fix: configuration for timeout http connection (#2156) (#2207)

Author: daniel-kmiecik

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/RemoteUrl.java

@@ -14,7 +14,11 @@
 import java.io.BufferedReader;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.net.*;
+import java.net.HttpURLConnection;
+import java.net.URI;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
@@ -35,8 +39,10 @@ public class RemoteUrl {
     private static final Charset UTF_8 = StandardCharsets.UTF_8;
     private static final String ACCEPT_HEADER_VALUE = "application/json, application/yaml, */*";
     private static final String USER_AGENT_HEADER_VALUE = "Apache-HttpClient/Swagger";
+    static final int CONNECTION_TIMEOUT = 30000;
+    static final int READ_TIMEOUT = 60000;
 
-    private static ConnectionConfigurator createConnectionConfigurator() {
+    static ConnectionConfigurator createConnectionConfigurator() {
         if (Boolean.parseBoolean(System.getProperty(TRUST_ALL))) {
             try {
                 // Create a trust manager that does not validate certificate chains
@@ -73,6 +79,8 @@ public void process(URLConnection connection) {
                             final HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
                             httpsConnection.setSSLSocketFactory(sf);
                             httpsConnection.setHostnameVerifier(trustAllNames);
+                            httpsConnection.setConnectTimeout(CONNECTION_TIMEOUT);
+                            httpsConnection.setReadTimeout(READ_TIMEOUT);
                         }
                     }
                 };
@@ -86,7 +94,8 @@ public void process(URLConnection connection) {
 
             @Override
             public void process(URLConnection connection) {
-                // Do nothing
+                connection.setConnectTimeout(CONNECTION_TIMEOUT);
+                connection.setReadTimeout(READ_TIMEOUT);
             }
         };
     }
@@ -198,7 +207,7 @@ private static void appendValue(URL url, AuthorizationValue value, Collection<Au
         to.add(value);
     }
 
-    private interface ConnectionConfigurator {
+    interface ConnectionConfigurator {
 
         void process(URLConnection connection);
     }

modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/RemoteUrlTest.java

@@ -8,6 +8,9 @@
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
+import javax.net.ssl.HttpsURLConnection;
+import java.net.SocketTimeoutException;
+import java.net.URL;
 import java.util.Arrays;
 import java.util.List;
 
@@ -18,8 +21,10 @@
 import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
 import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
 import static com.github.tomakehurst.wiremock.client.WireMock.verify;
+import static io.swagger.v3.parser.util.RemoteUrl.CONNECTION_TIMEOUT;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertTrue;
 
 public class RemoteUrlTest {
 
@@ -128,4 +133,23 @@ private String setupStub() {
                 ));
         return expectedBody;
     }
+
+    @Test
+    public void testConnectionTimeoutEnforced() throws Exception {
+        System.setProperty("io.swagger.v3.parser.util.RemoteUrl.trustAll", "true");
+        RemoteUrl.ConnectionConfigurator configurator = RemoteUrl.createConnectionConfigurator();
+        URL url = new URL("https://10.255.255.1"); // non-routable IP to simulate timeout
+        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
+
+        configurator.process(conn);
+
+        long start = System.nanoTime();
+        try {
+            conn.connect();
+        } catch (SocketTimeoutException e) {
+            long duration = (System.nanoTime() - start) / 1_000_000; // Convert nanoseconds to milliseconds
+            assertTrue(duration >= CONNECTION_TIMEOUT - 500, "Timeout was too short");
+            assertTrue(duration <= CONNECTION_TIMEOUT + 2000, "Timeout was not enforced properly (took too long)");
+        }
+    }
 }