Issue in the way OkHttpClient is used in the Minio Java Client

[someshrathi02]

These seems to be an issue in the way OkHttpClient is used in the Minio Java Client

Context:
We are trying to connect to Minio using the Mimio-java client from a SpringBoot application.

• JDK 1.8.0_112
• Minio Client - 3.0.7

The SpringBoot application is using a custom PKI provider.

Issue faced:
It looks like Minio Java client is using the OKHTTPClient. And the problem appears to be how Minio Java client is using the OkHttPClient.

https://github.com/minio/minio-java/blob/master/api/src/main/java/io/minio/MinioClient.java

So even though Minio Java Client provides a constructor to pass the OkHttpClient (see below), it is already initializing the OkHttpClient at the Class level in line 202:

This is the constructor that we want to use
MinioClient(String endpoint, int port, String accessKey, String secretKey, String region, boolean secure, OkHttpClient httpClient)

line 202
private OkHttpClient httpClient = new OkHttpClient();

So if this httpClient initialization is moved to the relevant Constructors (& not at the class level), we think that the issue can be resolved.

The problem happens when the default OkHttpClient tries to set the default TrustManager:

Within the OkHttpClient
https://github.com/square/okhttp/blob/master/okhttp/src/main/java/okhttp3/OkHttpClient.java
Line 284
trustManagerFactory.init((KeyStore) null);
Not all the custom PKI providers handle this null gracefully.

Work around (used for now):
We switched from using the Minio Java Client to AmazonS3 Java client and everything works as expected.

[balamurugana]

@someshrathi02 The issue is already fixed in the master by #621. Could you check that?

[balamurugana]

@someshrathi02 There is new release available http://central.maven.org/maven2/io/minio/minio/3.0.8/

[someshrathi02]

Hi Balamurugana ,
Thanks for your reply. #621 is related to increasing default timeout.

However this one is related to line 202 where httpClient is intialized using new operator.

line 202
private OkHttpClient httpClient = new OkHttpClient();

So if this httpClient initialization is moved to the relevant Constructors (& not at the class level), we think that the issue can be resolved.

[balamurugana]

@someshrathi02 I am unable to understand why private OkHttpClient httpClient = new OkHttpClient(); is problem in the constructor accepting custom OkHttpClient. As I mentioned earlier, there was a bug in handling custom OkHttpClient in the constructor which got fixed in the latest minio-java.

Could you try latest minio-java?

[ramkumarkb]

@balamurugana We have tested the latest version and the issue persists (and therefore we have to continue to use the Amazon Java Client).

We think the real cause is the line (line 202):

private OkHttpClient httpClient = new OkHttpClient();

From our analysis, even before the constructor initializes the httpClient with the passed in Object, the Class level initialization takes place (as per the Java initialization process of new Objects). That is line 202 gets executed before the Constructor's httpClient is passed.

And this causes the issue as the custom PKI Provider is unable to handle null. If this initialization of httpClient is moved to each of the constructors, then we should be good.

https://stackoverflow.com/questions/23093470/java-order-of-initialization-and-instantiation