diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java index 12ca085f37..88d05d0f2a 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AuditMessage.java @@ -26,7 +26,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.commons.codec.digest.DigestUtils; -import org.apache.http.client.utils.URIBuilder; +import org.apache.hc.core5.net.URIBuilder; import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.joda.time.format.DateTimeFormat; diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index ccb5301925..9a919cf9af 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -37,6 +37,8 @@ import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.core5.http.HttpHeaders; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.message.BasicHeader; @@ -45,8 +47,6 @@ import org.apache.hc.core5.ssl.PrivateKeyStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -241,7 +241,7 @@ public String chooseAlias(Map aliases, SSLParameters }); } - final HostnameVerifier hnv = verifyHostnames?new DefaultHostnameVerifier():NoopHostnameVerifier.INSTANCE; + final HostnameVerifier hnv = verifyHostnames ? new DefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE; final SSLContext sslContext = sslContextBuilder.build(); TlsStrategy tlsStrategy = ClientTlsStrategyBuilder.create() diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index a7b3a625c5..d14ecbf6b2 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -73,12 +73,12 @@ import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; import org.apache.hc.client5.http.nio.AsyncClientConnectionManager; import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder; +import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier; +import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; import org.apache.hc.core5.http.HttpHost; import org.apache.hc.core5.http.nio.ssl.TlsStrategy; import org.apache.hc.core5.ssl.SSLContextBuilder; import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.opensearch.ExceptionsHelper; import org.opensearch.OpenSearchException; diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java index 2e4b659841..0aeb4df082 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticatorTest.java @@ -29,7 +29,7 @@ import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.security.Keys; -import org.apache.http.HttpHeaders; +import org.apache.hc.core5.http.HttpHeaders; import org.junit.Assert; import org.junit.Test; diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java index bdf367ead5..5f70334127 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetrieverTest.java @@ -25,11 +25,6 @@ import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpCoreContext; -import org.apache.http.ssl.PrivateKeyDetails; -import org.apache.http.ssl.PrivateKeyStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; @@ -80,7 +75,7 @@ public void clientCertTest() throws Exception { true) { @Override protected void handleDiscoverRequest(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { + throws IOException, HttpException { MockIpdServer.SSLTestHttpServerConnection connection = (MockIpdServer.SSLTestHttpServerConnection) ((HttpCoreContext) context) .getConnection(); diff --git a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java index 580e2bcc17..1c80eeaf5b 100644 --- a/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/jwt/keybyoidc/MockIpdServer.java @@ -31,23 +31,20 @@ import javax.net.ssl.TrustManagerFactory; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; -import org.apache.http.HttpConnectionFactory; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; +import org.apache.hc.core5.http.io.HttpConnectionFactory; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.http.config.ConnectionConfig; -import org.apache.http.config.MessageConstraints; -import org.apache.http.entity.ContentLengthStrategy; -import org.apache.http.entity.StringEntity; import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.DefaultBHttpServerConnection; -import org.apache.http.impl.bootstrap.HttpServer; import org.apache.http.impl.bootstrap.SSLServerSetupHandler; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.io.HttpMessageParserFactory; -import org.apache.http.io.HttpMessageWriterFactory; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; import org.opensearch.security.test.helper.file.FileHelper; import org.opensearch.security.test.helper.network.SocketUtils; @@ -75,7 +72,7 @@ class MockIpdServer implements Closeable { this.jwks = jwks; ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port) - .registerHandler(CTX_DISCOVER, new HttpRequestHandler() { + .register(CTX_DISCOVER, new HttpRequestHandler() { @Override public void handle(HttpRequest request, HttpResponse response, HttpContext context) @@ -84,14 +81,11 @@ public void handle(HttpRequest request, HttpResponse response, HttpContext conte handleDiscoverRequest(request, response, context); } - }).registerHandler(CTX_KEYS, new