Transparent proxy: TP Loader Cloud SDK native integration

Author: VladislavAtanasov95

cloudplatform/connectivity-destination-service/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/DefaultNetworkValidator.java

@@ -0,0 +1,83 @@
+package com.sap.cloud.sdk.cloudplatform.connectivity;
+
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.annotation.Nonnull;
+
+import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Default implementation of {@link NetworkValidator} that performs TCP socket-based connectivity validation.
+ *
+ * <p>
+ * This implementation uses standard Java socket connections to validate that a remote host and port combination is
+ * reachable and accepting connections. It establishes a temporary TCP connection to the target endpoint and immediately
+ * closes it upon successful establishment.
+ *
+ * <p>
+ * <strong>Validation Process:</strong>
+ * <ol>
+ * <li>Creates a new TCP socket</li>
+ * <li>Attempts to connect to the specified host and port with a timeout</li>
+ * <li>Immediately closes the connection if successful</li>
+ * <li>Throws appropriate exceptions for failures</li>
+ * </ol>
+ *
+ * <p>
+ * <strong>Timeout Configuration:</strong> The validation uses a fixed timeout of {@value #HOST_REACH_TIMEOUT}
+ * milliseconds to prevent indefinite blocking on unreachable endpoints.
+ *
+ * <p>
+ * <strong>Error Handling:</strong>
+ * <ul>
+ * <li>{@link UnknownHostException} - Host cannot be resolved to an IP address</li>
+ * <li>{@link IOException} - Network connectivity issues or connection refused</li>
+ * </ul>
+ *
+ * @see NetworkValidator
+ * @see TransparentProxy
+ * @since 5.24.0
+ */
+class DefaultNetworkValidator extends NetworkValidator {
+    private static final int HOST_REACH_TIMEOUT = 5000;
+    private static final Logger log = LoggerFactory.getLogger(DefaultNetworkValidator.class);
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>
+     * This implementation creates a TCP socket connection to the specified host and port to verify connectivity. The
+     * connection is immediately closed after successful establishment.
+     *
+     * @param host {@inheritDoc}
+     * @param port {@inheritDoc}
+     * @throws DestinationAccessException {@inheritDoc}
+     *                                    <p>
+     *                                    Specific error conditions:
+     *                                    <ul>
+     *                                    <li>Host resolution failure - when DNS lookup fails</li>
+     *                                    <li>Connection failure - when host is unreachable or port is closed</li>
+     *                                    <li>Network timeouts - when connection attempt exceeds timeout</li>
+     *                                    </ul>
+     */
+    @Override
+    void verifyHostConnectivity(@Nonnull final String host, final int port)
+            throws DestinationAccessException {
+        log.info("Verifying that transparent proxy host is reachable on {}:{}", host, port);
+        try (Socket socket = new Socket()) {
+            socket.connect(new InetSocketAddress(host, port), HOST_REACH_TIMEOUT);
+            log.info("Successfully verified successfully that transparent proxy host is reachable on {}:{}", host, port);
+        } catch (final UnknownHostException e) {
+            throw new DestinationAccessException(String.format("Host [%s] could not be resolved", host), e);
+        } catch (final IOException e) {
+            throw new DestinationAccessException(
+                    String.format("Host [%s] on port [%d] is not reachable", host, port),
+                    e);
+        }
+    }
+}

cloudplatform/connectivity-destination-service/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/NetworkValidator.java

@@ -0,0 +1,53 @@
+package com.sap.cloud.sdk.cloudplatform.connectivity;
+
+import javax.annotation.Nonnull;
+
+import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
+
+/**
+ * Abstract class for validating network connectivity to remote hosts and ports.
+ *
+ * <p>
+ * This abstract class defines the contract for network validation implementations used by transparent proxy components
+ * to ensure that registered hosts are reachable before completing the registration process.
+ *
+ * <p>
+ * Implementations should perform actual network connectivity tests to verify that the specified host and port
+ * combination is accessible from the current environment. This validation helps prevent registration of unreachable
+ * endpoints that would cause runtime failures.
+ *
+ * <p>
+ * <strong>Usage Context:</strong> This abstract class is primarily used by {@link TransparentProxy} during host
+ * registration to validate network connectivity before accepting the registration.
+ *
+ * @see DefaultNetworkValidator
+ * @see TransparentProxy
+ * @since 5.24.0
+ */
+abstract class NetworkValidator
+{
+    /**
+     * Validates connectivity to the specified host and port combination.
+     *
+     * <p>
+     * This method should attempt to establish a network connection to the given host and port to verify that the
+     * endpoint is reachable and accepting connections. The validation should complete within a reasonable timeout
+     * period.
+     *
+     * <p>
+     * If the host cannot be resolved or the connection cannot be established, this method should throw a
+     * {@link DestinationAccessException} with descriptive error information.
+     *
+     * @param host
+     *            the hostname or IP address to validate connectivity to. Must not be null or empty
+     * @param port
+     *            the port number to test connectivity on. Should be a valid port number (1-65535)
+     * @throws DestinationAccessException
+     *             if the host cannot be resolved, the connection cannot be established, or any other network-related
+     *             validation failure occurs
+     * @throws IllegalArgumentException
+     *             if host is null or port is invalid
+     */
+    abstract void verifyHostConnectivity( @Nonnull String host, int port )
+        throws DestinationAccessException;
+}

cloudplatform/connectivity-destination-service/src/main/java/com/sap/cloud/sdk/cloudplatform/connectivity/TransparentProxy.java

@@ -0,0 +1,165 @@
+package com.sap.cloud.sdk.cloudplatform.connectivity;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.annotation.Nonnull;
+
+import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
+
+import io.vavr.control.Try;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * A transparent proxy loader that enables routing traffic through a single registered gateway host.
+ *
+ * <p>
+ * This class provides a mechanism to register a proxy gateway that will handle all destination requests transparently.
+ * Once registered, all destination lookups will be routed through the configured gateway host and port.
+ *
+ * <p>
+ * <strong>Key Features:</strong>
+ * <ul>
+ * <li>Single gateway registration - only one proxy can be registered at a time</li>
+ * <li>Host validation - ensures hosts don't contain paths and are reachable</li>
+ * <li>Automatic scheme normalization - defaults to HTTP if no scheme provided</li>
+ * <li>Network connectivity validation before registration</li>
+ * </ul>
+ *
+ * <p>
+ * <strong>Usage Example:</strong>
+ *
+ * <pre>{@code
+ * // Register with default port 80
+ * TransparentProxy.register("gateway.svc.cluster.local");
+ *
+ * // Register with custom port
+ * TransparentProxy.register("http://gateway.svc.cluster.local", 8080);
+ * }</pre>
+ *
+ * <p>
+ * <strong>Thread Safety:</strong> This class uses static state and is not thread-safe. Registration should be performed
+ * during application initialization.
+ *
+ * @since 5.24.0
+ */
+@Slf4j
+public class TransparentProxy implements DestinationLoader {
+    private static final Integer DEFAULT_PORT = 80;
+    private static final String SCHEME_SEPARATOR = "://";
+    private static final String HTTP_SCHEME = org.apache.http.HttpHost.DEFAULT_SCHEME_NAME + SCHEME_SEPARATOR;
+    private static final String PATH_SEPARATOR = "/";
+    private static final String PORT_SEPARATOR = ":";
+    private static final String HOST_CONTAINS_PATH_ERROR_MESSAGE_TEMPLATE =
+            "Host '%s' contains a path '%s'. Paths are not allowed in host registration.";
+    static String uri;
+    static NetworkValidator networkValidator = new DefaultNetworkValidator();
+
+    /**
+     * Registers a transparent proxy gateway using the default port 80.
+     *
+     * <p>
+     * This method registers the specified host as a transparent proxy gateway that will handle all subsequent
+     * destination requests. The host will be validated for reachability and must not contain any path components.
+     *
+     * <p>
+     * If no scheme is provided, HTTP will be used by default. The final URI will be constructed as:
+     * {@code <normalized-host>:80}
+     *
+     * @param host the gateway host to register (e.g., "gateway.svc.cluster.local") Must not contain paths or be null
+     * @throws DestinationAccessException if the proxy is already registered, the host contains a path, or the host is not reachable on port 80
+     * @throws IllegalArgumentException   if host is null
+     * @see #register(String, Integer)
+     */
+    public static void register(@Nonnull final String host) {
+        registerLoader(host, DEFAULT_PORT);
+    }
+
+    /**
+     * Registers a transparent proxy gateway with a specified port.
+     *
+     * <p>
+     * This method registers the specified host and port as a transparent proxy gateway that will handle all subsequent
+     * destination requests. The host will be validated for reachability on the specified port and must not contain any
+     * path components.
+     *
+     * <p>
+     * If no scheme is provided, HTTP will be used by default. The final URI will be constructed as:
+     * {@code <normalized-host>:<port>}
+     *
+     * @param host the gateway host to register (e.g., "gateway" or "<a href="http://gateway">...</a>") Must not contain
+     *             paths or be null
+     * @param port the port number to use for the gateway connection. Must not be null and should be a valid port number
+     *             (1-65535)
+     * @throws DestinationAccessException if the proxy is already registered, the host contains a path, or the host is not reachable on the
+     *                                    specified port
+     * @throws IllegalArgumentException   if host or port is null
+     * @see #register(String)
+     */
+    public static void register(@Nonnull final String host, @Nonnull final Integer port) {
+        registerLoader(host, port);
+    }
+
+    private static void registerLoader(@Nonnull final String host, final Integer port) {
+        if (uri != null) {
+            throw new DestinationAccessException(
+                    "TransparentProxy is already registered. Only one registration is allowed.");
+        }
+
+        try {
+            final String normalizedHost = normalizeHostWithScheme(host);
+            final String hostForVerification = getHostForVerification(host, normalizedHost);
+
+            verifyHostConnectivity(hostForVerification, port);
+
+            uri = String.format("%s%s%d", normalizedHost, PORT_SEPARATOR, port);
+            DestinationAccessor.prependDestinationLoader(new TransparentProxy());
+
+        } catch (final URISyntaxException e) {
+            throw new DestinationAccessException("Invalid host format: " + host, e);
+        }
+    }
+
+    @Nonnull
+    private static String getHostForVerification(@Nonnull String host, String normalizedHost) throws URISyntaxException {
+        final URI parsedUri = new URI(normalizedHost);
+
+        final String path = parsedUri.getPath();
+        if (path != null && !path.isEmpty()) {
+            throw new DestinationAccessException(
+                    String.format(HOST_CONTAINS_PATH_ERROR_MESSAGE_TEMPLATE, host, path));
+        }
+
+        final String hostForVerification = parsedUri.getHost();
+        if (hostForVerification == null) {
+            throw new DestinationAccessException("Invalid host format: " + host);
+        }
+        return hostForVerification;
+    }
+
+    @Nonnull
+    private static String normalizeHostWithScheme(@Nonnull final String host) {
+        if (host.contains(SCHEME_SEPARATOR)) {
+            return host;
+        }
+        return HTTP_SCHEME + host;
+    }
+
+    private static void verifyHostConnectivity(@Nonnull final String host, final int port) {
+        networkValidator.verifyHostConnectivity(host, port);
+    }
+
+    @Nonnull
+    @Override
+    public Try<Destination> tryGetDestination(@Nonnull final String destinationName) {
+        return Try.success(TransparentProxyDestination.gateway(destinationName, uri).build());
+    }
+
+    @Nonnull
+    @Override
+    public Try<Destination>
+    tryGetDestination(@Nonnull final String destinationName, @Nonnull DestinationOptions options) {
+        return Try.success(TransparentProxyDestination.gateway(destinationName, uri).build());
+    }
+
+}