SNOW-2041976 Add HTTP header customizer

Author: sfc-gh-rkowalski

src/main/java/net/snowflake/client/core/AttributeEnhancingHttpRequestRetryHandler.java

@@ -0,0 +1,27 @@
+package net.snowflake.client.core;
+
+import java.io.IOException;
+import org.apache.http.impl.client.DefaultHttpRequestRetryHandler;
+import org.apache.http.protocol.HttpContext;
+
+/**
+ * Extends {@link DefaultHttpRequestRetryHandler} to store the current execution count (attempt
+ * number) in the {@link HttpContext}. This allows interceptors to identify retry attempts.
+ *
+ * <p>The execution count is stored using the key defined by {@link #EXECUTION_COUNT_ATTRIBUTE}.
+ */
+public class AttributeEnhancingHttpRequestRetryHandler extends DefaultHttpRequestRetryHandler {
+  /**
+   * The key used to store the current execution count (attempt number) in the {@link HttpContext}.
+   * Interceptors can use this key to retrieve the count. The value stored will be an {@link
+   * Integer}.
+   */
+  public static final String EXECUTION_COUNT_ATTRIBUTE =
+      "net.snowflake.client.core.execution-count";
+
+  @Override
+  public boolean retryRequest(IOException exception, int executionCount, HttpContext context) {
+    context.setAttribute(EXECUTION_COUNT_ATTRIBUTE, executionCount);
+    return super.retryRequest(exception, executionCount, context);
+  }
+}

src/main/java/net/snowflake/client/core/HeaderCustomizerHttpRequestInterceptor.java

