Resolve review feedback & upgrade to OkHttp3 client

This commit addresses and resolves all outstanding review comments, primarily encompassing a shift to OkHttp3, security configuration cleanup, and general code improvements.

* **Review:** Addressed and resolved all pending review comments.
* **Feature:** Switched the underlying HTTP client implementation to [OkHttp3](https://square.github.io/okhttp/).
* **Configuration:** Consolidated TLS Certificates-related configuration into the dedicated configuration area.
* **Cleanup:** Removed unused components (`HttpUtils` and `HttpModule`) and performed general code cleanup.
* **Quality:** Improved exception handling logic for better robustness.

Author: njshah301

core/src/main/java/google/registry/config/RegistryConfig.java

@@ -36,7 +36,7 @@
 import google.registry.bsa.UploadBsaUnavailableDomainsAction;
 import google.registry.dns.ReadDnsRefreshRequestsAction;
 import google.registry.model.common.DnsRefreshRequest;
-import google.registry.mosapi.client.MosApiClient;
+import google.registry.mosapi.MosApiClient;
 import google.registry.persistence.transaction.JpaTransactionManager;
 import google.registry.request.Action.Service;
 import google.registry.util.RegistryEnvironment;
@@ -50,7 +50,6 @@
 import java.lang.annotation.Retention;
 import java.net.URI;
 import java.net.URL;
-import java.util.List;
 import java.util.Map.Entry;
 import java.util.Optional;
 import java.util.function.Supplier;
@@ -1423,9 +1422,9 @@ public static String provideBsaUploadUnavailableDomainsUrl(RegistryConfigSetting
      * @see MosApiClient
      */
     @Provides
-    @Config("mosapiUrl")
-    public static String provideMosapiUrl(RegistryConfigSettings config) {
-      return config.mosapi.mosapiUrl;
+    @Config("mosapiServiceUrl")
+    public static String provideMosapiServiceUrl(RegistryConfigSettings config) {
+      return config.mosapi.serviceUrl;
     }
 
     /**
@@ -1434,21 +1433,33 @@ public static String provideMosapiUrl(RegistryConfigSettings config) {
      * @see MosApiClient
      */
     @Provides
-    @Config("entityType")
+    @Config("mosapiEntityType")
     public static String provideMosapiEntityType(RegistryConfigSettings config) {
       return config.mosapi.entityType;
     }
 
+    @Provides
+    @Config("mosapiTlsCertSecretName")
+    public static String provideMosapiTlsCertSecretName(RegistryConfigSettings config) {
+      return config.mosapi.tlsCertSecretName;
+    }
+
+    @Provides
+    @Config("mosapiTlsCertKeyName")
+    public static String provideMosapiTlsKeySecretName(RegistryConfigSettings config) {
+      return config.mosapi.tlsKeySecretName;
+    }
+
     @Provides
     @Config("mosapiTlds")
-    public static List<String> provideMosapiTlds(RegistryConfigSettings config) {
-      return ImmutableList.copyOf(config.mosapi.tlds);
+    public static ImmutableSet<String> provideMosapiTlds(RegistryConfigSettings config) {
+      return ImmutableSet.copyOf(config.mosapi.tlds);
     }
 
     @Provides
     @Config("mosapiServices")
-    public static List<String> provideMosapiServices(RegistryConfigSettings config) {
-      return ImmutableList.copyOf(config.mosapi.services);
+    public static ImmutableSet<String> provideMosapiServices(RegistryConfigSettings config) {
+      return ImmutableSet.copyOf(config.mosapi.services);
     }
 
     private static String formatComments(String text) {

core/src/main/java/google/registry/config/RegistryConfigSettings.java

@@ -266,7 +266,9 @@ public static class Bsa {
 
   /** Configuration for Mosapi. */
   public static class MosApi {
-    public String mosapiUrl;
+    public String serviceUrl;
+    public String tlsCertSecretName;
+    public String tlsKeySecretName;
     public String entityType;
     public List<String> tlds;
     public List<String> services;

