Enable JVM proxy system properties in Key Vault JCA HTTP client#49316
Open
waiet wants to merge 3 commits into
Open
Enable JVM proxy system properties in Key Vault JCA HTTP client#49316waiet wants to merge 3 commits into
waiet wants to merge 3 commits into
Conversation
github-actions
Bot
added
Community Contribution
Contributor
|
Thank you for your contribution @waiet! We will review the pull request and get back to you soon. |
Author
|
@microsoft-github-policy-service agree company="IThink s. r. o." |
waiet
force-pushed
the
codex/keyvault-jca-system-proxy
branch
4 times, most recently
from
ea872c2 to
fda1379
Compare
waiet
force-pushed
the
codex/keyvault-jca-system-proxy
branch
2 times, most recently
from
670a55e to
310200d
Compare
Author
|
Hi @moarychan , this PR adds support for standard JVM proxy system properties in the azure-security-keyvault-jca internal Apache HttpClient, The PR is ready for review when you have a chance. Thank you! |
waiet
force-pushed
the
codex/keyvault-jca-system-proxy
branch
2 times, most recently
from
a0a51f5 to
6d0040f
Compare
waiet
force-pushed
the
codex/keyvault-jca-system-proxy
branch
from
6d0040f to
dfdc8f1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Fixes #28801.
The Key Vault JCA provider uses an internal Apache HttpClient in
HttpUtilinstead of the standard Azure SDK HTTP pipeline. As a result, standard JVM proxy properties such ashttps.proxyHost,https.proxyPort,http.proxyHost,http.proxyPort, andhttp.nonProxyHostswere not honored when the provider was used behind a corporate proxy.Solution
Configure the internal Apache HttpClient builder with
useSystemProperties()while preserving the existing SSL/truststore connection manager behavior.This PR also adds unit-level proxy coverage and documents a
jarsignerproxy example using standard JVM system properties.Testing
Added a unit test that sets
http.proxyHostandhttp.proxyPort, serves a local proxy response, and verifiesHttpUtil.getroutes through the proxy. The test locks JVM system properties while it runs to avoid interference with parallel JUnit execution.Validated with module-level tests:
mvn -f sdk/keyvault/azure-security-keyvault-jca/pom.xml -DskipITs -Dgpg.skip -Dspotbugs.skip -Drevapi.skip -Dspotless.skip=true -Dcodesnippet.skip=true -Djacoco.skip=true -DheapDumpOnOom= testResult: 80 tests, 0 failures, 0 errors, 29 skipped.
The root
mvn -pl sdk/keyvault/azure-security-keyvault-jca -DskipITs -Dgpg.skip -Dspotbugs.skip -Drevapi.skip testcommand could not run in this sparse checkout because the root POM references modules not present locally.