@@ -0,0 +1,174 @@
+package net.snowflake.client.core;
+
+import com.amazonaws.Request;
+import com.amazonaws.handlers.RequestHandler2;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+import net.snowflake.client.jdbc.HttpHeadersCustomizer;
+import net.snowflake.client.log.SFLogger;
+import net.snowflake.client.log.SFLoggerFactory;
+import org.apache.http.Header;
+import org.apache.http.HttpException;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.protocol.HttpContext;
+
+/**
+ * Implements Apache HttpClient's {@link HttpRequestInterceptor} to provide a mechanism for adding
+ * custom HTTP headers to outgoing requests made by the Snowflake JDBC driver.
+ *
+ * <p>This class iterates through a list of user-provided {@link HttpHeadersCustomizer}
+ * implementations. For each customizer, it checks if it applies to the current request. If it does,
+ * it retrieves new headers from the customizer and adds them to the request, ensuring that existing
+ * driver-set headers are not overridden.
+ *
+ * <p>For Apache HttpClient, retry detection is handled by checking the {@link
+ * AttributeEnhancingHttpRequestRetryHandler#EXECUTION_COUNT_ATTRIBUTE} attribute in the {@link
+ * HttpContext} set by {@link AttributeEnhancingHttpRequestRetryHandler} to honor the {@code
+ * invokeOnce()} contract of the customizer.
+ *
+ * @see HttpHeadersCustomizer
+ */
+public class HeaderCustomizerHttpRequestInterceptor extends RequestHandler2
+    implements HttpRequestInterceptor {
+  private static final SFLogger logger =
+      SFLoggerFactory.getLogger(HeaderCustomizerHttpRequestInterceptor.class);
+  private final List<HttpHeadersCustomizer> headersCustomizers;
+
+  public HeaderCustomizerHttpRequestInterceptor(List<HttpHeadersCustomizer> headersCustomizers) {
+    if (headersCustomizers != null) {
+      this.headersCustomizers = new ArrayList<>(headersCustomizers); // Defensive copy
+    } else {
+      this.headersCustomizers = new ArrayList<>();
+    }
+  }
+
+  /**
+   * Processes an Apache HttpClient {@link HttpRequest} before it is sent. It iterates through
+   * registered {@link HttpHeadersCustomizer}s, checks applicability, retrieves new headers,
+   * verifies against overriding driver headers, and adds them to the request. Handles the {@code
+   * invokeOnce()} flag based on the "execution-count" attribute in the {@link HttpContext}.
+   *
+   * @param httpRequest The HTTP request to process.
+   * @param httpContext The context for the HTTP request execution, used to retrieve retry count.
+   * @throws DriverHeaderOverridingNotAllowedException If a customizer attempts to override a
+   *     driver-set header.
+   */
+  @Override
+  public void process(HttpRequest httpRequest, HttpContext httpContext)
+      throws HttpException, IOException {
+    if (this.headersCustomizers.isEmpty()) {
+      return;
+    }
+    String httpMethod = httpRequest.getRequestLine().getMethod();
+    String uri = httpRequest.getRequestLine().getUri();
+    Map<String, List<String>> currentHeaders = extractHeaders(httpRequest);
+    // convert header names to lower case for case in-sensitive lookup
+    Set<String> protectedHeaders =
+        currentHeaders.keySet().stream().map(String::toLowerCase).collect(Collectors.toSet());
+    Object executionCount =
+        httpContext.getAttribute(
+            AttributeEnhancingHttpRequestRetryHandler.EXECUTION_COUNT_ATTRIBUTE);
+    // If count is null or 0, it's the first attempt. Otherwise, it's a retry.
+    boolean isRetry = (executionCount != null && (Integer) executionCount > 0);
+
+    for (HttpHeadersCustomizer customizer : this.headersCustomizers) {
+      if (customizer.applies(httpMethod, uri, currentHeaders)) {
+        if (customizer.invokeOnce() && isRetry) {
+          logger.debug(
+              "{} customizer should only run on the first attempt and this is a {} retry. Skipping.",
+              customizer.getClass(),
+              executionCount);
+          continue;
+        }
+        Map<String, List<String>> newHeaders = customizer.newHeaders();
+
+        throwIfExistingHeadersAreModified(protectedHeaders, newHeaders.keySet(), customizer);
+
+        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
+          for (String value : entry.getValue()) {
+            httpRequest.addHeader(entry.getKey(), value);
+          }
+        }
+      }
+    }
+  }
+
+  @Override
+  public void beforeRequest(Request<?> request) {
+    super.beforeRequest(request);
+    if (this.headersCustomizers.isEmpty()) {
+      return;
+    }
+    String httpMethod = request.getHttpMethod().name();
+    String uri = request.getEndpoint().toString();
+    Map<String, List<String>> currentHeaders = extractHeaders(request);
+    Set<String> protectedHeaders =
+        currentHeaders.keySet().stream()
+            .map(String::toLowerCase)
+            .collect(Collectors.toSet()); // convert to lower case for case in-sensitive lookup
+
+    for (HttpHeadersCustomizer customizer : this.headersCustomizers) {
+      if (customizer.applies(httpMethod, uri, currentHeaders)) {
+        Map<String, List<String>> newHeaders = customizer.newHeaders();
+
+        throwIfExistingHeadersAreModified(protectedHeaders, newHeaders.keySet(), customizer);
+
+        for (Map.Entry<String, List<String>> entry : newHeaders.entrySet()) {
+          for (String value : entry.getValue()) {
+            request.addHeader(entry.getKey(), value);
+          }
+        }
+      }
+    }
+  }
+
+  private static Map<String, List<String>> extractHeaders(HttpRequest request) {
+    Map<String, List<String>> headerMap = new HashMap<>();
+    for (Header header : request.getAllHeaders()) {
+      headerMap.computeIfAbsent(header.getName(), k -> new ArrayList<>()).add(header.getValue());
+    }
+    return headerMap;
+  }
+
+  private static Map<String, List<String>> extractHeaders(Request<?> request) {
+    Map<String, List<String>> headerMap = new HashMap<>();
+    for (Map.Entry<String, String> entry : request.getHeaders().entrySet()) {
+      headerMap.computeIfAbsent(entry.getKey(), k -> new ArrayList<>()).add(entry.getValue());
+    }
+    return headerMap;
+  }
+
+  /**
+   * Checks if any header names from the customizer's new headers attempt to override existing
+   * driver-set headers. Compares header names case-insensitively.
+   *
+   * @param protectedHeaders A set of lowercase header names initially present on the request.
+   * @param newHeaders A set of header names provided by the customizer.
+   * @param customizer The customizer attempting to add headers, for logging/exception messages.
+   * @throws DriverHeaderOverridingNotAllowedException If an override is detected.
+   */
+  private static void throwIfExistingHeadersAreModified(
+      Set<String> protectedHeaders, Set<String> newHeaders, HttpHeadersCustomizer customizer) {
+    for (String headerName : newHeaders) {
+      if (headerName != null && protectedHeaders.contains(headerName.toLowerCase())) {
+        logger.debug(
+            "Customizer {} attempted to override existing driver header: {}",
+            customizer.getClass().getName(),
+            headerName);
+        throw new DriverHeaderOverridingNotAllowedException(headerName);
+      }
+    }
+  }
+
+  public static class DriverHeaderOverridingNotAllowedException extends RuntimeException {
+    public DriverHeaderOverridingNotAllowedException(String header) {
+      super(String.format("Driver headers overriding not allowed. Tried for header: %s", header));
+    }
+  }
+}

