DXE-4123 Merge pull request #55 from akamai/release/6.0.0

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Change log
 
+## 6.0.0 (August 21, 2024)
+
+### BREAKING CHANGES
+
+* Replaced deprecated `ApacheHttpTransport` with `com.google.api.client.http.apache.v2.ApacheHttpTransport` in `edgegrid-signer-google-http-client`.
+* Updated `README.md` for `edgegrid-signer-google-http-client` to include changes in the instructions for signing HTTP requests with specified client credentials.
+
+### Improvements
+
+* Add support for `ProxySelector` in `ApacheHttpClientEdgeGridRoutePlanner` to enable the use of custom proxy servers.
+
+### Fixes
+
+* Fixes for various vulnerabilities by upgrading `grpc-context`, `netty` and `commons-configuration2`.
+* Fixed issue when path param is an url for rest assured
+
+
 ## 5.1.1 (December 6, 2023)
 
 ### Fixes

edgegrid-signer-apache-http-client/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>edgegrid-signer-parent</artifactId>
         <groupId>com.akamai.edgegrid</groupId>
-        <version>5.1.1</version>
+        <version>6.0.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

edgegrid-signer-apache-http-client/src/main/java/com/akamai/edgegrid/signer/apachehttpclient/ApacheHttpClientEdgeGridRoutePlanner.java

@@ -43,7 +43,17 @@ public class ApacheHttpClientEdgeGridRoutePlanner extends SystemDefaultRoutePlan
      * @param clientCredential a {@link ClientCredential}
      */
     public ApacheHttpClientEdgeGridRoutePlanner(ClientCredential clientCredential) {
-        super(ProxySelector.getDefault());
+        this(clientCredential, ProxySelector.getDefault());
+    }
+
+    /**
+     * Creates an EdgeGrid route planner using {@link ClientCredential}.
+     *
+     * @param clientCredential a {@link ClientCredential}
+     * @param proxySelector a {@link ProxySelector}
+     */
+    public ApacheHttpClientEdgeGridRoutePlanner(ClientCredential clientCredential, ProxySelector proxySelector) {
+        super(proxySelector);
         this.binding = new ApacheHttpClientEdgeGridRequestSigner(clientCredential);
     }
 
@@ -53,7 +63,17 @@ public ApacheHttpClientEdgeGridRoutePlanner(ClientCredential clientCredential) {
      * @param clientCredentialProvider a {@link ClientCredentialProvider}
      */
     public ApacheHttpClientEdgeGridRoutePlanner(ClientCredentialProvider clientCredentialProvider) {
-        super(ProxySelector.getDefault());
+        this(clientCredentialProvider, ProxySelector.getDefault());
+    }
+
+    /**
+     * Creates an EdgeGrid route planner using {@link ClientCredentialProvider}.
+     *
+     * @param clientCredentialProvider a {@link ClientCredentialProvider}
+     * @param proxySelector a {@link ProxySelector}
+     */
+    public ApacheHttpClientEdgeGridRoutePlanner(ClientCredentialProvider clientCredentialProvider, ProxySelector proxySelector) {
+        super(proxySelector);
         this.binding = new ApacheHttpClientEdgeGridRequestSigner(clientCredentialProvider);
     }
 

edgegrid-signer-apache-http-client/src/test/java/com/akamai/edgegrid/signer/apachehttpclient/RestAssuredIntegrationTest.java

@@ -35,9 +35,15 @@
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+import java.net.ProxySelector;
+import java.net.SocketAddress;
+import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
+import java.util.ArrayList;
 
 import io.restassured.RestAssured;
 import io.restassured.config.HttpClientConfig;
@@ -74,7 +80,6 @@ public class RestAssuredIntegrationTest {
     WireMockServer wireMockServer = new WireMockServer(wireMockConfig().httpsPort(SERVICE_MOCK_PORT));
 
 
-
     @BeforeClass
     public void setUp() {
         wireMockServer.start();
@@ -114,6 +119,33 @@ public void signAgainFollowedRedirects() throws URISyntaxException, IOException
                 Matchers.not(CoreMatchers.equalTo(loggedRequests.get(1).getHeader("Authorization"))));
     }
 
