Commit Graph

3574 Commits

Author SHA1 Message Date
dependabot[bot] a79f23c904 Bump github/codeql-action from 2 to 3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-15 14:59:55 +01:00
Oleg Kalnichevski 3204639991 Corrected project website URL 2023-12-15 14:52:27 +01:00
Oleg Kalnichevski 641519f226 Removed unused dependency on jna 2023-12-15 14:51:34 +01:00
dependabot[bot] 844d33fa06 Bump actions/setup-java from 3 to 4
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 13:25:32 +01:00
dependabot[bot] 79490a5ff9 Bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 12:27:57 +01:00
dependabot[bot] 3998690193 Bump log4j.version from 2.20.0 to 2.22.0
Bumps `log4j.version` from 2.20.0 to 2.22.0.

Updates `org.apache.logging.log4j:log4j-slf4j-impl` from 2.20.0 to 2.22.0

Updates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.22.0

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-slf4j-impl
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-13 12:18:48 +01:00
Arturo Bernal 94e43b2bb4 Implement username* validation and decoding in DigestScheme (#511)
Introduces validation and decoding logic for the 'username*' field in the DigestScheme class. The changes ensure compliance with RFC 7616 and RFC 5987 by handling cases where the 'username' contains characters not allowed in an ABNF quoted-string.
2023-12-13 11:54:49 +01:00
Arturo Bernal 3eaf9bf5c0 Implement Support for Userhash Parameter in Digest Authentication as per RFC 7616 (#509)
This commit introduces support for the userhash parameter in Digest Authentication, conforming to the specifications outlined in RFC 7616. The userhash parameter enhances security by allowing the client to hash the username before transmission, thereby protecting the username during transport. This implementation ensures that when the server indicates support for username hashing (userhash=true), the client correctly calculates and includes the hashed username in the Authorization header field, adhering to the protocol defined in RFC 7616 for enhanced security in HTTP Digest Access Authentication.
2023-12-13 11:54:49 +01:00
Arturo Bernal 6976ab58f2 Enforce Support for UTF-8 Encoding Scheme in Digest Authentication as per RFC 7616 (#508)
This commit enforces the use of the 'UTF-8' encoding scheme as the sole allowed value for character encoding in Digest Authentication, in alignment with the guidelines specified in RFC 7616.
2023-12-13 11:54:49 +01:00
Arturo Bernal 7b761fb2c3 Enforce UTF-8 Encoding in BasicSchemeFactory for RFC 7617 Compliance (#506)
- Deprecated the constructor in BasicSchemeFactory that allows setting a custom Charset.
- Updated the default constructor to use StandardCharsets.UTF_8, aligning with RFC 7617 which mandates UTF-8 encoding for Basic Authentication.
2023-12-13 11:54:48 +01:00
Arturo Bernal aa5bc56abe Implement Password Validation in BasicScheme. (#505)
Introduced a new method, `validatePassword`, in the `BasicScheme` class to enforce password validation in line with RFC 7617 standards. This method includes control character validation for passwords, ensuring they adhere to RFC 7617 by not containing any control characters.
2023-12-13 11:54:48 +01:00
Oleg Kalnichevski 1bbf5f4371 Bug fix: when validating a cache entry the protocol handlers must use the current request message with additional headers generated by the previous request interceptors instead of the original request message 2023-12-13 11:54:48 +01:00
Oleg Kalnichevski 67a0b52919 Better debug logging in the caching protocol handlers 2023-12-13 11:54:48 +01:00
Oleg Kalnichevski 628a963a3a Better HTTP execution context management by caching protocol handlers 2023-12-13 11:54:48 +01:00
Oleg Kalnichevski abb958ec27 HTTPCLIENT-2277: Revised cache validation logic for conformance with the specification requirements per RFC 9111 section 4 2023-12-13 11:54:47 +01:00