src/main/java/net/snowflake/client/core/HttpUtil.java

@@ -21,6 +21,7 @@
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.time.Duration;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.concurrent.ConcurrentHashMap;
@@ -29,6 +30,7 @@
 import javax.annotation.Nullable;
 import javax.net.ssl.TrustManager;
 import net.snowflake.client.jdbc.ErrorCode;
+import net.snowflake.client.jdbc.HttpHeadersCustomizer;
 import net.snowflake.client.jdbc.RestRequest;
 import net.snowflake.client.jdbc.RetryContextManager;
 import net.snowflake.client.jdbc.SnowflakeDriver;
@@ -290,6 +292,24 @@ static String buildUserAgent(String customSuffix) {
    */
   public static CloseableHttpClient buildHttpClient(
       @Nullable HttpClientSettingsKey key, File ocspCacheFile, boolean downloadUnCompressed) {
+    return buildHttpClient(key, ocspCacheFile, downloadUnCompressed, null);
+  }
+
+  /**
+   * Build an Http client using our set of default.
+   *
+   * @param key Key to HttpClient hashmap containing OCSP mode and proxy information, could be null
+   * @param ocspCacheFile OCSP response cache file. If null, the default OCSP response file will be
+   *     used.
+   * @param downloadUnCompressed Whether the HTTP client should be built requesting no decompression
+   * @param httpHeadersCustomizers List of HTTP headers customizers
+   * @return HttpClient object
+   */
+  public static CloseableHttpClient buildHttpClient(
+      @Nullable HttpClientSettingsKey key,
+      File ocspCacheFile,
+      boolean downloadUnCompressed,
+      List<HttpHeadersCustomizer> httpHeadersCustomizers) {
     logger.debug(
         "Building http client with client settings key: {}, ocsp cache file: {}, download uncompressed: {}",
         key != null ? key.toString() : null,
@@ -422,6 +442,12 @@ public static CloseableHttpClient buildHttpClient(
         logger.debug("Disabling content compression for http client");
         httpClientBuilder.disableContentCompression();
       }
+      if (httpHeadersCustomizers != null && !httpHeadersCustomizers.isEmpty()) {
+        logger.debug("Setting up http headers customizers");
+        httpClientBuilder.setRetryHandler(new AttributeEnhancingHttpRequestRetryHandler());
+        httpClientBuilder.addInterceptorLast(
+            new HeaderCustomizerHttpRequestInterceptor(httpHeadersCustomizers));
+      }
       return httpClientBuilder.build();
     } catch (NoSuchAlgorithmException | KeyManagementException ex) {
       throw new SSLInitializationException(ex.getMessage(), ex);
@@ -464,7 +490,7 @@ public static void updateRoutePlanner(HttpClientSettingsKey key) {
    * @return HttpClient object shared across all connections
    */
   public static CloseableHttpClient getHttpClient(HttpClientSettingsKey ocspAndProxyKey) {
-    return initHttpClient(ocspAndProxyKey, null);
+    return initHttpClient(ocspAndProxyKey, null, null);
   }
 