+    @Test
+    public void signAgainFollowedRedirectsWithProxy() throws URISyntaxException, IOException {
+
+        wireMockServer.stubFor(get(urlPathEqualTo("/billing-usage/v1/reportSources"))
+                .withHeader("Authorization", matching(".*"))
+                .withHeader("Host", equalTo(SERVICE_MOCK))
+                .willReturn(aResponse()
+                        .withStatus(302)
+                        .withHeader("Location", "/billing-usage/v1/reportSources/alternative")));
+
+        wireMockServer.stubFor(get(urlPathEqualTo("/billing-usage/v1/reportSources/alternative"))
+                .withHeader("Authorization", matching(".*"))
+                .withHeader("Host", equalTo(SERVICE_MOCK))
+                .willReturn(aResponse()
+                        .withStatus(200)
+                        .withHeader("Content-Type", "text/xml")
+                        .withBody("<response>Some content</response>")));
+
+        getBaseRequestSpecificationWithCustomProxy()
+                .get("/billing-usage/v1/reportSources")
+                .then().statusCode(200);
+
+        List<LoggedRequest> loggedRequests = wireMockServer.findRequestsMatching(RequestPattern
+                .everything()).getRequests();
+        MatcherAssert.assertThat(loggedRequests.get(0).getHeader("Authorization"),
+                Matchers.not(CoreMatchers.equalTo(loggedRequests.get(1).getHeader("Authorization"))));
+    }
 
 
     @Test
@@ -224,7 +256,7 @@ public void signEachRequestWithAbsolutePath() throws URISyntaxException, IOExcep
                         .withStatus(200)));
 
         getBaseRequestSpecification()
-                .get("https://" + SERVICE_MOCK+ "/billing-usage/v1/reportSources")
+                .get("https://" + SERVICE_MOCK + "/billing-usage/v1/reportSources")
                 .then().statusCode(200);
     }
 
@@ -277,6 +309,13 @@ private RequestSpecification getBaseRequestSpecification() {
                 .baseUri("https://" + SERVICE_MOCK);
     }
 
+    private RequestSpecification getBaseRequestSpecificationWithCustomProxy() {
+        return RestAssured.given()
+                .config(getRestAssuredConfigWithCustomProxy(credential, new CustomProxySelector()))
+                .relaxedHTTPSValidation()
+                .baseUri("https://" + SERVICE_MOCK);
+    }
+
 
     private static RestAssuredConfig getRestAssuredConfig(final ClientCredential credential) {
         return RestAssuredConfig.config().httpClient(HttpClientConfig.httpClientConfig().httpClientFactory(new HttpClientConfig.HttpClientFactory() {
@@ -290,4 +329,41 @@ public HttpClient createHttpClient() {
         }));
     }
 
+    private static RestAssuredConfig getRestAssuredConfigWithCustomProxy(final ClientCredential credential, ProxySelector proxySelector) {
+        return RestAssuredConfig.config().httpClient(HttpClientConfig.httpClientConfig().httpClientFactory(new HttpClientConfig.HttpClientFactory() {
+            @Override
+            public HttpClient createHttpClient() {
+                final DefaultHttpClient client = new DefaultHttpClient();
+                client.addRequestInterceptor(new ApacheHttpClientEdgeGridInterceptor(credential));
+                client.setRoutePlanner(new ApacheHttpClientEdgeGridRoutePlanner(credential, proxySelector));
+                return client;
+            }
+        }));
+    }
+
+    class CustomProxySelector extends ProxySelector {
+
+        private List<Proxy> proxies;
+
+        public CustomProxySelector() {
+            // Define a proxy
+            Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy.example.com", 8080));
+            proxies = new ArrayList<>();
+            proxies.add(proxy);
+        }
+
+        @Override
+        public List<Proxy> select(URI uri) {
+            // Return the proxy list
+            if (uri == null) {
+                throw new IllegalArgumentException("URI can't be null.");
+            }
+            return proxies;
+        }
+
+        @Override
+        public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
+            // No implementation needed
+        }
+    }
 }

