diff --git a/kork-retrofit/src/test/java/com/netflix/spinnaker/kork/retrofit/exceptions/SpinnakerRetrofitErrorHandlerTest.java b/kork-retrofit/src/test/java/com/netflix/spinnaker/kork/retrofit/exceptions/SpinnakerRetrofitErrorHandlerTest.java index 748fa7bc1..f259424c2 100644 --- a/kork-retrofit/src/test/java/com/netflix/spinnaker/kork/retrofit/exceptions/SpinnakerRetrofitErrorHandlerTest.java +++ b/kork-retrofit/src/test/java/com/netflix/spinnaker/kork/retrofit/exceptions/SpinnakerRetrofitErrorHandlerTest.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; +import com.jakewharton.retrofit.Ok3Client; import java.io.IOException; import java.util.HashMap; import java.util.Map; @@ -52,6 +53,7 @@ static void setupOnce() throws Exception { retrofitService = new RestAdapter.Builder() + .setClient(new Ok3Client()) .setEndpoint(mockWebServer.url("/").toString()) .setErrorHandler(SpinnakerRetrofitErrorHandler.getInstance()) .build() diff --git a/kork-web/kork-web.gradle b/kork-web/kork-web.gradle index 2ddb202fa..a187fc9d4 100644 --- a/kork-web/kork-web.gradle +++ b/kork-web/kork-web.gradle @@ -23,7 +23,6 @@ dependencies { api "org.springframework.security:spring-security-core" api "com.netflix.spectator:spectator-api" api "com.fasterxml.jackson.core:jackson-annotations" - api "com.squareup.okhttp:okhttp" api "com.squareup.okhttp3:logging-interceptor" api "com.squareup.okhttp3:okhttp" api "com.squareup.retrofit:retrofit" diff --git a/kork-web/src/main/groovy/com/netflix/spinnaker/config/OkHttpClientConfiguration.groovy b/kork-web/src/main/groovy/com/netflix/spinnaker/config/OkHttpClientConfiguration.groovy deleted file mode 100644 index 3dabe98d7..000000000 --- a/kork-web/src/main/groovy/com/netflix/spinnaker/config/OkHttpClientConfiguration.groovy +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2015 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.config - -import com.netflix.spinnaker.okhttp.OkHttpClientConfigurationProperties -import com.netflix.spinnaker.okhttp.OkHttpMetricsInterceptor -import com.squareup.okhttp.ConnectionPool -import com.squareup.okhttp.ConnectionSpec -import com.squareup.okhttp.OkHttpClient -import groovy.transform.CompileDynamic -import groovy.transform.CompileStatic -import groovy.util.logging.Slf4j -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.stereotype.Component - -import javax.net.ssl.KeyManagerFactory -import javax.net.ssl.SSLContext -import javax.net.ssl.TrustManagerFactory -import java.security.KeyStore -import java.security.NoSuchAlgorithmException -import java.security.SecureRandom -import java.util.concurrent.TimeUnit - -/** - * @deprecated replaced by {@link OkHttp3ClientConfiguration} - */ - -@Slf4j -@CompileStatic -@Component -@Deprecated // see OkHttp3ClientConfiguration -class OkHttpClientConfiguration { - - private final OkHttpClientConfigurationProperties okHttpClientConfigurationProperties - private final OkHttpMetricsInterceptor okHttpMetricsInterceptor - - @Autowired - public OkHttpClientConfiguration(OkHttpClientConfigurationProperties okHttpClientConfigurationProperties, - OkHttpMetricsInterceptor okHttpMetricsInterceptor) { - this.okHttpClientConfigurationProperties = okHttpClientConfigurationProperties - this.okHttpMetricsInterceptor = okHttpMetricsInterceptor - } - - /** - * @return OkHttpClient w/ key and trust stores - */ - OkHttpClient create() { - - def okHttpClient = new OkHttpClient() - okHttpClient.setConnectTimeout(okHttpClientConfigurationProperties.connectTimeoutMs, TimeUnit.MILLISECONDS) - okHttpClient.setReadTimeout(okHttpClientConfigurationProperties.readTimeoutMs, TimeUnit.MILLISECONDS) - okHttpClient.setRetryOnConnectionFailure(okHttpClientConfigurationProperties.retryOnConnectionFailure) - okHttpClient.interceptors().add(okHttpMetricsInterceptor) - okHttpClient.connectionPool = new ConnectionPool( - okHttpClientConfigurationProperties.connectionPool.maxIdleConnections, - okHttpClientConfigurationProperties.connectionPool.keepAliveDurationMs) - - if (!okHttpClientConfigurationProperties.keyStore && !okHttpClientConfigurationProperties.trustStore) { - return okHttpClient - } - - def sslContext = SSLContext.getInstance('TLS') - - def keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) - def ks = KeyStore.getInstance(okHttpClientConfigurationProperties.keyStoreType) - okHttpClientConfigurationProperties.keyStore.withInputStream { - ks.load(it as