core/src/main/java/google/registry/config/files/default-config.yaml

@@ -619,11 +619,21 @@ bsa:
 
 mosapi:
   # URL for the MosAPI
-  mosapiUrl: https://mosapi.icann.org
+  serviceUrl: https://mosapi.icann.org
+  # The type of entity being monitored.
+  # For registries, this is 'ry'
+  # For registrars, this is 'rr'
   entityType: ry
-  # List of TLDs to be monitored.
+  # Add your List of TLDs to be monitored
   tlds:
-  - "test"
+  - YOUR_TLD1
+  - YOUR_TLD2
+  # Add tls cert secret name
+  # you configured in secret manager
+  tlsCertSecretName: YOUR_TLS_CERT_SECRET_NAME
+  # Add tls key secret name
+  # you configured in secret manager
+  tlsKeySecretName:  YOUR_TLS_KEY_SECRET_NAME
   # List of services to check for each TLD.
   services:
   - "dns"

core/src/main/java/google/registry/module/RegistryComponent.java

@@ -50,7 +50,6 @@
 import google.registry.request.RequestHandler;
 import google.registry.request.auth.AuthModule;
 import google.registry.request.auth.RequestAuthenticator;
-import google.registry.util.HttpModule;
 import google.registry.util.UtilsModule;
 import jakarta.inject.Provider;
 import jakarta.inject.Singleton;
@@ -73,7 +72,6 @@
       GroupsModule.class,
       GroupssettingsModule.class,
       GsonModule.class,
-      HttpModule.class,
       MosApiModule.class,
       JSchModule.class,
       KeyModule.class,

core/src/main/java/google/registry/mosapi/client/MosApiClient.java renamed to core/src/main/java/google/registry/mosapi/MosApiClient.java

@@ -4,44 +4,50 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//     http://www.apache.org/licenses/LICENSE-2.0
+//      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.mosapi.client;
+package google.registry.mosapi;
 
 import google.registry.config.RegistryConfig.Config;
 import google.registry.mosapi.exception.MosApiException;
 import google.registry.mosapi.exception.MosApiException.MosApiAuthorizationException;
-import google.registry.util.HttpUtils;
 import jakarta.inject.Inject;
 import jakarta.inject.Named;
 import jakarta.inject.Singleton;
+import java.io.IOException;
 import java.net.HttpURLConnection;
-import java.net.URLEncoder;
-import java.net.http.HttpClient;
-import java.net.http.HttpResponse;
-import java.nio.charset.StandardCharsets;
 import java.util.Map;
-import java.util.stream.Collectors;
+import okhttp3.HttpUrl;
+import okhttp3.MediaType;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
 
 @Singleton
 public class MosApiClient {
 
-  private final HttpClient httpClient;
+  private final OkHttpClient httpClient;
   private final String baseUrl;
 
   @Inject
   public MosApiClient(
-      @Named("mosapiHttpClient") HttpClient httpClient,
-      @Config("mosapiUrl") String mosapiUrl,
-      @Config("entityType") String entityType) {
+      @Named("mosapiHttpClient") OkHttpClient httpClient,
+      @Config("mosapiServiceUrl") String mosapiUrl,
+      @Config("mosapiEntityType") String entityType) {
     this.httpClient = httpClient;
-    this.baseUrl = String.format("%s/%s", mosapiUrl, entityType);
+    // Pre-calculate base URL and validate it to fail fast on bad config
+    String fullUrl = String.format("%s/%s", mosapiUrl, entityType);
+    if (HttpUrl.parse(fullUrl) == null) {
+      throw new IllegalArgumentException("Invalid MoSAPI Service URL configuration: " + fullUrl);
+    }
+    this.baseUrl = fullUrl;
   }
 