edgegrid-signer-apache-http-client5/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>edgegrid-signer-parent</artifactId>
         <groupId>com.akamai.edgegrid</groupId>
-        <version>5.1.1</version>
+        <version>6.0.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

edgegrid-signer-async-http-client/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <artifactId>edgegrid-signer-parent</artifactId>
         <groupId>com.akamai.edgegrid</groupId>
-        <version>5.1.1</version>
+        <version>6.0.0</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

edgegrid-signer-core/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>edgegrid-signer-parent</artifactId>
         <groupId>com.akamai.edgegrid</groupId>
-        <version>5.1.1</version>
+        <version>6.0.0</version>
     </parent>
 
     <artifactId>edgegrid-signer-core</artifactId>

edgegrid-signer-core/src/main/java/com/akamai/edgegrid/signer/AbstractEdgeGridRequestSigner.java

@@ -62,7 +62,16 @@ public AbstractEdgeGridRequestSigner(ClientCredential clientCredential) {
      */
     public AbstractEdgeGridRequestSigner(ClientCredentialProvider clientCredentialProvider) {
         this.clientCredentialProvider = clientCredentialProvider;
-        this.edgeGridSigner = new EdgeGridV1Signer();
+        this.edgeGridSigner = createEdgeGridSigner();
+    }
+
+    /**
+     * Returns new instance of EdgeGridV1Signer.
+     *
+     * @return a {@link EdgeGridV1Signer} new instance
+     */
+    protected EdgeGridV1Signer createEdgeGridSigner() {
+        return new EdgeGridV1Signer();
     }
 
     /**

edgegrid-signer-core/src/main/java/com/akamai/edgegrid/signer/EdgeGridV1Signer.java

@@ -110,7 +110,23 @@ public EdgeGridV1Signer() {
      */
     public String getSignature(Request request, ClientCredential credential)
             throws RequestSigningException {
-        return getSignature(request, credential, System.currentTimeMillis(), generateNonce());
+        return getSignature(request, credential, getTimestamp(), getNonce());
+    }
+
+    /**
+     * Returns timestamp needed for signing
+     * @return returns current time stamp
+     */
+    protected long getTimestamp() {
+        return System.currentTimeMillis();
+    }
+
+    /**
+     * Returns nonce needed for signing
+     * @return returns generated nonce
+     */
+    protected String getNonce() {
+        return generateNonce();
     }
 
     private static String generateNonce() {

edgegrid-signer-core/src/main/java/com/akamai/edgegrid/signer/Request.java

@@ -286,6 +286,27 @@ public RequestBuilder uri(URI uri) {
             return this;
         }
 
+        /**
+         * <p>
+         * Sets the URI of the HTTP request without any processing it, which is important when URI contains
+         * path parameters which consists of encoded URLs.
+         * This URI <i>MUST</i> have the correct path and query segments set. Scheme is assumed to be "HTTPS" for the purpose of this library. Host is
+         * actually taken from a {@link ClientCredential} at signing time; any value in this URI is
+         * discarded. Fragments are not removed from signing process.
+         * </p>
+         * <p>
+         * A path and/or query string is required.
+         * </p>
+         *
+         * @param uri a {@link URI}
+         * @return reference back to this builder instance
+         */
+        public RequestBuilder rawUri(URI uri) {
+            Objects.requireNonNull(uri, "uri cannot be empty");
+            this.uri = uri;
+            return this;
+        }
+
         /**
          * Returns a newly-created immutable HTTP request.
          *

