Set correct ssl factory when using OAUTH

Author: psainics

src/main/java/io/cdap/plugin/http/common/http/OAuthUtil.java

@@ -83,6 +83,13 @@ public static AccessToken getAccessToken(BaseHttpConfig config) throws IOExcepti
         // get accessToken from service account
         return OAuthUtil.getAccessTokenByServiceAccount(config);
       case OAUTH2:
+        if (config instanceof BaseHttpSourceConfig) {
+          try (CloseableHttpClient client = HttpClients.custom()
+              .setSSLSocketFactory(new SSLConnectionSocketFactoryCreator((BaseHttpSourceConfig) config).create())
+              .build()) {
+            return getAccessToken(client, config);
+          }
+        }
         try (CloseableHttpClient client = HttpClients.createDefault()) {
           return getAccessToken(client, config);
         }

src/main/java/io/cdap/plugin/http/source/batch/HttpBatchSourceConfig.java

@@ -20,7 +20,9 @@
 import io.cdap.cdap.etl.api.FailureCollector;
 import io.cdap.plugin.http.common.http.AuthType;
 import io.cdap.plugin.http.common.http.HttpClient;
+import io.cdap.plugin.http.common.http.KeyStoreType;
 import io.cdap.plugin.http.common.http.OAuthUtil;
+import io.cdap.plugin.http.common.http.SSLConnectionSocketFactoryCreator;
 import io.cdap.plugin.http.source.common.BaseHttpSourceConfig;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpHost;
@@ -70,7 +72,8 @@ private void validateOAuth2Credentials(FailureCollector collector) {
       !containsMacro(PROPERTY_PROXY_PASSWORD) && !containsMacro(PROPERTY_PROXY_USERNAME) &&
       !containsMacro(PROPERTY_PROXY_URL) && !containsMacro(PROPERTY_OAUTH2_CLIENT_AUTHENTICATION) &&
       !containsMacro(PROPERTY_OAUTH2_GRANT_TYPE)) {
-      HttpClientBuilder httpclientBuilder = HttpClients.custom();
+      HttpClientBuilder httpclientBuilder = HttpClients.custom()
+          .setSSLSocketFactory(new SSLConnectionSocketFactoryCreator(this).create());
       if (!Strings.isNullOrEmpty(getProxyUrl())) {
         HttpHost proxyHost = HttpHost.create(getProxyUrl());
         if (!Strings.isNullOrEmpty(getProxyUsername()) && !Strings.isNullOrEmpty(getProxyPassword())) {
@@ -140,6 +143,7 @@ private HttpBatchSourceConfig(HttpBatchSourceConfigBuilder builder) {
     this.readTimeout = builder.readTimeout;
     this.paginationType = builder.paginationType;
     this.verifyHttps = builder.verifyHttps;
+    this.keystoreType = builder.keystoreType;
     this.authType = builder.authType;
     this.authUrl = builder.authUrl;
     this.clientId = builder.clientId;
@@ -180,6 +184,7 @@ public static class HttpBatchSourceConfigBuilder {
     private Integer readTimeout;
     private String paginationType;
     private String verifyHttps;
+    private String keystoreType;
     private String authType;
     private String authUrl;
     private String tokenUrl;
@@ -345,6 +350,11 @@ public HttpBatchSourceConfigBuilder setAuthType(String authType) {
       return this;
     }
 
+    public  HttpBatchSourceConfigBuilder setKeystoreType(KeyStoreType keystoreTypeObj) {
+      this.keystoreType = keystoreTypeObj.getValue();
+      return this;
+    }
+
     public HttpBatchSourceConfig build() {
       return new HttpBatchSourceConfig(this);
     }

src/test/java/io/cdap/plugin/http/source/common/HttpBatchSourceConfigTest.java

@@ -21,6 +21,7 @@
 import io.cdap.cdap.etl.api.validation.InvalidConfigPropertyException;
 import io.cdap.cdap.etl.mock.validation.MockFailureCollector;
 import io.cdap.plugin.http.common.http.HttpClient;
+import io.cdap.plugin.http.common.http.KeyStoreType;
 import io.cdap.plugin.http.common.http.OAuthUtil;
 import io.cdap.plugin.http.common.pagination.BaseHttpPaginationIterator;
 import io.cdap.plugin.http.common.pagination.PaginationIteratorFactory;
@@ -53,7 +54,7 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest({PaginationIteratorFactory.class, HttpClientBuilder.class, HttpClients.class, OAuthUtil.class,
   HttpHost.class, EntityUtils.class, HttpClient.class})
-@PowerMockIgnore("javax.management.*")
+@PowerMockIgnore({"javax.management.*", "javax.net.ssl.*"})
 public class HttpBatchSourceConfigTest {
 
