TrustedWire changes SSLSocketFactory globally

[joris-lambrechts]

Hi,

We have a multi-threaded app that calls a lot of remote servers (webhooks) for which we use the TrustedWire to ignore certificate validation.

Recently there was a production issue causing slow calls and time outs at random. We traced this back to the use of the TrustedWire which has the following code.

synchronized (TrustedWire.class) {
            final SSLSocketFactory def =
                HttpsURLConnection.getDefaultSSLSocketFactory();
            try {
                HttpsURLConnection.setDefaultSSLSocketFactory(
                    TrustedWire.context().getSocketFactory()
                );
                return this.origin.send(
                    req, home, method, headers, content,
                    connect, read
                );
            } finally {
                HttpsURLConnection.setDefaultSSLSocketFactory(def);
            }
        }

Below is a test that I wrote to have some prove

• with the TrustedWire: 56 sec
• without the TrustedWire: 3 sec

import com.jcabi.http.request.JdkRequest;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.time.StopWatch;
import org.junit.Test;
 
import java.io.IOException;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
 
@Slf4j
public class TrustedWireTest {
 
    private final int threads = 10;
    private final ExecutorService executor = Executors.newFixedThreadPool(threads);
    private final CountDownLatch latch = new CountDownLatch(threads);
 
    @Test
    public void test() {
        for (int i = 0; i < threads; i++) {
            executor.submit(this::loop);
        }
 
        try {
            latch.await();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
    }
 
    private void loop() {
        long totalTime = 0;
        int runs = 10;
        for (int i = 0; i < runs; i++) {
            StopWatch watch = new StopWatch();
            watch.start();
            log.debug("Start {}", i);
            try {
                new JdkRequest("https://httpbin.org/get")
                        //.through(TrustedWire.class)
                        .fetch();
            } catch (IOException e) {
                e.printStackTrace();
            } finally {
                log.debug("Stop {}", i);
            }
            watch.stop();
            totalTime += watch.getTime();
        }
 
        log.debug("Runs {}, total time {}, times per run {}", runs, totalTime, totalTime / runs);
        latch.countDown();
    }
 
}

I understand why this is done, but it isn't performing great. Is there a way that we can improve this?

• Provide a callback method preSend(?) method
• Pass the SSLSocketFactory as a parameter in the send method
• Other...

Currently we removed Jcabi but we would like to see if we can help with improving this.

Kind regards,
Joris

[0crat]

@yegor256/z please, pay attention to this issue

[0crat]

@joris-lambrechts/z this project will fix the problem faster if you donate a few dollars to it; just click here and pay via Stripe, it's very fast, convenient and appreciated; thanks a lot!

[yegor256]

@joris-lambrechts can you submit a pull request with a fix?

[benhinssen]

@yegor256 we looked at it, but it does not seem there is a simple solution without rewriting the whole Wire framework that exists.

[joris-lambrechts]

@yegor256 I gave it a try, let me know what you think.