chore(httpclient): upgrade to Apache httpclient5 (#767)

* chore(httpclient): upgrade to Apache httpclient5

* configurable HTTP retry time

* refactor, configurable preemptive auth

Author: andrewazores

pom.xml

@@ -81,8 +81,7 @@
 
   <org.apache.commons.lang3.version>3.18.0</org.apache.commons.lang3.version>
   <org.apache.commons.io.version>2.21.0</org.apache.commons.io.version>
-  <org.apache.httpcomponents.httpclient.version>4.5.14</org.apache.httpcomponents.httpclient.version>
-  <org.apache.httpcomponents.httpmime.version>${org.apache.httpcomponents.httpclient.version}</org.apache.httpcomponents.httpmime.version>
+  <org.apache.httpcomponents.httpclient.version>5.4.4</org.apache.httpcomponents.httpclient.version>
   <com.fasterxml.jackson.version>2.20.0</com.fasterxml.jackson.version>
   <io.smallrye.config.version>3.10.2</io.smallrye.config.version>
   <org.slf4j.version>2.0.17</org.slf4j.version>
@@ -208,15 +207,10 @@
     <version>${org.apache.commons.io.version}</version>
   </dependency>
   <dependency>
-    <groupId>org.apache.httpcomponents</groupId>
-    <artifactId>httpclient</artifactId>
+    <groupId>org.apache.httpcomponents.client5</groupId>
+    <artifactId>httpclient5</artifactId>
     <version>${org.apache.httpcomponents.httpclient.version}</version>
   </dependency>
-  <dependency>
-    <groupId>org.apache.httpcomponents</groupId>
-    <artifactId>httpmime</artifactId>
-    <version>${org.apache.httpcomponents.httpmime.version}</version>
-  </dependency>
   <dependency>
     <groupId>com.fasterxml.jackson.core</groupId>
     <artifactId>jackson-databind</artifactId>

src/main/java/io/cryostat/agent/CallbackResolver.java

@@ -31,7 +31,7 @@
 
 import io.cryostat.agent.ConfigModule.CallbackCandidate;
 
-import org.apache.http.client.utils.URIBuilder;
+import org.apache.hc.core5.net.URIBuilder;
 import org.projectnessie.cel.extension.StringsLib;
 import org.projectnessie.cel.tools.Script;
 import org.projectnessie.cel.tools.ScriptException;

src/main/java/io/cryostat/agent/ConfigModule.java

@@ -137,6 +137,10 @@ public abstract class ConfigModule {
             "cryostat.agent.webclient.tls.client-auth.key-manager.type";
     public static final String CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_COUNT =
             "cryostat.agent.webclient.response.retry-count";
+    public static final String CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_TIME =
+            "cryostat.agent.webclient.response.retry-time-seconds";
+    public static final String CRYOSTAT_AGENT_WEBCLIENT_HTTP_USE_PREEMPTIVE_AUTHENTICATION =
+            "cryostat.agent.webclient.http.use-preemptive-authentication";
 
     public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED =
             "cryostat.agent.webclient.tls.required";
@@ -650,6 +654,22 @@ public static int provideCryostatAgentWebclientResponseRetryCount(Config config)
         return config.getValue(CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_COUNT, int.class);
     }
 
+    @Provides
+    @Singleton
+    @Named(CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_TIME)
+    public static int provideCryostatAgentWebclientResponseRetryTime(Config config) {
+        return config.getValue(CRYOSTAT_AGENT_WEBCLIENT_RESPONSE_RETRY_TIME, int.class);
+    }
+
+    @Provides
+    @Singleton
+    @Named(CRYOSTAT_AGENT_WEBCLIENT_HTTP_USE_PREEMPTIVE_AUTHENTICATION)
+    public static boolean provideCryostatAgentWebclientHttpUsePreemptiveAuthentication(
+            Config config) {
+        return config.getValue(
+                CRYOSTAT_AGENT_WEBCLIENT_HTTP_USE_PREEMPTIVE_AUTHENTICATION, boolean.class);
+    }
+
     @Provides
     @Singleton
     @Named(CRYOSTAT_AGENT_WEBSERVER_HOST)

src/main/java/io/cryostat/agent/CryostatClient.java

@@ -35,7 +35,6 @@
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
 import java.util.function.Function;
-import java.util.function.Supplier;
 
 import io.cryostat.agent.FlightRecorderHelper.ConfigurationInfo;
 import io.cryostat.agent.FlightRecorderHelper.TemplatedRecording;
@@ -52,21 +51,22 @@
 import jdk.jfr.Recording;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.input.CountingInputStream;
-import org.apache.http.HttpHeaders;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.entity.ContentType;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.entity.mime.FormBodyPartBuilder;
-import org.apache.http.entity.mime.MultipartEntityBuilder;
-import org.apache.http.entity.mime.content.ByteArrayBody;
-import org.apache.http.entity.mime.content.InputStreamBody;
-import org.apache.http.entity.mime.content.StringBody;
+import org.apache.hc.client5.http.classic.HttpClient;
+import org.apache.hc.client5.http.classic.methods.HttpDelete;
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.classic.methods.HttpUriRequest;
+import org.apache.hc.client5.http.classic.methods.HttpUriRequestBase;
+import org.apache.hc.client5.http.entity.mime.ByteArrayBody;
+import org.apache.hc.client5.http.entity.mime.FormBodyPartBuilder;
+import org.apache.hc.client5.http.entity.mime.InputStreamBody;
+import org.apache.hc.client5.http.entity.mime.MultipartEntityBuilder;
+import org.apache.hc.client5.http.entity.mime.StringBody;
+import org.apache.hc.core5.http.ClassicHttpResponse;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.HttpHeaders;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.io.entity.StringEntity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -81,8 +81,8 @@ public class CryostatClient {
 
