snazy commented on code in PR #2805:
URL: https://github.com/apache/polaris/pull/2805#discussion_r2438803002
##########
runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java:
##########
@@ -230,6 +234,50 @@ public SdkHttpClient sdkHttpClient(S3AccessConfig config) {
return httpClient.build();
}
+ /**
+ * Producer that creates an insecure SDK HTTP client (trusts all certs).
This allows other
+ * components to explicitly request the insecure client instance when wiring
clients that need to
+ * ignore TLS verification (for development/test setups only).
+ */
+ @Produces
+ @Singleton
+ @Identifier("aws-sdk-http-client-insecure")
+ public SdkHttpClient insecureSdkHttpClient(S3AccessConfig config) {
+ return createInsecureHttpClient(config);
+ }
+
+ /**
+ * Creates an HTTP client that bypasses SSL certificate verification.
WARNING: This should only be
+ * used for development and testing environments.
+ */
+ public SdkHttpClient createInsecureHttpClient(S3AccessConfig config) {
+ try {
+ SSLContext sslContext =
Review Comment:
`software.amazon.awssdk.http.SdkHttpConfigurationOption#TRUST_ALL_CERTIFICATES`
seems to be a simpler way.
##########
runtime/service/src/main/java/org/apache/polaris/service/config/ServiceProducers.java:
##########
@@ -230,6 +234,50 @@ public SdkHttpClient sdkHttpClient(S3AccessConfig config) {
return httpClient.build();
}
+ /**
+ * Producer that creates an insecure SDK HTTP client (trusts all certs).
This allows other
+ * components to explicitly request the insecure client instance when wiring
clients that need to
+ * ignore TLS verification (for development/test setups only).
+ */
+ @Produces
+ @Singleton
+ @Identifier("aws-sdk-http-client-insecure")
+ public SdkHttpClient insecureSdkHttpClient(S3AccessConfig config) {
+ return createInsecureHttpClient(config);
+ }
+
+ /**
+ * Creates an HTTP client that bypasses SSL certificate verification.
WARNING: This should only be
+ * used for development and testing environments.
+ */
+ public SdkHttpClient createInsecureHttpClient(S3AccessConfig config) {
+ try {
+ SSLContext sslContext =
+ SSLContextBuilder.create().loadTrustMaterial(null, (chain, authType)
-> true).build();
+
+ ApacheHttpClient.Builder httpClient =
+ ApacheHttpClient.builder()
+ .socketFactory(
+ new SSLConnectionSocketFactory(sslContext,
NoopHostnameVerifier.INSTANCE));
+
+ // Apply configuration options
+ config.maxHttpConnections().ifPresent(httpClient::maxConnections);
+ config.readTimeout().ifPresent(httpClient::socketTimeout);
+ config.connectTimeout().ifPresent(httpClient::connectionTimeout);
+
config.connectionAcquisitionTimeout().ifPresent(httpClient::connectionAcquisitionTimeout);
+
config.connectionMaxIdleTime().ifPresent(httpClient::connectionMaxIdleTime);
+
config.connectionTimeToLive().ifPresent(httpClient::connectionTimeToLive);
+
config.expectContinueEnabled().ifPresent(httpClient::expectContinueEnabled);
Review Comment:
Looks like this is duplicated code, which can be shared w/ `sdkHttpClient`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
