SCANJLIB-287 Replace okhttp by the native JDK HttpClient (#268)

Author: henryju

lib/pom.xml

@@ -18,18 +18,6 @@
       <!-- provided by the bootstrapper plugin context (Maven, Gradle) -->
       <scope>provided</scope>
     </dependency>
-    <dependency>
-      <groupId>com.squareup.okhttp3</groupId>
-      <artifactId>okhttp-jvm</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.squareup.okhttp3</groupId>
-      <artifactId>okhttp-urlconnection</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.squareup.okhttp3</groupId>
-      <artifactId>logging-interceptor</artifactId>
-    </dependency>
     <dependency>
       <groupId>com.google.code.gson</groupId>
       <artifactId>gson</artifactId>

lib/src/main/java/org/sonarsource/scanner/lib/internal/facade/forked/ScannerEngineLauncher.java

@@ -37,7 +37,7 @@
 import org.slf4j.LoggerFactory;
 import org.sonarsource.scanner.downloadcache.CachedFile;
 import org.sonarsource.scanner.lib.ScannerProperties;
-import org.sonarsource.scanner.lib.internal.http.OkHttpClientFactory;
+import org.sonarsource.scanner.lib.internal.http.HttpClientFactory;
 import org.sonarsource.scanner.lib.internal.util.Either;
 
 public class ScannerEngineLauncher {
@@ -117,7 +117,7 @@ private List<String> buildArgs(Map<String, String> properties) {
       LOG.info("SONAR_SCANNER_JAVA_OPTS={}", redactSensitiveArguments(split));
       args.addAll(split);
     }
-    args.add("-D" + OkHttpClientFactory.BC_IGNORE_USELESS_PASSWD + "=true");
+    args.add("-D" + HttpClientFactory.BC_IGNORE_USELESS_PASSWD + "=true");
     args.add("-jar");
     args.add(scannerEngineJar.map(CachedFile::getPath, Function.identity()).toAbsolutePath().toString());
     return args;

…b/internal/http/OkHttpClientFactory.java …lib/internal/http/HttpClientFactory.javalib/src/main/java/org/sonarsource/scanner/lib/internal/http/OkHttpClientFactory.java renamed to lib/src/main/java/org/sonarsource/scanner/lib/internal/http/HttpClientFactory.java lib/src/main/java/org/sonarsource/scanner/lib/internal/http/OkHttpClientFactory.java renamed to lib/src/main/java/org/sonarsource/scanner/lib/internal/http/HttpClientFactory.java

@@ -23,98 +23,62 @@
 import java.io.InputStream;
 import java.net.CookieManager;
 import java.net.CookiePolicy;
-import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+import java.net.ProxySelector;
+import java.net.http.HttpClient;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
-import java.util.Optional;
-import java.util.concurrent.TimeUnit;
 import javax.annotation.Nullable;
 import nl.altindag.ssl.SSLFactory;
 import nl.altindag.ssl.exception.GenericKeyStoreException;
 import nl.altindag.ssl.util.KeyStoreUtils;
-import okhttp3.ConnectionSpec;
-import okhttp3.Credentials;
-import okhttp3.JavaNetCookieJar;
-import okhttp3.OkHttpClient;
-import okhttp3.logging.HttpLoggingInterceptor;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Properties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.sonarsource.scanner.lib.internal.http.ssl.CertificateStore;
 import org.sonarsource.scanner.lib.internal.http.ssl.SslConfig;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
-import static java.util.Arrays.asList;
-import static org.apache.commons.lang3.StringUtils.isNotBlank;
 import static org.sonarsource.scanner.lib.ScannerProperties.SONAR_SCANNER_SKIP_SYSTEM_TRUSTSTORE;
 
-public class OkHttpClientFactory {
+public class HttpClientFactory {
 
-  private static final Logger LOG = LoggerFactory.getLogger(OkHttpClientFactory.class);
+  private static final Logger LOG = LoggerFactory.getLogger(HttpClientFactory.class);
 
   static final CookieManager COOKIE_MANAGER;
-  private static final String PROXY_AUTHORIZATION = "Proxy-Authorization";
-  // use the same cookie jar for all instances
-  private static final JavaNetCookieJar COOKIE_JAR;
-  // This property tells Bouncycastle to not fail on empty keystore passwords
   public static final String BC_IGNORE_USELESS_PASSWD = "org.bouncycastle.pkcs12.ignore_useless_passwd";
 
-  private OkHttpClientFactory() {
-    // only statics
+  private HttpClientFactory() {
   }
 
   static {
     COOKIE_MANAGER = new CookieManager();
     COOKIE_MANAGER.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
-    COOKIE_JAR = new JavaNetCookieJar(COOKIE_MANAGER);
   }
 
-  static OkHttpClient create(HttpConfig httpConfig) {
-
+  static HttpClient create(HttpConfig httpConfig) {
     var sslContext = configureSsl(httpConfig.getSslConfig(), httpConfig.skipSystemTruststore());
 
