Add timeout to gathering host certificates #567

bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/Messages.java

@@ -25,6 +25,7 @@ public class Messages extends NLS {
 	public static String ActionManager_Required_Touchpoint_Not_Found;
 
 	public static String AuthorityChecker_UntrustedAuthorities;
+	public static String AuthorityChecker_GatherCertificatesFailure;
 
 	public static String actions_not_found;
 	private static final String BUNDLE_NAME = "org.eclipse.equinox.internal.p2.engine.messages"; //$NON-NLS-1$

bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/AuthorityChecker.java

@@ -16,6 +16,7 @@
 import java.net.http.HttpRequest.BodyPublishers;
 import java.net.http.HttpResponse.BodyHandlers;
 import java.security.cert.Certificate;
+import java.time.Duration;
 import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
@@ -25,6 +26,7 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 import org.eclipse.core.runtime.*;
 import org.eclipse.core.runtime.preferences.IEclipsePreferences;
+import org.eclipse.equinox.internal.p2.core.helpers.LogHelper;
 import org.eclipse.equinox.internal.p2.engine.EngineActivator;
 import org.eclipse.equinox.internal.p2.engine.Messages;
 import org.eclipse.equinox.p2.core.*;
@@ -52,6 +54,11 @@ public class AuthorityChecker {
 	private static final Pattern HIERARCHICAL_URI_PATTERN = Pattern
 			.compile("((?:[^/:]+):(?://[^/]+|///|/)?)([^?#]*)([#?].*)?"); //$NON-NLS-1$
 
+	private static final int REQUEST_TIMEOUT_MS = Integer.getInteger("org.eclipse.equinox.p2.engine.requestTimeout", 5000); //$NON-NLS-1$
+
+	private static final int MAX_REQUEST_RETRIES = Integer.getInteger("org.eclipse.equinox.p2.engine.requestRetries", //$NON-NLS-1$
+			2);
+
 	private final IProvisioningAgent agent;
 	private final ProvisioningContext context;
 	private final IProfile profile;
@@ -251,9 +258,10 @@ public static void gatherCertificates(Map<URI, List<Certificate>> authorities, I
 		var client = HttpClient.newBuilder().build();
 		var requests = authorities.keySet().stream().collect(Collectors.toMap(Function.identity(), uri -> {
 			try {
-				return Optional.of(client.sendAsync(
-						HttpRequest.newBuilder().uri(uri).method("HEAD", BodyPublishers.noBody()).build(), //$NON-NLS-1$
-						BodyHandlers.ofString()));
+				var request = HttpRequest.newBuilder().uri(uri).timeout(Duration.ofMillis(REQUEST_TIMEOUT_MS))
+						.method("HEAD", BodyPublishers.noBody()) //$NON-NLS-1$
+						.build();
+				return Optional.of(sendHttpRequestOrRetry(client, request, MAX_REQUEST_RETRIES));
 			} catch (RuntimeException ex) {
 				return Optional.<CompletableFuture<HttpResponse<String>>>ofNullable(null);
 			}
@@ -270,16 +278,29 @@ public static void gatherCertificates(Map<URI, List<Certificate>> authorities, I
 							var peerCertificates = sslSession.getPeerCertificates();
 							entry.getValue().addAll(Arrays.asList(peerCertificates));
 						} catch (SSLPeerUnverifiedException e) {
-							//$FALL-THROUGH$
+							LogHelper.log(new Status(IStatus.WARNING, EngineActivator.ID,
+									Messages.AuthorityChecker_GatherCertificatesFailure, e));
 						}
 					});
-				} catch (RuntimeException | InterruptedException | ExecutionException e) {
-					//$FALL-THROUGH$
+				} catch (InterruptedException e) {
+					Thread.currentThread().interrupt();
+				} catch (RuntimeException | ExecutionException e) {
+					LogHelper.log(new Status(IStatus.WARNING, EngineActivator.ID,
+							Messages.AuthorityChecker_GatherCertificatesFailure, e));
 				}
 			});
 		}
 	}
 
+	private static CompletableFuture<HttpResponse<String>> sendHttpRequestOrRetry(HttpClient client,
+			HttpRequest request, int retriesLeft) {
+		var future = client.sendAsync(request, BodyHandlers.ofString());
+		if (retriesLeft > 0) {
+			future = future.exceptionallyComposeAsync(e -> sendHttpRequestOrRetry(client, request, retriesLeft - 1));
+		}
+		return future;
+	}
+
 	/**
 	 * <p>
 	 * Returns a list of URIs representing the hierarchical chain, starting from the