InputStream, okHttpClientConfigurationProperties.keyStorePassword.toCharArray()) - } - keyManagerFactory.init(ks, okHttpClientConfigurationProperties.keyStorePassword.toCharArray()) - - def trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) - def ts = KeyStore.getInstance(okHttpClientConfigurationProperties.trustStoreType) - okHttpClientConfigurationProperties.trustStore.withInputStream { - ts.load(it as InputStream, okHttpClientConfigurationProperties.trustStorePassword.toCharArray()) - } - trustManagerFactory.init(ts) - - def secureRandom = new SecureRandom() - try { - secureRandom = SecureRandom.getInstance(okHttpClientConfigurationProperties.secureRandomInstanceType) - } catch (NoSuchAlgorithmException e) { - log.error("Unable to fetch secure random instance for ${okHttpClientConfigurationProperties.secureRandomInstanceType}", e) - } - - sslContext.init(keyManagerFactory.keyManagers, trustManagerFactory.trustManagers, secureRandom) - okHttpClient.setSslSocketFactory(sslContext.socketFactory) - - return applyConnectionSpecs(okHttpClient) - } - - @CompileDynamic - private OkHttpClient applyConnectionSpecs(OkHttpClient okHttpClient) { - def cipherSuites = (okHttpClientConfigurationProperties.cipherSuites ?: ConnectionSpec.MODERN_TLS.cipherSuites()*.javaName) as String[] - def tlsVersions = (okHttpClientConfigurationProperties.tlsVersions ?: ConnectionSpec.MODERN_TLS.tlsVersions()*.javaName) as String[] - - def connectionSpec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) - .cipherSuites(cipherSuites) - .tlsVersions(tlsVersions) - .build() - - return okHttpClient.setConnectionSpecs([connectionSpec, ConnectionSpec.CLEARTEXT] as List) - } -} diff --git a/kork-web/src/main/java/com/netflix/spinnaker/config/OkHttpClientComponents.java b/kork-web/src/main/java/com/netflix/spinnaker/config/OkHttpClientComponents.java index 796bfe144..b91508f82 100644 --- a/kork-web/src/main/java/com/netflix/spinnaker/config/OkHttpClientComponents.java +++ b/kork-web/src/main/java/com/netflix/spinnaker/config/OkHttpClientComponents.java @@ -28,7 +28,6 @@ import com.netflix.spinnaker.kork.crypto.X509IdentitySource; import com.netflix.spinnaker.okhttp.OkHttp3MetricsInterceptor; import com.netflix.spinnaker.okhttp.OkHttpClientConfigurationProperties; -import com.netflix.spinnaker.okhttp.OkHttpMetricsInterceptor; import com.netflix.spinnaker.okhttp.SpinnakerRequestHeaderInterceptor; import com.netflix.spinnaker.okhttp.SpinnakerRequestInterceptor; import com.netflix.spinnaker.retrofit.Retrofit2ConfigurationProperties; @@ -90,11 +89,6 @@ public SpinnakerRequestHeaderInterceptor spinnakerRequestHeaderInterceptor() { return new SpinnakerRequestHeaderInterceptor(clientProperties.getPropagateSpinnakerHeaders()); } - @Bean - public OkHttpMetricsInterceptor okHttpMetricsInterceptor() { - return new OkHttpMetricsInterceptor(registryProvider, metricsProperties); - } - @Bean public OkHttp3MetricsInterceptor okHttp3MetricsInterceptor() { return new OkHttp3MetricsInterceptor(registryProvider, metricsProperties); diff --git a/kork-web/src/main/java/com/netflix/spinnaker/okhttp/MetricsInterceptor.java b/kork-web/src/main/java/com/netflix/spinnaker/okhttp/MetricsInterceptor.java index 477b81ad5..f9232b862 100644 --- a/kork-web/src/main/java/com/netflix/spinnaker/okhttp/MetricsInterceptor.java +++ b/kork-web/src/main/java/com/netflix/spinnaker/okhttp/MetricsInterceptor.java @@ -3,9 +3,6 @@ import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.config.OkHttpMetricsInterceptorProperties; import com.netflix.spinnaker.kork.common.Header; -import com.squareup.okhttp.Interceptor; -import com.squareup.okhttp.Request; -import com.squareup.okhttp.Response; import java.io.IOException; import java.net.URL; import java.util.ArrayList; @@ -45,14 +42,11 @@ protected final Object doIntercept(Object chainObject) throws IOException { boolean wasSuccessful = false; int statusCode = -1; - Interceptor.Chain chain = - (chainObject instanceof Interceptor.Chain) ? (Interceptor.Chain) chainObject : null; okhttp3.Interceptor.Chain chain3 = (chainObject instanceof okhttp3.Interceptor.Chain) ? (okhttp3.Interceptor.Chain) chainObject : null; - Request request = (chain != null) ? chain.request() : null; okhttp3.Request request3 = (chain3 != null) ? chain3.request() : null; List missingHeaders = new ArrayList<>(); @@ -63,24 +57,14 @@ protected final Object doIntercept(Object chainObject) throws IOException { Object response; - if (chain != null) { - method = request.method(); - url = request.url(); - response = chain.proceed(request); - statusCode = ((Response) response).code(); - } else { - method = request3.method(); - url = request3.url().url(); - response = chain3.proceed(request3); - statusCode = ((okhttp3.Response) response).code(); - } + method = request3.method(); + url = request3.url().url(); + response = chain3.proceed(request3); + statusCode = ((okhttp3.Response) response).code(); if (checkForHeaders(url.toString())) { for (Header header : Header.values()) { - String headerValue = - (request != null) - ? request.header(header.getHeader()) - : request3.header(header.getHeader()); + String headerValue = request3.header(header.getHeader()); if (header.isRequired() && StringUtils.isEmpty(headerValue)) { missingHeaders.add(header.getHeader()); diff --git a/kork-web/src/main/java/com/netflix/spinnaker/okhttp/OkHttpMetricsInterceptor.java b/kork-web/src/main/java/com/netflix/spinnaker/okhttp/OkHttpMetricsInterceptor.java deleted file mode 100644 index bf04528f2..000000000 --- a/kork-web/src/main/java/com/netflix/spinnaker/okhttp/OkHttpMetricsInterceptor.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2018 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.netflix.spinnaker.okhttp; - -import com.netflix.spectator.api.Registry; -import com.netflix.spinnaker.config.OkHttpMetricsInterceptorProperties; -import com.squareup.okhttp.Interceptor; -import com.squareup.okhttp.Response; -import java.io.IOException; -import javax.inject.Provider; - -public class OkHttpMetricsInterceptor extends MetricsInterceptor - implements com.squareup.okhttp.Interceptor { - public OkHttpMetricsInterceptor( - Provider registry, - OkHttpMetricsInterceptorProperties okHttpMetricsInterceptorProperties) { - super(registry, okHttpMetricsInterceptorProperties); - } - - @Override - public Response intercept(Interceptor.Chain chain) throws IOException { - try { - return (Response) doIntercept(chain); - } catch (IOException ioe) { - throw ioe; - } catch (Exception ex) { - throw new IOException(ex); - } - } -} diff --git a/kork-web/src/test/java/com/netflix/spinnaker/config/OkHttpClientComponentsTest.java b/kork-web/src/test/java/com/netflix/spinnaker/config/OkHttpClientComponentsTest.java index 0975280a3..83ae35297 100644 --- a/kork-web/src/test/java/com/netflix/spinnaker/config/OkHttpClientComponentsTest.java +++ b/kork-web/src/test/java/com/netflix/spinnaker/config/OkHttpClientComponentsTest.java @@ -19,7 +19,6 @@ import static org.assertj.core.api.Assertions.assertThat; import com.netflix.spinnaker.okhttp.OkHttp3MetricsInterceptor; -import com.netflix.spinnaker.okhttp.OkHttpMetricsInterceptor; import com.netflix.spinnaker.okhttp.SpinnakerRequestHeaderInterceptor; import com.netflix.spinnaker.okhttp.SpinnakerRequestInterceptor; import org.junit.jupiter.api.BeforeEach; @@ -47,7 +46,6 @@ void verifyValidConfiguration() { ctx -> { assertThat(ctx).hasSingleBean(SpinnakerRequestInterceptor.class); assertThat(ctx).hasSingleBean(SpinnakerRequestHeaderInterceptor.class); - assertThat(ctx).hasSingleBean(OkHttpMetricsInterceptor.class); assertThat(ctx).hasSingleBean(OkHttp3MetricsInterceptor.class); }); } diff --git a/spinnaker-dependencies/spinnaker-dependencies.gradle b/spinnaker-dependencies/spinnaker-dependencies.gradle index be1c46b2d..6e3d52e0b 100644 --- a/spinnaker-dependencies/spinnaker-dependencies.gradle +++ b/spinnaker-dependencies/spinnaker-dependencies.gradle @@ -20,7 +20,6 @@ ext { // 1.4.14. See https://logback.qos.ch/news.html#1.3.12. logback : "1.2.13", protobuf : "3.25.2", - okhttp : "2.7.5", // CVE-2016-2402 okhttp3 : "4.9.3", openapi : "1.3.9", // this needs to be kept in sync with spring boot as it pulls in the spring-boot-dependencies BOM restassured : "5.2.1", // spring boot 2.7.18 brings rest-assured 4.5.1. It uses groovy 3. Keep until spring boot >=3.0.13 @@ -140,10 +139,6 @@ dependencies { api("com.squareup.okhttp3:okhttp-sse:${versions.okhttp3}") api("com.squareup.okhttp3:okhttp-urlconnection:${versions.okhttp3}") api("com.squareup.okhttp3:okhttp:${versions.okhttp3}") - api("com.squareup.okhttp:mockwebserver:${versions.okhttp}") - api("com.squareup.okhttp:okhttp-apache:${versions.okhttp}") - api("com.squareup.okhttp:okhttp-urlconnection:${versions.okhttp}") - api("com.squareup.okhttp:okhttp:${versions.okhttp}") api("com.squareup.retrofit2:converter-jackson:${versions.retrofit2}") api("com.squareup.retrofit2:retrofit-mock:${versions.retrofit2}") api("com.squareup.retrofit2:retrofit:${versions.retrofit2}")