Oleg Kalnichevski ebae9ef7e3 HTTPCLIENT-2277: Aligned CachedResponseSuitabilityChecker with the specification requirements per RFC 9111 section 4 2023-12-13 11:54:47 +01:00
Oleg Kalnichevski 99eb13934f HTTPCLIENT-2277: Aligned ResponseCachingPolicy with the specification requirements per RFC 9111 section 3 2023-12-13 11:54:47 +01:00
Oleg Kalnichevski fcb86dae11 HTTPCLIENT-2277: Do not store AUTHORIZATION request header in the cache entry per RFC 9111 section 3.5 2023-12-13 11:54:47 +01:00
Oleg Kalnichevski 1492f57a84 HTTPCLIENT-2277: Cache update bug fix 2023-12-13 11:54:47 +01:00
Arturo Bernal 7724432894 HTTPCLIENT-2301. Refactor release method to use local conn variable. This commit updates the release method to use the local conn variable from internalEndpoint.detach() for accurate state management and resource cleanup, addressing the issue HTTPCLIENT-2301. (#502) 2023-12-13 11:54:47 +01:00
Arturo Bernal 6a5516f99e Refactor RequestIfRange class to use DateUtils for date parsing. (#497)
* Updates the RequestIfRange class to utilize DateUtils for parsing standard HTTP dates.
* Optimize time difference check in RequestIfRange with Instant API.
2023-12-13 11:54:47 +01:00
Oleg Kalnichevski 17540a7881 Moved methods used by the public API classes from CacheSupport to CacheKeyGenerator; added test cases 2023-12-13 11:54:46 +01:00
Oleg Kalnichevski 3ff5496ffb HttpCacheEntry to cache parsed DATE, EXPIRES and LAST_MODIFIED values; avoid parsing DATE header of cache entries and HTTP messages multiple times 2023-12-13 11:54:46 +01:00
Oleg Kalnichevski e7ee13701e Optimize `#isResponseCacheable` by parsing DATE and EXPIRES headers only once 2023-12-13 11:54:46 +01:00
Oleg Kalnichevski 762028805e Moved delta-second parsing routine to CacheSupport 2023-12-13 11:54:46 +01:00
Oleg Kalnichevski 6055776245 Fixed invalid flow control in CacheControlHeaderParser 2023-12-13 11:54:46 +01:00
Oleg Kalnichevski 915b9b34d7 HTTPCLIENT-2293: Better name for the standard date pattern 2023-12-13 11:54:46 +01:00
Oleg Kalnichevski 4b7986370f HTTPCLIENT-2293: client protocol handlers to try to send `Host` as the first header in the request header section per RFC 9110 section 7.2 2023-12-13 11:54:45 +01:00
Oleg Kalnichevski 152ba4736f Renamed cache protocol conformance response interceptor (no functional changes) 2023-12-13 11:54:45 +01:00
Oleg Kalnichevski 77fdc11818 HTTPCLIENT-2293: Via header improvements
* optimized parting of Via response header values in order to generate less intermediate garbage
* optimized Via message header generation
* moved Via request header generation to a cache request interceptor
* moved Via response header generation to a cache response interceptor
2023-12-13 11:54:45 +01:00
Arturo Bernal 83e0339d27 HTTPCLIENT-2293 - Implement RFC-compliant TRACE request interceptor (#486)
- Add RequestTraceInterceptor class to handle HTTP TRACE requests in compliance with RFC 7231, Section 4.3.8.
  - Throw ProtocolException for sensitive headers like 'Authorization' and 'Cookie' in TRACE requests.
  - Throw ProtocolException if TRACE request contains a body.
2023-12-13 11:54:45 +01:00
Arturo Bernal 888232447b HTTPCLIENT-2293 - Implement 'If-Range' request validation as per RFC 9110 (#485)
- Ensure the presence of 'Range' header when 'If-Range' is specified.
- Enforce strong validator requirements when 'If-Range' is paired with a Date.
- Exit processing early if 'Last-Modified' header is missing, ensuring strong validation adherence.
2023-12-13 11:54:45 +01:00
Oleg Kalnichevski 1b0e9cf7b0 HTTPCLIENT-2277: deprecation of obsolete config parameters and removal of oudated or meaningless tests (#484)
* HTTPCLIENT-2277: Deprecated 303 response caching switch as no longer required by RFC 9111

* Javadoc improvements (no functional changes)