   /**
@@ -475,7 +501,31 @@ public static CloseableHttpClient getHttpClient(HttpClientSettingsKey ocspAndPro
    */
   public static CloseableHttpClient getHttpClientWithoutDecompression(
       HttpClientSettingsKey ocspAndProxyKey) {
-    return initHttpClientWithoutDecompression(ocspAndProxyKey, null);
+    return initHttpClientWithoutDecompression(ocspAndProxyKey, null, null);
+  }
+
+  /**
+   * Gets HttpClient with insecureMode false
+   *
+   * @param ocspAndProxyKey OCSP mode and proxy settings for httpclient
+   * @param httpHeadersCustomizers List of HTTP headers customizers
+   * @return HttpClient object shared across all connections
+   */
+  public static CloseableHttpClient getHttpClient(
+      HttpClientSettingsKey ocspAndProxyKey, List<HttpHeadersCustomizer> httpHeadersCustomizers) {
+    return initHttpClient(ocspAndProxyKey, null, httpHeadersCustomizers);
+  }
+
+  /**
+   * Gets HttpClient with insecureMode false and disabling decompression
+   *
+   * @param ocspAndProxyKey OCSP mode and proxy settings for httpclient
+   * @param httpHeadersCustomizers List of HTTP headers customizers
+   * @return HttpClient object shared across all connections
+   */
+  public static CloseableHttpClient getHttpClientWithoutDecompression(
+      HttpClientSettingsKey ocspAndProxyKey, List<HttpHeadersCustomizer> httpHeadersCustomizers) {
+    return initHttpClientWithoutDecompression(ocspAndProxyKey, null, httpHeadersCustomizers);
   }
 
   /**
@@ -489,7 +539,7 @@ public static CloseableHttpClient initHttpClientWithoutDecompression(
       HttpClientSettingsKey key, File ocspCacheFile) {
     updateRoutePlanner(key);
     return httpClientWithoutDecompression.computeIfAbsent(
-        key, k -> buildHttpClient(key, ocspCacheFile, true));
+        key, k -> buildHttpClient(key, ocspCacheFile, true, null));
   }
 
   /**
@@ -502,7 +552,42 @@ public static CloseableHttpClient initHttpClientWithoutDecompression(
   public static CloseableHttpClient initHttpClient(HttpClientSettingsKey key, File ocspCacheFile) {
     updateRoutePlanner(key);
     return httpClient.computeIfAbsent(
-        key, k -> buildHttpClient(key, ocspCacheFile, key.getGzipDisabled()));
+        key, k -> buildHttpClient(key, ocspCacheFile, key.getGzipDisabled(), null));
+  }
+
+  /**
+   * Accessor for the HTTP client singleton.
+   *
+   * @param key contains information needed to build specific HttpClient
+   * @param ocspCacheFile OCSP response cache file name. if null, the default file will be used.
+   * @param httpHeadersCustomizers List of HTTP headers customizers
+   * @return HttpClient object shared across all connections
+   */
+  public static CloseableHttpClient initHttpClientWithoutDecompression(
+      HttpClientSettingsKey key,
+      File ocspCacheFile,
+      List<HttpHeadersCustomizer> httpHeadersCustomizers) {
+    updateRoutePlanner(key);
+    return httpClientWithoutDecompression.computeIfAbsent(
+        key, k -> buildHttpClient(key, ocspCacheFile, true, httpHeadersCustomizers));
+  }
+
+  /**
+   * Accessor for the HTTP client singleton.
+   *
+   * @param key contains information needed to build specific HttpClient
+   * @param ocspCacheFile OCSP response cache file name. if null, the default file will be used.
+   * @param httpHeadersCustomizers List of HTTP headers customizers
+   * @return HttpClient object shared across all connections
+   */
+  public static CloseableHttpClient initHttpClient(
+      HttpClientSettingsKey key,
+      File ocspCacheFile,
+      List<HttpHeadersCustomizer> httpHeadersCustomizers) {
+    updateRoutePlanner(key);
+    return httpClient.computeIfAbsent(
+        key,
+        k -> buildHttpClient(key, ocspCacheFile, key.getGzipDisabled(), httpHeadersCustomizers));
   }
 
   /**
@@ -622,7 +707,7 @@ static String executeRequestWithoutCookies(
         false, // no retry parameter
         true, // guid? (do we need this?)
         false, // no retry on HTTP 403
-        getHttpClient(ocspAndProxyKey),
+        getHttpClient(ocspAndProxyKey, null),
         new ExecTimeTelemetryData(),
         null);
   }
@@ -680,7 +765,7 @@ public static String executeGeneralRequestOmitRequestGuid(
         false,
         false,
         false,
-        getHttpClient(ocspAndProxyAndGzipKey),
+        getHttpClient(ocspAndProxyAndGzipKey, null),
         new ExecTimeTelemetryData(),
         null);
   }
@@ -860,7 +945,7 @@ public static String executeRequest(
         includeRetryParameters,
         true, // include request GUID
         retryOnHTTP403,
-        getHttpClient(ocspAndProxyKey),
+        getHttpClient(ocspAndProxyKey, null),
         execTimeData,
         retryContextManager);
   }