Make REST Client work whether or not SSL is enabled or not in native

This is done in order to enable the use of Apache HTTP Client in all
cases where the REST Client is used.
This enables us to drop the fallback to URLConnection which is rather limited

Fixes: #9342

Author: geoand

core/runtime/src/main/java/io/quarkus/runtime/graal/DisabledSSLContext.java

@@ -0,0 +1,106 @@
+package io.quarkus.runtime.graal;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.KeyManagementException;
+import java.security.Provider;
+import java.security.SecureRandom;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+public class DisabledSSLContext extends SSLContext {
+
+    public DisabledSSLContext() {
+        super(new DisabledSSLContextSpi(), new Provider("DISABLED", 1, "DISABLED") {
+        }, "DISABLED");
+    }
+
+    private static class DisabledSSLContextSpi extends SSLContextSpi {
+
+        @Override
+        protected void engineInit(KeyManager[] keyManagers, TrustManager[] trustManagers, SecureRandom secureRandom)
+                throws KeyManagementException {
+        }
+
+        @Override
+        protected SSLSocketFactory engineGetSocketFactory() {
+            return new SSLSocketFactory() {
+                @Override
+                public String[] getDefaultCipherSuites() {
+                    return new String[0];
+                }
+
+                @Override
+                public String[] getSupportedCipherSuites() {
+                    return new String[0];
+                }
+
+                @Override
+                public Socket createSocket(Socket socket, String s, int i, boolean b) throws IOException {
+                    throw sslSupportDisabledException();
+                }
+
+                @Override
+                public Socket createSocket(String s, int i) throws IOException, UnknownHostException {
+                    throw sslSupportDisabledException();
+                }
+
+                @Override
+                public Socket createSocket(String s, int i, InetAddress inetAddress, int i1)
+                        throws IOException, UnknownHostException {
+                    throw sslSupportDisabledException();
+                }
+
+                @Override
+                public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
+                    throw sslSupportDisabledException();
+                }
+
+                @Override
+                public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1)
+                        throws IOException {
+                    throw sslSupportDisabledException();
+                }
+            };
+        }
+
+        @Override
+        protected SSLServerSocketFactory engineGetServerSocketFactory() {
+            throw sslSupportDisabledException();
+        }
+
+        @Override
+        protected SSLEngine engineCreateSSLEngine() {
+            throw sslSupportDisabledException();
+        }
+
+        @Override
+        protected SSLEngine engineCreateSSLEngine(String s, int i) {
+            throw sslSupportDisabledException();
+        }
+
+        @Override
+        protected SSLSessionContext engineGetServerSessionContext() {
+            throw sslSupportDisabledException();
+        }
+
+        @Override
+        protected SSLSessionContext engineGetClientSessionContext() {
+            throw sslSupportDisabledException();
+        }
+
+        private RuntimeException sslSupportDisabledException() {
+            return new IllegalStateException(
+                    "Native SSL support is disabled: you have set quarkus.ssl.native to false in your configuration.");
+        }
+    }
+}

core/runtime/src/main/java/io/quarkus/runtime/graal/Target_javax_net_ssl_SSLContext.java

@@ -1,22 +1,10 @@
 package io.quarkus.runtime.graal;
 
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
-import java.security.SecureRandom;
 
-import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLContextSpi;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
 
 import com.oracle.svm.core.annotate.Alias;
 import com.oracle.svm.core.annotate.Substitute;
@@ -91,92 +79,4 @@ public static synchronized SSLContext getDefault()
     //        return new Target_javax_net_ssl_SSLContext((SSLContextSpi) instance.impl, instance.provider,
     //                protocol);
     //    }
-
-    private static class DisabledSSLContext extends SSLContext {
-
-        protected DisabledSSLContext() {
-            super(new DisabledSSLContextSpi(), new Provider("DISABLED", 1, "DISABLED") {
-            }, "DISABLED");
-        }
-    }
-
-    private static class DisabledSSLContextSpi extends SSLContextSpi {
-
-        @Override
-        protected void engineInit(KeyManager[] keyManagers, TrustManager[] trustManagers, SecureRandom secureRandom)
-                throws KeyManagementException {
-        }
-
-        @Override
-        protected SSLSocketFactory engineGetSocketFactory() {
-            return new SSLSocketFactory() {
-                @Override
-                public String[] getDefaultCipherSuites() {
-                    return new String[0];
-                }
-
-                @Override
-                public String[] getSupportedCipherSuites() {
-                    return new String[0];
-                }
-
-                @Override
-                public Socket createSocket(Socket socket, String s, int i, boolean b) throws IOException {
-                    throw sslSupportDisabledException();
-                }
-
-                @Override
-                public Socket createSocket(String s, int i) throws IOException, UnknownHostException {
-                    throw sslSupportDisabledException();
-                }
-
-                @Override
-                public Socket createSocket(String s, int i, InetAddress inetAddress, int i1)
-                        throws IOException, UnknownHostException {
-                    throw sslSupportDisabledException();
-                }
-
-                @Override
-                public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
-                    throw sslSupportDisabledException();
-                }
-
-                @Override
-                public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress1, int i1)
-                        throws IOException {
-                    throw sslSupportDisabledException();
-                }
-            };
-        }
-
-        @Override
-        protected SSLServerSocketFactory engineGetServerSocketFactory() {
-            throw sslSupportDisabledException();
-        }
-
-        @Override
-        protected SSLEngine engineCreateSSLEngine() {
-            throw sslSupportDisabledException();
-        }
-
-        @Override
-        protected SSLEngine engineCreateSSLEngine(String s, int i) {
-            throw sslSupportDisabledException();
-        }
-
-        @Override
-        protected SSLSessionContext engineGetServerSessionContext() {
-            throw sslSupportDisabledException();
-        }
-
-        @Override
-        protected SSLSessionContext engineGetClientSessionContext() {
-            throw sslSupportDisabledException();
-        }
-
-        private RuntimeException sslSupportDisabledException() {
-            return new IllegalStateException(
-                    "Native SSL support is disabled: you have set quarkus.ssl.native to false in your configuration.");
-        }
-    }
 }