* HTTPCLIENT-2277: Revision of HTTP cache protocol requirement and recommendation test cases:
* Removed links to RFC 2616
* Removed verbatim quotes from RFC 2616
* Removed obsolete test cases and test cases without result verification / assertions
* Removed test cases unrelated to HTTP caching
* Removed test cases without test result assertions
2023-12-13 11:54:45 +01:00
Oleg Kalnichevski c7d79190e6 HTTPCLIENT-2277: revised cache update handling
* improved and simplified internal cache API
* corrected cache update logic after a variant negotiation
* added more tests
2023-12-13 11:54:44 +01:00
Oleg Kalnichevski 02f09c03f4 HTTPCLIENT-2277, regression: corrected wrong variant entry keys in cache hits returned by `BasicHttpCache#getVariants` 2023-12-13 11:54:44 +01:00
Arturo Bernal 889a6bb085 HTTPCLIENT-2293 Enforce port specification for CONNECT requests as per RFC 9110 (#482)
- This adheres to RFC 9110, which states: "There is no default port; a client MUST send the port number even if the CONNECT request is based on a URI reference that contains an authority component with an elided port.
2023-12-13 11:54:44 +01:00
Oleg Kalnichevski 893574e092 HTTPCLIENT-2284: internal cache storage improvements (#478) 2023-12-13 11:54:44 +01:00
Arturo Bernal 8466b19861 Refactor HttpClient synchronized sections for virtual threads (#476)
- Replaced `synchronized` blocks with `ReentrantLock` in `LeaseRequest` to better support virtual threads introduced in JDK 21.
- Ensured each `LeaseRequest` instance has its own unique lock for maintaining original synchronization semantics.
- Addressed potential performance and deadlock issues with virtual threads by using explicit lock primitives from `java.util.concurrent.locks`.
2023-12-13 11:54:44 +01:00
Oleg Kalnichevski 097c17b78b HTTPCLIENT-2284: Cache entry representation improvements: (#477)
* request URI stored in cache is now normalized and is presently expected to be the same as the root key
* removed references to variant cache keys from the cache entry
* Variants in root entries are now represented as a set, not as a map
2023-12-13 11:54:44 +01:00
Oleg Kalnichevski 5fe89b4e32 Removed unused method argument 2023-12-13 11:54:43 +01:00
Oleg Kalnichevski a8a66a1616 Fixed deprecation warnings 2023-12-13 11:54:43 +01:00
Oleg Kalnichevski 62d6db25e5 HTTPCLIENT-2277: Revision of the response protocol compliance checks: the caching layer should not attempt to enforce HTTP protocol compliance beyond what it required for correct operation of the caching functionality 2023-12-13 11:54:43 +01:00
Oleg Kalnichevski 0f7de55d41 HTTPCLIENT-2277: Removal of the HTTP protocol logic presently enforced in the caching layer directly related to the caching functionality. The enforcement of general protocol requirements should be implemented in the protocol layer. 2023-12-13 11:54:43 +01:00
Oleg Kalnichevski a19adcb0dd HTTPCLIENT-2277: Removal of support for deprecated `Pragma` header 2023-12-13 11:54:43 +01:00
Oleg Kalnichevski d1d6eec7dd HTTPCLIENT-2277: Removal of deprecated `Warning` header support 2023-12-13 11:54:43 +01:00
Arturo Bernal 561c949f78 Implement Cache-Control Extension in Response Caching Policy. (#462)
This commit adds the functionality to handle the 'immutable' directive in the Cache-Control header as per the RFC8246 specifications.

Key changes include:
- The 'immutable' directive is checked in the Cache-Control of an HTTP response, indicating that the origin server will not update the resource representation during the response's freshness lifetime.
- If the 'immutable' directive is present and the response is still fresh, the response is considered cacheable without further validation.
- Ignoring any arguments with the 'immutable' directive, as per RFC stipulations.
- Treating multiple instances of the 'immutable' directive as equivalent to one.
2023-12-13 11:54:42 +01:00
Oleg Kalnichevski 9bde706ae7 HTTPCLIENT-2277: Revision and simplification of the cache eviction logic; conformance to RFC 9111 section 4.4 2023-12-13 11:54:42 +01:00
Arturo Bernal a1d9d19b5b HTTPCLIENT-2277: Implement must-understand directive according to RFC 9111 (#461)
This commit introduces changes to handle the 'must-understand' directive in accordance with the updated HTTP cache-related RFC 9111. The logic ensures that the cache only stores responses with status codes it understands when the 'must-understand' directive is present.

This implementation adheres to the following RFC guidance:

- A cache that understands and conforms to the requirements of a response's status code may cache it when the 'must-understand' directive is present.
- If the 'no-store' directive is present along with the 'must-understand' directive, the cache can ignore the 'no-store' directive if it understands the status code's caching requirements.
2023-12-13 11:54:42 +01:00
Oleg Kalnichevski 5fbef8fc7f HTTPCLIENT-2277: optimization of internal cache operations 2023-12-13 11:54:42 +01:00
Oleg Kalnichevski e469cbb78d Better request method check (no functional changes) 2023-12-13 11:54:42 +01:00