HttpRequestHandler() { + }).register(CTX_KEYS, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleKeysRequest(request, response, context); - } }); diff --git a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java index 9b2a2f1854..578d696bf3 100644 --- a/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java +++ b/src/test/java/com/amazon/dlic/auth/http/saml/MockSamlIdpServer.java @@ -44,6 +44,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLSocket; @@ -65,28 +66,32 @@ import net.shibboleth.utilities.java.support.codec.Base64Support; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; -import org.apache.http.Header; -import org.apache.http.HttpConnectionFactory; +import org.apache.hc.core5.function.Callback; +import org.apache.hc.core5.http.ClassicHttpRequest; +import org.apache.hc.core5.http.ClassicHttpResponse; +import org.apache.hc.core5.http.ContentLengthStrategy; +import org.apache.hc.core5.http.Header; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpRequest; +import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.NameValuePair; +import org.apache.hc.core5.http.config.Http1Config; +import org.apache.hc.core5.http.impl.bootstrap.HttpServer; +import org.apache.hc.core5.http.impl.bootstrap.ServerBootstrap; +import org.apache.hc.core5.http.impl.io.DefaultBHttpServerConnection; +import org.apache.hc.core5.http.io.HttpConnectionFactory; +import org.apache.hc.core5.http.io.HttpMessageParserFactory; +import org.apache.hc.core5.http.io.HttpMessageWriterFactory; +import org.apache.hc.core5.http.io.HttpRequestHandler; +import org.apache.hc.core5.http.io.entity.StringEntity; +import org.apache.hc.core5.http.message.BasicHttpRequest; +import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.net.URIBuilder; import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.NameValuePair; -import org.apache.http.client.utils.URIBuilder; import org.apache.http.config.ConnectionConfig; import org.apache.http.config.MessageConstraints; -import org.apache.http.entity.ContentLengthStrategy; -import org.apache.http.entity.StringEntity; import org.apache.http.impl.ConnSupport; -import org.apache.http.impl.DefaultBHttpServerConnection; -import org.apache.http.impl.bootstrap.HttpServer; import org.apache.http.impl.bootstrap.SSLServerSetupHandler; -import org.apache.http.impl.bootstrap.ServerBootstrap; -import org.apache.http.io.HttpMessageParserFactory; -import org.apache.http.io.HttpMessageWriterFactory; -import org.apache.http.message.BasicHttpRequest; -import org.apache.http.protocol.HttpContext; -import org.apache.http.protocol.HttpRequestHandler; import org.joda.time.DateTime; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.XMLObjectBuilderFactory; @@ -199,53 +204,50 @@ class MockSamlIdpServer implements Closeable { this.loadSigningKeys("saml/kirk-keystore.jks", "kirk"); ServerBootstrap serverBootstrap = ServerBootstrap.bootstrap().setListenerPort(port) - .registerHandler(CTX_METADATA, new HttpRequestHandler() { + .register(CTX_METADATA, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleMetadataRequest(request, response, context); } - }).registerHandler(CTX_SAML_SSO, new HttpRequestHandler() { + }).register(CTX_SAML_SSO, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleSsoRequest(request, response, context); - } - }).registerHandler(CTX_SAML_SLO, new HttpRequestHandler() { + }).register(CTX_SAML_SLO, new HttpRequestHandler() { @Override - public void handle(HttpRequest request, HttpResponse response, HttpContext context) - throws HttpException, IOException { - + public void handle(ClassicHttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { handleSloRequest(request, response, context); - } }); if (ssl) { - serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) - .setSslSetupHandler(new SSLServerSetupHandler() { + serverBootstrap = serverBootstrap.setSslContext(createSSLContext()) + .setSslSetupHandler(new Callback() { @Override - public void initialize(SSLServerSocket socket) throws SSLException { - socket.setNeedClientAuth(true); + public void execute(SSLParameters object) { + object.setNeedClientAuth(true); } - }).setConnectionFactory(new HttpConnectionFactory() { + }) + .setConnectionFactory(new HttpConnectionFactory() { private ConnectionConfig cconfig = ConnectionConfig.DEFAULT; + private Http1Config http1Config = Http1Config.custom() + .setBufferSize(this.cconfig.getBufferSize()).setChunkSizeHint(this.cconfig.getFragmentSizeHint()).build(); + @Override public DefaultBHttpServerConnection createConnection(final Socket socket) throws IOException { - final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection( - this.cconfig.getBufferSize(), this.cconfig.getFragmentSizeHint(), - ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig), - this.cconfig.getMessageConstraints(), null, null, null, null); + final SSLTestHttpServerConnection conn = new SSLTestHttpServerConnection("http", + http1Config, + ConnSupport.createDecoder(this.cconfig), ConnSupport.createEncoder(this.cconfig) + , null, null, null, null); conn.bind(socket); return