From 957b6d40f7ce52d9b62b99bae827213e1ce2ab3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Serkan=20=C3=96ZAL?= Date: Fri, 29 Mar 2024 15:54:11 +0300 Subject: [PATCH] Ignore TLS components (SSLContext, TrustManager, KeyManager) if plain HTTP protocol is used for exporting --- .../exporter/internal/grpc/GrpcExporterBuilder.java | 5 +++-- .../exporter/internal/http/HttpExporterBuilder.java | 5 +++-- .../sender/okhttp/internal/OkHttpGrpcSender.java | 13 +++++++++---- .../sender/okhttp/internal/OkHttpHttpSender.java | 9 ++++++++- .../jaeger/sampler/JaegerRemoteSamplerBuilder.java | 12 ++++++++---- 5 files changed, 31 insertions(+), 13 deletions(-) diff --git a/exporters/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java b/exporters/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java index ad0b8c86aaf..52dd51fe552 100644 --- a/exporters/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java +++ b/exporters/common/src/main/java/io/opentelemetry/exporter/internal/grpc/GrpcExporterBuilder.java @@ -195,6 +195,7 @@ public GrpcExporter build() { return result; }; + boolean isPlainHttp = "http".equals(endpoint.getScheme()); GrpcSenderProvider grpcSenderProvider = resolveGrpcSenderProvider(); GrpcSender grpcSender = grpcSenderProvider.createSender( @@ -207,8 +208,8 @@ public GrpcExporter build() { grpcChannel, grpcStubFactory, retryPolicy, - tlsConfigHelper.getSslContext(), - tlsConfigHelper.getTrustManager()); + isPlainHttp ? null : tlsConfigHelper.getSslContext(), + isPlainHttp ? null : tlsConfigHelper.getTrustManager()); LOGGER.log(Level.FINE, "Using GrpcSender: " + grpcSender.getClass().getName()); return new GrpcExporter<>(exporterName, type, grpcSender, meterProviderSupplier); diff --git a/exporters/common/src/main/java/io/opentelemetry/exporter/internal/http/HttpExporterBuilder.java b/exporters/common/src/main/java/io/opentelemetry/exporter/internal/http/HttpExporterBuilder.java index c9087185ecb..8f1d441b154 100644 --- a/exporters/common/src/main/java/io/opentelemetry/exporter/internal/http/HttpExporterBuilder.java +++ b/exporters/common/src/main/java/io/opentelemetry/exporter/internal/http/HttpExporterBuilder.java @@ -185,6 +185,7 @@ public HttpExporter build() { return result; }; + boolean isPlainHttp = endpoint.startsWith("http://"); HttpSenderProvider httpSenderProvider = resolveHttpSenderProvider(); HttpSender httpSender = httpSenderProvider.createSender( @@ -198,8 +199,8 @@ public HttpExporter build() { proxyOptions, authenticator, retryPolicy, - tlsConfigHelper.getSslContext(), - tlsConfigHelper.getTrustManager()); + isPlainHttp ? null : tlsConfigHelper.getSslContext(), + isPlainHttp ? null : tlsConfigHelper.getTrustManager()); LOGGER.log(Level.FINE, "Using HttpSender: " + httpSender.getClass().getName()); return new HttpExporter<>(exporterName, type, httpSender, meterProviderSupplier, exportAsJson); diff --git a/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java b/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java index 3c5cb153e12..d9ceecb77b7 100644 --- a/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java +++ b/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpGrpcSender.java @@ -47,6 +47,7 @@ import javax.net.ssl.X509TrustManager; import okhttp3.Call; import okhttp3.Callback; +import okhttp3.ConnectionSpec; import okhttp3.HttpUrl; import okhttp3.OkHttpClient; import okhttp3.Protocol; @@ -89,14 +90,18 @@ public OkHttpGrpcSender( clientBuilder.addInterceptor( new RetryInterceptor(retryPolicy, OkHttpGrpcSender::isRetryable)); } - if (sslContext != null && trustManager != null) { - clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager); - } - if (endpoint.startsWith("http://")) { + + boolean isPlainHttp = endpoint.startsWith("http://"); + if (isPlainHttp) { + clientBuilder.connectionSpecs(Collections.singletonList(ConnectionSpec.CLEARTEXT)); clientBuilder.protocols(Collections.singletonList(Protocol.H2_PRIOR_KNOWLEDGE)); } else { clientBuilder.protocols(Arrays.asList(Protocol.HTTP_2, Protocol.HTTP_1_1)); + if (sslContext != null && trustManager != null) { + clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager); + } } + this.client = clientBuilder.build(); this.headersSupplier = headersSupplier; this.url = HttpUrl.get(endpoint); diff --git a/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java b/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java index 5d0c839046b..8b85396ce08 100644 --- a/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java +++ b/exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java @@ -16,6 +16,7 @@ import io.opentelemetry.sdk.common.export.RetryPolicy; import java.io.IOException; import java.time.Duration; +import java.util.Collections; import java.util.List; import java.util.Map; import java.util.function.Consumer; @@ -25,6 +26,7 @@ import javax.net.ssl.X509TrustManager; import okhttp3.Call; import okhttp3.Callback; +import okhttp3.ConnectionSpec; import okhttp3.HttpUrl; import okhttp3.MediaType; import okhttp3.OkHttpClient; @@ -88,9 +90,14 @@ public OkHttpHttpSender( if (retryPolicy != null) { builder.addInterceptor(new RetryInterceptor(retryPolicy, OkHttpHttpSender::isRetryable)); } - if (sslContext != null && trustManager != null) { + + boolean isPlainHttp = endpoint.startsWith("http://"); + if (isPlainHttp) { + builder.connectionSpecs(Collections.singletonList(ConnectionSpec.CLEARTEXT)); + } else if (sslContext != null && trustManager != null) { builder.sslSocketFactory(sslContext.getSocketFactory(), trustManager); } + this.client = builder.build(); this.url = HttpUrl.get(endpoint); this.compressor = compressor; diff --git a/sdk-extensions/jaeger-remote-sampler/src/main/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerBuilder.java b/sdk-extensions/jaeger-remote-sampler/src/main/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerBuilder.java index 4cb4f6f4970..24dfac82acc 100644 --- a/sdk-extensions/jaeger-remote-sampler/src/main/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerBuilder.java +++ b/sdk-extensions/jaeger-remote-sampler/src/main/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerBuilder.java @@ -21,6 +21,7 @@ import javax.annotation.Nullable; import javax.net.ssl.SSLContext; import javax.net.ssl.X509TrustManager; +import okhttp3.ConnectionSpec; import okhttp3.Headers; import okhttp3.OkHttpClient; import okhttp3.Protocol; @@ -165,14 +166,17 @@ public JaegerRemoteSampler build() { clientBuilder.callTimeout(Duration.ofNanos(TimeUnit.SECONDS.toNanos(DEFAULT_TIMEOUT_SECS))); - SSLContext sslContext = tlsConfigHelper.getSslContext(); - X509TrustManager trustManager = tlsConfigHelper.getTrustManager(); + String endpoint = this.endpoint.resolve(GRPC_ENDPOINT_PATH).toString(); + boolean isPlainHttp = endpoint.startsWith("http://"); + + SSLContext sslContext = isPlainHttp ? null : tlsConfigHelper.getSslContext(); + X509TrustManager trustManager = isPlainHttp ? null : tlsConfigHelper.getTrustManager(); if (sslContext != null && trustManager != null) { clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager); } - String endpoint = this.endpoint.resolve(GRPC_ENDPOINT_PATH).toString(); - if (endpoint.startsWith("http://")) { + if (isPlainHttp) { + clientBuilder.connectionSpecs(Collections.singletonList(ConnectionSpec.CLEARTEXT)); clientBuilder.protocols(Collections.singletonList(Protocol.H2_PRIOR_KNOWLEDGE)); } else { clientBuilder.protocols(Arrays.asList(Protocol.HTTP_2, Protocol.HTTP_1_1));