extensions/rest-client/deployment/src/main/java/io/quarkus/restclient/deployment/RestClientProcessor.java

@@ -57,7 +57,6 @@
 import io.quarkus.deployment.builditem.CombinedIndexBuildItem;
 import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
-import io.quarkus.deployment.builditem.SslNativeConfigBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageProxyDefinitionBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.NativeImageResourceBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
@@ -136,18 +135,15 @@ void setup(BuildProducer<FeatureBuildItem> feature,
     }
 
     @BuildStep
-    @Record(ExecutionTime.STATIC_INIT)
     void processInterfaces(CombinedIndexBuildItem combinedIndexBuildItem,
-            SslNativeConfigBuildItem sslNativeConfig,
             Capabilities capabilities,
             BuildProducer<NativeImageProxyDefinitionBuildItem> proxyDefinition,
             BuildProducer<ReflectiveClassBuildItem> reflectiveClass,
             BuildProducer<ReflectiveHierarchyBuildItem> reflectiveHierarchy,
             BuildProducer<BeanRegistrarBuildItem> beanRegistrars,
             BuildProducer<ExtensionSslNativeSupportBuildItem> extensionSslNativeSupport,
             BuildProducer<ServiceProviderBuildItem> serviceProvider,
-            BuildProducer<RestClientBuildItem> restClient,
-            RestClientRecorder restClientRecorder) {
+            BuildProducer<RestClientBuildItem> restClient) {
 
         // According to the spec only rest client interfaces annotated with RegisterRestClient are registered as beans
         Map<DotName, ClassInfo> interfaces = new HashMap<>();
@@ -220,8 +216,6 @@ public void register(RegistrationContext registrationContext) {
 
         // Indicates that this extension would like the SSL support to be enabled
         extensionSslNativeSupport.produce(new ExtensionSslNativeSupportBuildItem(FeatureBuildItem.REST_CLIENT));
-
-        restClientRecorder.setSslEnabled(sslNativeConfig.isEnabled());
     }
 
     private void findInterfaces(IndexView index, Map<DotName, ClassInfo> interfaces, Set<Type> returnTypes,

extensions/rest-client/runtime/src/main/java/io/quarkus/restclient/runtime/RestClientBase.java

@@ -16,9 +16,12 @@
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.eclipse.microprofile.context.ManagedExecutor;
 import org.eclipse.microprofile.rest.client.RestClientBuilder;
+import org.graalvm.nativeimage.ImageInfo;
 
 import io.quarkus.arc.Arc;
 import io.quarkus.arc.InstanceHandle;
+import io.quarkus.runtime.graal.DisabledSSLContext;
+import io.quarkus.runtime.ssl.SslContextConfiguration;
 
 public class RestClientBase {
 
@@ -77,6 +80,12 @@ private void configureSsl(RestClientBuilder builder) {
         if (maybeHostnameVerifier.isPresent()) {
             registerHostnameVerifier(maybeHostnameVerifier.get(), builder);
         }
+
+        // we need to push a disabled SSL context when SSL has been disabled
+        // because otherwise Apache HTTP Client will try to initialize one and will fail
+        if (ImageInfo.inImageRuntimeCode() && !SslContextConfiguration.isSslNativeEnabled()) {
+            builder.sslContext(new DisabledSSLContext());
+        }
     }
 
     private void registerHostnameVerifier(String verifier, RestClientBuilder builder) {

extensions/rest-client/runtime/src/main/java/io/quarkus/restclient/runtime/RestClientRecorder.java

@@ -23,7 +23,6 @@
 public class RestClientRecorder {
 
     public static ResteasyProviderFactory providerFactory;
-    public static boolean SSL_ENABLED;
 
     public BeanContainerListener hackAroundExtension() {
         return new BeanContainerListener() {
@@ -44,11 +43,6 @@ public void setRestClientBuilderResolver() {
         RestClientBuilderResolver.setInstance(new BuilderResolver());
     }
 
-    public void setSslEnabled(boolean sslEnabled) {
-        SSL_ENABLED = sslEnabled;
-        RestClientBuilderImpl.setSslEnabled(sslEnabled);
-    }
-
     public void initializeResteasyProviderFactory(RuntimeValue<InjectorFactory> ifc, boolean useBuiltIn,
             Set<String> providersToRegister,
             Set<String> contributedProviders) {