conn; } @@ -306,9 +308,9 @@ public int getPort() { return port; } - protected void handleMetadataRequest(HttpRequest request, HttpResponse response, HttpContext context) + protected void handleMetadataRequest(HttpRequest request, ClassicHttpResponse response, HttpContext context) throws HttpException, IOException { - response.setStatusCode(200); + response.setCode(200); response.setHeader("Cache-Control", "public, max-age=31536000"); response.setHeader("Content-Type", "application/xml"); response.setEntity(new StringEntity(createMetadata())); @@ -317,10 +319,10 @@ protected void handleMetadataRequest(HttpRequest request, HttpResponse response, protected void handleSsoRequest(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - if ("GET".equalsIgnoreCase(request.getRequestLine().getMethod())) { + if ("GET".equalsIgnoreCase(request.getMethod())) { handleSsoGetRequestBase(request); } else { - response.setStatusCode(405); + response.setCode(405); } } @@ -328,10 +330,10 @@ protected void handleSsoRequest(HttpRequest request, HttpResponse response, Http protected void handleSloRequest(HttpRequest request, HttpResponse response, HttpContext context) throws HttpException, IOException { - if ("GET".equalsIgnoreCase(request.getRequestLine().getMethod())) { + if ("GET".equalsIgnoreCase(request.getMethod())) { handleSloGetRequestBase(request); } else { - response.setStatusCode(405); + response.setCode(405); } } @@ -726,19 +728,15 @@ private String nextId() { } static class SSLTestHttpServerConnection extends DefaultBHttpServerConnection { - public SSLTestHttpServerConnection(final int buffersize, final int fragmentSizeHint, - final CharsetDecoder chardecoder, final CharsetEncoder charencoder, - final MessageConstraints constraints, final ContentLengthStrategy incomingContentStrategy, - final ContentLengthStrategy outgoingContentStrategy, - final HttpMessageParserFactory requestParserFactory, - final HttpMessageWriterFactory responseWriterFactory) { - super(buffersize, fragmentSizeHint, chardecoder, charencoder, constraints, incomingContentStrategy, + public SSLTestHttpServerConnection(final String scheme, Http1Config http1Config, + final CharsetDecoder charDecoder, final CharsetEncoder charEncoder, + final ContentLengthStrategy incomingContentStrategy, + final ContentLengthStrategy outgoingContentStrategy, + final HttpMessageParserFactory requestParserFactory, + final HttpMessageWriterFactory responseWriterFactory) { + super(scheme, http1Config, charDecoder, charEncoder, incomingContentStrategy, outgoingContentStrategy, requestParserFactory, responseWriterFactory); } - - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { - return ((SSLSocket) getSocket()).getSession().getPeerCertificates(); - } } static class FakeHttpServletRequest implements HttpServletRequest { @@ -748,7 +746,7 @@ static class FakeHttpServletRequest implements HttpServletRequest { FakeHttpServletRequest(HttpRequest delegate) throws URISyntaxException { this.delegate = delegate; - String uri = delegate.getRequestLine().getUri(); + String uri = delegate.getRequestUri(); this.uriBuilder = new URIBuilder(uri); this.queryParams = uriBuilder.getQueryParams().stream() .collect(Collectors.toMap(NameValuePair::getName, NameValuePair::getValue)); @@ -981,7 +979,7 @@ public String getHeader(String name) { @Override public Enumeration getHeaderNames() { return Collections.enumeration( - Arrays.asList(delegate.getAllHeaders()).stream().map(Header::getName).collect(Collectors.toSet())); + Arrays.asList(delegate.getHeaders()).stream().map(Header::getName).collect(Collectors.toSet())); } @SuppressWarnings("rawtypes") @@ -1010,7 +1008,7 @@ public int getIntHeader(String name) { @Override public String getMethod() { - return delegate.getRequestLine().getMethod(); + return delegate.getMethod(); } @Override @@ -1025,7 +1023,7 @@ public String getPathTranslated() { @Override public String getQueryString() { - return this.delegate.getRequestLine().getUri().replaceAll("^.*\\?", ""); + return this.delegate.getRequestUri().replaceAll("^.*\\?", ""); } @Override @@ -1035,12 +1033,12 @@ public String getRemoteUser() { @Override public String getRequestURI() { - return delegate.getRequestLine().getUri(); + return delegate.getRequestUri(); } @Override public StringBuffer getRequestURL() { - return new StringBuffer(delegate.getRequestLine().getUri()); + return new StringBuffer(delegate.getRequestUri()); } @Override diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index e028ac82e3..331abdc414 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -31,7 +31,7 @@ import javax.net.ssl.SSLHandshakeException; import io.netty.util.internal.PlatformDependent; -import org.apache.http.NoHttpResponseException; +import org.apache.hc.core5.http.NoHttpResponseException; import org.apache.lucene.util.Constants; import org.junit.Assert; import org.junit.Assume;