I874162: Fixed issue where the JobStatusResponseCache was not working for HTTPS requests

https://internal.almoctane.com/ui/entity-navigation?p=131002/6001&entityType=work_item&id=874162

Author: rorytorneymf

release-notes-8.0.0.md

@@ -11,6 +11,7 @@ ${version-number}
 
 #### Bug Fixes
 - **I445035**: Workers now attempt to complete all in-progress and pre-fetched tasks before shutting down.
+- **I874162**: Fixed issue where the `JobStatusResponseCache` was not working for HTTPS requests.
 
 #### Known Issues
 

worker-core/src/main/java/com/hpe/caf/worker/core/JobStatusCacheRequest.java

@@ -42,7 +42,7 @@ public JobStatusCacheRequest(ResponseStreamCache jobStatusCache, final URI uri,
         this.jobStatusCache = jobStatusCache;
         this.uri = uri;
         this.responseStream = new ByteArrayOutputStream();
-        this.jobStatusCache.put(uri, responseStream, JobStatusResponseCache.getStatusCheckIntervalMillis(connection));
+        this.jobStatusCache.put(uri, responseStream, JobStatusResponseCache.getStatusCheckIntervalMillis(connection), connection);
         LOG.debug("Writing job status request headers to cache for URI={}", uri);
         ObjectOutputStream oos = new ObjectOutputStream(this.responseStream);
         oos.writeObject(connection.getHeaderFields());

worker-core/src/main/java/com/hpe/caf/worker/core/JobStatusResponseCache.java

@@ -18,7 +18,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.net.*;
 import java.util.List;
@@ -47,10 +46,23 @@ public JobStatusResponseCache()
     @Override
     public CacheResponse get(URI uri, String requestMethod, Map<String, List<String>> requestHeaders) throws IOException
     {
-        ByteArrayOutputStream cachedResponseStream = jobStatusCache.get(uri);
-        if (cachedResponseStream != null) {
+        ResponseStreamCache.ResponseStreamCacheEntry responseStreamCacheEntry = jobStatusCache.get(uri);
+        if (responseStreamCacheEntry != null) {
             LOG.debug("Job status response cache hit for URI={}", uri);
-            return new JobStatusCacheResponse(cachedResponseStream);
+            if (responseStreamCacheEntry instanceof ResponseStreamCache.SecureResponseStreamCacheEntry) {
+                ResponseStreamCache.SecureResponseStreamCacheEntry secureResponseStreamCacheEntry =
+                        (ResponseStreamCache.SecureResponseStreamCacheEntry)responseStreamCacheEntry;
+
+                return new JobStatusSecureCacheResponse(
+                        secureResponseStreamCacheEntry.getResponseStream(),
+                        secureResponseStreamCacheEntry.getCipherSuite(),
+                        secureResponseStreamCacheEntry.getLocalCertificateChain(),
+                        secureResponseStreamCacheEntry.getServerCertificateChain(),
+                        secureResponseStreamCacheEntry.getPeerPrincipal(),
+                        secureResponseStreamCacheEntry.getLocalPrincipal());
+            } else {
+                return new JobStatusCacheResponse(responseStreamCacheEntry.getResponseStream());
+            }
         }
         LOG.debug("Job status response cache miss for URI={}", uri);
         return null;
@@ -93,7 +105,13 @@ public static long getStatusCheckIntervalMillis(URLConnection connection)
             if (maxAgeValueMatcher.find()) {
                 intervalMillis = 1000 * Integer.parseInt(maxAgeValueMatcher.group(1));
                 LOG.debug("Returning interval derived from {} header as {}ms", CACHE_CONTROL_HEADER_NAME, intervalMillis);
+            } else {
+                LOG.debug("Returning default interval {}ms as {} header did not contain a max-age value",
+                        DEFAULT_JOB_STATUS_CHECK_INTERVAL_MILLIS, CACHE_CONTROL_HEADER_NAME);
             }
+        } else {
+            LOG.debug("Returning default interval {}ms as {} header was null",
+                    DEFAULT_JOB_STATUS_CHECK_INTERVAL_MILLIS, CACHE_CONTROL_HEADER_NAME);
         }
         return intervalMillis;
     }

worker-core/src/main/java/com/hpe/caf/worker/core/JobStatusSecureCacheResponse.java