   @Mock
@@ -74,8 +75,8 @@ public void testMissingKeyValue() {
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder()
       .setReferenceName("test").setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:")
       .setFormat("JSON").setAuthType("none").setErrorHandling(StringUtils.EMPTY)
-      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120)
-      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("true").build();
+      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
+        .setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).build();
     config.validate(collector);
   }
 
@@ -85,7 +86,7 @@ public void testEmptySchemaKeyValue() {
       .setReferenceName("test").setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth")
       .setFormat("JSON").setAuthType("none").setErrorHandling(StringUtils.EMPTY)
       .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120)
-      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("true").build();
+      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).build();
     config.validateSchema();
   }
 
@@ -96,8 +97,8 @@ public void testValidateOAuth2() throws Exception {
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
         .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
-        .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
+        .setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2")
+        .setClientId("id").setClientSecret("secret").setRefreshToken("token").setScopes("scope")
         .setTokenUrl("https//:token").setRetryPolicy("exponential")
         .setOauth2GrantType("refresh_token").build();
     PowerMockito.mockStatic(PaginationIteratorFactory.class);
@@ -124,9 +125,10 @@ public void testValidateOAuth2CredentialsWithProxy() throws IOException {
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder()
       .setReferenceName("test").setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth")
       .setFormat("JSON").setAuthType("none").setErrorHandling(StringUtils.EMPTY)
-      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120)
-      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id").
-      setClientSecret("secret").setRefreshToken("token").setScopes("scope").setTokenUrl("https//:token").setRetryPolicy(
+      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
+        .setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2")
+        .setClientId("id").setClientSecret("secret").setRefreshToken("token").setScopes("scope")
+        .setTokenUrl("https//:token").setRetryPolicy(
         "exponential").setProxyUrl("https://proxy").setProxyUsername("proxyuser").setProxyPassword("proxypassword")
         .setOauth2GrantType("refresh_token").build();
     HttpClientBuilder httpClientBuilder = Mockito.mock(HttpClientBuilder.class);
@@ -156,10 +158,10 @@ public void testValidateCredentialsOAuth2WithInvalidAccessTokenRequest() throws
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder()
       .setReferenceName("test").setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth")
         .setFormat("JSON").setErrorHandling(StringUtils.EMPTY)
-      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120)
-      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id").
-      setClientSecret("secret").setRefreshToken("token").setScopes("scope").setTokenUrl("https//:token").setRetryPolicy(
-            "exponential").setOauth2GrantType("refresh_token").build();
+      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
+        .setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2")
+        .setClientId("id").setClientSecret("secret").setRefreshToken("token").setScopes("scope")
+        .setTokenUrl("https//:token").setRetryPolicy("exponential").setOauth2GrantType("refresh_token").build();
     CloseableHttpClient httpClientMock = Mockito.mock(CloseableHttpClient.class);
     CloseableHttpResponse httpResponse = Mockito.mock(CloseableHttpResponse.class);
     Mockito.when(httpClientMock.execute(Mockito.any())).thenReturn(httpResponse);
@@ -193,10 +195,9 @@ public void testBasicAuthWithValidResponse() throws IOException {
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder()
       .setReferenceName("test").setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth")
       .setFormat("JSON").setAuthType("none").setErrorHandling(StringUtils.EMPTY)
-      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120)
-      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("true").setAuthType("basicAuth").setUsername(
-        "username").setPassword("password").setRetryPolicy(
-        "exponential").build();
+      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
+        .setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("basicAuth")
+        .setUsername("username").setPassword("password").setRetryPolicy("exponential").build();
     Mockito.when(httpClient.executeHTTP(Mockito.any())).thenReturn(response);
     Mockito.when(response.getStatusLine()).thenReturn(statusLine);
     Mockito.when(statusLine.getStatusCode()).thenReturn(200);
@@ -210,10 +211,9 @@ public void testValidConfigWithInvalidResponse() throws IOException {
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder()
       .setReferenceName("test").setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth")
       .setFormat("JSON").setAuthType("none").setErrorHandling(StringUtils.EMPTY)
-      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120)
-      .setReadTimeout(120).setPaginationType("NONE").setVerifyHttps("true").setAuthType("basicAuth").setUsername(
