feat: [FFM-12489]: Adding support for HTTP proxies (#205)

* feat: [FFM-12489]: Adding support for HTTP proxies

* bump ver

* avoid sending password to unknown servers

* adding https proxy support

* bump ver

* fix naming

Author: andybharness

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

settings.gradle

@@ -4,7 +4,7 @@ dependencyResolutionManagement {
     versionCatalogs {
         libs {
             // main sdk version
-            version('sdk', '1.8.2');
+            version('sdk', '1.8.3');
 
             // sdk deps
             version('okhttp3', '4.12.0')

src/main/java/io/harness/cf/client/connector/DelegatingSocketFactory.java

@@ -0,0 +1,45 @@
+package io.harness.cf.client.connector;
+
+import javax.net.SocketFactory;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+
+final class DelegatingSocketFactory extends SocketFactory {
+    private final SocketFactory delegate;
+
+    public DelegatingSocketFactory(SocketFactory delegate) {
+        this.delegate = delegate;
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return configureSocket(delegate.createSocket());
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException {
+        return configureSocket(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localAddress,
+                               int localPort) throws IOException {
+        return configureSocket(delegate.createSocket(host, port, localAddress, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return configureSocket(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port, InetAddress localAddress,
+                               int localPort) throws IOException {
+        return configureSocket(delegate.createSocket(host, port, localAddress, localPort));
+    }
+
+    Socket configureSocket(Socket socket) {
+        return socket;
+    }
+}

src/main/java/io/harness/cf/client/connector/EventSource.java

@@ -75,10 +75,14 @@ protected OkHttpClient makeStreamClient(long sseReadTimeoutMins, List<X509Certif
       throws ConnectorException {
     OkHttpClient.Builder httpClientBuilder =
         new OkHttpClient.Builder()
+            .proxy(ProxyConfig.getProxyConfig())
+            .proxyAuthenticator(ProxyConfig.getProxyAuthentication())
             .eventListener(EventListener.NONE)
             .readTimeout(sseReadTimeoutMins, TimeUnit.MINUTES)
             .retryOnConnectionFailure(true);
 
+    ProxyConfig.configureTls(httpClientBuilder);
+
     setupTls(httpClientBuilder, trustedCAs);
 
     if (log.isDebugEnabled()) {

src/main/java/io/harness/cf/client/connector/HarnessConnector.java

@@ -21,6 +21,7 @@
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import okhttp3.Interceptor;
+import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
 import org.slf4j.MDC;
@@ -87,16 +88,18 @@ ApiClient makeApiClient(int retryBackOfDelay) {
 
     setupTls(apiClient);
 
+    final OkHttpClient.Builder builder = apiClient
+      .getHttpClient()
+      .newBuilder();
+
+    ProxyConfig.configureTls(builder);
+
     // if http client response is 403 we need to reauthenticate
-    apiClient.setHttpClient(
-        apiClient
-            .getHttpClient()
-            .newBuilder()
-            .addInterceptor(this::reauthInterceptor)
-            .addInterceptor(
-                new NewRetryInterceptor(
-                    options.getMaxRequestRetry(), retryBackOfDelay, isShuttingDown))
-            .build());
+    apiClient.setHttpClient(builder.proxy(ProxyConfig.getProxyConfig())
+      .proxyAuthenticator(ProxyConfig.getProxyAuthentication())
+      .addInterceptor(this::reauthInterceptor)
+      .addInterceptor(new NewRetryInterceptor(options.getMaxRequestRetry(), retryBackOfDelay, isShuttingDown))
+      .build());
 
     return apiClient;
   }

src/main/java/io/harness/cf/client/connector/ProxyConfig.java

@@ -0,0 +1,67 @@
+package io.harness.cf.client.connector;
+
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+import lombok.extern.slf4j.Slf4j;
+import okhttp3.Authenticator;
+import okhttp3.Credentials;
+import okhttp3.OkHttpClient;
+
+import javax.net.ssl.SSLSocketFactory;
+
+@Slf4j
+public class ProxyConfig {
+
+  public static Proxy getProxyConfig() {
+    final String host = System.getProperty("https.proxyHost", System.getProperty("http.proxyHost"));
+    final String port = System.getProperty("https.proxyPort", System.getProperty("http.proxyPort"));
+    if (host == null || host.isEmpty() || port == null || port.isEmpty()) {
+      return Proxy.NO_PROXY;
+    }
+    return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, Integer.parseInt(port)));
+  }
+
+  public static Authenticator getProxyAuthentication() {
+    final String user = System.getProperty("http.proxyUser");
+    final String password = System.getProperty("http.proxyPassword");
+    if (user == null || user.isEmpty() || password == null || password.isEmpty()) {
+      return Authenticator.NONE;
+    }
+
+    return (route, response) -> {
+      final String targetIpPort = getIpAndPort((route == null ? null : route.socketAddress()));
+      final String configuredIpPort = getIpAndPort((InetSocketAddress) getProxyConfig().address());
+
+      if (targetIpPort.equalsIgnoreCase(configuredIpPort)) {
+        final String credential = Credentials.basic(user, password);
+        return response.request().newBuilder().header("Proxy-Authorization", credential).build();
+      } else {
+        log.warn(
+            "Target proxy `{}` does not match configured proxy `{}`. Credentials not sent",
+            targetIpPort,
+            configuredIpPort);
+        return null;
+      }
+    };
+  }
+
+  private static String getIpAndPort(InetSocketAddress addr) {
+    if (addr == null) {
+      return "null";
+    }
+    return addr.getAddress().getHostAddress() + ":" + addr.getPort();
+  }
+
+  public static void configureTls(OkHttpClient.Builder builder) {
+    if (builder == null) {
+      return;
+    }
+    final String host = System.getProperty("https.proxyHost");
+    final String port = System.getProperty("https.proxyPort");
+    if (host == null || host.isEmpty() || port == null || port.isEmpty()) {
+      return;
+    }
+
+    builder.socketFactory(new DelegatingSocketFactory(SSLSocketFactory.getDefault()));
+  }
+}