy(tlsStrategy) .build(); builder.setConnectionManager(cm); - // Attempt to resolve org.apache.hc.core5.http.ParseException: Invalid protocol version - builder.setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_1); return builder; }); return new RestHighLevelClient(restClientBuilder); From 77fe540821e042db0b6bd604c7ed1e25b0495acc Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Tue, 18 Oct 2022 12:23:19 -0400 Subject: [PATCH 36/36] Removing cipher suites which do not provide adequate security for HTTP/2 Signed-off-by: Andriy Redko --- .../org/opensearch/security/ssl/util/SSLConfigConstants.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java index 57a1df8ba4..287152d9dc 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java @@ -180,13 +180,10 @@ public static final String[] getSecureSSLProtocols(Settings settings, boolean ht "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",