Java `https.proxyHost` 和 `https.proxyPort` 在使用 google-cloud-storage 时成功然后失败

Question

I have some code that unit tests fine using https.proxyHost and https.proxyPort to access Google Cloud Storage Buckets on on a corporate network which needs to go via a proxy:

                log.info("resolving service....");
                Storage storage = StorageOptions.newBuilder()
                        .setCredentials(
                                ServiceAccountCredentials.fromStream(
                                        new FileInputStream(fullPath)))
                        .build()
                        .getService();
                log.info("resolving bucket....");
                bucket = storage.get(bucketName);

Yet when I run it in a larger app that starts a lot of other internal services (eg, RMI) the proxy settings stop working.

Running as:

java -Dhttps.proxyHost=googleapis-dev.gcp.cloud.corporate -Dhttps.proxyPort=3128 ...

When it tries to resolve a bucket with the unit tested code it hangs for ages then throws:

com.google.cloud.storage.StorageException: Error getting access token for service account: oauth2.googleapis.com
        at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:231) ~[htu-gcs-plugin.jar:?]
...
Caused by: java.io.IOException: Error getting access token for service account: oauth2.googleapis.com
        at com.google.auth.oauth2.ServiceAccountCredentials.refreshAccessToken(ServiceAccountCredentials.java:444) ~[?:?]
        at com.google.auth.oauth2.OAuth2Credentials.refresh(OAuth2Credentials.java:157) ~[?:?]
...
Caused by: java.net.UnknownHostException: oauth2.googleapis.com
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184) ~[?:1.8.0_231]
        at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172) ~[?:1.8.0_231]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_231]
        at java.net.Socket.connect(Socket.java:606) ~[?:1.8.0_231]
        at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:666) ~[?:1.8.0_231]

I can get exactly the same error without proxy settings by adding this to the top of the main method:

        String hostname = "https://oauth2.googleapis.com";
        HttpURLConnection con = (HttpURLConnection) new URL(hostname).openConnection();
        int code = con.getResponseCode();
        System.out.println("> https://oauth2.googleapis.com returned: "+code);

Yet if the proxy settings are pass that runs fine then later throws the java.net.UnknownHostException as through the proxy settings are cleared.

To make things a bit more complex a custom URLClassLoader is used to load the code in question. Yet I have made a standalone app that uses the classloader and runs the code fine with the proxy settings passed as normal.

So it appears that something in the larger app is messing with the proxy system settings. Searching the codebase I can see no trace of that.

I have looked at https://googleapis.github.io/google-http-java-client/http-transport.html to see if there is way to plugin in a transport that has a proxy but cannot find a clear example.

Is there a way to coerce the use of a proxy when using google-cloud-storage?

Answer 1

To explicitly force a proxy to not rely upon the standard java System properties add the client libraries:

    <!-- https://mvnrepository.com/artifact/com.google.http-client/google-http-client-apache-v2 -->
    <dependency>
        <groupId>com.google.http-client</groupId>
        <artifactId>google-http-client-apache-v2</artifactId>
        <version>1.37.0</version>
    </dependency>

Then you can create a custom HttpTransportFactory with something like:

public class ProxyAwareTransportFactory implements HttpTransportFactory {

public static SSLContext trustAllSSLContext() throws Exception {
    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, null, null);
    return sslContext;
}

@Override
public HttpTransport create() {
    InetSocketAddress socketAddress = new InetSocketAddress(this.host,this.port);
    Proxy proxy = new Proxy(Proxy.Type.HTTP, socketAddress);
    try {
        return new NetHttpTransport.Builder()
                .setProxy(proxy)
                .setConnectionFactory(new DefaultConnectionFactory(proxy) )
                .setSslSocketFactory(trustAllSSLContext().getSocketFactory())
                .setHostnameVerifier(new DefaultHostnameVerifier())
                .build();
    } catch (Exception e) {
        final String msg = "Could not build HttpTransport due to; " + e.getMessage();
        log.error(msg, e);
        throw new RuntimeException(e);
    }
}
}

You can then use it using something like:

            StorageOptions.Builder builder = StorageOptions.newBuilder();
            if( useProxy ) {
                HttpTransportFactory httpTransportFactory = new ProxyAwareTransportFactory(proxyHost, proxyPort);
                HttpTransportOptions options = HttpTransportOptions.newBuilder().setHttpTransportFactory(httpTransportFactory).build();
                builder.setTransportOptions(options);
            }
            Storage storage = builder
                    .setCredentials(
                            ServiceAccountCredentials.fromStream(
                                    new FileInputStream(fullPath)))
                    .build()
                    .getService();