Skip to content

blobstore: use version-agnostic TLS strategy construction in Ali ITs#511

Draft
kchoy-sfdc wants to merge 1 commit into
salesforce:mainfrom
kchoy-sfdc:aliItHttpclient5Compatibility
Draft

blobstore: use version-agnostic TLS strategy construction in Ali ITs#511
kchoy-sfdc wants to merge 1 commit into
salesforce:mainfrom
kchoy-sfdc:aliItHttpclient5Compatibility

Conversation

@kchoy-sfdc

Copy link
Copy Markdown
Collaborator

Summary

Makes the Ali integration-test harness build against both httpclient5 5.4.x and 5.5.x by replacing a 5.5.x-only builder API with an equivalent constructor. No production code, no dependency, and no runtime behavior changes.

Problem

AliBlobStoreIT and AliBlobClientIT construct the WireMock-proxy TlsSocketStrategy via:

ClientTlsStrategyBuilder.create()
    .setSslContext(sslContext)
    .setHostnameVerifier(NoopHostnameVerifier.INSTANCE)
    .setHostVerificationPolicy(HostnameVerificationPolicy.CLIENT)
    .buildClassic();

Both setHostVerificationPolicy(...) and buildClassic() were introduced in httpclient5 5.5.x and do not exist in 5.4.x, so the ITs fail to compile against the older line.

Change

Construct the strategy directly:

new DefaultClientTlsStrategy(
    sslContext,
    HostnameVerificationPolicy.CLIENT,
    NoopHostnameVerifier.INSTANCE);
  • This constructor exists in both 5.4.x and 5.5.x, and DefaultClientTlsStrategy implements TlsSocketStrategy.
  • It is exactly what ClientTlsStrategyBuilder.buildClassic() returns internally (buildImpl()DefaultClientTlsStrategy), so behavior is identical — same trust-all SSLContext, CLIENT hostname-verification policy, and noop verifier.

Why

This keeps the test harness portable across httpclient5 versions without changing the pinned dependency (still 5.5.1 here) or any runtime/driver code. It only affects how the test harness builds its proxy TLS strategy.

Testing

  • mvn verify -pl blob/blob-aliAliBlobStoreIT (123) and AliBlobClientIT (2) pass in replay mode; checkstyle clean.
  • Verified the same source compiles and the ITs pass against both httpclient5 5.4.x and 5.5.x.

The Ali IT harness (AliBlobStoreIT, AliBlobClientIT) built its WireMock-proxy
TlsSocketStrategy via ClientTlsStrategyBuilder.setHostVerificationPolicy(...)
.buildClassic() — both methods only exist in httpclient5 5.5.x. Replace that
builder chain with a direct DefaultClientTlsStrategy(SSLContext,
HostnameVerificationPolicy, HostnameVerifier) construction, which is present in
both 5.4.x and 5.5.x (and is exactly what buildClassic() returns internally).

Behavior is identical (same trust-all SSLContext, CLIENT verification policy, and
noop verifier). This keeps the test harness buildable across httpclient5 versions
without changing the pinned dependency or any runtime behavior; verified locally
with both AliBlobStoreIT and AliBlobClientIT passing in replay.
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.41%. Comparing base (0bc975d) to head (fe440f2).

Additional details and impacted files
@@            Coverage Diff            @@
##               main     #511   +/-   ##
=========================================
  Coverage     82.41%   82.41%           
  Complexity      662      662           
=========================================
  Files           210      210           
  Lines         14314    14314           
  Branches       1930     1930           
=========================================
  Hits          11797    11797           
  Misses         1694     1694           
  Partials        823      823           
Flag Coverage Δ
unittests 82.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sandeepvinayak sandeepvinayak left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There might be multiple forks of this repo in numerous places with different dependencies, keeping open source tests compatible is none of this open source business.

@kchoy-sfdc kchoy-sfdc marked this pull request as draft June 26, 2026 03:53
@kchoy-sfdc

Copy link
Copy Markdown
Collaborator Author

Per discuss we'll shelve this change for the time being

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants