From 4952eba8aef9c755b1d80685337b1fb8d789516b Mon Sep 17 00:00:00 2001
From: Andrew Bell <115623869+andybharness@users.noreply.github.com>
Date: Wed, 9 Jul 2025 15:49:22 +0100
Subject: [PATCH 1/6] feat: [FFM-12489]: Adding support for HTTP proxies

---
 .../cf/client/connector/EventSource.java      |  2 ++
 .../cf/client/connector/HarnessConnector.java |  2 ++
 .../cf/client/connector/ProxyConfig.java      | 31 +++++++++++++++++++
 3 files changed, 35 insertions(+)
 create mode 100644 src/main/java/io/harness/cf/client/connector/ProxyConfig.java

diff --git a/src/main/java/io/harness/cf/client/connector/EventSource.java b/src/main/java/io/harness/cf/client/connector/EventSource.java
index 4d985991..0a4d27cc 100644
--- a/src/main/java/io/harness/cf/client/connector/EventSource.java
+++ b/src/main/java/io/harness/cf/client/connector/EventSource.java
@@ -75,6 +75,8 @@ protected OkHttpClient makeStreamClient(long sseReadTimeoutMins, List<X509Certif
       throws ConnectorException {
     OkHttpClient.Builder httpClientBuilder =
         new OkHttpClient.Builder()
+            .proxy(ProxyConfig.getProxyConfig())
+            .proxyAuthenticator(ProxyConfig.getProxyAuthentication())
             .eventListener(EventListener.NONE)
             .readTimeout(sseReadTimeoutMins, TimeUnit.MINUTES)
             .retryOnConnectionFailure(true);
diff --git a/src/main/java/io/harness/cf/client/connector/HarnessConnector.java b/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
index e869b66f..4d234a59 100644
--- a/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
+++ b/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
@@ -92,6 +92,8 @@ ApiClient makeApiClient(int retryBackOfDelay) {
         apiClient
             .getHttpClient()
             .newBuilder()
+            .proxy(ProxyConfig.getProxyConfig())
+            .proxyAuthenticator(ProxyConfig.getProxyAuthentication())
             .addInterceptor(this::reauthInterceptor)
             .addInterceptor(
                 new NewRetryInterceptor(
diff --git a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
new file mode 100644
index 00000000..5d02884e
--- /dev/null
+++ b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
@@ -0,0 +1,31 @@
+package io.harness.cf.client.connector;
+
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+import okhttp3.Authenticator;
+import okhttp3.Credentials;
+
+public class ProxyConfig {
+
+  public static Proxy getProxyConfig() {
+    final String host = System.getProperty("http.proxyHost");
+    final String port = System.getProperty("http.proxyPort");
+    if (host == null || host.isEmpty() || port == null || port.isEmpty()) {
+      return Proxy.NO_PROXY;
+    }
+    return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, Integer.parseInt(port)));
+  }
+
+  public static Authenticator getProxyAuthentication() {
+    final String user = System.getProperty("http.proxyUser");
+    final String password = System.getProperty("http.proxyPassword");
+    if (user == null || user.isEmpty() || password == null || password.isEmpty()) {
+      return Authenticator.NONE;
+    }
+
+    return (route, response) -> {
+      final String credential = Credentials.basic(user, password);
+      return response.request().newBuilder().header("Proxy-Authorization", credential).build();
+    };
+  }
+}

From 28663485544884ac58363ab5582ecfb106cee49d Mon Sep 17 00:00:00 2001
From: Andrew Bell <115623869+andybharness@users.noreply.github.com>
Date: Wed, 9 Jul 2025 15:50:12 +0100
Subject: [PATCH 2/6] bump ver

---
 settings.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings.gradle b/settings.gradle
index 29355452..230c0f5f 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -4,7 +4,7 @@ dependencyResolutionManagement {
     versionCatalogs {
         libs {
             // main sdk version
-            version('sdk', '1.8.1');
+            version('sdk', '1.8.2');
 
             // sdk deps
             version('okhttp3', '4.12.0')

From 196762a34789d0a148ce6c124a10f688a5b738d5 Mon Sep 17 00:00:00 2001
From: Andrew Bell <115623869+andybharness@users.noreply.github.com>
Date: Fri, 11 Jul 2025 13:27:38 +0100
Subject: [PATCH 3/6] avoid sending password to unknown servers

---
 gradle/wrapper/gradle-wrapper.properties      |  2 +-
 .../cf/client/connector/ProxyConfig.java      | 24 +++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index be2dc79a..7705927e 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-all.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
diff --git a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
index 5d02884e..0759283e 100644
--- a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
+++ b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
@@ -2,9 +2,11 @@
 
 import java.net.InetSocketAddress;
 import java.net.Proxy;
+import lombok.extern.slf4j.Slf4j;
 import okhttp3.Authenticator;
 import okhttp3.Credentials;
 
+@Slf4j
 public class ProxyConfig {
 
   public static Proxy getProxyConfig() {
@@ -24,8 +26,26 @@ public static Authenticator getProxyAuthentication() {
     }
 
     return (route, response) -> {
-      final String credential = Credentials.basic(user, password);
-      return response.request().newBuilder().header("Proxy-Authorization", credential).build();
+      final String targetIpPort = getIpAndPort((route == null ? null : route.socketAddress()));
+      final String configuredIpPort = getIpAndPort((InetSocketAddress) getProxyConfig().address());
+
+      if (targetIpPort.equalsIgnoreCase(configuredIpPort)) {
+        final String credential = Credentials.basic(user, password);
+        return response.request().newBuilder().header("Proxy-Authorization", credential).build();
+      } else {
+        log.warn(
+            "Target proxy `{}` does not match configured proxy `{}`. Credentials not sent",
+            targetIpPort,
+            configuredIpPort);
+        return null;
+      }
     };
   }
+
+  private static String getIpAndPort(InetSocketAddress addr) {
+    if (addr == null) {
+      return "null";
+    }
+    return addr.getAddress().getHostAddress() + ":" + addr.getPort();
+  }
 }

From 43d00f74eb13a3b8a8d95e63d70dca815325b2d5 Mon Sep 17 00:00:00 2001
From: Andrew Bell <115623869+andybharness@users.noreply.github.com>
Date: Thu, 17 Jul 2025 16:32:39 +0100
Subject: [PATCH 4/6] adding https proxy support

---
 .../connector/DelegatingSocketFactory.java    | 45 +++++++++++++++++++
 .../cf/client/connector/EventSource.java      |  2 +
 .../cf/client/connector/HarnessConnector.java | 23 +++++-----
 .../cf/client/connector/ProxyConfig.java      | 20 ++++++++-
 4 files changed, 77 insertions(+), 13 deletions(-)
 create mode 100644 src/main/java/io/harness/cf/client/connector/DelegatingSocketFactory.java

diff --git a/src/main/java/io/harness/cf/client/connector/DelegatingSocketFactory.java b/src/main/java/io/harness/cf/client/connector/DelegatingSocketFactory.java
new file mode 100644
index 00000000..144fdb44
--- /dev/null
+++ b/src/main/java/io/harness/cf/client/connector/DelegatingSocketFactory.java
@@ -0,0 +1,45 @@
+package io.harness.cf.client.connector;
+
+import javax.net.SocketFactory;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+
+final class DelegatingSocketFactory extends SocketFactory {
+    private final SocketFactory delegate;
+
+    public DelegatingSocketFactory(SocketFactory delegate) {
+        this.delegate = delegate;
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return configureSocket(delegate.createSocket());
+    }
+
+    @Override
+    public Socket createSocket(String host, int port) throws IOException {
+        return configureSocket(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(String host, int port, InetAddress localAddress,
+                               int localPort) throws IOException {
+        return configureSocket(delegate.createSocket(host, port, localAddress, localPort));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port) throws IOException {
+        return configureSocket(delegate.createSocket(host, port));
+    }
+
+    @Override
+    public Socket createSocket(InetAddress host, int port, InetAddress localAddress,
+                               int localPort) throws IOException {
+        return configureSocket(delegate.createSocket(host, port, localAddress, localPort));
+    }
+
+    Socket configureSocket(Socket socket) {
+        return socket;
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/io/harness/cf/client/connector/EventSource.java b/src/main/java/io/harness/cf/client/connector/EventSource.java
index 0a4d27cc..0d7e3824 100644
--- a/src/main/java/io/harness/cf/client/connector/EventSource.java
+++ b/src/main/java/io/harness/cf/client/connector/EventSource.java
@@ -81,6 +81,8 @@ protected OkHttpClient makeStreamClient(long sseReadTimeoutMins, List<X509Certif
             .readTimeout(sseReadTimeoutMins, TimeUnit.MINUTES)
             .retryOnConnectionFailure(true);
 
+    ProxyConfig.setSocketFactory(httpClientBuilder);
+
     setupTls(httpClientBuilder, trustedCAs);
 
     if (log.isDebugEnabled()) {
diff --git a/src/main/java/io/harness/cf/client/connector/HarnessConnector.java b/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
index 4d234a59..7c61ae6e 100644
--- a/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
+++ b/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
@@ -21,6 +21,7 @@
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import okhttp3.Interceptor;
+import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
 import org.slf4j.MDC;
@@ -87,18 +88,18 @@ ApiClient makeApiClient(int retryBackOfDelay) {
 
     setupTls(apiClient);
 
+    final OkHttpClient.Builder builder = apiClient
+      .getHttpClient()
+      .newBuilder();
+
+    ProxyConfig.setSocketFactory(builder);
+
     // if http client response is 403 we need to reauthenticate
-    apiClient.setHttpClient(
-        apiClient
-            .getHttpClient()
-            .newBuilder()
-            .proxy(ProxyConfig.getProxyConfig())
-            .proxyAuthenticator(ProxyConfig.getProxyAuthentication())
-            .addInterceptor(this::reauthInterceptor)
-            .addInterceptor(
-                new NewRetryInterceptor(
-                    options.getMaxRequestRetry(), retryBackOfDelay, isShuttingDown))
-            .build());
+    apiClient.setHttpClient(builder.proxy(ProxyConfig.getProxyConfig())
+      .proxyAuthenticator(ProxyConfig.getProxyAuthentication())
+      .addInterceptor(this::reauthInterceptor)
+      .addInterceptor(new NewRetryInterceptor(options.getMaxRequestRetry(), retryBackOfDelay, isShuttingDown))
+      .build());
 
     return apiClient;
   }
diff --git a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
index 0759283e..f8c4be08 100644
--- a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
+++ b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
@@ -5,13 +5,16 @@
 import lombok.extern.slf4j.Slf4j;
 import okhttp3.Authenticator;
 import okhttp3.Credentials;
+import okhttp3.OkHttpClient;
+
+import javax.net.ssl.SSLSocketFactory;
 
 @Slf4j
 public class ProxyConfig {
 
   public static Proxy getProxyConfig() {
-    final String host = System.getProperty("http.proxyHost");
-    final String port = System.getProperty("http.proxyPort");
+    final String host = System.getProperty("https.proxyHost", System.getProperty("http.proxyHost"));
+    final String port = System.getProperty("https.proxyPort", System.getProperty("http.proxyPort"));
     if (host == null || host.isEmpty() || port == null || port.isEmpty()) {
       return Proxy.NO_PROXY;
     }
@@ -48,4 +51,17 @@ private static String getIpAndPort(InetSocketAddress addr) {
     }
     return addr.getAddress().getHostAddress() + ":" + addr.getPort();
   }
+
+  public static void setSocketFactory(OkHttpClient.Builder builder) {
+    if (builder == null) {
+      return;
+    }
+    final String host = System.getProperty("https.proxyHost");
+    final String port = System.getProperty("https.proxyPort");
+    if (host == null || host.isEmpty() || port == null || port.isEmpty()) {
+      return;
+    }
+
+    builder.socketFactory(new DelegatingSocketFactory(SSLSocketFactory.getDefault()));
+  }
 }

From 82e2783726227fea7429db56d80918fc66e5551e Mon Sep 17 00:00:00 2001
From: Andrew Bell <115623869+andybharness@users.noreply.github.com>
Date: Thu, 17 Jul 2025 16:33:59 +0100
Subject: [PATCH 5/6] bump ver

---
 settings.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings.gradle b/settings.gradle
index 230c0f5f..e652e6d0 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -4,7 +4,7 @@ dependencyResolutionManagement {
     versionCatalogs {
         libs {
             // main sdk version
-            version('sdk', '1.8.2');
+            version('sdk', '1.8.3');
 
             // sdk deps
             version('okhttp3', '4.12.0')

From 9d52d7d8123dc091936f0bbf01ce9ad34b463265 Mon Sep 17 00:00:00 2001
From: Andrew Bell <115623869+andybharness@users.noreply.github.com>
Date: Thu, 17 Jul 2025 16:36:42 +0100
Subject: [PATCH 6/6] fix naming

---
 src/main/java/io/harness/cf/client/connector/EventSource.java   | 2 +-
 .../java/io/harness/cf/client/connector/HarnessConnector.java   | 2 +-
 src/main/java/io/harness/cf/client/connector/ProxyConfig.java   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/io/harness/cf/client/connector/EventSource.java b/src/main/java/io/harness/cf/client/connector/EventSource.java
index 0d7e3824..2d09d2da 100644
--- a/src/main/java/io/harness/cf/client/connector/EventSource.java
+++ b/src/main/java/io/harness/cf/client/connector/EventSource.java
@@ -81,7 +81,7 @@ protected OkHttpClient makeStreamClient(long sseReadTimeoutMins, List<X509Certif
             .readTimeout(sseReadTimeoutMins, TimeUnit.MINUTES)
             .retryOnConnectionFailure(true);
 
-    ProxyConfig.setSocketFactory(httpClientBuilder);
+    ProxyConfig.configureTls(httpClientBuilder);
 
     setupTls(httpClientBuilder, trustedCAs);
 
diff --git a/src/main/java/io/harness/cf/client/connector/HarnessConnector.java b/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
index 7c61ae6e..384689b8 100644
--- a/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
+++ b/src/main/java/io/harness/cf/client/connector/HarnessConnector.java
@@ -92,7 +92,7 @@ ApiClient makeApiClient(int retryBackOfDelay) {
       .getHttpClient()
       .newBuilder();
 
-    ProxyConfig.setSocketFactory(builder);
+    ProxyConfig.configureTls(builder);
 
     // if http client response is 403 we need to reauthenticate
     apiClient.setHttpClient(builder.proxy(ProxyConfig.getProxyConfig())
diff --git a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
index f8c4be08..42538f7e 100644
--- a/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
+++ b/src/main/java/io/harness/cf/client/connector/ProxyConfig.java
@@ -52,7 +52,7 @@ private static String getIpAndPort(InetSocketAddress addr) {
     return addr.getAddress().getHostAddress() + ":" + addr.getPort();
   }
 
-  public static void setSocketFactory(OkHttpClient.Builder builder) {
+  public static void configureTls(OkHttpClient.Builder builder) {
     if (builder == null) {
       return;
     }