Fix timeout and add backoff for http requests

- helper for regular http calls
- timeouts need to be added to grpc clients directly

Signed-off-by: Appu Goundan <[email protected]>

Author: loosebazooka

sigstore-java/src/main/java/dev/sigstore/fulcio/client/FulcioClient.java

@@ -122,7 +122,10 @@ public SigningCertificate signingCertificate(CertificateRequest request)
               .setPublicKeyRequest(publicKeyRequest)
               .build();
 
-      var certs = client.createSigningCertificate(req);
+      var certs =
+          client
+              .withDeadlineAfter(httpParams.getTimeout(), TimeUnit.SECONDS)
+              .createSigningCertificate(req);
 
       if (certs.getCertificateCase() == SIGNED_CERTIFICATE_DETACHED_SCT) {
         if (certs.getSignedCertificateDetachedSct().getSignedCertificateTimestamp().isEmpty()

sigstore-java/src/main/java/dev/sigstore/http/HttpClients.java

@@ -15,22 +15,40 @@
  */
 package dev.sigstore.http;
 
+import com.google.api.client.http.HttpBackOffUnsuccessfulResponseHandler;
+import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.apache.v2.ApacheHttpTransport;
-import java.util.concurrent.TimeUnit;
+import com.google.api.client.util.ExponentialBackOff;
+import java.io.IOException;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.impl.client.HttpClientBuilder;
 
-/** HttpClients generates HttpTransport objects from configuration. */
+/** HttpClients generates Google Http Client objects from configuration. */
 public class HttpClients {
+
+  /**
+   * Build a transport, you probably want to use {@link #newRequestFactory} to instantiate GET and
+   * POST requests.
+   */
   public static HttpTransport newHttpTransport(HttpParams httpParams) {
     HttpClientBuilder hcb =
-        ApacheHttpTransport.newDefaultHttpClientBuilder()
-            .setConnectionTimeToLive(httpParams.getTimeout(), TimeUnit.SECONDS)
-            .setUserAgent(httpParams.getUserAgent());
+        ApacheHttpTransport.newDefaultHttpClientBuilder().setUserAgent(httpParams.getUserAgent());
     if (httpParams.getAllowInsecureConnections()) {
       hcb.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
     }
     return new ApacheHttpTransport(hcb.build());
   }
+
+  /** Create a new get requests with the httpParams applied and exponential backoff retries. */
+  public static HttpRequestFactory newRequestFactory(HttpParams httpParams) throws IOException {
+    return HttpClients.newHttpTransport(httpParams)
+        .createRequestFactory(
+            request -> {
+              request.setConnectTimeout(httpParams.getTimeout() * 1000);
+              request.setReadTimeout(httpParams.getTimeout() * 1000);
+              request.setUnsuccessfulResponseHandler(
+                  new HttpBackOffUnsuccessfulResponseHandler(new ExponentialBackOff()));
+            });
+  }
 }

sigstore-java/src/main/java/dev/sigstore/oidc/client/GithubActionsOidcClient.java

@@ -83,13 +83,8 @@ public OidcToken getIDToken() throws OidcException {
     }
     var url = new GenericUrl(urlBase + "&audience=" + audience);
     try {
-      var req =
-          HttpClients.newHttpTransport(httpParams)
-              .createRequestFactory(
-                  request -> {
-                    request.setParser(new GsonFactory().createJsonObjectParser());
-                  })
-              .buildGetRequest(url);
+      var req = HttpClients.newRequestFactory(httpParams).buildGetRequest(url);
+      req.setParser(new GsonFactory().createJsonObjectParser());
       req.getHeaders().setAuthorization("Bearer " + bearer);
       req.getHeaders().setAccept("application/json; api-version=2.0");
       req.getHeaders().setContentType("application/json");

sigstore-java/src/main/java/dev/sigstore/rekor/client/RekorClient.java

@@ -77,8 +77,7 @@ public RekorResponse putEntry(HashedRekordRequest hashedRekordRequest) throws IO
     URI rekorPutEndpoint = serverUrl.resolve(REKOR_ENTRIES_PATH);
 
     HttpRequest req =
-        HttpClients.newHttpTransport(httpParams)
-            .createRequestFactory()
+        HttpClients.newRequestFactory(httpParams)
             .buildPostRequest(
                 new GenericUrl(rekorPutEndpoint),
                 ByteArrayContent.fromString(
@@ -105,9 +104,7 @@ public Optional<RekorEntry> getEntry(HashedRekordRequest hashedRekordRequest) th
   public Optional<RekorEntry> getEntry(String UUID) throws IOException {
     URI getEntryURI = serverUrl.resolve(REKOR_ENTRIES_PATH + "/" + UUID);
     HttpRequest req =
-        HttpClients.newHttpTransport(httpParams)
-            .createRequestFactory()
-            .buildGetRequest(new GenericUrl(getEntryURI));
+        HttpClients.newRequestFactory(httpParams).buildGetRequest(new GenericUrl(getEntryURI));
     req.getHeaders().set("Accept", "application/json");
     HttpResponse response;
     try {
@@ -146,8 +143,7 @@ public List<String> searchEntry(
 
     String contentString = GSON.get().toJson(data);
     HttpRequest req =
-        HttpClients.newHttpTransport(httpParams)
-            .createRequestFactory()
+        HttpClients.newRequestFactory(httpParams)
             .buildPostRequest(
                 new GenericUrl(rekorSearchEndpoint),
                 ByteArrayContent.fromString("application/json", contentString));

sigstore-java/src/main/java/dev/sigstore/tuf/HttpMetaFetcher.java

@@ -65,11 +65,9 @@ <T extends SignedTufMeta> Optional<MetaFetchResult<T>> getMeta(String filename,
       throws IOException, MetaFileExceedsMaxException {
     GenericUrl nextVersionUrl = new GenericUrl(mirror + "/" + filename);
     var req =
-        HttpClients.newHttpTransport(ImmutableHttpParams.builder().build())
-            .createRequestFactory(
-                request ->
-                    request.setParser(GsonFactory.getDefaultInstance().createJsonObjectParser()))
+        HttpClients.newRequestFactory(ImmutableHttpParams.builder().build())
             .buildGetRequest(nextVersionUrl);
+    req.setParser(GsonFactory.getDefaultInstance().createJsonObjectParser());
     req.getHeaders().setAccept("application/json; api-version=2.0");
     req.getHeaders().setContentType("application/json");
     req.setThrowExceptionOnExecuteError(false);