Andrea Cosentino created CAMEL-23876:
----------------------------------------
Summary: camel-a2a: pin the validated address when dispatching
push-notification webhooks
Key: CAMEL-23876
URL: https://issues.apache.org/jira/browse/CAMEL-23876
Project: Camel
Issue Type: Improvement
Components: camel-ai
Reporter: Andrea Cosentino
h3. Background
For A2A push notifications, a caller-registered webhook URL is validated by
{{WebhookUrlValidator.validate(...)}}, which resolves the host via
{{InetAddress.getByName}} and rejects loopback, wildcard, link-local, and
site-local/private addresses (and requires HTTPS for non-local hosts).
{{PushNotificationDispatcher.dispatchToWebhook}} then builds a
{{java.net.http.HttpRequest}} from the original URL string and lets
{{HttpClient}} perform its own, independent DNS resolution at connection time.
The address that was validated and the address actually connected to are
resolved separately, so they can differ for the same hostname between the two
calls. There is no mechanism pinning the connection to the address the
validator approved.
h3. Proposed change
Resolve the host once, validate that resolved address, and connect to the
validated address rather than re-resolving the hostname at connect time. For
{{java.net.http.HttpClient}} this can be done via a custom resolver on
{{HttpClient.Builder}}, or by caching the validated address alongside the
stored config at registration time. The requirement is that the address used
for the real connection is the one {{WebhookUrlValidator}} already approved.
h3. Affected code
*
{{components/camel-ai/camel-a2a/src/main/java/org/apache/camel/component/a2a/push/PushNotificationDispatcher.java}}
({{dispatchToWebhook}}, ~lines 135-156; send path ~line 180)
*
{{components/camel-ai/camel-a2a/src/main/java/org/apache/camel/component/a2a/util/WebhookUrlValidator.java}}
({{validate}}, ~lines 48-115)
h3. Notes
If address pinning is impractical with the current client, an alternative is to
re-validate immediately before connecting and reject DNS answers with unusually
short TTLs. A test should assert the dispatched connection targets the
validated address.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)