edgegrid-signer-google-http-client/README.md

@@ -22,18 +22,23 @@ Include the following Maven dependency in your project POM:
 Sign your HTTP request with a defined client credential:
 
 ```java
-HttpTransport httpTransport = new ApacheHttpTransport.Builder()
-        .setSocketFactory(SSLSocketFactory.getSystemSocketFactory())
+HttpClient client = HttpClients.custom()
+        .setSSLSocketFactory(SSLSocketFactory.getSystemSocketFactory())
         .build();
-HttpRequestFactory requestFactory = httpTransport.createRequestFactory();
+HttpRequestFactory requestFactory = new ApacheHttpTransport(client).createRequestFactory();
 URI uri = URI.create("https://akaa-baseurl-xxxxxxxxxxx-xxxxxxxxxxxxx.luna.akamaiapis.net/billing-usage/v1/reportSources");
-HttpRequest request = requestFactory.buildGetRequest(new GenericUrl(uri));
+try {
+    HttpRequest request = requestFactory.buildGetRequest(new GenericUrl(uri));
+    GoogleHttpClientEdgeGridRequestSigner requestSigner = new GoogleHttpClientEdgeGridRequestSigner(credential);
 
-GoogleHttpClientEdgeGridRequestSigner requestSigner = new GoogleHttpClientEdgeGridRequestSigner(clientCredential);
-requestSigner.sign(request);
-request.execute();
+    requestSigner.sign(request);
+    request.execute();
+} catch (IOException | RequestSigningException e) {
+    throw new RuntimeException("Error during HTTP request execution", e);
+}
 ```
 
+
 This, however, requires remembering to sign every request explicitly.
 
 Alternately, you may create an `HttpRequestFactory` that will automatically

edgegrid-signer-google-http-client/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <artifactId>edgegrid-signer-parent</artifactId>
         <groupId>com.akamai.edgegrid</groupId>
-        <version>5.1.1</version>
+        <version>6.0.0</version>
     </parent>
 
     <artifactId>edgegrid-signer-google-http-client</artifactId>
@@ -25,7 +25,7 @@
         </dependency>
         <dependency>
             <groupId>com.google.http-client</groupId>
-            <artifactId>google-http-client</artifactId>
+            <artifactId>google-http-client-apache-v2</artifactId>
         </dependency>
         <dependency>
             <groupId>com.github.tomakehurst</groupId>

edgegrid-signer-google-http-client/src/test/java/com/akamai/edgegrid/signer/googlehttpclient/GoogleHttpClientEdgeGridInterceptorTest.java

@@ -26,6 +26,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 
+import org.apache.http.client.HttpClient;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.testng.annotations.Test;
 
@@ -35,8 +36,7 @@
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpRequestInitializer;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.http.apache.ApacheHttpTransport;
+import com.google.api.client.http.apache.v2.ApacheHttpTransport;
 
 /**
  * Unit tests for {@link GoogleHttpClientEdgeGridInterceptor}.
@@ -85,15 +85,15 @@ public void testInterceptorWithHeader() throws URISyntaxException, IOException,
     }
 
     private HttpRequestFactory createSigningRequestFactory() {
-        HttpTransport httpTransport = new ApacheHttpTransport.Builder()
-                .setSocketFactory(SSLSocketFactory.getSystemSocketFactory())
+        HttpClient client = ApacheHttpTransport.newDefaultHttpClientBuilder()
+                .setSSLSocketFactory((SSLSocketFactory.getSystemSocketFactory()))
                 .build();
-        return httpTransport.createRequestFactory(new HttpRequestInitializer() {
+
+        return new ApacheHttpTransport(client).createRequestFactory(new HttpRequestInitializer() {
             @Override
             public void initialize(HttpRequest request) throws IOException {
                 request.setInterceptor(new GoogleHttpClientEdgeGridInterceptor(credential));
             }
         });
     }
-
 }

edgegrid-signer-google-http-client/src/test/java/com/akamai/edgegrid/signer/googlehttpclient/GoogleHttpClientEdgeGridRequestSignerTest.java

@@ -20,8 +20,12 @@
 import com.akamai.edgegrid.signer.ClientCredential;
 import com.akamai.edgegrid.signer.exceptions.RequestSigningException;
 import com.akamai.edgegrid.signer.googlehttpclient.GoogleHttpClientEdgeGridRequestSigner;
-import com.google.api.client.http.*;
-import com.google.api.client.http.apache.ApacheHttpTransport;
+
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.http.apache.v2.ApacheHttpTransport;
 
 import org.testng.annotations.Test;