     private final Executor executor;
     private final ObjectMapper mapper;
+    private final HttpHost host;
     private final HttpClient http;
-    private final Supplier<Optional<String>> authorizationSupplier;
 
     private final String appName;
     private final String instanceId;
@@ -94,16 +94,15 @@ public class CryostatClient {
             Executor executor,
             ObjectMapper mapper,
             HttpClient http,
-            Supplier<Optional<String>> authorizationSupplier,
             String instanceId,
             String jvmId,
             String appName,
             URI baseUri,
             String realm) {
         this.executor = executor;
         this.mapper = mapper;
+        this.host = HttpHost.create(baseUri);
         this.http = http;
-        this.authorizationSupplier = authorizationSupplier;
         this.instanceId = instanceId;
         this.jvmId = jvmId;
         this.appName = appName;
@@ -286,7 +285,7 @@ private CompletableFuture<Integer> submitCredentials(
                         res -> {
                             if (!isOkStatus(res)) {
                                 try {
-                                    if (res.getStatusLine().getStatusCode() == 409) {
+                                    if (res.getCode() == 409) {
                                         int queried = queryExistingCredentials(callback).get();
                                         if (queried >= 0) {
                                             return queried;
@@ -393,9 +392,9 @@ public CompletableFuture<Void> pushHeapDump(Path heapDump, String requestId)
                             log.trace(
                                     "{} {} ({} -> {}): {}/{}",
                                     req.getMethod(),
-                                    res.getStatusLine().getStatusCode(),
+                                    res.getCode(),
                                     heapDump.getFileName().toString(),
-                                    req.getURI(),
+                                    req.getRequestUri(),
                                     FileUtils.byteCountToDisplaySize(is.getByteCount()),
                                     Duration.between(start, finish));
                             assertOkStatus(req, res);
@@ -485,9 +484,9 @@ public CompletableFuture<Void> upload(
                             log.trace(
                                     "{} {} ({} -> {}): {}/{}",
                                     req.getMethod(),
-                                    res.getStatusLine().getStatusCode(),
+                                    res.getCode(),
                                     fileName,
-                                    req.getURI(),
+                                    req.getRequestUri(),
                                     FileUtils.byteCountToDisplaySize(is.getByteCount()),
                                     Duration.between(start, finish));
                             assertOkStatus(req, res);
@@ -496,24 +495,19 @@ public CompletableFuture<Void> upload(
                 .whenComplete((v, t) -> req.reset());
     }
 
-    private HttpResponse logResponse(HttpRequestBase req, HttpResponse res) {
-        log.trace("{} {} : {}", req.getMethod(), req.getURI(), res.getStatusLine().getStatusCode());
+    private ClassicHttpResponse logResponse(HttpUriRequestBase req, ClassicHttpResponse res) {
+        log.trace("{} {} : {}", req.getMethod(), req.getRequestUri(), res.getCode());
         return res;
     }
 
-    private <T> CompletableFuture<T> supply(HttpRequestBase req, Function<HttpResponse, T> fn) {
-        // FIXME Apache httpclient 4 does not support Bearer token auth easily, so we explicitly set
-        // the header here. This is a form of preemptive auth - the token is always sent with the
-        // request. It would be better to attempt to send the request to the server first and see if
-        // it responds with an auth challenge, and then send the auth information we have, and use
-        // the client auth cache. This flow is supported for Bearer tokens in httpclient 5.
-        authorizationSupplier.get().ifPresent(v -> req.addHeader(HttpHeaders.AUTHORIZATION, v));
+    private <T> CompletableFuture<T> supply(
+            HttpUriRequestBase req, Function<ClassicHttpResponse, T> fn) {
         return CompletableFuture.supplyAsync(() -> fn.apply(executeQuiet(req)), executor);
     }
 
-    private HttpResponse executeQuiet(HttpUriRequest req) {
+    private ClassicHttpResponse executeQuiet(HttpUriRequest req) {
         try {
-            return http.execute(req);
+            return http.execute(host, req);
         } catch (IOException ioe) {
             throw new CompletionException(ioe);
         }
@@ -530,18 +524,18 @@ private String selfMatchExpression(URI callback) {
                 callback, instanceId);
     }
 
-    private boolean isOkStatus(HttpResponse res) {
-        int sc = res.getStatusLine().getStatusCode();
+    private boolean isOkStatus(ClassicHttpResponse res) {
+        int sc = res.getCode();
         // 2xx is OK, 3xx is redirect range so allow those too
         return 200 <= sc && sc < 400;
     }
 
-    private HttpResponse assertOkStatus(HttpRequestBase req, HttpResponse res) {
-        int sc = res.getStatusLine().getStatusCode();
+    private ClassicHttpResponse assertOkStatus(HttpUriRequestBase req, ClassicHttpResponse res) {
+        int sc = res.getCode();
         if (!isOkStatus(res)) {
-            URI uri = req.getURI();
-            log.error("Non-OK response ({}) on HTTP API {}", sc, uri);
             try {
+                URI uri = req.getUri();
+                log.error("Non-OK response ({}) on HTTP API {}", sc, uri);
                 throw new HttpException(
                         sc,
                         new URI(uri.getScheme(), uri.getAuthority(), uri.getPath(), null, null));