-    OkHttpClient.Builder okHttpClientBuilder = new OkHttpClient.Builder()
-      .connectTimeout(httpConfig.getConnectTimeout().toMillis(), TimeUnit.MILLISECONDS)
-      .readTimeout(httpConfig.getSocketTimeout().toMillis(), TimeUnit.MILLISECONDS)
-      .callTimeout(httpConfig.getResponseTimeout().toMillis(), TimeUnit.MILLISECONDS)
-      .cookieJar(COOKIE_JAR)
-      .sslSocketFactory(sslContext.getSslSocketFactory(), sslContext.getTrustManager().orElseThrow());
-
-    ConnectionSpec tls = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
-      .allEnabledTlsVersions()
-      .allEnabledCipherSuites()
-      .build();
-    okHttpClientBuilder.connectionSpecs(asList(tls, ConnectionSpec.CLEARTEXT));
+    var httpClientBuilder = HttpClient.newBuilder()
+      .connectTimeout(httpConfig.getConnectTimeout())
+      .cookieHandler(COOKIE_MANAGER)
+      .sslContext(sslContext.getSslContext())
+      .sslParameters(sslContext.getSslParameters())
+      .followRedirects(HttpClient.Redirect.NEVER);
 
     if (httpConfig.getProxy() != null) {
-      okHttpClientBuilder.proxy(httpConfig.getProxy());
-    }
-
-    if (isNotBlank(httpConfig.getProxyUser())) {
-      okHttpClientBuilder.proxyAuthenticator((route, response) -> {
-        if (response.request().header(PROXY_AUTHORIZATION) != null) {
-          // Give up, we've already attempted to authenticate.
-          return null;
-        }
-        if (HttpURLConnection.HTTP_PROXY_AUTH == response.code()) {
-          String credential = Credentials.basic(httpConfig.getProxyUser(), Optional.ofNullable(httpConfig.getProxyPassword()).orElse(""), UTF_8);
-          return response.request().newBuilder().header(PROXY_AUTHORIZATION, credential).build();
-        }
-        return null;
-      });
+      var proxyAddress = httpConfig.getProxy().address();
+      if (proxyAddress instanceof InetSocketAddress) {
+        httpClientBuilder.proxy(ProxySelector.of((InetSocketAddress) proxyAddress));
+      }
     }
 
-    var logging = new HttpLoggingInterceptor(LOG::debug);
-    logging.setLevel(HttpLoggingInterceptor.Level.BASIC);
-    okHttpClientBuilder.addInterceptor(logging);
-
-    return okHttpClientBuilder.build();
+    return httpClientBuilder.build();
   }
 
   private static SSLFactory configureSsl(SslConfig sslConfig, boolean skipSystemTrustMaterial) {

lib/src/main/java/org/sonarsource/scanner/lib/internal/http/HttpException.java

@@ -20,24 +20,28 @@
 package org.sonarsource.scanner.lib.internal.http;
 
 import java.net.URL;
+import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class HttpException extends RuntimeException {
+  private static final Logger LOG = LoggerFactory.getLogger(HttpException.class);
   private final int code;
 
-  public HttpException(URL requestUrl, int statusCode, String statusText, @Nullable String body) {
-    super(formatMessage(requestUrl, statusCode, statusText, body));
+  public HttpException(URL requestUrl, int statusCode, @Nullable String body) {
+    super(formatMessage(requestUrl, statusCode, body));
     this.code = statusCode;
   }
 
-  private static String formatMessage(URL requestUrl, int code, String statusText, @Nullable String body) {
+  private static String formatMessage(URL requestUrl, int code, @Nullable String body) {
     String message = "GET " + requestUrl + " failed with HTTP " + code;
-    if (StringUtils.isNotBlank(statusText)) {
-      message += " " + statusText;
+    var reasonPhrase = getReasonPhrase(code);
+    if (reasonPhrase != null) {
+      message += " " + reasonPhrase;
     }
-    if (LoggerFactory.getLogger(HttpException.class).isDebugEnabled() && StringUtils.isNotBlank(body)) {
+    if (LOG.isDebugEnabled() && StringUtils.isNotBlank(body)) {
       message += "\n" + body;
     }
     return message;
@@ -47,4 +51,58 @@ public int getCode() {
     return code;
   }
 
+  @CheckForNull
+  private static String getReasonPhrase(int statusCode) {
+    switch (statusCode) {
+      case 200:
+        return "OK";
+      case 201:
+        return "Created";
+      case 204:
+        return "No Content";
+      case 301:
+        return "Moved Permanently";
+      case 302:
+        return "Found";
+      case 303:
+        return "See Other";
+      case 304:
+        return "Not Modified";
+      case 307:
+        return "Temporary Redirect";
+      case 308:
+        return "Permanent Redirect";
+      case 400:
+        return "Bad Request";
+      case 401:
+        return "Unauthorized";
+      case 403:
+        return "Forbidden";
+      case 404:
+        return "Not Found";
+      case 405:
+        return "Method Not Allowed";
+      case 407:
+        return "Proxy Authentication Required";
+      case 408:
+        return "Request Timeout";
+      case 409:
+        return "Conflict";
+      case 410:
+        return "Gone";
+      case 500:
+        return "Internal Server Error";
+      case 501:
+        return "Not Implemented";
+      case 502:
+        return "Bad Gateway";
+      case 503:
+        return "Service Unavailable";
+      case 504:
+        return "Gateway Timeout";
+      default:
+        return null;
+    }
+  }
+
 }