Skip to content

Commit 44f04b6

Browse files
meiswjntimja
meiswjn
and
timja
authored
Adding proxy to GraphProxy OkHttpClient (#162)
Co-authored-by: Tim Jacomb <[email protected]>
1 parent f8c6fa4 commit 44f04b6

File tree

4 files changed

+33
-10
lines changed

4 files changed

+33
-10
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@
161161
<dependency>
162162
<groupId>org.bitbucket.b_c</groupId>
163163
<artifactId>jose4j</artifactId>
164-
<version>0.6.3</version>
164+
<version>0.7.9</version>
165165
<exclusions>
166166
<exclusion>
167167
<groupId>org.slf4j</groupId>

src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -184,11 +184,11 @@ private ClientSecretCredential getClientSecretCredential() {
184184
.build();
185185
}
186186

187-
private static OkHttpClient.Builder addProxyToHttpClientIfRequired(OkHttpClient.Builder builder) {
187+
public static OkHttpClient.Builder addProxyToHttpClientIfRequired(OkHttpClient.Builder builder) {
188188
if (JenkinsJVM.isJenkinsJVM()) {
189189
ProxyConfiguration proxyConfiguration = Jenkins.get().getProxy();
190190
if (proxyConfiguration != null && StringUtils.isNotBlank(proxyConfiguration.getName())) {
191-
Proxy proxy = proxyConfiguration.createProxy("https://graph.microsoft.com");
191+
Proxy proxy = proxyConfiguration.createProxy("graph.microsoft.com");
192192

193193
builder = builder.proxy(proxy);
194194
if (StringUtils.isNotBlank(proxyConfiguration.getUserName())) {

src/main/java/com/microsoft/jenkins/azuread/GraphProxy.java

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import com.github.benmanes.caffeine.cache.Caffeine;
66
import edu.umd.cs.findbugs.annotations.NonNull;
77
import hudson.Extension;
8+
import hudson.ProxyConfiguration;
89
import hudson.model.AbstractItem;
910
import hudson.model.Action;
1011
import hudson.model.Computer;
@@ -35,20 +36,21 @@
3536
import java.util.concurrent.TimeUnit;
3637
import java.util.stream.Collectors;
3738

39+
import static com.microsoft.jenkins.azuread.AzureSecurityRealm.addProxyToHttpClientIfRequired;
40+
3841
/**
3942
* Proxies calls to the Microsoft Graph API.
4043
*/
4144
@Extension
4245
@Restricted(NoExternalUse.class)
4346
public class GraphProxy implements RootAction, StaplerProxy {
44-
45-
private static final OkHttpClient CLIENT = new OkHttpClient();
4647
private static final int TEN = 10;
4748
private final Cache<String, AccessToken> tokenCache = Caffeine.newBuilder()
4849
.expireAfterWrite(TEN, TimeUnit.MINUTES)
4950
.build();
5051

5152
private AccessControlled accessControlled;
53+
private static final OkHttpClient DEFAULT_CLIENT = new OkHttpClient();
5254

5355
@Override
5456
public String getIconFileName() {
@@ -122,19 +124,19 @@ public Collection<? extends Action> createFor(@NonNull Computer target) {
122124
return Collections.singletonList(new GraphProxy(target));
123125
}
124126
}
125-
126127
public void doDynamic(StaplerRequest request, StaplerResponse response) throws IOException {
127128
proxy(request, response);
128129
}
129130

130131
private void proxy(StaplerRequest request, StaplerResponse response) throws IOException {
132+
OkHttpClient client = getClient();
131133
String baseUrl = getBaseUrl();
132134
String token = getToken();
133135

134136
String url = buildUrl(request, baseUrl);
135137
Request okRequest = buildRequest(request, token, url);
136138

137-
try (Response okResp = CLIENT.newCall(okRequest).execute()) {
139+
try (Response okResp = client.newCall(okRequest).execute()) {
138140
String contentType = okResp.header("Content-Type", "application/json");
139141

140142
response.setContentType(contentType);
@@ -157,6 +159,17 @@ private void proxy(StaplerRequest request, StaplerResponse response) throws IOEx
157159
}
158160
}
159161

162+
/**
163+
* Prefers the default client for performance, proxy users will get a new instance each time.
164+
*/
165+
private OkHttpClient getClient() {
166+
ProxyConfiguration proxyConfiguration = Jenkins.get().getProxy();
167+
if (proxyConfiguration != null && StringUtils.isNotBlank(proxyConfiguration.getName())) {
168+
return addProxyToHttpClientIfRequired(new OkHttpClient().newBuilder()).build();
169+
}
170+
return DEFAULT_CLIENT;
171+
}
172+
160173
private String getToken() {
161174
SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
162175
if (securityRealm instanceof AzureSecurityRealm) {

src/main/java/com/microsoft/jenkins/azuread/Utils.java

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,10 @@
1010
import com.fasterxml.jackson.databind.ObjectMapper;
1111
import com.fasterxml.jackson.databind.PropertyNamingStrategies;
1212
import hudson.Functions;
13+
import hudson.ProxyConfiguration;
1314
import hudson.util.FormValidation;
15+
import jenkins.model.Jenkins;
16+
import org.jose4j.http.Get;
1417
import org.jose4j.jwk.HttpsJwks;
1518
import org.jose4j.jwt.consumer.JwtConsumer;
1619
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
@@ -72,9 +75,16 @@ public static class JwtUtil {
7275

7376
public static JwtConsumer jwt(final String clientId, final String tenantId) {
7477
final String expectedIssuer = String.format("https://login.microsoftonline.com/%s/v2.0", tenantId);
75-
HttpsJwks httpsJkws = new HttpsJwks(KEYSTORE_URL);
76-
httpsJkws.setDefaultCacheDuration(DEFAULT_CACHE_DURATION);
77-
HttpsJwksVerificationKeyResolver httpsJwksKeyResolver = new HttpsJwksVerificationKeyResolver(httpsJkws);
78+
HttpsJwks httpsJwks = new HttpsJwks(KEYSTORE_URL);
79+
httpsJwks.setDefaultCacheDuration(DEFAULT_CACHE_DURATION);
80+
ProxyConfiguration proxy = Jenkins.get().getProxy();
81+
if (proxy != null) {
82+
Get get = new Get();
83+
get.setHttpProxy(proxy.createProxy("login.microsoftonline.com"));
84+
httpsJwks.setSimpleHttpGet(get);
85+
}
86+
87+
HttpsJwksVerificationKeyResolver httpsJwksKeyResolver = new HttpsJwksVerificationKeyResolver(httpsJwks);
7888
return new JwtConsumerBuilder()
7989
.setVerificationKeyResolver(httpsJwksKeyResolver)
8090
.setExpectedIssuer(expectedIssuer)

0 commit comments

Comments
 (0)