From 8bed2f987b2bdeae38d0da4875a01bc8688411ce Mon Sep 17 00:00:00 2001
From: Mariam Almesfer <mariamalmesfer22@gamil.com>
Date: Thu, 10 Oct 2024 14:35:57 +0300
Subject: [PATCH] Upgrade okhttp to version 4.12.0

---
 pom.xml                                       | 12 ++++-
 .../facebook/presto/client/OkHttpUtil.java    | 54 +++++++++++++++++--
 2 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index e53fa8717e359..99ebac608c9e9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
         <dep.slice.version>0.38</dep.slice.version>
         <dep.testing-mysql-server-5.version>0.6</dep.testing-mysql-server-5.version>
         <dep.aws-sdk.version>1.12.560</dep.aws-sdk.version>
-        <dep.okhttp.version>3.9.0</dep.okhttp.version>
+        <dep.okhttp.version>4.12.0</dep.okhttp.version>
         <dep.jdbi3.version>3.4.0</dep.jdbi3.version>
         <dep.oracle.version>19.3.0.0</dep.oracle.version>
         <dep.drift.version>1.38</dep.drift.version>
@@ -2350,6 +2350,7 @@
                                     <exclude>com.fasterxml.jackson.core:jackson-annotations</exclude>
                                     <exclude>com.fasterxml.jackson.core:jackson-core</exclude>
                                     <exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
+                                    <exclude>org.jetbrains.kotlin:kotlin-stdlib-jdk8</exclude>
                                 </excludes>
                             </requireUpperBoundDeps>
                         </rules>
@@ -2507,6 +2508,15 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.basepom.maven</groupId>
+                <artifactId>duplicate-finder-maven-plugin</artifactId>
+                <configuration>
+                    <ignoredClassPatterns combine.children="append">
+                        <ignoredClassPattern>META-INF.versions.9.module-info</ignoredClassPattern>
+                    </ignoredClassPatterns>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 
diff --git a/presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java b/presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java
index 20026f984aa1a..c08f3e089bab1 100644
--- a/presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java
+++ b/presto-client/src/main/java/com/facebook/presto/client/OkHttpUtil.java
@@ -41,6 +41,7 @@
 import java.net.Proxy;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.security.SecureRandom;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateExpiredException;
 import java.security.cert.CertificateNotYetValidException;
@@ -57,6 +58,7 @@
 import static java.net.Proxy.Type.SOCKS;
 import static java.util.Collections.list;
 import static java.util.Objects.requireNonNull;
+import static okhttp3.internal.tls.OkHostnameVerifier.INSTANCE;
 
 public final class OkHttpUtil
 {
@@ -138,11 +140,46 @@ private static InetSocketAddress toUnresolvedAddress(HostAndPort address)
         return InetSocketAddress.createUnresolved(address.getHost(), address.getPort());
     }
 
+    public static void setupInsecureSsl(OkHttpClient.Builder clientBuilder)
+    {
+        try {
+            X509TrustManager trustAllCerts = new X509TrustManager()
+            {
+                @Override
+                public void checkClientTrusted(X509Certificate[] chain, String authType)
+                {
+                    throw new UnsupportedOperationException("checkClientTrusted should not be called");
+                }
+
+                @Override
+                public void checkServerTrusted(X509Certificate[] chain, String authType)
+                {
+                    // skip validation of server certificate
+                }
+
+                @Override
+                public X509Certificate[] getAcceptedIssuers()
+                {
+                    return new X509Certificate[0];
+                }
+            };
+
+            SSLContext sslContext = SSLContext.getInstance("SSL");
+            sslContext.init(null, new TrustManager[] {trustAllCerts}, new SecureRandom());
+
+            clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustAllCerts);
+            clientBuilder.hostnameVerifier((hostname, session) -> true);
+        }
+        catch (GeneralSecurityException e) {
+            throw new ClientException("Error setting up SSL: " + e.getMessage(), e);
+        }
+    }
+
     public static void setupSsl(
             OkHttpClient.Builder clientBuilder,
             Optional<String> keyStorePath,
             Optional<String> keyStorePassword,
-            Optional<String> keystoreType,
+            Optional<String> keyStoreType,
             Optional<String> trustStorePath,
             Optional<String> trustStorePassword,
             Optional<String> trustStoreType)
@@ -156,7 +193,6 @@ public static void setupSsl(
             KeyStore keyStore = null;
             KeyManager[] keyManagers = null;
             if (keyStorePath.isPresent()) {
-                checkArgument(keystoreType.isPresent(), "keystore type is not present");
                 char[] keyManagerPassword;
                 try {
                     // attempt to read the key store as a PEM file
@@ -167,7 +203,7 @@ public static void setupSsl(
                 catch (IOException | GeneralSecurityException ignored) {
                     keyManagerPassword = keyStorePassword.map(String::toCharArray).orElse(null);
 
-                    keyStore = KeyStore.getInstance(keystoreType.get());
+                    keyStore = KeyStore.getInstance(keyStoreType.get());
                     try (InputStream in = new FileInputStream(keyStorePath.get())) {
                         keyStore.load(in, keyManagerPassword);
                     }
@@ -181,7 +217,6 @@ public static void setupSsl(
             // load TrustStore if configured, otherwise use KeyStore
             KeyStore trustStore = keyStore;
             if (trustStorePath.isPresent()) {
-                checkArgument(trustStoreType.isPresent(), "truststore type is not present");
                 trustStore = loadTrustStore(new File(trustStorePath.get()), trustStorePassword, trustStoreType.get());
             }
 
@@ -201,12 +236,23 @@ public static void setupSsl(
             sslContext.init(keyManagers, new TrustManager[] {trustManager}, null);
 
             clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+            clientBuilder.hostnameVerifier(INSTANCE);
         }
         catch (GeneralSecurityException | IOException e) {
             throw new ClientException("Error setting up SSL: " + e.getMessage(), e);
         }
     }
 
+    public static void setupSsl(
+            OkHttpClient.Builder clientBuilder,
+            Optional<String> keyStorePath,
+            Optional<String> keyStorePassword,
+            Optional<String> trustStorePath,
+            Optional<String> trustStorePassword)
+    {
+        setupSsl(clientBuilder, keyStorePath, keyStorePassword, Optional.of(KeyStore.getDefaultType()), trustStorePath, trustStorePassword, Optional.of(KeyStore.getDefaultType()));
+    }
+
     private static void validateCertificates(KeyStore keyStore)
             throws GeneralSecurityException
     {