@@ -0,0 +1,115 @@
+/*
+ * Copyright 2015-2024 Open Text.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.hpe.caf.worker.core;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.net.SecureCacheResponse;
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * An implementation of SecureCacheResponse supporting the caching of job status responses.
+ */
+public class JobStatusSecureCacheResponse extends SecureCacheResponse
+{
+    private static final Logger LOG = LoggerFactory.getLogger(JobStatusSecureCacheResponse.class);
+
+    private ByteArrayInputStream responseBody;
+    private Map<String, List<String>> responseHeaders;
+    private String cipherSuite;
+    private List<Certificate> localCertificateChain;
+    private List<Certificate> serverCertificateChain;
+    private Principal peerPrincipal;
+    private Principal localPrincipal;
+
+    public JobStatusSecureCacheResponse(
+            ByteArrayOutputStream cachedResponseStream,
+            String cipherSuite,
+            List<Certificate> localCertificateChain,
+            List<Certificate> serverCertificateChain,
+            Principal peerPrincipal,
+            Principal localPrincipal)
+            throws IOException
+    {
+        Objects.requireNonNull(cachedResponseStream);
+        responseBody = new ByteArrayInputStream(cachedResponseStream.toByteArray());
+        ObjectInputStream ois = new ObjectInputStream(responseBody);
+        try {
+            responseHeaders = (Map<String, List<String>>) ois.readObject();
+        } catch (ClassNotFoundException e) {
+            LOG.error("Failed to read cached job status response headers. ", e);
+            responseHeaders = Collections.emptyMap();
+        }
+        this.cipherSuite = cipherSuite;
+        this.localCertificateChain = localCertificateChain;
+        this.serverCertificateChain = serverCertificateChain;
+        this.peerPrincipal = peerPrincipal;
+        this.localPrincipal = localPrincipal;
+    }
+
+    @Override
+    public Map<String, List<String>> getHeaders()
+    {
+        return responseHeaders;
+    }
+
+    @Override
+    public InputStream getBody()
+    {
+        return responseBody;
+    }
+
+    @Override
+    public String getCipherSuite()
+    {
+        return cipherSuite;
+    }
+
+    @Override
+    public List<Certificate> getLocalCertificateChain()
+    {
+        return localCertificateChain;
+    }
+
+    @Override
+    public List<Certificate> getServerCertificateChain()
+    {
+        return serverCertificateChain;
+    }
+
+    @Override
+    public Principal getPeerPrincipal()
+    {
+        return peerPrincipal;
+    }
+
+    @Override
+    public Principal getLocalPrincipal()
+    {
+        return localPrincipal;
+    }
+}

worker-core/src/main/java/com/hpe/caf/worker/core/ResponseStreamCache.java

@@ -19,9 +19,17 @@
 import com.google.common.cache.CacheBuilder;
 
 import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.net.URI;
+import java.net.URLConnection;
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.HttpsURLConnection;
+
 /**
  * Provides in-memory caching of web responses on per-URI basis.
  */
@@ -41,16 +49,35 @@ public ResponseStreamCache()
             .build();
     }
 
-    public void put(final URI uri, ByteArrayOutputStream baos, long lifetimeMillis)
+    public void put(final URI uri, ByteArrayOutputStream baos, long lifetimeMillis, URLConnection urlConnection) throws IOException
     {
-        cacheImpl.put(uri, new ResponseStreamCacheEntry(System.currentTimeMillis() + lifetimeMillis, baos));
+        if (urlConnection instanceof HttpsURLConnection) {
+            HttpsURLConnection httpsURLConnection = (HttpsURLConnection)urlConnection;
+            Certificate[] localCertificates = httpsURLConnection.getLocalCertificates();
+            Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
+            cacheImpl.put(
+                    uri,
+                    new SecureResponseStreamCacheEntry(
+                            System.currentTimeMillis() + lifetimeMillis,
+                            baos,
+                            httpsURLConnection.getCipherSuite(),
+                            localCertificates == null ? null : Arrays.asList(localCertificates),
+                            serverCertificates == null ? null : Arrays.asList(serverCertificates),
+                            httpsURLConnection.getPeerPrincipal(),
+                            httpsURLConnection.getLocalPrincipal()));
+        } else {
+            cacheImpl.put(
+                    uri,
+                    new ResponseStreamCacheEntry(
+                            System.currentTimeMillis() + lifetimeMillis,
+                            baos));
+        }
     }
 
-    public ByteArrayOutputStream get(final URI uri)
+    public ResponseStreamCacheEntry get(final URI uri)
     {
         checkExpiry(uri);
-        ResponseStreamCacheEntry cacheEntry = cacheImpl.getIfPresent(uri);
-        return cacheEntry == null ? null : cacheEntry.getResponseStream();
+        return cacheImpl.getIfPresent(uri);
     }
 
     public void remove(final URI uri)
@@ -66,7 +93,7 @@ private void checkExpiry(final URI uri)
         }
     }
 
-    private static class ResponseStreamCacheEntry
+    public static class ResponseStreamCacheEntry
     {
         private long expiryTimeMillis;
         private ByteArrayOutputStream responseStream;
@@ -87,4 +114,55 @@ public ByteArrayOutputStream getResponseStream()
             return responseStream;
         }
     }
+
+    public static class SecureResponseStreamCacheEntry extends ResponseStreamCacheEntry
+    {
+        private String cipherSuite;
+        private List<Certificate> localCertificateChain;
+        private List<Certificate> serverCertificateChain;
+        private Principal peerPrincipal;
+        private Principal localPrincipal;
+
+        public SecureResponseStreamCacheEntry(
+                long expiryTimeMillis,
+                ByteArrayOutputStream responseStream,
+                String cipherSuite,
+                List<Certificate> localCertificateChain,
+                List<Certificate> serverCertificateChain,
+                Principal peerPrincipal,
+                Principal localPrincipal)
+        {
+            super(expiryTimeMillis, responseStream);
+            this.cipherSuite = cipherSuite;
+            this.localCertificateChain = localCertificateChain;
+            this.serverCertificateChain = serverCertificateChain;
+            this.peerPrincipal = peerPrincipal;
+            this.localPrincipal = localPrincipal;
+        }
+
+        public String getCipherSuite()
+        {
+            return cipherSuite;
+        }
+
+        public List<Certificate> getLocalCertificateChain()
+        {
+            return localCertificateChain;
+        }
+
+        public List<Certificate> getServerCertificateChain()
+        {
+            return serverCertificateChain;
+        }
+
+        public Principal getPeerPrincipal()
+        {
+            return peerPrincipal;
+        }
+
+        public Principal getLocalPrincipal()
+        {
+            return localPrincipal;
+        }
+    }
 }