Improve HTTP client alt-svc alternative validation.

Motivation:

HTTP client alternative validation test should ensure that the failure of an alternative not presenting a valid certificate for the origin host is an hostname verification check.

Changes:

Add an exception handler on HTTP client to capture pool connection errors.

Use HTTP client exception handler to catch the connection error and verify the failure is due to a client invalid hostname failure.

Author: vietj

vertx-core/src/main/java/io/vertx/core/http/impl/CleanableHttpClient.java

@@ -12,6 +12,7 @@
 
 import io.vertx.core.Completable;
 import io.vertx.core.Future;
+import io.vertx.core.Handler;
 import io.vertx.core.http.*;
 import io.vertx.core.http.HttpClientConnection;
 import io.vertx.core.internal.VertxInternal;
@@ -108,6 +109,11 @@ public HttpClientTransport quicTransport() {
     return delegate.quicTransport();
   }
 
+  @Override
+  public HttpClientInternal exceptionHandler(Handler<Throwable> handler) {
+    return delegate.exceptionHandler(handler);
+  }
+
   @Override
   public HttpClientOptions options() {
     return delegate.options();

vertx-core/src/main/java/io/vertx/core/http/impl/HttpClientImpl.java

@@ -70,6 +70,7 @@ public class HttpClientImpl extends HttpClientBase implements HttpClientInternal
   private final int maxRedirects;
   private final List<HttpVersion> versions;
   private final Handler<HttpConnection> connectHandler;
+  private volatile Handler<Throwable> exceptionHandler;
   private volatile ClientSSLOptions sslOptions;
 
   HttpClientImpl(VertxInternal vertx,
@@ -233,6 +234,7 @@ private Function<EndpointKey, SharedHttpClientConnectionGroup> httpEndpointProvi
             });
           }
         },
+        exceptionHandler,
         p,
         poolMetrics,
         key.authority,
@@ -250,6 +252,12 @@ public HttpClientTransport quicTransport() {
     return quicTransport;
   }
 
+  @Override
+  public HttpClientInternal exceptionHandler(Handler<Throwable> handler) {
+    this.exceptionHandler = handler;
+    return this;
+  }
+
   protected void setDefaultSslOptions(ClientSSLOptions options) {
     configureSSLOptions(verifyHost, options);
     this.sslOptions = options;

vertx-core/src/main/java/io/vertx/core/http/impl/SharedHttpClientConnectionGroup.java

@@ -66,13 +66,15 @@ class SharedHttpClientConnectionGroup extends ManagedResource {
   private final HttpClientMetrics<?, ?> httpMetrics;
   private final ClientMetrics<?, ?, ?> clientMetrics;
   private final Handler<HttpConnection> connectHandler;
+  private final Handler<Throwable> exceptionHandler;
   private final Pool pool;
   private final HostAndPort authority;
   private final SocketAddress server;
 
   public SharedHttpClientConnectionGroup(ClientMetrics<?, ?, ?> clientMetrics,
                                          HttpClientMetrics<?, ?> httpMetrics,
                                          Handler<HttpConnection> connectHandler,
+                                         Handler<Throwable> exceptionHandler,
                                          Function<SharedHttpClientConnectionGroup, Pool> poolProvider,
                                          PoolMetrics poolMetrics,
                                          HostAndPort authority,
@@ -84,6 +86,7 @@ public SharedHttpClientConnectionGroup(ClientMetrics<?, ?, ?> clientMetrics,
     this.pool = poolProvider.apply(this);
     this.server = server;
     this.connectHandler = connectHandler;
+    this.exceptionHandler = exceptionHandler;
   }
 
   public int size() {
@@ -233,7 +236,7 @@ static class Pool implements PoolConnector<HttpClientConnection> {
 