   /**
@@ -51,45 +57,27 @@ public MosApiClient(
    * @param endpoint The specific API endpoint path (e.g., "v2/monitoring/state").
    * @param params A map of query parameters to be URL-encoded and appended to the request.
    * @param headers A map of HTTP headers to be included in the request.
-   * @return The {@link HttpResponse} from the server if the request is successful.
+   * @return The {@link Response} from the server if the request is successful. <b>The caller is
+   *     responsible for closing this response.</b>
    * @throws MosApiException if the request fails due to a network error or an unhandled HTTP
    *     status.
    * @throws MosApiAuthorizationException if the server returns a 401 Unauthorized status.
    */
-  public HttpResponse<String> sendGetRequest(
-      String entityId, String endpoint, Map<String, String> params, Map<String, String> headers)
-      throws MosApiException {
-    String url = buildUrl(entityId, endpoint, params);
-    try {
-      HttpResponse<String> response = HttpUtils.sendGetRequest(httpClient, url, headers);
-      return checkResponseForAuthError(response);
-    } catch (RuntimeException e) {
-      throw new MosApiException("Error during GET request to " + url, e);
-    }
-  }
-
-  /**
-   * Sends a GET request and decompresses the GZIP-encoded response body.
-   *
-   * @param entityId The TLD or registrar ID the request is for.
-   * @param endpoint The specific API endpoint path.
-   * @param params A map of query parameters to be URL-encoded.
-   * @param headers A map of HTTP headers to be included in the request.
-   * @return The decompressed {@link HttpResponse} from the server.
-   * @throws MosApiException if the request fails.
-   * @throws MosApiAuthorizationException if the server returns a 401 Unauthorized status.
-   */
-  public HttpResponse<String> sendGetRequestWithDecompression(
+  public Response sendGetRequest(
       String entityId, String endpoint, Map<String, String> params, Map<String, String> headers)
       throws MosApiException {
-    String url = buildUrl(entityId, endpoint, params);
+    HttpUrl url = buildUri(entityId, endpoint, params);
+    Request.Builder requestBuilder = new Request.Builder().url(url).get();
+    headers.forEach(requestBuilder::addHeader);
     try {
-      HttpResponse<String> response =
-          HttpUtils.sendGetRequestWithDecompression(httpClient, url, headers);
+      Response response = httpClient.newCall(requestBuilder.build()).execute();
       return checkResponseForAuthError(response);
-
+    } catch (MosApiAuthorizationException e) {
+      throw e;
     } catch (RuntimeException e) {
       throw new MosApiException("Error during GET request to " + url, e);
+    } catch (IOException e) {
+      throw new MosApiException("IOException during GET request to " + url, e);
     }
   }
 
@@ -104,29 +92,39 @@ public HttpResponse<String> sendGetRequestWithDecompression(
    * @param params A map of query parameters to be URL-encoded.
    * @param headers A map of HTTP headers to be included in the request.
    * @param body The request body to be sent with the POST request.
-   * @return The {@link HttpResponse} from the server.
+   * @return The {@link Response} from the server. <b>The caller is responsible for closing this
+   *     response.</b>
    * @throws MosApiException if the request fails.
    * @throws MosApiAuthorizationException if the server returns a 401 Unauthorized status.
    */
-  public HttpResponse<String> sendPostRequest(
+  public Response sendPostRequest(
       String entityId,
       String endpoint,
       Map<String, String> params,
       Map<String, String> headers,
       String body)
       throws MosApiException {
-    String url = buildUrl(entityId, endpoint, params);
+    HttpUrl url = buildUri(entityId, endpoint, params);
+    RequestBody requestBody = RequestBody.create(body, MediaType.parse("application/json"));
+
+    Request.Builder requestBuilder = new Request.Builder().url(url).post(requestBody);
+    headers.forEach(requestBuilder::addHeader);
     try {
-      HttpResponse<String> response = HttpUtils.sendPostRequest(httpClient, url, headers, body);
+      Response response = httpClient.newCall(requestBuilder.build()).execute();
       return checkResponseForAuthError(response);
+    } catch (MosApiAuthorizationException e) {
+      throw e;
     } catch (RuntimeException e) {
       throw new MosApiException("Error during POST request to " + url, e);
+    } catch (IOException e) {
+      throw new MosApiException("IOException during POST request to " + url, e);
     }
   }
 
