Add custom sslcontext support in fili

fili-core/src/main/java/com/yahoo/bard/webservice/application/AbstractBinderFactory.java

@@ -135,6 +135,7 @@
 import com.codahale.metrics.health.HealthCheckRegistry;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
+import io.netty.handler.ssl.SslContext;
 import org.glassfish.hk2.api.TypeLiteral;
 import org.glassfish.hk2.utilities.Binder;
 import org.glassfish.hk2.utilities.binding.AbstractBinder;
@@ -1208,6 +1209,14 @@ protected Class<? extends PhysicalTableResolver> getPhysicalTableResolver() {
         return new HashMap<>(0);
     }
 
+    /**
+     * Get a custom configured ssl context.
+     * @return SSL context
+     */
+    protected SslContext getSSLContext() {
+        return null;
+    }
+
     /**
      * Create a DruidWebService.
      * <p>
@@ -1220,16 +1229,19 @@ protected Class<? extends PhysicalTableResolver> getPhysicalTableResolver() {
      */
     protected DruidWebService buildDruidWebService(DruidServiceConfig druidServiceConfig, ObjectMapper mapper) {
         Supplier<Map<String, String>> supplier = buildDruidWebServiceHeaderSupplier();
+        SslContext sslContext = getSSLContext();
+
         return DRUID_UNCOVERED_INTERVAL_LIMIT > 0
                 ? new AsyncDruidWebServiceImpl(
                         druidServiceConfig,
                         mapper,
                         supplier,
+                        sslContext,
                         new HeaderNestingJsonBuilderStrategy(
                                 AsyncDruidWebServiceImpl.DEFAULT_JSON_NODE_BUILDER_STRATEGY
                         )
                 )
-                : new AsyncDruidWebServiceImpl(druidServiceConfig, mapper, supplier);
+                : new AsyncDruidWebServiceImpl(druidServiceConfig, mapper, supplier, sslContext);
     }
 
     /**

fili-core/src/main/java/com/yahoo/bard/webservice/druid/client/impl/AsyncDruidWebServiceImpl.java

@@ -31,6 +31,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ObjectWriter;
 
+import io.netty.handler.ssl.SslContext;
 import org.asynchttpclient.AsyncCompletionHandler;
 import org.asynchttpclient.AsyncHttpClient;
 import org.asynchttpclient.AsyncHttpClientConfig;
@@ -109,7 +110,7 @@ public AsyncDruidWebServiceImpl(
     ) {
         this(
                 serviceConfig,
-                initializeWebClient(serviceConfig.getTimeout()),
+                initializeWebClient(serviceConfig.getTimeout(), null),
                 mapper,
                 HashMap::new,
                 DEFAULT_JSON_NODE_BUILDER_STRATEGY
@@ -150,7 +151,32 @@ public AsyncDruidWebServiceImpl(
     ) {
         this(
                 serviceConfig,
-                initializeWebClient(serviceConfig.getTimeout()),
+                initializeWebClient(serviceConfig.getTimeout(), null),
+                mapper,
+                headersToAppend,
+                DEFAULT_JSON_NODE_BUILDER_STRATEGY
+        );
+    }
+
+    /**
+     * Friendly non-DI constructor useful for manual tests.
+     * <p>
+     * This constructor uses default JSON builder, which only uses response body to build the JSON response.
+     *
+     * @param serviceConfig  Configuration for the Druid Service
+     * @param mapper  A shared jackson object mapper resource
+     * @param headersToAppend Supplier for map of headers for Druid requests
+     * @param sslContext Custom Configured SslContext (null if default SSL context has to be used)
+     */
+    public AsyncDruidWebServiceImpl(
+            DruidServiceConfig serviceConfig,
+            ObjectMapper mapper,
+            Supplier<Map<String, String>> headersToAppend,
+            SslContext sslContext
+    ) {
+        this(
+                serviceConfig,
+                initializeWebClient(serviceConfig.getTimeout(), sslContext),
                 mapper,
                 headersToAppend,
                 DEFAULT_JSON_NODE_BUILDER_STRATEGY
@@ -173,7 +199,33 @@ public AsyncDruidWebServiceImpl(
     ) {
         this(
                 serviceConfig,
-                initializeWebClient(serviceConfig.getTimeout()),
+                initializeWebClient(serviceConfig.getTimeout(), null),
+                mapper,
+                headersToAppend,
+                jsonNodeBuilderStrategy
+        );
+    }
+
+
+    /**
+     * Friendly non-DI constructor useful for manual tests.
+     *
+     * @param serviceConfig  Configuration for the Druid Service
+     * @param mapper  A shared jackson object mapper resource
+     * @param headersToAppend Supplier for map of headers for Druid requests
+     * @param jsonNodeBuilderStrategy A function to build JSON nodes from the response
+     * @param sslContext Custom Configured SslContext (null if default SSL context has to be used)
+     */
+    public AsyncDruidWebServiceImpl(
+            DruidServiceConfig serviceConfig,
+            ObjectMapper mapper,
+            Supplier<Map<String, String>> headersToAppend,
+            SslContext sslContext,
+            Function<Response, JsonNode> jsonNodeBuilderStrategy
+    ) {
+        this(
+                serviceConfig,
+                initializeWebClient(serviceConfig.getTimeout(), sslContext),
                 mapper,
                 headersToAppend,
                 jsonNodeBuilderStrategy
@@ -237,10 +289,11 @@ public AsyncDruidWebServiceImpl(
      * Initialize the client config.
      *
      * @param requestTimeout  Timeout to use for the client configuration.
+     * @param sslContext Custom Configured SslContext. (null if default ssl context has to be used)
      *
      * @return the set up client
      */
-    private static AsyncHttpClient initializeWebClient(int requestTimeout) {
+    private static AsyncHttpClient initializeWebClient(int requestTimeout, SslContext sslContext) {
 
         LOG.debug("Druid request timeout: {}ms", requestTimeout);
         List<String> cipherSuites = SYSTEM_CONFIG.getListProperty(SSL_ENABLED_CIPHER_KEY, null);
@@ -249,15 +302,19 @@ private static AsyncHttpClient initializeWebClient(int requestTimeout) {
                 : cipherSuites.toArray(new String[cipherSuites.size()]);
 
         // Build the configuration
-        AsyncHttpClientConfig config = new DefaultAsyncHttpClientConfig.Builder()
+        DefaultAsyncHttpClientConfig.Builder asyncHttpClientConfigBuilder = new DefaultAsyncHttpClientConfig.Builder()
                 .setReadTimeout(requestTimeout)
                 .setRequestTimeout(requestTimeout)
                 .setConnectTimeout(requestTimeout)
                 .setConnectionTtl(requestTimeout)
                 .setPooledConnectionIdleTimeout(requestTimeout)
                 .setEnabledCipherSuites(enabledCipherSuites)
-                .setFollowRedirect(true)
-                .build();
+                .setFollowRedirect(true);
+
+        if (sslContext != null) {
+            asyncHttpClientConfigBuilder.setSslContext(sslContext);
+        }
+        AsyncHttpClientConfig config = asyncHttpClientConfigBuilder.build();
 
         return new DefaultAsyncHttpClient(config);
     }