Replace old HttpWagon conn-mngr setup. Fixes technomancy#1746

Bumping HttpWagon from 2.4 to 2.6 caused old methods in HttpWagon to disappear, and along with it all the old Apache Http stuff we depended on. This caused additional CA certificates provided in :certificates to make Lein just fall on the floor and die. This bumps HttpWagon to 2.9 and refactors Apache Http usage to non-deprecated usage for the version we depend on.
gardnervickers · Jul 26, 2015 · ffa700f · ffa700f
1 parent da574d7
commit ffa700f
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 21 deletions.
diff --git a/leiningen-core/project.clj b/leiningen-core/project.clj
@@ -8,7 +8,7 @@
                  [classlojure "0.6.6"]
                  [robert/hooke "1.3.0"]
                  [com.cemerick/pomegranate "0.3.0"]
-                 [org.apache.maven.wagon/wagon-http "2.7"]
+                 [org.apache.maven.wagon/wagon-http "2.9"]
                  [com.hypirion/io "0.3.1"]
                  [pedantic "0.2.0"]]
   :scm {:dir ".."}

diff --git a/leiningen-core/src/leiningen/core/project.clj b/leiningen-core/src/leiningen/core/project.clj
@@ -758,11 +758,11 @@
     (let [make-context (resolve 'leiningen.core.ssl/make-sslcontext)
           read-certs (resolve 'leiningen.core.ssl/read-certs)
           default-certs (resolve 'leiningen.core.ssl/default-trusted-certs)
-          register-scheme (resolve 'leiningen.core.ssl/register-scheme)
-          https-scheme (resolve 'leiningen.core.ssl/https-scheme)
+          override-wagon-registry! (resolve 'leiningen.core.ssl/override-wagon-registry!)
+          https-registry (resolve 'leiningen.core.ssl/https-registry)
           certs (mapcat read-certs (:certificates project))
           context (make-context (into (default-certs) certs))]
-      (register-scheme (https-scheme context))
+      (override-wagon-registry! (https-registry context))
       project)))
 
 (defn activate-middleware

diff --git a/leiningen-core/src/leiningen/core/ssl.clj b/leiningen-core/src/leiningen/core/ssl.clj
@@ -1,5 +1,6 @@
 (ns leiningen.core.ssl
-  (:require [clojure.java.io :as io]
+  (:require [cemerick.pomegranate.aether :as aether]
+            [clojure.java.io :as io]
             [leiningen.core.user :as user])
   (:import java.security.KeyStore
            java.security.KeyStore$TrustedCertificateEntry
@@ -10,10 +11,12 @@
            javax.net.ssl.TrustManagerFactory
            javax.net.ssl.X509TrustManager
            java.io.FileInputStream
-           org.apache.http.conn.ssl.SSLSocketFactory
-           org.apache.http.conn.scheme.Scheme
-           org.apache.maven.wagon.providers.http.HttpWagon
-           org.apache.http.conn.ssl.BrowserCompatHostnameVerifier))
+           org.apache.http.config.RegistryBuilder
+           org.apache.http.conn.socket.PlainConnectionSocketFactory
+           org.apache.http.conn.ssl.BrowserCompatHostnameVerifier
+           org.apache.http.conn.ssl.SSLConnectionSocketFactory
+           org.apache.http.impl.conn.PoolingHttpClientConnectionManager
+           org.apache.maven.wagon.providers.http.HttpWagon))
 
 (defn ^TrustManagerFactory trust-manager-factory [^KeyStore keystore]
   (doto (TrustManagerFactory/getInstance "PKIX")
@@ -78,16 +81,48 @@
 
 (alter-var-root #'make-sslcontext memoize)
 
-(defn https-scheme
-  "Construct a Scheme that uses a given SSLContext."
-  ([context] (https-scheme context 443))
+(defn https-registry
+  "Constructs a registry map that uses a given SSLContext for https."
+  [context]
+  (let [factory (SSLConnectionSocketFactory. context (BrowserCompatHostnameVerifier.))]
+    {"https" factory
+     "http" PlainConnectionSocketFactory/INSTANCE}))
+
+(defn ^:deprecated https-scheme
+  "Constructs a registry map that uses a given SSLContext for https.
+
+  DEPRECATED: Use https-registry instead."
   ([context port]
-     (let [factory (SSLSocketFactory. context (BrowserCompatHostnameVerifier.))]
-       (Scheme. "https" port factory))))
-
-(def register-scheme
-  "Register a scheme with the HTTP Wagon for use with Aether."
-  (memoize (fn [scheme]
-             (-> (.getConnectionManager (HttpWagon.))
-                 (.getSchemeRegistry)
-                 (.register scheme)))))
+   (if (not= port 443) ;; TODO: Should we support this?
+     (throw (ex-info "Specifying port for https-scheme is not possible anymore."
+                     {:context context :port port}))
+     (https-scheme context)))
+  ([context]
+   (binding [*out* *err*]
+     (println "https-scheme is deprecated, use https-registry instead"))
+   (https-registry context)))
+
+(defn- map->registry
+  "Creates a Registry based of the given map."
+  [m]
+  (let [rb (RegistryBuilder/create)]
+    (doseq [[scheme conn-sock-factory] m]
+      (.register rb scheme conn-sock-factory))
+    (.build rb)))
+
+(defn override-wagon-registry!
+  "Override the registry scheme used by the HTTP Wagon's Connection
+  manager (used for Aether)."
+  [registry]
+  (let [cm (PoolingHttpClientConnectionManager. (map->registry registry))]
+    (HttpWagon/setPoolingHttpClientConnectionManager cm)))
+
+(defn ^:deprecated register-scheme
+  "Override the registry scheme used by the HTTP Wagon's Connection
+  manager (used for Aether).
+
+  DEPRECATED: Use override-wagon-registry! instead."
+  [scheme]
+  (binding [*out* *err*]
+    (println "register-scheme is deprecated, use override-wagon-registry! instead"))
+  (override-wagon-registry! scheme))