-  private HttpResponse<String> checkResponseForAuthError(HttpResponse<String> response)
+  private Response checkResponseForAuthError(Response response)
       throws MosApiAuthorizationException {
-    if (response.statusCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+    if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+      response.close();
       throw new MosApiAuthorizationException(
           "Authorization failed for the requested resource. The client certificate may not be"
               + " authorized for the specified TLD or Registrar.");
@@ -137,21 +135,16 @@ private HttpResponse<String> checkResponseForAuthError(HttpResponse<String> resp
   /**
    * Builds the full URL for a request, including the base URL, entityId, path, and query params.
    */
-  private String buildUrl(String entityId, String path, Map<String, String> queryParams) {
-    String sanitizedPath = path.startsWith("/") ? path : "/" + path;
-    String fullPath = "/" + entityId + sanitizedPath;
+  private HttpUrl buildUri(String entityId, String path, Map<String, String> queryParams) {
+    String sanitizedPath = path.startsWith("/") ? path.substring(1) : path;
+
+    // We can safely use get() here because we validated baseUrl in the constructor
+    HttpUrl.Builder urlBuilder =
+        HttpUrl.get(baseUrl).newBuilder().addPathSegment(entityId).addPathSegments(sanitizedPath);
 
-    if (queryParams == null || queryParams.isEmpty()) {
-      return baseUrl + fullPath;
+    if (queryParams != null) {
+      queryParams.forEach(urlBuilder::addQueryParameter);
     }
-    String queryString =
-        queryParams.entrySet().stream()
-            .map(
-                entry ->
-                    entry.getKey()
-                        + "="
-                        + URLEncoder.encode(entry.getValue(), StandardCharsets.UTF_8))
-            .collect(Collectors.joining("&"));
-    return baseUrl + fullPath + "?" + queryString;
+    return urlBuilder.build();
   }
 }

core/src/main/java/google/registry/mosapi/MosApiResponse.java

@@ -0,0 +1,62 @@
+// Copyright 2024 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.mosapi;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+/**
+ * Represents known MoSAPI API result codes and their default messages.
+ *
+ * <p>The definitions for these codes can be found in the official ICANN MoSAPI Specification,
+ * specifically in the 'Result Codes' section.
+ *
+ * @see <a href="https://www.icann.org/mosapi-specification.pdf">ICANN MoSAPI Specification</a>
+ */
+public enum MosApiResponse {
+  DATE_DURATION_INVALID(
+      "2011", "The difference between endDate and startDate is" + "more than 31 days"),
+  DATE_ORDER_INVALID("2012", "The EndDate is before startDate"),
+  START_DATE_SYNTAX_INVALID("2013", "StartDate syntax is invalid"),
+  END_DATE_SYNTAX_INVALID("2014", "EndDate syntax is invalid");
+
+  private final String code;
+  private final String defaultMessage;
+
+  private static final Map<String, MosApiResponse> CODE_MAP =
+      Arrays.stream(values()).collect(Collectors.toMap(e -> e.code, Function.identity()));
+
+  MosApiResponse(String code, String defaultMessage) {
+    this.code = code;
+    this.defaultMessage = defaultMessage;
+  }
+
+  public String getCode() {
+    return code;
+  }
+
+  public String getDefaultMessage() {
+    return defaultMessage;
+  }
+
+  // Returns the enum constant associated with the given result code string
+  public static Optional<MosApiResponse> fromCode(String code) {
+
+    return Optional.ofNullable(CODE_MAP.get(code));
+  }
+}