     @Override
     public Future<ConnectResult<HttpClientConnection>> connect(ContextInternal context, Listener listener) {
-      return connector
+      Future<ConnectResult<HttpClientConnection>> fut = connector
         .connect(context, owner.server, owner.authority, connectParams, owner.clientMetrics)
         .map(connection -> {
           connection.evictionHandler(v -> {
@@ -243,9 +246,17 @@ public Future<ConnectResult<HttpClientConnection>> connect(ContextInternal conte
           connection.concurrencyChangeHandler(listener::onConcurrencyChange);
           owner.init(connection);
           long capacity = connection.concurrency();
-          int idx = connection.protocolVersion() != HttpVersion.HTTP_2 ? 0: 1;
+          int idx = connection.protocolVersion() != HttpVersion.HTTP_2 ? 0 : 1;
           return new ConnectResult<>(connection, capacity, idx);
         });
+      if (owner.exceptionHandler != null) {
+        fut = fut.andThen(ar -> {
+          if (ar.failed()) {
+            owner.exceptionHandler.handle(ar.cause());
+          }
+        });
+      }
+      return fut;
     }
 
     @Override

vertx-core/src/main/java/io/vertx/core/internal/http/HttpClientInternal.java

@@ -13,6 +13,7 @@
 
 import io.vertx.core.Closeable;
 import io.vertx.core.Future;
+import io.vertx.core.Handler;
 import io.vertx.core.http.*;
 import io.vertx.core.internal.VertxInternal;
 import io.vertx.core.internal.net.endpoint.EndpointResolverInternal;
@@ -36,6 +37,8 @@ public interface HttpClientInternal extends HttpClientAgent, MetricsProvider, Cl
 
   HttpClientTransport quicTransport();
 
+  HttpClientInternal exceptionHandler(Handler<Throwable> handler);
+
   // Should not be here but currently necessary for WebClient
   @Deprecated(forRemoval = true)
   default HttpClientOptions options() {

vertx-core/src/test/java/io/vertx/tests/http/HttpAlternativesTest.java

@@ -33,9 +33,7 @@
 import org.junit.Test;
 
 import javax.net.ssl.SSLHandshakeException;
-import java.util.IdentityHashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Supplier;
@@ -334,7 +332,7 @@ public void testIgnoreAlternativeWithoutSNI() {
   }
 
   @Test
-  public void testCertificateValidation() {
+  public void testServerCertValidation() {
     startServer(4043, Cert.SNI_JKS, HttpVersion.HTTP_1_1)
       .handler(request -> {
         assertNull(request.getHeader(HttpHeaders.ALT_USED));
@@ -349,24 +347,21 @@ public void testCertificateValidation() {
         fail();
       });
     client = vertx.createHttpClient(new HttpClientConfig().setFollowAlternativeServices(true).setSsl(true), new ClientSSLOptions().setTrustAll(true));
+    List<SSLHandshakeException> connectErrors = Collections.synchronizedList(new ArrayList<>());
+    ((HttpClientInternal)client).exceptionHandler(err -> {
+      if (err instanceof SSLHandshakeException) {
+        connectErrors.add((SSLHandshakeException)err);
+      }
+    });
     Buffer body = client.request(HttpMethod.GET, 4043, "host2.com", "/")
       .compose(request -> request
         .send()
         .compose(HttpClientResponse::body)
       ).await();
     assertEquals("host2.com:4043", body.toString());
-    try {
-      client.request(new RequestOptions().setHost("host2.com").setProtocolVersion(HttpVersion.HTTP_2).setPort(4043).setURI("/"))
-        .compose(request -> request
-          .send()
-          .expecting(response -> request.version() == HttpVersion.HTTP_2)
-          .compose(HttpClientResponse::body)
-        ).await();
-      fail();
-    } catch (Exception e) {
-      assertEquals(SSLHandshakeException.class, e.getClass());
-      assertTrue(e.getCause().getMessage().contains("no_application_protocol"));
-    }
+    assertWaitUntil(() -> !connectErrors.isEmpty());
+    SSLHandshakeException err = connectErrors.get(0);
+    assertTrue(err.getCause().getMessage().contains("No name matching host2.com found"));
   }
 
   @Test