-        "username").setPassword("password").setRetryPolicy(
-        "exponential").build();
+      .setRetryPolicy(StringUtils.EMPTY).setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
+        .setPaginationType("NONE").setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("basicAuth")
+        .setUsername("username").setPassword("password").setRetryPolicy("exponential").build();
     Mockito.when(httpClient.executeHTTP(Mockito.any())).thenReturn(response);
     Mockito.when(response.getStatusLine()).thenReturn(statusLine);
     Mockito.when(statusLine.getStatusCode()).thenReturn(400);
@@ -232,8 +232,8 @@ public void testValidateOAuth2WithClientCredentialsAndBodyAuthentication() throw
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
         .setClientSecret("secret").setScopes("scope").setTokenUrl("https//:token")
         .setRetryPolicy("exponential").setOauth2GrantType("client_credentials")
         .setOauth2ClientAuthentication("body").build();
@@ -264,8 +264,8 @@ public void testValidateOAuth2CredentialsWithProxyWithClientCredentialsAndBodyAu
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
         .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
         .setTokenUrl("https//:token").setRetryPolicy("exponential").setProxyUrl("https://proxy")
         .setProxyUsername("proxyuser").setProxyPassword("proxypassword")
@@ -298,8 +298,8 @@ public void testValidateCredentialsOAuth2WithInvalidAccessTokenRequestForClientC
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
         .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
         .setTokenUrl("https//:token").setRetryPolicy("exponential")
         .setOauth2GrantType("client_credentials").setOauth2ClientAuthentication("body").build();
@@ -339,8 +339,8 @@ public void testValidateOAuth2WithClientCredentialsAndRequestParamAuthentication
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
         .setClientSecret("secret").setScopes("scope").setTokenUrl("https//:token")
         .setRetryPolicy("exponential").setOauth2GrantType("client_credentials")
         .setOauth2ClientAuthentication("request_parameter").build();
@@ -371,8 +371,8 @@ public void testValidateOAuth2CredentialsWithProxyWithClientCredentialsAndReques
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
         .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
         .setTokenUrl("https//:token").setRetryPolicy("exponential").setProxyUrl("https://proxy")
         .setProxyUsername("proxyuser").setProxyPassword("proxypassword")
@@ -406,8 +406,8 @@ public void testValidateCredentialsOAuth2WithInvalidAccessTokenRequestForClientC
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
         .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
         .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-        .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+        .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
         .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
         .setTokenUrl("https//:token").setRetryPolicy("exponential")
         .setOauth2GrantType("client_credentials").setOauth2ClientAuthentication("request_parameter")
@@ -448,8 +448,8 @@ public void testValidateOAuth2WithClientCredentialsAndBasicAuthHeaderAuthenticat
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
       .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
       .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-      .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-      .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+      .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
       .setClientSecret("secret").setScopes("scope").setTokenUrl("https//:token")
       .setRetryPolicy("exponential").setOauth2GrantType("client_credentials")
       .setOauth2ClientAuthentication("basic_auth_header").build();
@@ -480,8 +480,8 @@ public void testValidateOAuth2CredentialsWithProxyWithClientCredentialsAndBasicA
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
       .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
       .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-      .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-      .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+      .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
       .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
       .setTokenUrl("https//:token").setRetryPolicy("exponential").setProxyUrl("https://proxy")
       .setProxyUsername("proxyuser").setProxyPassword("proxypassword")
@@ -515,8 +515,8 @@ public void testValidateCredentialsOAuth2WithInvalidAccessTokenRequestForClientC
     HttpBatchSourceConfig config = HttpBatchSourceConfig.builder().setReferenceName("test")
       .setUrl("http://localhost").setHttpMethod("GET").setHeaders("Auth:auth").setFormat("JSON")
       .setErrorHandling(StringUtils.EMPTY).setRetryPolicy(StringUtils.EMPTY)
-      .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120)
-      .setPaginationType("NONE").setVerifyHttps("true").setAuthType("oAuth2").setClientId("id")
+      .setMaxRetryDuration(600L).setConnectTimeout(120).setReadTimeout(120).setPaginationType("NONE")
+        .setVerifyHttps("false").setKeystoreType(KeyStoreType.JKS).setAuthType("oAuth2").setClientId("id")
       .setClientSecret("secret").setRefreshToken("token").setScopes("scope")
       .setTokenUrl("https//:token").setRetryPolicy("exponential")
       .setOauth2GrantType("client_credentials").setOauth2ClientAuthentication("basic_auth_header")